¶ jan2024: CCNP2 - ENARSI
<-- Use index/Contents to the left.
0. Understand the OOB-network below that uses SSH, and Ethernet-Console (in a VRF)
- Start with Excercise 2 GRE and DMVPN
- Then do the NAT challange
- Finally do theese 2 Skill Challanges
BTW: Link to this page is: https://wiki.cnap.hv.se/CCNP-2_ENARSI (right-click and "Open in new window")
¶ This is the ENARSI skill topology jan2024 
Connect ETHERNET-cables to all Ethernet-Management ports of devices
¶ 2022: Challange Skill (Not finished)
¶ Topology 1: Double Link
¶ Challange tasks
-
Only one light blue console cable is allowed in the POD
-
Connect Mgmnt-ports to CNAP switch and configure "ip address dhcp" (one per device)
-
configure SSH version 2, add use a CNAP-switch connected PC, using putty, to configure devices.
Use Username admin Password cisco123
In the end there will be one putty ssh-windows per device. -
Mgmnt vrf will have no connectivity, or routing, to your challange network. This is only Out-of-Band (OOB) for management. https://en.wikipedia.org/wiki/Out-of-band_management
Static Routes
Since BGP needs full connectivity by some other routing protocol in vrf BLUE,
and every blue network device has two networks "hidden" on the other side of a router-hop we need to fix this with static routes
Clarification: Then why do we need iBGP (we only get a bunch of RIB-failures) ?!?
iBGP is used to send external routes (and routes to loopbacks) in the internal (blue) network.
Spine1:
ip route vrf BLUE 172.16.23.0 255.255.255.0 172.16.13.3
ip route vrf BLUE 172.16.24.0 255.255.255.0 172.16.14.4
Spine2:
ip route vrf BLUE 172.16.13.0 255.255.255.0 172.16.23.3
ip route vrf BLUE 172.16.14.0 255.255.255.0 172.16.24.4
Leaf3:
ip route vrf BLUE 172.16.14.0 255.255.255.0 172.16.13.1
ip route vrf BLUE 172.16.24.0 255.255.255.0 172.16.23.2
Leaf4:
ip route vrf BLUE 172.16.13.0 255.255.255.0 172.16.14.1
ip route vrf BLUE 172.16.23.0 255.255.255.0 172.16.24.2
- Please double check IP addresses above
- Please test connectivity from all devices
ping vrf BLUE 172.16.13.1
ping vrf BLUE 172.16.13.3
ping vrf BLUE 172.16.14.1
ping vrf BLUE 172.16.14.4
ping vrf BLUE 172.16.23.2
ping vrf BLUE 172.16.23.3
ping vrf BLUE 172.16.24.2
ping vrf BLUE 172.16.24.4
BGP
-
It is FORBIDDEN to send default-routes (quad-zero)
-
Configure iBGP in VRF BLUE
-
Configure BGP RouteReflectors on spines (top routers)
Try with, and without, Cluster-id on RR -
Summarize some loopbacks
-
redistribute a new static route OR some connected interfaces
-
Create two peers between R1 and Leaf1 (one per link)
-
On leaf 1: Make Leaf1 prefer the other link using Local_pref on that neighbor
-
On leaf 1: Make ISP (R1) prefer the other link using MED on that neighbor
-
If you instead peer R1 and Leaf1 with loopbacks, how would that change MED/Local_pref config? Try!
-
filter the routes 192.168.0.0/16 and 193.10.0.0/16 on Leaf1 so they do not reach R1
TUNNEL
-
Configure DMVPN between leafs and in VRF GREEN,
using BLUE VRF for connectivity
a. Use gig-interfaces as a source
b. Use loopback as source -
IPSEC is not used in this challange
-
Configure OSPF or EIGRP or "static routes" on all interfaces in VRF GREEN
a. Is the tunnel multicast-aware, or do you need to route OSPF-addresses 224.0.0.5 and 224.0.0.6? (EIGRP 224.0.0.10)
b. How many was can one configure Multicast on NHRP(DMVPN); try them all
-
No routes are allowed in common VRF (Front Door VRF) with the exception for NAT on Leaf2
-
Use NAT to connect BLUE (not GREEN) to the CNAP switch and network
¶ Topology 2: Two Local Peers
Use the same tasks as above, but with this topology insted,
¶ Some Hints-n-Tricks
interface Tunnel0
ip vrf forwarding green
ip address 200.200.200.3 255.255.255.0
tunnel source Ethernet0/0
tunnel destination 10.10.10.1
tunnel vrf blue
!--- Tunnel 0 is part of VRF GREEN; but it uses the tunnel
!--- destination and source addresses from the routing
!--- table of VRF BLUE, because of this tunnel vrf blue
!--- command.
!
interface Ethernet0/0
ip vrf forwarding blue
ip address 20.20.20.3 255.255.255.0
!--- Connection to the VRF BLUE network and the VRF GREEN
!--- network using the GRE tunnel.
@ Föreläsning EIGRP
@ Föreläsning OSPF
@ Föreläsning BGP
@ Föreläsning Route maps
@ Troubleshooting ACLs and Prefix lists
@ DMVPN tunnels
@ redistribution
@ ... and everything else
¶ debugging
R2#sh dmvpn | b Inter
Interface: Tunnel123, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.1.123.1 172.16.0.1 UP 00:04:47 S
1 10.1.123.3 172.16.0.3 UP 00:00:37 D
R2#sh crypto session
Interface: Tunnel123
Profile: ISAKMP_PROF
Session status: UP-ACTIVE
Peer: 10.1.123.1 port 500
Session ID: 0
IKEv1 SA: local 10.1.123.2/500 remote 10.1.123.1/500 Active
IPSEC FLOW: permit 47 host 10.1.123.2 host 10.1.123.1
Active SAs: 2, origin: crypto map
Router#show vrf
Name Default RD Protocols Interfaces
BLUE 1:1 ipv4
Mgmt-intf <not set> ipv4,ipv6 Gi0
RED 2:2 ipv4
Router#
¶ 2. "Tunnel in VRF" Challange
¶ 2a. "Underlay" in VRF -- Configuration
hostname Left1
no ip domain-lookup
!
vrf definition BLUE
rd 10:10
address-family ipv4
!
vrf definition GREEN
rd 20:20
address-family ipv4
!
interf gi 0/0/0
vrf forwarding BLUE
ip address 10.0.12.1 255.255.255.0
no shut
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
hostname Middle2
no ip domain-lookup
vrf definition BLUE
rd 10:10
address-family ipv4
interf gi 0/0/0
vrf forwarding BLUE
ip address 10.0.12.2 255.255.255.0
no shut
interf gi 0/0/1
vrf forwarding BLUE
ip address 10.0.23.2 255.255.255.0
no shut
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
hostname Right3
no ip domain-lookup
!
vrf definition BLUE
rd 10:10
address-family ipv4
!
vrf definition GREEN
rd 20:20
address-family ipv4
!
interf gi 0/0/1
vrf forwarding BLUE
ip address 10.0.23.3 255.255.255.0
no shut
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
! Wait for OSPF
do ping vrf BLUE 10.0.12.1
¶ 2x. GRE "Overlay" in VRF -- Configuration
SPOILER: Facit <-- DO NOT click Here !
! Left1
interface Tunnel0
vrf forwarding GREEN
ip address 200.200.200.1 255.255.255.0
tunnel source Gi 0/0/0
tunnel destination 10.0.23.3
tunnel vrf BLUE
! Right3
interface Tunnel0
vrf forwarding GREEN
ip address 200.200.200.3 255.255.255.0
tunnel source Gi 0/0/1
tunnel destination 10.0.12.1
tunnel vrf BLUE
¶ "Overlay" verification
Left1#ping vrf GREEN 200.200.200.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Left1#show ip interf bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 10.0.12.1 YES manual up up
GigabitEthernet0/0/1 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset administratively down down
Tunnel0 200.200.200.1 YES manual up up
Vlan1 unassigned YES unset administratively down down
Left1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
Left1#
Left1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.0.12.0/24 is directly connected, GigabitEthernet0/0/0
L 10.0.12.1/32 is directly connected, GigabitEthernet0/0/0
O 10.0.23.0/24 [110/2] via 10.0.12.2, 02:00:03, GigabitEthernet0/0/0
Left1#show ip route vrf GREEN
Routing Table: GREEN
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
200.200.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.200.200.0/24 is directly connected, Tunnel0
L 200.200.200.1/32 is directly connected, Tunnel0
¶ 2y. DMVPN "Overlay" in VRF -- Configuration
SPOILER: DMVPN Facit <-- DO NOT click Here !
! Router Left1
interface Tunnel123
vrf forwarding GREEN
ip address 123.123.123.1 255.255.255.0
tunnel source gi 0/0/0
tunnel mode gre multipoint
tunnel key 123
tunnel vrf BLUE
ip nhrp authentication DMVPN
ip nhrp map 123.123.123.1 10.0.12.1
ip nhrp map multicast 10.0.12.1
ip nhrp network-id 123
ip nhrp nhs 123.123.123.1
ip mtu 1400
ip tcp adjust-mss 1360
! Router Right3
interface Tunnel123
vrf forwarding GREEN
ip address 123.123.123.3 255.255.255.0
tunnel source gi 0/0/1
tunnel mode gre multipoint
tunnel key 123
tunnel vrf BLUE
ip nhrp authentication DMVPN
ip nhrp map 123.123.123.1 10.0.12.1
ip nhrp map multicast 10.0.12.1
ip nhrp network-id 123
ip nhrp nhs 123.123.123.1
ip mtu 1400
ip tcp adjust-mss 1360
### DMVPN Verification
Right3#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel123, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.0.12.1 123.123.123.1 UP 00:01:34 S
Right3#ping vrf GREEN 123.123.123.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.123.123.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Right3#ping vrf BLUE 123.123.123.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.123.123.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Right3#ping 123.123.123.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.123.123.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
¶ 1. "NAT in VRF" Challange
WARNING: Work in progress
SPOILER: Router Facit <-- DO NOT click Here :-) !
Fungerande Conf, men fel (nät)adresser
R1#sh run
!
version 16.6
hostname R1
!
vrf definition BLUE
rd 20:20
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition GREEN
rd 10:10
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition RED
rd 30:30
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
ipv6 unicast-routing
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.10
encapsulation dot1Q 10
vrf forwarding GREEN
ip address 192.168.2.1 255.255.255.0
ip nat inside
ipv6 address FE80::1 link-local
!
interface GigabitEthernet0/0/0.20
encapsulation dot1Q 20
vrf forwarding BLUE
ip address 192.168.2.1 255.255.255.0
ip nat inside
ipv6 address FE80::1 link-local
!
interface GigabitEthernet0/0/1
vrf forwarding RED
ip address dhcp
ip nat outside
negotiation auto
ipv6 address autoconfig
!
router ospf 10 vrf GREEN
router-id 10.1.1.1
network 192.168.2.0 0.0.0.255 area 0
default-information originate always
!
router ospf 20 vrf BLUE
router-id 20.1.1.1
network 192.168.2.0 0.0.0.255 area 0
default-information originate always
!
ip nat inside source list 20 interface GigabitEthernet0/0/1 vrf BLUE overload
ip nat inside source list 10 interface GigabitEthernet0/0/1 vrf GREEN overload
! Onödigt med egen default-route; det kommer en likadan via DHCP (?)
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 dhcp
ip route vrf GREEN 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 dhcp
ip route vrf BLUE 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 dhcp
!
!
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 deny any
access-list 20 permit 192.168.0.0 0.0.255.255
access-list 20 deny any
!
end
SPOILER: Switch2 Facit <-- DO NOT click Here !
Fungerande Conf, men fel (nät)adresser
Switch2#sh run
version 17.3
hostname SW1
!
!
vrf definition BLUE
rd 20:20
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition GREEN
rd 10:10
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
ip routing
ipv6 unicast-routing
!
!
interface GigabitEthernet1/0/1
no switchport
no ip address
!
interface GigabitEthernet1/0/1.10
encapsulation dot1Q 10
vrf forwarding GREEN
ip address 192.168.2.11 255.255.255.0
!
interface GigabitEthernet1/0/1.20
encapsulation dot1Q 20
vrf forwarding BLUE
ip address 192.168.2.21 255.255.255.0
!
interface GigabitEthernet1/0/10
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface Vlan10
vrf forwarding GREEN
ip address 192.168.1.1 255.255.255.0
ipv6 address FE80::5 link-local
!
interface Vlan20
vrf forwarding BLUE
ip address 192.168.1.1 255.255.255.0
ipv6 address FE80::5 link-local
!
router ospf 10 vrf GREEN
router-id 10.2.1.1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
!
router ospf 20 vrf BLUE
router-id 20.2.1.1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
!
ip route vrf GREEN 0.0.0.0 0.0.0.0 192.168.2.1
ip route vrf BLUE 0.0.0.0 0.0.0.0 192.168.2.1
!
end
¶ router1
hostname router1
no ip domain-lookup
vrf definition BLUE
rd 10:10
address-family ipv4
exit-address-family
vrf definition GREEN
rd 20:20
address-family ipv4
exit-address-family
interface gi 0/0/1
no shutdown
interface gi 0/0/1.10
encapsulation dot1q 10
vrf forwarding BLUE
ip address 10.0.10.1 255.255.255.0
ip nat inside
interface gi 0/0/1.20
encapsulation dot1q 20
vrf forwarding GREEN
ip address 10.0.20.1 255.255.255.0
ip nat inside
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address dhcp
ip nat outside
!! THIS I COMPLETELY WRONG
!! THIS I COMPLETELY WRONG (from common to GREY)
ip access-list extended FELFEL
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.0.0.0 0.255.255.255 any
ip nat inside source list FELFEL interface GigabitEthernet0/0/0 vrf GREY overload
!! Still not working [ from BLUE to common (using match-in-vrf) ]
ip access-list extended NINE
permit ip 9.9.9.0 0.0.0.255 any
ip nat pool DIA 192.168.16.14 192.168.16.14 prefix-length 30
ip nat inside source list NINE pool DIA vrf BLUE match-in-vrf overload
¶ mls2
hostname mls2
no ip domain lookup
!
vrf definition BLUE
rd 10:10
address-family ipv4
exit-address-family
vrf definition GREEN
rd 20:20
address-family ipv4
exit-address-family
!
interface gi 1/0/1
switchport mode trunk
interface vlan 10
vrf forwarding BLUE
ip address 10.0.10.2 255.255.255.0
interface vlan 20
vrf forwarding GREEN
ip address 10.0.20.2 255.255.255.0
!
interface GigabitEthernet1/0/21
description This is L2 ! No VRF !!
switchport access vlan 10
switchport mode access
no keepalive
! ^^^No cable or link-active needed; just fake it
!
interface GigabitEthernet1/0/22
description This is L2 ! No VRF !!
switchport access vlan 20
switchport mode access
no keepalive
! ^^^No cable or link-active needed; just fake it
interface loopback 10
description Same IP as GREEN
vrf forwarding BLUE
ip address 192.168.1.1 255.255.255.0
interface loopback 20
vrf forwarding GREEN
description Same IP as BLUE
ip address 192.168.1.1 255.255.255.0
ip routing
!
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
network 192.168.10.0 0.0.0.255 area 0
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
network 192.168.10.0 0.0.0.255 area 0
! MORE ERRORS -- MORTEM
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
ip route vrf BLUE 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 8.8.8.8
! ---
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
¶ Router 1 -- COMPLETE SHOW RUNNING
router1#show running
Building configuration...
Current configuration : 2892 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
vrf definition BLUE
rd 10:10
!
address-family ipv4
exit-address-family
!
vrf definition GREEN
rd 20:20
!
address-family ipv4
exit-address-family
!
vrf definition GREY
rd 99:99
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO222913HF
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback9
ip address 9.9.9.9 255.255.255.0
ip nat inside
!
interface Loopback99
ip address 10.99.99.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.10
encapsulation dot1Q 10
vrf forwarding BLUE
ip address 10.0.10.1 255.255.255.0
!
interface GigabitEthernet0/0/1.20
encapsulation dot1Q 20
vrf forwarding GREEN
ip address 10.0.20.1 255.255.255.0
ip nat inside
!
interface Serial0/1/0
no ip address
shutdown
!
interface Serial0/1/1
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
router ospf 9
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
ip route vrf BLUE 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 8.8.8.8
!
!
ip access-list extended NAT-ACL
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.0.0.0 0.255.255.255 any
ip access-list extended NINE
permit ip 9.9.9.0 0.0.0.255 any
!
access-list 1 permit 0.0.0.0 255.0.0.0
access-list 2 permit 10.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
ntp server pool.ntp.org
!
end
¶ mls 2 -- COMPLETE SHOW RUNNING
mls2#show running
Building configuration...
Current configuration : 10006 bytes
!
! Last configuration change at 15:20:59 UTC Wed Feb 22 2023
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform punt-keepalive disable-kernel-core
!
hostname mls2
!
!
vrf definition BLUE
rd 10:10
!
address-family ipv4
exit-address-family
!
vrf definition GREEN
rd 20:20
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision c9300l-24t-4g
!
!
!
!
ip routing
!
!
!
!
!
no ip domain lookup
!
!
!
login on-success log
!
!
!
!
!
!
!
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-1611847103
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1611847103
revocation-check none
rsakeypair TP-self-signed-1611847103
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-1611847103
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363131 38343731 3033301E 170D3233 30323231 30383234
33395A17 0D333330 32323030 38323433 395A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36313138
34373130 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100C891 5202ED1F 124542DC D340614A 124C9628 BD64F762 E87DFBBE
FA135F10 610C0D8E B148B39A 35FBE23A F7C2BB9A 7CF6F45C 716EA151 6C973E65
AC180E9C 1894996F 4DE1053D 6161B072 55626D69 51FC0771 DFF47932 B43A43C8
251CF5B3 85A2A010 631C8058 B1BAEDAF B53E7276 EB41A9A8 C9EBEDF8 AC19323D
C3BC3B62 40A6F093 E5D479D4 52C52635 83264453 FE43473C 59396184 C42A8F44
EDD49941 126A2704 C5E53132 69BA8DDF 8E3B0256 BCCF0BCA 0EC1C28A 7916DFD9
5B5ACE7A 2FAAB869 B508C444 1E235E08 E38A9E45 0E021849 78181EA5 B7BF545B
4BFCCCAA 288A2422 FEE5B127 D6426A7D B0A8A173 B000AEF2 9582DB4E 2022D917
0D2B8F6E 4E210203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14A714F6 E119202A 3FD0F767 3E56DD88 D65FF979
29301D06 03551D0E 04160414 A714F6E1 19202A3F D0F7673E 56DD88D6 5FF97929
300D0609 2A864886 F70D0101 05050003 82010100 B7D8A32D 60BACE3A 38874FD7
761D2FDA D7E6395F 28F90AFF 5406C4CF 16B3AB59 FD2C3367 1FAF4659 133EC30D
A75D4885 D1A0A9A9 8AC13524 73D633F1 7551AA6D 94F8C32A 44DEA15E 6E71FA73
EE2506B8 16D871DE B4671E75 536250E9 A794F679 32A1C6B3 5DB2883D 04704478
E8692018 99B7BA41 91379E8F 0179A2CB 129349AA 41CB61C6 A35DF462 623BB841
E0221510 02EC71BB BBE2F684 3FFA3C00 36546119 26DF2827 A5EA711E 050A94E9
E6474C33 6CAE9959 B444FFDF BDB18B50 C0C8CAD6 D9006AA4 C62B5AD6 7A8EFEB2
F45BC1DD A2556013 9D0D4F5F 671F8FF6 0995FCF5 D11027AF 83319FBB DBB24DB2
6DBD38CF 72D171A5 C7F9BDD1 5E65A599 825F406F
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
!
license boot level network-advantage addon dna-advantage
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 133114
!
!
redundancy
mode sso
!
!
!
!
!
!
transceiver type all
monitoring
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback10
description Same IP as GREEN
vrf forwarding BLUE
ip address 192.168.1.1 255.255.255.0
!
interface Loopback20
description Same IP as BLUE
vrf forwarding GREEN
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
description This is L2 ! No VRF !!
switchport access vlan 10
switchport mode access
no keepalive
!
interface GigabitEthernet1/0/22
description This is L2 ! No VRF !!
switchport access vlan 20
switchport mode access
no keepalive
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface AppGigabitEthernet1/0/1
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
vrf forwarding BLUE
ip address 10.0.10.2 255.255.255.0
!
interface Vlan20
vrf forwarding GREEN
ip address 10.0.20.2 255.255.255.0
!
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
network 192.168.10.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line vty 0 4
login
transport input ssh
line vty 5 31
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end
¶ Internet 3 -- COMPLETE SHOW RUNNING
Internet#show running
Building configuration...
Current configuration : 1401 bytes
!
! Last configuration change at 13:51:27 UTC Wed Feb 22 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Internet
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO222917ND
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 8.8.8.8 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface Serial0/1/0
no ip address
shutdown
!
interface Serial0/1/1
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 10.0.0.0 255.0.0.0 8.8.8.1
ip route 192.168.0.0 255.255.0.0 8.8.8.1
!
!
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
¶ Hela NAT-sessionen när det funkade i mitten ?!?
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]:
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]:
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
*Feb 21 08:25:45.975: %SMART_LIC-6-AGENT_READY: Smart Agent for Licensing is initialized
*Feb 21 08:25:47.594: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = securityk9 and License = securityk9
*Feb 21 08:25:47.622: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = ipbasek9 and License = ipbasek9
*Feb 21 08:25:48.854: %ISR_THROUGHPUT-6-LEVEL: Throughput level has been set to 50000 kbps
*Feb 21 08:25:50.869: %IOSXE_RP_NV-3-NV_ACCESS_FAIL: Initial read of NVRAM contents failed
*Feb 21 08:25:54.412: dev_pluggable_optics_selftest attribute table internally inconsistent @ 0x144
*Feb 21 08:25:58.139: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Feb 21 08:25:59.155: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Feb 21 08:25:59.156: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Feb 21 08:25:59.156: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Feb 21 08:25:59.169: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Feb 21 08:26:00.418: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Feb 21 08:26:00.469: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Feb 21 08:26:00.470: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Feb 21 08:26:00.470: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Feb 21 08:26:00.470: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Feb 21 08:26:00.470: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Feb 21 08:26:01.823: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Feb 21 08:26:01.823: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/1, interfaces disabled
*Feb 21 08:26:01.827: %SPA_OIR-6-OFFLINECARD: SPA (ISR4321-2x1GE) offline in subslot 0/0
*Feb 21 08:26:01.829: %SPA_OIR-6-OFFLINECARD: SPA (NIM-2T) offline in subslot 0/1
*Feb 21 08:26:01.833: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Feb 21 08:26:01.833: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Feb 21 08:26:01.857: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Feb 21 08:26:01.857: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Feb 21 08:26:01.905: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Feb 21 08:26:01.908: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/1
*Feb 21 08:26:02.003: %SPA-3-ENVMON_NOT_MONITORED: SIP0: iomd: Environmental monitoring is not enabled for ISR4321-2x1GE[0/0]
*Feb 21 08:26:07.845: %SPA_OIR-6-ONLINECARD: SPA (ISR4321-2x1GE) online in subslot 0/0
*Feb 21 08:26:09.794: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Feb 21 08:26:09.838: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Feb 21 08:28:27.417: %SPA_OIR-6-ONLINECARD: SPA (NIM-2T) online in subslot 0/1
*Feb 21 08:28:29.403: %LINK-3-UPDOWN: Interface Serial0/1/0, changed state to down
*Feb 21 08:28:29.409: %LINK-3-UPDOWN: Interface Serial0/1/1, changed state to down
*Feb 22 13:29:41.441: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Feb 22 13:29:42.441: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up
*Feb 22 13:30:19.171: %LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to administratively down
*Feb 22 13:30:19.171: %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to administratively down
*Feb 22 13:30:19.171: %LINK-5-CHANGED: Interface Serial0/1/0, changed state to administratively down
*Feb 22 13:30:19.172: %LINK-5-CHANGED: Interface Serial0/1/1, changed state to administratively down
*Feb 22 13:30:19.173: %LINK-5-CHANGED: Interface GigabitEthernet0, changed state to administratively down
*Feb 22 13:30:19.208: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
*Feb 22 13:30:20.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to down
*Feb 22 13:30:22.100: %SYS-5-RESTART: System restarted --
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre
*Feb 22 13:30:22.271: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Feb 22 13:30:22.271: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
mls2>
mls2>
mls2>
mls2>
*Feb 22 13:30:42.287: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Feb 22 13:30:42.287: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
Router>
Router>ena
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Internet
Internet(config)#interf gi 0/0/0
Internet(config-if)#ip address 8.8.8.8 255.255.255.0
Internet(config-if)#no shut
Internet(config-if)#
*Feb 22 13:31:17.543: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Feb 22 13:31:21.546: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Feb 22 13:31:22.546: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up^Z
Internet#
Internet#
*Feb 22 13:31:24.694: %SYS-5-CONFIG_I: Configured from console stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
router1#
router1#
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#interf gi 0/0/0
router1(config-if)#ip address 8.8.8.1 255.255.255.0
router1(config-if)#^Z
router1#
router1#show
*Feb 22 12:32:18.214: %SYS-5-CONFIG_I: Configured from console by consoleip interf bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 8.8.8.1 YES manual up up
GigabitEthernet0/0/1 unassigned YES NVRAM up up
Gi0/0/1.10 10.0.10.1 YES NVRAM up up
Gi0/0/1.20 10.0.20.1 YES NVRAM up up
Serial0/1/0 unassigned YES NVRAM administratively down down
Serial0/1/1 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES NVRAM down down
Loopback9 9.9.9.9 YES NVRAM up up
Vlan1 unassigned YES unset administratively down down
router1#
router1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#show vrf
Name Default RD Protocols Interfaces
BLUE 10:10 ipv4
GREEN 20:20 ipv4 Gi0/0/1.20
GREY 99:99 ipv4 Gi0/0/0
Mgmt-intf <not set> ipv4,ipv6 Gi0
router1#ping VRF GREY 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
router1#
router1#show running interf gi 0/0/0
Building configuration...
Current configuration : 164 bytes
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
vrf forwarding GREY
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
end
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#interface GigabitEthernet0/0/0
router1(config-if)#no vrf forwarding GREY
% Interface GigabitEthernet0/0/0 IPv4 disabled and address(es) removed due to enabling VRF GREY
router1(config-if)# ip address 8.8.8.1 255.255.255.0
router1(config-if)# ip nat outside
router1(config-if)# description vrf Common (grey color)
router1(config-if)#do show running interf gi 0/0/0
Building configuration...
Current configuration : 143 bytes
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
end
router1(config-if)#^Z
router1#
router1#ping
*Feb 22 12:33:50.314: %SYS-5-CONFIG_I: Configured from console by console8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
router1#
router1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.1/32 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#show runn | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 192.168.16.14 192.168.16.14 prefix-length 30
ip nat inside source list NINE pool DIA vrf BLUE match-in-vrf overload
ip nat inside source list NINE interface GigabitEthernet0/0/0 vrf GREY overload
router1#no ip nat pool DIA 192.168.16.14 192.168.16.14 prefix-length 30
^
% Invalid input detected at '^' marker.
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#$ool DIA 192.168.16.14 192.168.16.14 prefix-length 30
router1(config)#$ool DIA 8.8.8.1 8.8.8.3 prefix-length 24
%Pool DIA not found
router1(config)# ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
router1(config)#do show run | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
ip nat inside source list NINE pool DIA vrf BLUE match-in-vrf overload
ip nat inside source list NINE interface GigabitEthernet0/0/0 vrf GREY overload
router1(config)#$NE interface GigabitEthernet0/0/0 vrf GREY overload
router1(config)#
router1(config)#do show run | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
ip nat inside source list NINE pool DIA vrf BLUE match-in-vrf overload
router1(config)#do show vrf
Name Default RD Protocols Interfaces
BLUE 10:10 ipv4
GREEN 20:20 ipv4 Gi0/0/1.20
GREY 99:99 ipv4
Mgmt-intf <not set> ipv4,ipv6 Gi0
router1(config)#show running | begin igabit
^
% Invalid input detected at '^' marker.
router1(config)#do show running | begin igabit
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.10
encapsulation dot1Q 10
ip address 10.0.10.1 255.255.255.0
!
interface GigabitEthernet0/0/1.20
encapsulation dot1Q 20
vrf forwarding GREEN
ip address 10.0.20.1 255.255.255.0
ip nat inside
!
interface Serial0/1/0
no ip address
shutdown
router1(config)#conf t
^
% Invalid input detected at '^' marker.
router1(config)#interface GigabitEthernet0/0/1.10
router1(config-subif)# vrf forwarding BLUE
% Interface GigabitEthernet0/0/1.10 IPv4 disabled and address(es) removed due to disabling VRF BLUE
router1(config-subif)#
*Feb 22 12:36:57.316: %OSPF-5-ADJCHG: Process 9, Nbr 192.168.1.1 on GigabitEthernet0/0/1.10 from FULL to DOWN, Neighbor Down: Interface down or detachedip address 10.0.10.1 255.255.255.0
router1(config-subif)#
router1(config-subif)#do show vrf
Name Default RD Protocols Interfaces
BLUE 10:10 ipv4 Gi0/0/1.10
GREEN 20:20 ipv4 Gi0/0/1.20
GREY 99:99 ipv4
Mgmt-intf <not set> ipv4,ipv6 Gi0
router1(config-subif)#
router1(config-subif)#
mls2>
mls2>ena
mls2#ping VRF BLUE 8.8.8.8
*Feb 22 13:36:22.066: %OSPF-5-ADJCHG: Process 1, Nbr 9.9.9.9 on Vlan10 from FULL to DOWN, Neighbor Down: Dead timer expired
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
...
*Feb 22 13:36:30.383: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.10.1 on Vlan10 from LOADING to FULL, Loading Done.U
Success rate is 0 percent (0/5)
mls2#ping VRF BLUE 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
mls2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
mls2#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.0.10.1 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.0.10.1, 00:00:28, Vlan10
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, Vlan10
L 10.0.10.2/32 is directly connected, Vlan10
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Loopback10
L 192.168.1.1/32 is directly connected, Loopback10
mls2#ping VRF BLUE 10.0.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
mls2#¦?¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
router1(config-subif)#^Z
router1#
router1#show
*Feb 22 12:38:55.088: %SYS-5-CONFIG_I: Configured from console by consoleip acc
router1#show ip access-lists
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1#show running | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
ip nat inside source list NINE pool DIA vrf BLUE match-in-vrf overload
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#$ce list NINE pool DIA vrf BLUE match-in-vrf overload
router1(config)#ip nat inside source list NAT-ACL pool DIA vrf BLUE match-in-v$
router1(config)#
router1(config)#
router1(config)#^Z
router1#
router1#
*Feb 22 12:39:45.987: %SYS-5-CONFIG_I: Configured from console by console
router1#show ip nat traB'
router1#show ip nat tr
router1#show ip nat translations
Total number of translations: 0
router1#show ip nat translations ?
esp Show ESP entries
filter extended filters
icmp Show ICMP entries
inside Inside address
outside Outside address
redundancy redundancy
standby Show translations on standby
tcp Show TCP entries
total Show total number of entries only
udp Show UDP entries
verbose Show extra information
vrf Display entries of VRF instance
| Output modifiers
<cr>
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#
mls2#ping VRF BLUE 10.0.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
mls2#ping VRF BLUE 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
mls2#
router1#
router1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.1/32 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#ip route vrf BLUE 0.0.0.0 0.0.0.0 gi
router1(config)#$f BLUE 0.0.0.0 0.0.0.0 gigabitEthernet 0/0/0 8.8.8.8
router1(config)#
mls2#ping VRF BLUE 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
mls2#ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]: 1000000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 1000000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
..
router1(config)#
router1(config)#^Z
router1#
router1#sh
*Feb 22 12:46:54.375: %SYS-5-CONFIG_I: Configured from console by consoleow ip nat tr
router1#show ip nat translations
Total number of translations: 0
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#sohw ip route
^
% Invalid input detected at '^' marker.
router1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.1/32 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
router1#
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#ip route 10.0.10.0 ?
A.B.C.D Destination prefix mask
router1(config)#ip route 10.0.10.0 255.255.255.0 g
router1(config)#ip route 10.0.10.0 255.255.255.0 gigabitEthernet 1/0/1.10
router1(config)#ip route 10.0.10.0 255.255.255.0 gigabitEthernet 1/0/1.10?
% Unrecognized command
router1(config)#ip route 10.0.10.0 255.255.255.0 gigabitEthernet 1/0/1.10 ?
% Unrecognized command
router1(config)#ip route 10.0.10.0 255.255.255.0 interf gigabitEthernet 1/0/1.$
router1(config)#$.0.10.0 255.255.255.0 interf gigabitEthernet 1/0/1.10 ?
% Unrecognized command
router1(config)#$.0.10.0 255.255.255.0 ?
A.B.C.D Forwarding router's address
ACR Virtual ACR interface
ATM-ACR ATM interface with ACR
Analysis-Module Cisco network analysis service module
AppNav-Compress Service-Context Virtual Interface Compress
AppNav-UnCompress Service-Context Virtual interface UnCompress
Async Async interface
Auto-Template Auto-Template interface
BDI Bridge-Domain interface
BVI Bridge-Group Virtual Interface
CDMA-Ix CDMA Ix interface
CEM-ACR Circuit Emulation interface with ACR
CTunnel CTunnel interface
Container Container interface
DHCP Default Gateway obtained from DHCP
Dialer Dialer interface
EsconPhy ESCON interface
Ethernet-Internal Ethernet-Internal interface
Fcpa Fiber Channel
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
router1(config)#ip route 10.0.10.0 255.255.255.0 gi 0/0/1.10 10.0.10.2
router1(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.1/32 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
10.0.0.0/24 is subnetted, 1 subnets
S 10.0.10.0 [1/0] via 10.0.10.2, GigabitEthernet0/0/1.10
router1(config)#
router1(config)#do show running | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
ip nat inside source list NAT-ACL pool DIA vrf BLUE match-in-vrf overload
router1(config)#$ce list NAT-ACL pool DIA vrf BLUE match-in-vrf overload
router1(config)#
router1(config)#....
Success rate is 0 percent (0/101)
mls2#
mls2#ping VRF BLUE 10.0.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
mls2#ping VRF BLUE 8.8.8.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
mls2#ping VRF BLUE 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
mls2#
mls2#
Internet>ena
Internet#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Internet(config)#ip route 10.0.0.0 255.0.0.0 8.8.8.1
Internet(config)#ip route 192.168.0.0 255.255.0.0 8.8.8.1
Internet(config)#^Z
Internet#
Internet#
*Feb 22 13:51:27.397: %SYS-5-CONFIG_I: Configured from console by console
Internet#
mls2#ping VRF BLUE 8.8.8.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
mls2#ping VRF BLUE 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
mls2#
mls2#ping VRF BLUE 8.8.8.8 ?
Extended-data specify extended data pattern
data specify data pattern
df-bit enable do not fragment bit in IP header
dscp Specify DSCP value in ASCII/Numeric
egress Force egress interface bypassing routing
ingress LAN source interface for Ingress
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
tos specify type of service value
validate validate reply data
<cr> <cr>
mls2#ping VRF BLUE 8.8.8.8 ti
mls2#ping VRF BLUE 8.8.8.8 timeout 5 rep 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 8.8.8.8, timeout is 5 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 99 percent (9481/9482), round-trip min/avg/max = 1/1/8 ms
mls2#ping VRF BLUE 8.8.8.8 timeout 5 rep 40
Type escape sequence to abort.
Sending 40, 100-byte ICMP Echos to 8.8.8.8, timeout is 5 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (40/40), round-trip min/avg/max = 1/1/1 ms
mls2#ping VRF BLUE 8.8.8.8 timeout 5 rep 80
Type escape sequence to abort.
Sending 80, 100-byte ICMP Echos to 8.8.8.8, timeout is 5 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!
Success rate is 100 percent (80/80), round-trip min/avg/max = 1/1/2 ms
mls2#ping VRF BLUE 8.8.8.8 timeout 5 rep 40
Type escape sequence to abort.
Sending 40, 100-byte ICMP Echos to 8.8.8.8, timeout is 5 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (40/40), round-trip min/avg/max = 1/1/1 ms
mls2#
mls2#
mls2#
Internet#
Internet#
Internet#
mls2#
mls2#
mls2#
Internet#
Internet#
Internet#
router1(config)#
router1(config)#$list NAT-ACL pool DIA vrf BLUE match-in-vrf overload
router1(config)#
router1(config)#do show ip nat tra
router1(config)#do show ip nat translations
Total number of translations: 0
router1(config)#do show ip nat translations vrf BLUE
Total number of translations: 0
router1(config)#
mls2#
mls2#ping VRF BLUE 8.8.8.8 timeout 5 rep 80
Type escape sequence to abort.
Sending 80, 100-byte ICMP Echos to 8.8.8.8, timeout is 5 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!
Success rate is 100 percent (80/80), round-trip min/avg/max = 1/1/1 ms
mls2#
router1(config)#
router1(config)#do show ip nat translations vrf BLUE
Total number of translations: 0
router1(config)#do show ip nat translations
Total number of translations: 0
router1(config)#
router1(config)#^Z
router1#
router1#
*Feb 22 13:04:48.337: %SYS-5-CONFIG_I: Configured from console by console
router1#show ip acc
router1#show ip access-lists
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1#ping 8.8.8.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router1#
router1#ping 8.8.8.2 vrf BLUE
^
% Invalid input detected at '^' marker.
router1#ping vrf BLUE
Protocol [ip]:
router1#ping vrf BLUE 8.8.8.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router1#ping vrf BLUE 8.8.8.1 so
router1#ping vrf BLUE 8.8.8.1 source 10.0.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.10.1
.....
Success rate is 0 percent (0/5)
router1#
router1#show running | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
ip nat inside source list NAT-ACL pool DIA vrf BLUE match-in-vrf overload
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#ip nat inso
router1(config)#ip nat ins
router1(config)#ip nat inside ?
destination Destination address translation
source Source address translation
router1(config)#ip nat inside so
router1(config)#ip nat inside source list
router1(config)#ip nat inside source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping
router1(config)#ip nat inside source list ?
<1-2699> Access list number for local addresses
WORD Access list name for local addresses
router1(config)#ip nat inside source list 1 ?
interface Specify interface for global address
pool Name pool of global addresses
router1(config)#ip nat inside source list 1 pool ?
WORD Pool name for global addresses
router1(config)#ip nat inside source list 1 pool NAT-VRF ?
oer Use with vtemplate only. On new translation, if OER BR is UP,
OER will select IP from outgoing Interface. All packets matching
translation are forwarded over Interface for duration of
translation.
overload Overload an address translation
redundancy NAT redundancy operation
vrf Specify vrf
<cr>
router1(config)#ip nat inside source list 1 pool NAT-VRF vrf BLUE ?
match-in-vrf Match incoming vrf
overload Overload an address translation
<cr>
router1(config)#ip nat inside source list 1 pool NAT-VRF vrf BLUE ma
router1(config)#$de source list 1 pool NAT-VRF vrf BLUE match-in-vrf
router1(config)#do show ip nat translations
Total number of translations: 0
router1(config)#do show running | incl nat|NAT
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
ip nat inside source list 1 pool NAT-VRF vrf BLUE match-in-vrf
ip nat inside source list NAT-ACL pool DIA vrf BLUE match-in-vrf overload
ip access-list extended NAT-ACL
router1(config)#do show access-list
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1(config)#access-list 1 permit 10.0.0.0 255.0.0.0
router1(config)#do show access-list
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.0.0.0
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1(config)#access-list 2 permit 10.0.0.0 0.0.0.255
router1(config)#
router1(config)#$ce list NAT-ACL pool DIA vrf BLUE match-in-vrf overload
router1(config)#no ip nat pool DIA 8.8.8.1 8.8.8.3 prefix-length 24
router1(config)#no ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
%Pool DIA not found
router1(config)# ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
router1(config)#do show access-list
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.0.0.0
Standard IP access list 2
10 permit 10.0.0.0, wildcard bits 0.0.0.255
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1(config)#do show running | incl nat|NAT
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 1 pool NAT-VRF vrf BLUE match-in-vrf
ip access-list extended NAT-ACL
router1(config)#do show access-list
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.0.0.0
Standard IP access list 2
10 permit 10.0.0.0, wildcard bits 0.0.0.255
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1(config)#ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#
router1(config)#^Z
router1#c
*Feb 22 13:18:25.335: %SYS-5-CONFIG_I: Configured from console by consolelear ip nat
% Incomplete command.
router1#clear ip nat tra
router1#clear ip nat translation ?
* Delete all dynamic translations
esp Encapsulating Security Payload
forced Delete all dynamic translations (forcefully)
inside Inside addresses (and ports)
outside Outside addresses (and ports)
redundancy Delete all dynamic translation in an RG instance (forcefullly)
tcp Transmission Control Protocol
udp User Datagram Protocol
vrf Delete all dynamic translation in a VRF instance
router1#clear ip nat translation *
router1#
router1#
router1#
router1#show ip nat tra
router1#show ip nat translations
Total number of translations: 0
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.1/32 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
10.0.0.0/24 is subnetted, 1 subnets
S 10.0.10.0 [1/0] via 10.0.10.2, GigabitEthernet0/0/1.10
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#show running | sec ospf
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
router ospf 9
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
router1#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router1#ping vrf BLUE 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router1#
router1#
router1#show ip ospf 2
Routing Process "ospf 2" with ID 10.0.20.1
Domain ID type 0x0005, value 0.0.0.2
Start time: 00:01:36.431, Time elapsed: 1d03h
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Connected to MPLS VPN Superbackbone, VRF GREEN
Event-log disabled
It is an area border and autonomous system boundary router
Redistributing External Routes from,
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 1. Checksum Sum 0x00F766
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 1d03h ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 3. Checksum Sum 0x01DE9E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#show ip route vrf GREEN
Routing Table: GREEN
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.20.0/24 is directly connected, GigabitEthernet0/0/1.20
L 10.0.20.1/32 is directly connected, GigabitEthernet0/0/1.20
router1#show ip ospf summ
router1#show ip ospf summary-address
OSPF Router with ID (9.9.9.9) (Process ID 9)
Base Topology (MTID 0)
OSPF Router with ID (10.0.20.1) (Process ID 2)
Base Topology (MTID 0)
OSPF Router with ID (10.0.10.1) (Process ID 1)
Base Topology (MTID 0)
router1#show ip ospf
Routing Process "ospf 9" with ID 9.9.9.9
Start time: 00:01:36.433, Time elapsed: 1d03h
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router
Redistributing External Routes from,
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 1. Checksum Sum 0x0056FC
router1#show ip ospf ?
<1-65535> Process ID number
border-routers Border and Boundary Router Information
database Database summary
events OSPF event information
flood-list Link state flood list
interface Interface information
max-metric Max-metric origination information
mpls MPLS related information
multi-area Multi-area interfaces information
neighbor Neighbor list
nsf Non-stop forwarding state information
nsr Non-stop routing information
request-list Link state request list
retransmission-list Link state retransmission list
rib Routing Information Base (RIB)
sham-links Sham link information
statistics Various OSPF Statistics
summary-address Summary-address redistribution Information
timers OSPF timers information
topology-info Topology Info
traffic Traffic related statistics
virtual-links Virtual link information
| Output modifiers
<cr>
router1#show ip ospf interface
GigabitEthernet0/0/1.20 is up, line protocol is up
Internet Address 10.0.20.1/24, Area 0, Attached via Network Statement
Process ID 2, Router ID 10.0.20.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 10.0.20.2, Interface address 10.0.20.2
Backup Designated router (ID) 10.0.20.1, Interface address 10.0.20.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 1 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.0.20.2 (Designated Router)
Suppress hello for 0 neighbor(s)
GigabitEthernet0/0/1.10 is up, line protocol is up
Internet Address 10.0.10.1/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 10.0.10.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 192.168.1.1, Interface address 10.0.10.2
Backup Designated router (ID) 10.0.10.1, Interface address 10.0.10.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:04
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 1 msec, maximum is 1 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.1.1 (Designated Router)
Suppress hello for 0 neighbor(s)
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#interf gi 0/0/1.10
router1(config-subif)#shut
router1(config-subif)#
*Feb 22 13:26:20.087: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on GigabitEthernet0/0/1.10 from FULL to DOWN, Neighbor Down: Interface down or detached
router1(config-subif)#do debug ip ospf events
OSPF events debugging is on
router1(config-subif)#no shut
router1(config-subif)#
*Feb 22 13:26:39.024: OSPF EVENT Gi0/0/1.10: Route adjust
*Feb 22 13:26:39.025: OSPF-1 EVENT: Config: network 10.0.0.0 255.0.0.0 area 0
*Feb 22 13:27:19.028: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on GigabitEthernet0/0/1.10 from LOADING to FULL, Loading Done
router1(config-subif)#do show ip ospf interf bri
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/0/1.20 2 0 10.0.20.1/24 1 BDR 1/1
Gi0/0/1.10 1 0 10.0.10.1/24 1 BDR 1/1
router1(config-subif)#do show ip ospf bri
^
% Invalid input detected at '^' marker.
router1(config-subif)#^Z
router1#
router1#show
*Feb 22 13:28:51.181: %SYS-5-CONFIG_I: Configured from console by consolevrf
Name Default RD Protocols Interfaces
BLUE 10:10 ipv4 Gi0/0/1.10
GREEN 20:20 ipv4 Gi0/0/1.20
GREY 99:99 ipv4
Mgmt-intf <not set> ipv4,ipv6 Gi0
router1#show running interf gi 0/0/0
Building configuration...
Current configuration : 143 bytes
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
end
router1#
router1#show ip access
router1#show ip access-lists
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.0.0.0
Standard IP access list 2
10 permit 10.0.0.0, wildcard bits 0.0.0.255
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1#show running | incl acc
ip access-list extended NAT-ACL
ip access-list extended NINE
access-list 1 permit 0.0.0.0 255.0.0.0
access-list 2 permit 10.0.0.0 0.0.0.255
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#access-list 2 permit 10.0.0.0 0.0.0.255
% Duplicate permit statement ignored.
router1(config)#no access-list 2 permit 10.0.0.0 0.0.0.255
router1(config)#no access-list 2 permit 10.0.0.0 0.255.255.255
router1(config)#
router1(config)#do show runn | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 1 pool NAT-VRF vrf BLUE match-in-vrf
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#$nside source list 1 pool NAT-VRF vrf BLUE match-in-vrf
router1(config)#no ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#
router1(config)#do show runn | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
router1(config)#ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#^Z
router1#
router1#show
*Feb 22 13:31:33.300: %SYS-5-CONFIG_I: Configured from console by consoleip nat tra
router1#showip nat tra
^
% Invalid input detected at '^' marker.
router1#show ip nat tra
Total number of translations: 0
router1#show ip nat tra vrf BLUE
Total number of translations: 0
router1#
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#interf loo 99
router1(config-if)#
*Feb 22 13:32:15.142: OSPF EVENT Lo99: Bandwidth changed
*Feb 22 13:32:15.143: OSPF EVENT Lo99: Topology state change
*Feb 22 13:32:15.143: OSPF EVENT Lo99: Topology state change
*Feb 22 13:32:15.144: OSPF EVENT Lo99: VRF change in tableid 0
*Feb 22 13:32:15.144: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback99, changed state to up
router1(config-if)#do show runn | sec Interf
router1(config-if)#do show runn | sec interf
interface Loopback9
ip address 9.9.9.9 255.255.255.0
ip nat inside
interface Loopback99
no ip address
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
interface GigabitEthernet0/0/1
no ip address
negotiation auto
interface GigabitEthernet0/0/1.10
encapsulation dot1Q 10
vrf forwarding BLUE
ip address 10.0.10.1 255.255.255.0
interface GigabitEthernet0/0/1.20
encapsulation dot1Q 20
vrf forwarding GREEN
ip address 10.0.20.1 255.255.255.0
ip nat inside
interface Serial0/1/0
router1(config-if)#ip address 10.99.99.1 255.255.255.0
router1(config-if)#no shu
*Feb 22 13:33:27.994: OSPF EVENT Lo99: IP address removed
*Feb 22 13:33:27.994: OSPF EVENT Lo99: Topology state change
*Feb 22 13:33:27.994: OSPF EVENT Lo99: IP address changed
*Feb 22 13:33:27.994: OSPF-9 EVENT: Config: network 10.0.0.0 255.0.0.0 area 0
*Feb 22 13:33:27.996: OSPF EVENT Lo99: Route adjust
*Feb 22 13:33:27.996: OSPF-9 EVENT: Config: network 10.0.0.0 255.0.0.0 area 0t
router1(config-if)#
router1(config-if)#
router1(config-if)#^Z
router1#
router1#
*Feb 22 13:33:52.147: %SYS-5-CONFIG_I: Configured from console by consoleshow ip nat tra
router1#show ip nat tra
Total number of translations: 0
router1#ping so
router1#ping 8.8.8.8 so
router1#ping 8.8.8.8 source lo
router1#ping 8.8.8.8 source loo
router1#ping 8.8.8.8 source loopback 99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router1#show running | incl nat
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#ip nat inside source list 2 pool DIA
router1(config)#
router1(config)#
router1(config)#^Z
router1#show running | incl nat
*Feb 22 13:35:07.591: %SYS-5-CONFIG_I: Configured ping 8.8.8.8 source loopback 99
router1#ping 8.8.8.8 source loopback 99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router1#show ip nat tra
router1#show ip nat translations
Total number of translations: 0
router1#show ip nat translations vrf BL
NAT-VRF : BL does not exist.
router1#show ip nat translations vrf BL
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#
router1#
router1#
router1#
router1#
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
Loading ipxe.efi from 192.168.16.10 (via GigabitEthernet0/0/0): !!!!!
[OK - 1083392 bytes]
Press RETURN to get started!
*Feb 21 08:25:22.761: %SMART_LIC-6-AGENT_READY: Smart Agent for Licensing is initialized
*Feb 21 08:25:24.537: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = securityk9 and License = securityk9
*Feb 21 08:25:24.565: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = ipbasek9 and License = ipbasek9
*Feb 21 08:25:25.769: %ISR_THROUGHPUT-6-LEVEL: Throughput level has been set to 50000 kbps
*Feb 21 08:25:27.663: %IOSXE_RP_NV-3-NV_ACCESS_FAIL: Initial read of NVRAM contents failed
*Feb 21 08:25:31.252: dev_pluggable_optics_selftest attribute table internally inconsistent @ 0x144
*Feb 21 08:25:34.870: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Feb 21 08:25:35.884: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Feb 21 08:25:35.884: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Feb 21 08:25:35.884: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Feb 21 08:25:35.893: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Feb 21 08:25:37.162: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Feb 21 08:25:37.219: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Feb 21 08:25:37.219: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Feb 21 08:25:37.220: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Feb 21 08:25:37.220: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Feb 21
MZ
^
% Invalid input detected at '^' marker.
08:25:37.220: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Feb 21 08:25:38.595: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Feb 21 08:25:38.596: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/1, interfaces disabled
*Feb 21 08:25:38.600: %SPA_OIR-6-OFFLINECARD: SPA (ISR4321-2x1GE) offline in subslot 0/0
*Feb 21 08:25:38.601: %SPA_OIR-6-OFFLINECARD: SPA (NIM-2T) offline in subslot 0/1
*Feb 21 08:25:38.605: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Feb 21 08:25:38.605: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Feb 21 08:25:38.628: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Feb 21 08:25:38.628: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Feb 21 08:25:38.649: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Feb 21 08:25:38.653: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/1
*Feb 21 08:25:38.750: %SPA-3-ENVMON_NOT_MONITORED: SIP0: iomd: Environmental monitoring is not enabled for ISR4321-2x1GE[0/0]
*Feb 21 08:25:44.086: %SPA_OIR-6-ONLINECARD: SPA (ISR4321-2x1GE) online in subslot 0/0
*Feb 21 08:25:46.041: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Feb 21 08:25:46.081: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Feb 21 08:28:04.184: %SPA_OIR-6-ONLINECARD: SPA (NIM-2T) online in subslot 0/1
*Feb 21 08:28:06.175: %LINK-3-UPDOWN: Interface Serial0/1/0, changed state to down
*Feb 21 08:28:06.179: %LINK-3-UPDOWN: Interface Serial0/1/1, changed state to down
*Feb 22 14:36:24.098: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Feb 22 14:36:25.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up
*Feb 22 14:36:37.708: %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to administratively down
*Feb 22 14:36:37.708: %LINK-5-CHANGED: Interface Serial0/1/0, changed state to administratively down
*Feb 22 14:36:37.708: %LINK-5-CHANGED: Interface Serial0/1/1, changed state to administratively down
*Feb 22 14:36:37.708: %LINK-5-CHANGED: Interface GigabitEthernet0, changed state to administratively down
*Feb 22 14:36:37.745: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
*Feb 22 14:36:38.071: AUTOINSTALL: GigabitEthernet0/0/0 is assigned 192.168.16.18
*Feb 22 14:36:38.071: AUTOINSTALL: Obtain tftp server name @(
*Feb 22 14:36:38.071: AUTOINSTALL: Obtain tftp server address (opt 150) 192.168.16.10
*Feb 22 14:36:38.071: PNPA: Setting autoinstall complete to true for 192.168.16.10
*Feb 22 14:36:38.846: %SYS-5-RESTART: System restarted --
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre
*Feb 22 14:36:39.016: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Feb 22 14:36:39.016: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Feb 22 14:36:45.969: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Feb 22 14:36:45.969: %SYS-5-CONFIG_I: Configured from tftp://192.168.16.10/ipxe.efi by console
Router>
Router>
Router>
Router>ena
Router#
*Feb 22 14:36:59.033: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Feb 22 14:36:59.033: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname DUMMY
DUMMY(config)#interf gi 0/0/0
DUMMY(config-if)#ip address dhcp
%Error: Removing name-server 193.10.199.96
%Error: Removing name-server 193.10.198.35
DUMMY(config-if)#no shut
DUMMY(config-if)#ip na
*Feb 22 14:37:34.449: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0/0/0 assigned DHCP address 192.168.16.18, mask 255.255.255.0, hostname DUMMY
t out
DUMMY(config-if)#ip nat outside
DUMMY(config-if)#
router1#
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#interf loo 99
router1(config-if)#ip nat insi
router1(config-if)#ip nat inside
router1(config-if)#^Z
router1#
router1#conf t
*Feb 22 13:38:11.111: %SYS-5-CONFIG_I: Configured from console by cshow ip nat translations
router1#ping 8.8.8.8 source loopback 99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
router1#
router1#show ip nat tra
router1#show ip nat translations
Total number of translations: 0
router1#show ip nat translations BLUE
^
% Invalid input detected at '^' marker.
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#
router1#show ip nat
% Incomplete command.
router1#show ip nat ?
bpa Bulk Port Allocation information
limits Limit statistics
pool Pool and port statistics
portblock TCP/UDP port blocks allocated for NAT
statistics Translation statistics
translations Translation entries
router1#show ip nat stat
router1#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
GigabitEthernet0/0/0
Inside interfaces:
GigabitEthernet0/0/1.20, Loopback9, Loopback99
Hits: 10 Misses: 3
Expired translations: 3
Dynamic mappings:
-- Inside Source
[Id: 8] access-list 2 pool DIA refcount 0
pool DIA: id 3, netmask 255.255.255.0
start 8.8.8.2 end 8.8.8.7
type generic, total addresses 6, allocated 0 (0%), misses 0
[Id: 7] access-list 2 pool DIA refcount 0
pool DIA: id 3, netmask 255.255.255.0
start 8.8.8.2 end 8.8.8.7
type generic, total addresses 6, allocated 0 (0%), misses 0
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
In-to-out drops: 0 Out-to-in drops: 0
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 0
router1#
router1#show running interf
router1#show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 pool DIA
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#no ip nat inside source list 2 pool DIA
router1(config)#ip nat inside source list 2 interf
router1(config)#ip nat inside source list 2 interface gi
router1(config)#$de source list 2 interface gigabitEthernet 0/0/0 over
router1(config)#$de source list 2 interface gigabitEthernet 0/0/0 overload
router1(config)#^Z
router1#
router1#
*Feb 22 13:41:01.470: %SYS-5-CONFIG_I: Configured from console by consoleshow running | incl nat
router1#ping 8.8.8.8 source loopback 99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
router1#show ip nat tra
router1#show ip nat translations
Total number of translations: 0
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#
router1#
DUMMY(config-if)#
DUMMY(config-if)#interf gi 0/0/1
DUMMY(config-if)#ip address 192.168.1.1 255.255.255.0
DUMMY(config-if)#no shut
DUMMY(config-if)#
*Feb 22 14:43:52.451: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Feb 22 14:43:58.448: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Feb 22 14:43:59.448: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
DUMMY(config-if)#do show ip interf bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.16.18 YES DHCP up up
GigabitEthernet0/0/1 192.168.1.1 YES manual up up
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
DUMMY(config-if)#^Z
DUMMY#
DUMMY#sho
*Feb 22 14:44:43.989: %SYS-5-CONFIG_I: Configured from console by consolew ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.16.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.16.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/1
192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.16.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.16.18/32 is directly connected, GigabitEthernet0/0/0
DUMMY#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DUMMY(config)#interf gi 0/0/1
DUMMY(config-if)#ip nat insi
DUMMY(config-if)#ip nat inside
DUMMY(config-if)#interf gi 0/0/0
DUMMY(config-if)#ip nat out
DUMMY(config-if)#ip nat outside
DUMMY(config-if)#
DUMMY(config-if)#ip acc
DUMMY(config-if)#exit
DUMMY(config)#acc
DUMMY(config)#acce
DUMMY(config)#access-li
DUMMY(config)#access-list 2 per
DUMMY(config)#access-list 2 permit 192.168.1.0 0.0.0.255
DUMMY(config)#ip nat
DUMMY(config)#ip nat ins
DUMMY(config)#ip nat inside so
DUMMY(config)#ip nat inside source li
DUMMY(config)#ip nat inside source list 1 i
DUMMY(config)#ip nat inside source list 1 interface gi
DUMMY(config)#$de source list 1 interface gigabitEthernet 0/0/0 overl
DUMMY(config)#$de source list 1 interface gigabitEthernet 0/0/0 overload
DUMMY(config)#
DUMMY(config)#
DUMMY(config)#
DUMMY(config)#^Z
DUMMY#
DUMMY#show i
*Feb 22 14:46:56.628: %SYS-5-CONFIG_I: Configured from console by consolep nat tr
DUMMY#show ip nat translations
Total number of translations: 0
DUMMY#debug ip packet
IP packet debugging is on
DUMMY#
*Feb 22 14:47:35.527: IP: s=192.168.16.18 (local), d=192.168.16.1, len 340, local feature, feature skipped, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:47:35.527: IP: s=192.168.16.18 (local), d=192.168.16.1, len 340, local feature, feature skipped, Auth Proxy(16), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:47:35.527: IP: tableid=0, s=192.168.16.18 (local), d=192.168.16.1 (GigabitEthernet0/0/0), routed via FIB
*Feb 22 14:47:35.527: IP: s=192.168.16.18 (local), d=192.168.16.1 (GigabitEthernet0/0/0), len 340, sending
*Feb 22 14:47:35.527: IP: s=192.168.16.18 (local), d=192.168.16.1 (GigabitEthernet0/0/0), len 340, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
DUMMY#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.16.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.16.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/1
192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.16.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.16.18/32 is directly connected, GigabitEthernet0/0/0
DUMMY#
*Feb 22 14:48:16.577: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:16.577: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:16.577: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:16.577: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:48:16.577: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:16.577: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:48:16.577: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:48:16.577: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:48:17.338: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:17.338: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:17.338: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:17.338: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:48:17.338: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:17.339: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:48:17.339: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:48:17.339: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:48:18.104: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:18.104: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:18.104: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:18.104: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:48:18.104: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:48:18.104: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:48:18.104: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:48:18.104: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:05.123: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.123: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.123: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.123: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:05.123: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.123: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:05.123: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:05.123: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:05.884: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.884: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.884: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.884: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:05.884: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:05.884: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:05.884: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:05.884: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:06.650: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:06.650: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:06.650: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:06.650: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:06.650: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:06.650: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:06.650: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:06.650: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:29.554: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.554: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.554: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.554: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:29.554: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.554: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:29.554: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:29.554: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:29.795: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.795: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.795: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.795: IP: tableid=0, s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:29.795: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:29.795: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:29.795: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:29.795: IP: tableid=0, s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:30.309: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.309: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.309: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.309: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:30.309: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.309: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:30.309: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:30.309: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:30.541: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.541: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.541: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.541: IP: tableid=0, s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:30.541: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:30.542: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:30.542: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:30.542: IP: tableid=0, s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:31.075: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.075: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.075: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.075: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:31.075: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.075: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:31.075: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:31.075: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:31.307: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.307: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.307: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.307: IP: tableid=0, s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:31.307: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:31.307: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:31.307: IP: s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:31.307: IP: tableid=0, s=192.168.16.21 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:40.575: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:40.575: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:40.575: IP: tableid=0, s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), routed via RIB
*Feb 22 14:49:40.575: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), len 78, output feature, feature skipped, NAT Inside(8), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:40.575: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), len 78, rcvd 3
*Feb 22 14:49:40.575: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, stop process pak for forus packet
*Feb 22 14:49:40.575: IP: tableid=0, s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), routed via RIB
*Feb 22 14:49:41.329: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:41.329: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:41.329: IP: tableid=0, s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), routed via RIB
*Feb 22 14:49:41.329: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), len 78, output feature, feature skipped, NAT Inside(8), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:41.329: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), len 78, rcvd 3
*Feb 22 14:49:41.329: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, stop process pak for forus packet
*Feb 22 14:49:41.329: IP: tableid=0, s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), routed via RIB
*Feb 22 14:49:42.095: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.095: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.095: IP: tableid=0, s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), routed via RIB
*Feb 22 14:49:42.095: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), len 78, output feature, feature skipped, NAT Inside(8), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.095: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), len 78, rcvd 3
*Feb 22 14:49:42.095: IP: s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255, len 78, stop process pak for forus packet
*Feb 22 14:49:42.095: IP: tableid=0, s=192.168.1.10 (GigabitEthernet0/0/1), d=192.168.1.255 (GigabitEthernet0/0/1), routed via RIB
*Feb 22 14:49:42.311: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.311: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.311: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.311: IP: tableid=0, s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:42.311: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.311: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:42.311: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:42.311: IP: tableid=0, s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:42.700: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.700: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.700: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.700: IP: tableid=0, s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:42.700: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:42.700: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:42.700: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:42.700: IP: tableid=0, s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.072: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.072: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.072: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.072: IP: tableid=0, s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.072: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.072: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:43.072: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:43.072: IP: tableid=0, s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.338: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.338: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.338: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.339: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.339: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.339: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:43.339: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:43.339: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.451: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.451: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.451: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.451: IP: tableid=0, s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.451: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.451: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:43.451: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:43.451: IP: tableid=0, s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.837: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.837: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.837: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.837: IP: tableid=0, s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:43.837: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:43.837: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:43.837: IP: s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:43.838: IP: tableid=0, s=192.168.16.17 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:44.089: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.089: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.089: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.089: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:44.089: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.089: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:44.089: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:44.089: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:44.206: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.206: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.206: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.206: IP: tableid=0, s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:44.207: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.207: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:44.207: IP: s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:44.207: IP: tableid=0, s=192.168.16.12 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:44.840: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.840: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.841: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.841: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:44.841: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:44.841: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:44.841: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:44.841: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:48.902: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:48.902: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:48.902: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:48.902: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:48.902: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:48.902: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:48.902: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:48.902: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:49.654: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feaun ature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:49.654: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:49.654: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:49.654: IP: tableid=0, s=192.168.1ll
Parameter map cws-tunnel global not configured
All possible debugging has been turned off
DUMMY#6.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:49.654: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:49.654: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:49.654: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:49.654: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:50.419: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:50.419: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:50.419: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:50.419: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:49:50.419: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:49:50.419: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:49:50.420: IP: s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:49:50.420: IP: tableid=0, s=192.168.16.19 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:03.982: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 229, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:03.982: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 229, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:03.982: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 229, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:03.982: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:03.982: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 229, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:03.982: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 229, rcvd 3
*Feb 22 14:50:03.982: IP: s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255, len 229, stop process pak for forus packet
*Feb 22 14:50:03.982: IP: tableid=0, s=192.168.16.13 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:12.898: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:12.898: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:12.898: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:12.898: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:12.898: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:12.898: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:50:12.898: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:50:12.898: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:13.656: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:13.656: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:13.657: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:13.657: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:13.657: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:13.657: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:50:13.657: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:50:13.657: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:14.422: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, Virtual Fragment Reassembly(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:14.422: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, NAT Outside(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:14.422: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, input feature, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:14.422: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
*Feb 22 14:50:14.422: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, output feature, feature skipped, Post-routing NAT Outside(26), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Feb 22 14:50:14.422: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), len 78, rcvd 3
*Feb 22 14:50:14.422: IP: s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255, len 78, stop process pak for forus packet
*Feb 22 14:50:14.422: IP: tableid=0, s=192.168.16.32 (GigabitEthernet0/0/0), d=192.168.16.255 (GigabitEthernet0/0/0), routed via RIB
DUMMY#
DUMMY#
DUMMY#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.16.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.16.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/1
192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.16.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.16.18/32 is directly connected, GigabitEthernet0/0/0
DUMMY#show running | incl nat
ip nat outside
ip nat inside
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
DUMMY#show running | incl nat|interf
interface GigabitEthernet0/0/0
ip nat outside
interface GigabitEthernet0/0/1
ip nat inside
interface Serial0/1/0
interface Serial0/1/1
interface GigabitEthernet0
interface Vlan1
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip tftp source-interface GigabitEthernet0/0/0
DUMMY#show acc
DUMMY#show access
DUMMY#show access-li
DUMMY#show access-lists
Standard IP access list 2
10 permit 192.168.1.0, wildcard bits 0.0.0.255
DUMMY#show access-lists
Standard IP access list 2
10 permit 192.168.1.0, wildcard bits 0.0.0.255
DUMMY#show ip nat tra
DUMMY#show ip nat translations
Total number of translations: 0
DUMMY#show running | incl 192.168.1
ip address 192.168.1.1 255.255.255.0
access-list 2 permit 192.168.1.0 0.0.0.255
DUMMY#show running | incl 192.168.1|inter|nat
vlan internal allocation policy ascending
interface GigabitEthernet0/0/0
ip nat outside
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface Serial0/1/0
interface Serial0/1/1
interface GigabitEthernet0
interface Vlan1
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip tftp source-interface GigabitEthernet0/0/0
access-list 2 permit 192.168.1.0 0.0.0.255
DUMMY#show running | sec nat
ip nat outside
ip nat inside
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
DUMMY#
DUMMY#
DUMMY#
*Feb 22 15:02:10.538: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Feb 22 15:02:11.538: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to down
*Feb 22 15:02:16.556: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Feb 22 15:02:17.556: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
DUMMY#
DUMMY#show
DUMMY#show ip int
DUMMY#show ip interface br
DUMMY#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.16.18 YES DHCP up up
GigabitEthernet0/0/1 192.168.1.1 YES manual up up
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
DUMMY#
DUMMY#
DUMMY#show
DUMMY#show run
Building configuration...
Current configuration : 1463 bytes
!
! Last configuration change at 14:46:56 UTC Wed Feb 22 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname DUMMY
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO222916T0
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
interface Serial0/1/0
no ip address
shutdown
!
interface Serial0/1/1
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
!
!
access-list 2 permit 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
DUMMY#con f
% Ambiguous command: "con f"
DUMMY#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DUMMY(config)#$nside source list 1 interface GigabitEthernet0/0/0 overload
DUMMY(config)# ip nat inside source list 2 interface GigabitEthernet0/0/0 over$
DUMMY(config)#^Z
DUMMY#
DUMMY#
*Feb 22 15:04:06.099: %SYS-5-CONFIG_I: Configured from console by console
DUMMY#show ip nat tra
DUMMY#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.16.18:1 192.168.1.10:1 192.168.16.1:1 192.168.16.1:1
Total number of translations: 1
DUMMY#
DUMMY#
router1#
router1#show ip nat tra
router1#show ip nat translations
Total number of translations: 0
router1#show running
Building configuration...
Current configuration : 2910 bytes
!
! Last configuration change at 13:41:01 UTC Wed Feb 22 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
vrf definition BLUE
rd 10:10
!
address-family ipv4
exit-address-family
!
vrf definition GREEN
rd 20:20
!
address-family ipv4
exit-address-family
!
vrf definition GREY
rd 99:99
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO222913HF
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback9
ip address 9.9.9.9 255.255.255.0
ip nat inside
!
interface Loopback99
ip address 10.99.99.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.10
encapsulation dot1Q 10
vrf forwarding BLUE
ip address 10.0.10.1 255.255.255.0
!
interface GigabitEthernet0/0/1.20
encapsulation dot1Q 20
vrf forwarding GREEN
ip address 10.0.20.1 255.255.255.0
router1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router1#ping 8.8.8.8 so
router1#ping 8.8.8.8 source lo
router1#ping 8.8.8.8 source loo
router1#ping 8.8.8.8 source loopback 99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router1#
router1#show ip nat tra
router1#show ip nat translations
Total number of translations: 0
router1#show running
Building configuration...
Current configuration : 2910 bytes
!
! Last configuration change at 13:41:01 UTC Wed Feb 22 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
vrf definition BLUE
rd 10:10
!
address-family ipv4
exit-address-family
!
vrf definition GREEN
rd 20:20
!
address-family ipv4
exit-address-family
!
vrf definition GREY
rd 99:99
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO222913HF
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback9
ip address 9.9.9.9 255.255.255.0
ip nat inside
!
interface Loopback99
ip address 10.99.99.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.10
encapsulation dot1Q 10
vrf forwarding BLUE
ip address 10.0.10.1 255.255.255.0
!
interface GigabitEthernet0/0/1.20
encapsulation dot1Q 20
vrf forwarding GREEN
ip address 10.0.20.1 255.255.255.0
ip nat inside
!
interface Serial0/1/0
no ip address
shutdown
!
interface Serial0/1/1
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
router ospf 9
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
ip route vrf BLUE 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 8.8.8.8
!
!
ip access-list extended NAT-ACL
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.0.0.0 0.255.255.255 any
ip access-list extended NINE
permit ip 9.9.9.0 0.0.0.255 any
!
access-list 1 permit 0.0.0.0 255.0.0.0
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
ntp server pool.ntp.org
!
end
router1#show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#acce
router1(config)#access-list
router1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
rate-limit Simple rate-limit specific access list
template Enable IP template acls
router1(config)#access-list 2 pern
router1(config)#access-list 2 perm
router1(config)#access-list 2 permit 10.0.0.0 0.255.255.255
router1(config)#
router1(config)#^Z
router1#
router1#
*Feb 22 14:07:05.159: %SYS-5-CONFIG_I: Configured from console by consoleshow running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1#ping 8.8.8.8 source loopback 99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
router1#show ip nat tra
router1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 8.8.8.1:1 10.99.99.1:13 8.8.8.8:13 8.8.8.8:1
Total number of translations: 1
router1#
router1#ping vrf BLUE 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router1#show
router1#show ip rout
router1#show ip route vrf
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#show
router1#show run unt
router1#show run | i route
hostname router1
router ospf 1 vrf BLUE
router ospf 2 vrf GREEN
router ospf 9
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
ip route vrf BLUE 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 8.8.8.8
router1#show access-li
router1#show access-lists
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.0.0.0
Standard IP access list 2
10 permit 10.0.0.0, wildcard bits 0.255.255.255
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1#sohw running | incl nat
^
% Invalid input detected at '^' marker.
router1#show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#no ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
%Dynamic mapping in use, cannot remove
router1(config)#^Z
router1#
router1#show
*Feb 22 14:09:50.614: %SYS-5-CONFIG_I: Configured from console by consoleip nat tra
router1#show ip nat translations vrf
router1#show ip nat translations vrf BLUE
Pro Inside global Inside local Outside local Outside global
--- 8.8.8.2 10.0.10.1 --- ---
Total number of translations: 1
router1#
router1#
Internet>
Internet>ena
Internet#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.8/32 is directly connected, GigabitEthernet0/0/0
S 10.0.0.0/8 [1/0] via 8.8.8.1
S 192.168.0.0/16 [1/0] via 8.8.8.1
Internet#
Internet#
router1#
router1#
router1#show ip nat translations vrf BLUE
Pro Inside global Inside local Outside local Outside global
--- 8.8.8.2 10.0.10.1 --- ---
Total number of translations: 1
router1#show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1#
router1#clear ip nat tra
router1#clear ip nat translation vrf BLUE
% Incomplete command.
router1#clear ip nat translation vrf BLUE *
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#no ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#$ide source list 2 pool DIA vrf BLUE match-in-vrf over
router1(config)#$ide source list 2 pool DIA vrf BLUE match-in-vrf overload
router1(config)#
router1(config)#^Z
router1#
router1#
*Feb 22 14:14:41.756: %SYS-5-CONFIG_I: Configured from console by console
router1#show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf overload
router1#
router1#show ip nat tra
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#no ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
router1(config)#no ip nat pool DIA 8.8.8.1 8.8.8.1 prefix-length 24
%Pool DIA not found
router1(config)#ip nat pool DIA 8.8.8.1 8.8.8.1 prefix-length 24
router1(config)#do show run | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.1 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf overload
router1(config)#
router1(config)#
router1(config)#do show ip nat tra
router1(config)#do show ip nat translations vrf BLUE
Total number of translations: 0
router1(config)#$nside source list 2 pool DIA vrf BLUE match-in-vrf overload
router1(config)#$ide source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#
router1(config)#
router1(config)#
router1(config)#
router1(config)#do show run | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.1 8.8.8.1 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#no ip nat pool DIA 8.8.8.1 8.8.8.1 prefix-length 24
router1(config)#no ip nat pool DIA 8.8.8.2 8.8.8.2 prefix-length 24
%Pool DIA not found
router1(config)# ip nat pool DIA 8.8.8.2 8.8.8.2 prefix-length 24
router1(config)#
router1(config)#
router1(config)#show running | incl nat
^
% Invalid input detected at '^' marker.
router1(config)#do show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.2 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#
router1(config)#
router1(config)#show running | incl nat
^
% Invalid input detected at '^' marker.
router1(config)#do show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.2 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#
router1(config)#exit
router1#
*Feb 22 14:19:17.120: %SYS-5-CONFIG_I: Configured from console by console
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#no ip nat pool DIA 8.8.8.2 8.8.8.2 prefix-length 24
router1(config)# ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
router1(config)#
router1(config)#
router1(config)#^Z
router1#
router1#
router1#
*Feb 22 14:19:54.066: %SYS-5-CONFIG_I: Configured from console by console
router1#clear ip nat tra
router1#clear ip nat translation vrf
router1#clear ip nat translation vrf BLUE *
router1#
router1#
router1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.1/32 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S 10.0.10.0/24 [1/0] via 10.0.10.2, GigabitEthernet0/0/1.10
C 10.99.99.0/24 is directly connected, Loopback99
L 10.99.99.1/32 is directly connected, Loopback99
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.0.10.2, 00:00:22, GigabitEthernet0/0/1.10
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
*Feb 22 14:22:34.027: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on GigabitEthernet0/0/1.10 from LOADING to FULL, Loading Done
*Feb 22 14:22:34.095: %OSPF-5-ADJCHG: Process 2, Nbr 10.0.20.2 on GigabitEthernet0/0/1.20 from LOADING to FULL, Loading Done
router1#
router1#
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#
router1#
router1#show ip nat tra
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#
router1#
router1#show running | incl route
hostname router1
router ospf 1 vrf BLUE
router ospf 2 vrf GREEN
router ospf 9
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
ip route vrf BLUE 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 8.8.8.8
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#$ 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
router1(config)#
router1(config)#
router1(config)#^Z
router1#conf t
*Feb 22 14:26:07.075: %SYS-5-CONFIG_I: Configured from console by console
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#
router1(config)#
router1(config)# ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0$
router1(config)#
router1(config)#
router1(config)#do show access
router1(config)#do show access-list
router1(config)#do show access-lists
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.0.0.0
Standard IP access list 2
10 permit 10.0.0.0, wildcard bits 0.255.255.255
Extended IP access list NAT-ACL
10 permit ip 192.168.1.0 0.0.0.255 any
20 permit ip 10.0.0.0 0.255.255.255 any
Extended IP access list NINE
10 permit ip 9.9.9.0 0.0.0.255 any
router1(config)#do show running | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside
default-information originate always
default-information originate always
default-information originate always
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
router1(config)#^Z
router1#
router1#wr
*Feb 22 14:27:44.615: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
[OK]
router1#reload
Proceed with reload? [confirm]
*Feb 22 14:27:53.287: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.Feb 22 14:28:06.912 R0/0: %PMAN-5-EXITACTION: Process manager is exiting: process exit with reload chassis code
Initializing Hardware ...
Checking for PCIe device presence...done
System integrity status: 0x610
Rom image verified correctly
System Bootstrap, Version 16.7(3r), RELEASE SOFTWARE
Copyright (c) 1994-2017 by cisco Systems, Inc.
Current image running: Boot ROM0
Last reset cause: LocalSoft
ISR4321/K9 platform with 4194304 Kbytes of main memory
........
no valid BOOT image found
Final autoboot attempt from default boot device...
Located isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin
#################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
Package header rev 1 structure detected
IsoSize = 471482368
Calculating SHA-1 hash...Validate package: SHA-1 hash:
calculated 92A40F6F:F8586BC3:F00F114B:EFB43257:B9728643
expected 92A40F6F:F8586BC3:F00F114B:EFB43257:B9728643
RSA Signed RELEASE Image Signature Verification Successful.
Image validated
%IOSXEBOOT-4-BOOT_SRC: (rp/0): mounting /boot/super.iso to /tmp/sw/isos
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Parameter map cws-tunnel global not configuredcisco ISR4321/K9 (1RU) processor with 1648789K/6147K bytes of memory.
Processor board ID FDO2229A22G
2 Gigabit Ethernet interfaces
2 Serial interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3125247K bytes of flash memory at bootflash:.
interface Vlan1
^
% Invalid input detected at '^' marker.
no ip address
% Incomplete command.
shutdown
% Incomplete command.
%Default route without gateway, if not a point-to-point interface, may impact performance
SETUP: new interface Vlan1 placed in "shutdown" state
Press RETURN to get started!
*Feb 22 14:32:00.746: %SMART_LIC-6-AGENT_READY: Smart Agent for Licensing is initialized
*Feb 22 14:32:02.477: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = securityk9 and License = securityk9
*Feb 22 14:32:02.507: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = ipbasek9 and License = ipbasek9
*Feb 22 14:32:03.812: %ISR_THROUGHPUT-6-LEVEL: Throughput level has been set to 50000 kbps
*Feb 22 14:32:09.383: dev_pluggable_optics_selftest attribute table int
router1>
router1>
router1>
router1>ernally inconsistent @ 0x144
*Feb 22 14:32:13.611: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Feb 22 14:32:14.641: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Feb 22 14:32:14.642: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Feb 22 14:32:14.642: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Feb 22 14:32:14.650: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Feb 22 14:32:15.983: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Feb 22 14:32:16.033: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Feb 22 14:32:16.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Feb 22 14:32:16.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Feb 22 14:32:16.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Feb 22 14:32:16.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Feb 22 14:32:17.612: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback9, changed state to up
*Feb 22 14:32:17.669: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback99, changed state to up
*Feb 22 14:32:18.332: %SYS-5-CONFIG_I: Configured from memory by console
*Feb 22 14:32:18.340: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Feb 22 14:32:18.340: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/1, interfaces disabled
*Feb 22 14:32:18.344: %SPA_OIR-6-OFFLINECARD: SPA (ISR4321-2x1GE) offline in subslot 0/0
*Feb 22 14:32:18.346: %SPA_OIR-6-OFFLINECARD: SPA (NIM-2T) offline in subslot 0/1
*Feb 22 14:32:18.350: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Feb 22 14:32:18.350: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Feb 22 14:32:18.381: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Feb 22 14:32:18.381: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Feb 22 14:32:18.458: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Feb 22 14:32:18.526: %SPA-3-ENVMON_NOT_MONITORED: SIP0: iomd: Environmental monitoring is not enabled for ISR4321-2x1GE[0/0]
*Feb 22 14:32:20.333: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
*Feb 22 14:32:21.665: %SYS-6-BOOTTIME: Time taken to reboot after reload = 270 seconds
*Feb 22 14:32:23.999: %SPA_OIR-6-ONLINECARD: SPA (ISR4321-2x1GE) online in subslot 0/0
*Feb 22 14:32:25.955: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Feb 22 14:32:25.983: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
router1>
router1>
router1>
router1>ena
router1#
*Feb 22 14:32:32.386: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Feb 22 14:32:33.387: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up
*Feb 22 14:32:33.387: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Feb 22 14:32:33.776: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Feb 22 14:32:33.776: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Feb 22 14:32:34.387: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
router1#
router1#debug ip ospf eve
router1#debug ip ospf events
OSPF events debugging is on
router1#
router1#
router1#
router1#debug ip ospf ?
<1-65535> Process ID number
adj OSPF adjacency
capability OSPF capability
database-timer OSPF database timer
demand-circuit OSPF demand-circuit negotiation
events OSPF miscellaneous events
flood OSPF flooding
ha OSPF high availability
hello OSPF hello
lsa-generation OSPF LSA generation
monitor OSPF SPF monitoring
mpls OSPF MPLS
nsf OSPF non-stop forwarding
nsr OSPF non-stop routing
packet OSPF received packets
rib OSPF RIB
scheduler OSPF process scheduling
snmp OSPF snmp
spf OSPF SPF
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
router1#
router1#ping vrf BLUE 10.0.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
router1#ping vrf BLUE 10.0.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
router1#
router1#show ip ospf su
*Feb 22 14:33:46.478: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on GigabitEthernet0/0/1.10 from LOADING to FULL, Loading Done
*Feb 22 14:33:46.479: %OSPF-5-ADJCHG: Process 2, Nbr 10.0.20.2 on GigabitEthernet0/0/1.20 from LOADING to FULL, Loading Donemm
router1#
router1#
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.0.10.2, 00:00:05, GigabitEthernet0/0/1.10
router1#
router1#
router1#
router1#
*Feb 22 14:34:44.139: %SPA_OIR-6-ONLINECARD: SPA (NIM-2T) online in subslot 0/1
*Feb 22 14:34:45.284: OSPF EVENT Se0/1/0: Bandwidth changed
*Feb 22 14:34:45.286: OSPF EVENT Se0/1/1: Bandwidth changed
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#
router1#show running
Building configuration...
Current configuration : 2892 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
vrf definition BLUE
rd 10:10
!
address-family ipv4
exit-address-family
!
vrf definition GREEN
rd 20:20
!
address-family ipv4
exit-address-family
!
vrf definition GREY
rd 99:99
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO222913HF
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback9
ip address 9.9.9.9 255.255.255.0
ip nat inside
!
interface Loopback99
ip address 10.99.99.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0
description vrf Common (grey color)
ip address 8.8.8.1 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.10
encapsulation dot1Q 10
vrf forwarding BLUE
ip address 10.0.10.1 255.255.255.0
!
interface GigabitEthernet0/0/1.20
encapsulation dot1Q 20
vrf forwarding GREEN
ip address 10.0.20.1 255.255.255.0
ip nat inside
!
interface Serial0/1/0
no ip address
shutdown
!
interface Serial0/1/1
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
router ospf 9
network 10.0.0.0 0.255.255.255 area 0
default-information originate always
!
ip nat pool DIA 8.8.8.2 8.8.8.7 prefix-length 24
ip nat inside source list 2 interface GigabitEthernet0/0/0 overload
ip nat inside source list 2 pool DIA vrf BLUE match-in-vrf
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/0/1.10 10.0.10.2
ip route vrf BLUE 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 8.8.8.8
!
!
ip access-list extended NAT-ACL
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.0.0.0 0.255.255.255 any
ip access-list extended NINE
permit ip 9.9.9.0 0.0.0.255 any
!
access-list 1 permit 0.0.0.0 255.0.0.0
access-list 2 permit 10.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
ntp server pool.ntp.org
!
end
router1#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#
mls2#show running
Building configuration...
Current configuration : 10006 bytes
!
! Last configuration change at 15:20:59 UTC Wed Feb 22 2023
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform punt-keepalive disable-kernel-core
!
hostname mls2
!
!
vrf definition BLUE
rd 10:10
!
address-family ipv4
exit-address-family
!
vrf definition GREEN
rd 20:20
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision c9300l-24t-4g
!
!
!
!
ip routing
!
!
!
!
!
no ip domain lookup
!
!
!
login on-success log
!
!
!
!
!
!
!
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-1611847103
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1611847103
revocation-check none
rsakeypair TP-self-signed-1611847103
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-1611847103
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363131 38343731 3033301E 170D3233 30323231 30383234
33395A17 0D333330 32323030 38323433 395A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36313138
34373130 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100C891 5202ED1F 124542DC D340614A 124C9628 BD64F762 E87DFBBE
FA135F10 610C0D8E B148B39A 35FBE23A F7C2BB9A 7CF6F45C 716EA151 6C973E65
AC180E9C 1894996F 4DE1053D 6161B072 55626D69 51FC0771 DFF47932 B43A43C8
251CF5B3 85A2A010 631C8058 B1BAEDAF B53E7276 EB41A9A8 C9EBEDF8 AC19323D
C3BC3B62 40A6F093 E5D479D4 52C52635 83264453 FE43473C 59396184 C42A8F44
EDD49941 126A2704 C5E53132 69BA8DDF 8E3B0256 BCCF0BCA 0EC1C28A 7916DFD9
5B5ACE7A 2FAAB869 B508C444 1E235E08 E38A9E45 0E021849 78181EA5 B7BF545B
4BFCCCAA 288A2422 FEE5B127 D6426A7D B0A8A173 B000AEF2 9582DB4E 2022D917
0D2B8F6E 4E210203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14A714F6 E119202A 3FD0F767 3E56DD88 D65FF979
29301D06 03551D0E 04160414 A714F6E1 19202A3F D0F7673E 56DD88D6 5FF97929
300D0609 2A864886 F70D0101 05050003 82010100 B7D8A32D 60BACE3A 38874FD7
761D2FDA D7E6395F 28F90AFF 5406C4CF 16B3AB59 FD2C3367 1FAF4659 133EC30D
A75D4885 D1A0A9A9 8AC13524 73D633F1 7551AA6D 94F8C32A 44DEA15E 6E71FA73
EE2506B8 16D871DE B4671E75 536250E9 A794F679 32A1C6B3 5DB2883D 04704478
E8692018 99B7BA41 91379E8F 0179A2CB 129349AA 41CB61C6 A35DF462 623BB841
E0221510 02EC71BB BBE2F684 3FFA3C00 36546119 26DF2827 A5EA711E 050A94E9
E6474C33 6CAE9959 B444FFDF BDB18B50 C0C8CAD6 D9006AA4 C62B5AD6 7A8EFEB2
F45BC1DD A2556013 9D0D4F5F 671F8FF6 0995FCF5 D11027AF 83319FBB DBB24DB2
6DBD38CF 72D171A5 C7F9BDD1 5E65A599 825F406F
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
!
license boot level network-advantage addon dna-advantage
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 133114
!
!
redundancy
mode sso
!
!
!
!
!
!
transceiver type all
monitoring
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback10
description Same IP as GREEN
vrf forwarding BLUE
ip address 192.168.1.1 255.255.255.0
!
interface Loopback20
description Same IP as BLUE
vrf forwarding GREEN
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
description This is L2 ! No VRF !!
switchport access vlan 10
switchport mode access
no keepalive
!
interface GigabitEthernet1/0/22
description This is L2 ! No VRF !!
switchport access vlan 20
switchport mode access
no keepalive
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface AppGigabitEthernet1/0/1
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
vrf forwarding BLUE
ip address 10.0.10.2 255.255.255.0
!
interface Vlan20
vrf forwarding GREEN
ip address 10.0.20.2 255.255.255.0
!
router ospf 1 vrf BLUE
network 10.0.0.0 0.255.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 2 vrf GREEN
network 10.0.0.0 0.255.255.255 area 0
network 192.168.10.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line vty 0 4
login
transport input ssh
line vty 5 31
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end
mls2#
Internet>
Internet>
Internet>ena
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#
Internet#show running
Building configuration...
Current configuration : 1401 bytes
!
! Last configuration change at 13:51:27 UTC Wed Feb 22 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Internet
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO222917ND
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 8.8.8.8 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface Serial0/1/0
no ip address
shutdown
!
interface Serial0/1/1
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 10.0.0.0 255.0.0.0 8.8.8.1
ip route 192.168.0.0 255.255.0.0 8.8.8.1
!
!
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
Internet#
Internet#
router1#
router1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
8.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 8.8.8.0/24 is directly connected, GigabitEthernet0/0/0
L 8.8.8.1/32 is directly connected, GigabitEthernet0/0/0
9.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 9.9.9.0/24 is directly connected, Loopback9
L 9.9.9.9/32 is directly connected, Loopback9
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S 10.0.10.0/24 [1/0] via 10.0.10.2, GigabitEthernet0/0/1.10
C 10.99.99.0/24 is directly connected, Loopback99
L 10.99.99.1/32 is directly connected, Loopback99
router1#
router1#
router1#show ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 8.8.8.8 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 8.8.8.8, GigabitEthernet0/0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.10.0/24 is directly connected, GigabitEthernet0/0/1.10
L 10.0.10.1/32 is directly connected, GigabitEthernet0/0/1.10
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.0.10.2, 00:12:07, GigabitEthernet0/0/1.10
router1#
router1#
router1#show ip nat tra
router1#show ip nat translations
Total number of translations: 0
router1#show ip nat tra
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#show ip nat translations vrf BLUE
Total number of translations: 0
router1#show ip nat translations
Total number of translations: 0
router1#
¶ verification
show vrf
Name Default RD Protocols Interfaces
BLUE 10:10 ipv4 Vl10
GREEN 20:20 ipv4 Vl20
!