problem with the configuration of the router to retrieve packets

Document created by cdnadmin on Jan 25, 2014
Version 1Show Document
  • View in full screen mode
This document was generated from CDN thread

Created by: Gildas Le Peron on 07-06-2013 08:56:56 AM
 Hello ,
I try to do the datapath tutoriel but i have a problem .
I want to retrieve packets from an switch port interface (FastEthernet0/1/7) but when i try to configure the router with the command " datapath transport gre interface FastEthernet0/1/7 "  a error message is displayed . This error message is : Configuration can't be changed while a ONE-P session is active.

Thank you for your help .

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Joseph Clarke on 07-06-2013 08:58:29 AM
We have bee seeing this recently on certain platforms, or if there already exists a DPSS config.  Can you post your show run and show ver please?

Subject: Re: New Message from Gildas Le Peron in onePK - API and programming: proble
Replied by: Einar Nilsen-Nygaard on 07-06-2013 09:00:15 AM
Gildas,

The interface passed to the data path transport command must have an IPv4 address associated with it today. Can you confirm that is the case in your config?

Cheers,

Einar

On Jun 7, 2013, at 2:56 PM, Cisco Developer Community Forums <cdicuser@developer.cisco.com<mailto:cdicuser@developer.cisco.com>>
wrote:

Gildas Le Peron has created a new message in the forum "API and programming": --------------------------------------------------------------  Hello ,
I try to do the datapath tutoriel but i have a problem .
I want to retrieve packets from an switch port interface (FastEthernet0/1/7) but when i try to configure the router with the command " datapath transport gre interface FastEthernet0/1/7 "  a error message is displayed . This error message is : Configuration can't be changed while a ONE-P session is active.

Thank you for your help .
--
To respond to this post, please click the following link: http://developer.cisco.com/web/onepk/community/-/message_boards/view_message/15965846 or simply reply to this email.

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Joseph Clarke on 07-06-2013 09:02:20 AM
Also note, you don't have to source the DPSS session from the interface from which you want to caputre traffic.  Just source the session from an IP interface closest to the app server.

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Gildas Le Peron on 07-06-2013 09:36:10 AM
The version of my router is :   Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.3(2)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 28-Mar-13 11:05 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)

RouteurR4_34 uptime is 1 hour, 13 minutes

System returned to ROM by power-on
System image file is "flash0:c2900-universalk9-mz.SPA.153-2.T.bin"
Last reload type: Normal Reload
Last reload reason: power-on

And my running config is :

! Last configuration change at 14:55:51 UTC Thu Jun 6 2013 by root
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

!
hostname RouteurR4_34
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$k2Jx$bulG8Zh7Y7OpKEFJLu4vA/
enable password rootroot
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common

!
ip cef
!
!
!
ip multicast-routing
ip dhcp relay information trust-all
!
!
!
no ip domain lookup
ip domain name modem21e.ptf
ip igmp ssm-map enable
no ipv6 cef
multilink bundle-name authenticated

!
vpdn enable
!
vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LED-09
 no l2tp tunnel authentication
!
vpdn-group PPTP
!
!
!
crypto pki trustpoint TP-self-signed-2774903401

 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2774903401
 revocation-check none
 rsakeypair TP-self-signed-2774903401
!
!
crypto pki certificate chain TP-self-signed-2774903401
 certificate self-signed 01

  30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32373734 39303334 3031301E 170D3132 30363138 31363231

  30395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37373439
  30333430 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100C6B0 99D9A099 21D1EAF0 5D5DEF9C E259E965 B7EC99FE DB8884B4 1CCA5D70
  2CF4D18F E03465F0 64C21BE7 ACD1418B C4CFFA9C 441DCA6C B5960A93 406285F7
  BD570FE2 4489D312 1766BE35 7A55A0D5 9F2E0CA5 152F0D31 8EB38739 20FC9490

  EA79A56F C82C1F75 F6746921 5A6EAB9A A4FB3D26 6AC325A0 F1FF287E F2859694
  A80D0203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
  551D1104 1D301B82 19526F75 74657572 52345F33 342E6D6F 64656D32 31652E70

  7466301F 0603551D 23041830 168014A5 5F13D66F EEA0F682 D971768B 3863EE97
  6D56B030 1D060355 1D0E0416 0414A55F 13D66FEE A0F682D9 71768B38 63EE976D
  56B0300D 06092A86 4886F70D 01010405 00038181 004BB411 FF304AC0 FF3C9E35

  3918C7A8 9E1DA9D6 4973C3B1 E6744EE3 EF434991 4846AC92 22DD618B 38FB4D1F
  CF1E6817 9777EF1D BD27A9B0 03D2D2A6 87E9F96D 11E4705E 716BE667 35A0BFAE
  CD8D992A F91C1457 502A656B ED7CF1E4 E5195DC0 B108952E D37A0933 AD852C23

  BB4B4E66 5E27CE3C 3A30E74F A80601E6 B47ACE80 D2
      quit
license udi pid CISCO2901/K9 sn FHK143172MU
!
!
!
no spanning-tree vlan 1
no spanning-tree vlan 30
username root privilege 15 secret 5 $1$Lzd6$OmF.PrybCtGVH9V4VJFBT1

username pgwin password 0 fip21e
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip ssh pubkey-chain
  username root
ip scp server enable
!
class-map match-any BE
 match ip dscp default

class-map match-any TCP_CONNECT
 match access-group 110
class-map match-any Video1235
 match access-group 105
class-map match-any Video1234
 match access-group 104
class-map match-any Video1236
 match access-group 106

class-map match-any P1
 match ip dscp ef  cs6
class-map match-any P2
 match ip dscp cs7
class-map match-any A1
 match ip dscp cs2  af21  af22  af23
class-map match-any A0
 match ip dscp cs1  af11  af12  af13

class-map match-any A3
 match ip dscp cs4  af41  af42  af43
class-map match-any A2
 match ip dscp cs3  af31  af32  af33
class-map match-any A4
 match ip dscp cs5
!
policy-map COSMAP
 class A0

  set cos 1
 class A1
  set cos 6
 class A2
  set cos 4
 class A3
  set cos 3
 class A4
  set cos 2
 class P1
  set cos 7
 class P2
  set cos 5
 class Video1234
  set cos 0
 class Video1235

  set cos 6
 class Video1236
  set cos 7
policy-map COSMAP_NANSEN
 class A0
  set cos 4
 class A1
  set cos 4
 class A2
  set cos 3
 class A3
  set cos 2
 class A4
  set cos 1
 class P1

  set cos 6
 class P2
  set cos 5
 class Video1234
  set cos 0
 class Video1235
  set cos 1
 class Video1236
  set cos 6
policy-map DSCP_TCP
 class TCP_CONNECT
  set dscp default
!
!

!
!
!
interface Loopback0
 ip address 192.0.20.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.10.22.34 255.255.255.0

 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 ip address 172.31.111.111 255.255.255.0
 ip ospf network point-to-multipoint
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.129

 encapsulation dot1Q 129
 ip address 210.1.1.9 255.255.255.252
 ip ospf network point-to-multipoint
 no cdp enable
!
interface GigabitEthernet0/1.2177
 encapsulation dot1Q 2177
 ip address 210.0.1.9 255.255.255.252

 no cdp enable
!
interface FastEthernet0/1/0
 switchport access vlan 44
 no ip address
!
interface FastEthernet0/1/1
 switchport access vlan 44
 no ip address
!
interface FastEthernet0/1/2

 switchport access vlan 44
 no ip address
!
interface FastEthernet0/1/3
 switchport access vlan 44
 no ip address
!
interface FastEthernet0/1/4
 switchport access vlan 44
 no ip address
!

interface FastEthernet0/1/5
 switchport access vlan 44
 no ip address
!
interface FastEthernet0/1/6
 switchport access vlan 44
 no ip address
!
interface FastEthernet0/1/7
 switchport access vlan 101

 no ip address
!
interface FastEthernet0/1/8
 switchport access vlan 112
 no ip address
!
interface Virtual-Template1
 ip address 10.10.24.1 255.255.255.0
 peer default ip address pool VPN_POOL

 ppp authentication ms-chap
!
interface Vlan1
 ip address 10.10.5.200 255.255.255.128
!
interface Vlan5
 ip address 10.10.2.200 255.255.255.0
 ip pim dense-mode
!
interface Vlan11
 ip address 1.4.130.129 255.255.255.0

!
interface Vlan12
 ip address 192.168.11.200 255.255.255.0 secondary
 ip address 192.168.12.200 255.255.255.0
!
interface Vlan21
 ip address 194.2.12.1 255.255.255.0
!
interface Vlan30
 ip address 194.20.12.1 255.255.255.0

!
interface Vlan44
 ip address 172.31.112.1 255.255.255.0
!
interface Vlan101
 ip address 192.168.1.254 255.255.255.0
!
interface Vlan112
 ip address 12.12.12.1 255.255.255.0
!
router ospf 2

!
router ospf 1
 router-id 10.10.22.34
 redistribute connected
 network 210.1.1.8 0.0.0.3 area 0
!
ip local pool VPN_POOL 10.10.24.2 10.10.24.50
ip forward-protocol nd
!
ip pim bidir-enable
ip pim ssm default

ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 172.31.111.65
ip route 4.100.0.0 255.255.255.0 172.31.111.65
ip route 4.100.1.0 255.255.255.0 172.31.111.65
ip route 192.168.2.0 255.255.255.0 12.12.12.2

!
no cdp run
!
!
snmp-server community public RW
snmp-server community private RW
snmp-server enable traps entity-sensor threshold
access-list 104 remark Video UDP 1234
access-list 104 permit udp any any eq 1234

access-list 105 remark Video UDP 1235
access-list 105 permit udp any any eq 1235
access-list 106 remark Video UDP 1236
access-list 106 permit udp any any eq 1236
access-list 110 permit tcp any any eq ftp-data

!
!
!
control-plane
!
!
banner motd 
*********************************************************************
* Modem21e - Routeur 1 - 2901
*********************************************************************

!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1

line vty 0 4
 privilege level 15
 password rootroot
 transport input ssh
!
scheduler allocate 20000 1000
onep
 no start
!
end



Thank you

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Zach Seils on 07-06-2013 09:41:50 AM
As Joe and Einar mentioned, the interface specified in the 'datapath transport' command is the IP interface closest to the host running dpss_mp.  This is basically the interface used for communication to/from dpss_mp.

Zach

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Joseph Clarke on 07-06-2013 10:00:43 AM
Given the access VLAN of the port, try sourcing your DPSS session from interface Vlan101.

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Gildas Le Peron on 10-06-2013 04:23:43 AM
 I do the command " datapath transport gre interface Vlan101" but i have the same error message (Configuration can't be changed while a ONE-P session is active )

Subject: Re: New Message from Gildas Le Peron in onePK - API and programming: RE: pr
Replied by: Einar Nilsen-Nygaard on 10-06-2013 04:26:03 AM
Are any onep apps running?

On Jun 10, 2013, at 10:23 AM, Cisco Developer Community Forums <cdicuser@developer.cisco.com<mailto:cdicuser@developer.cisco.com>>
wrote:

Gildas Le Peron has created a new message in the forum "API and programming": --------------------------------------------------------------  I do the command " datapath transport gre interface Vlan101" but i have the same error message (Configuration can't be changed while a ONE-P session is active )
--
To respond to this post, please click the following link: http://developer.cisco.com/web/onepk/community/-/message_boards/view_message/16025290 or simply reply to this email.

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Gildas Le Peron on 10-06-2013 07:13:33 AM
 i don't think so , when i do this command "show onep session all" for see if there are sessions or no , we see there is no session . And after i did this command :" onep stop session all " . But i have always the same error  message  when i do "datapath transport gre interface Vlan101".

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Joseph Clarke on 10-06-2013 09:31:34 AM
Can you post the config and show version from this router?

Subject: RE: problem with the configuration of the router to retrieve packets
Replied by: Gildas Le Peron on 10-06-2013 10:02:47 AM
 I already posted my running config and the version of my router in the old message posted last friday .

Subject: Re: New Message from Gildas Le Peron in onePK - API and programming: RE: Re
Replied by: Einar Nilsen-Nygaard on 10-06-2013 10:04:11 AM
(EDIT: This would have made more sense if it had come after the message below, which I forgot to send before this one! ;-)

Oh, and also try enabling this debug command before entering the command that fails:

    debug cef dpss error

Cheers,

Einar

On Jun 10, 2013, at 1:13 PM, Cisco Developer Community Forums <cdicuser@developer.cisco.com<mailto:cdicuser@developer.cisco.com>> wrote:

Gildas Le Peron has created a new message in the forum "API and programming": --------------------------------------------------------------  i don't think so , when i do this command "show onep session all" for see if there are sessions or no , we see there is no session . And after i did this command :" onep stop session all " . But i have always the same error  message  when i do "datapath transport gre interface Vlan101".
--
To respond to this post, please click the following link: http://developer.cisco.com/web/onepk/community/-/message_boards/view_message/16029384 or simply reply to this email.

Subject: Re: New Message from Gildas Le Peron in onePK - API and programming: RE: Re
Replied by: Einar Nilsen-Nygaard on 10-06-2013 10:06:03 AM
Gildas,

Can you send me the output of:

    sh cef dpss

Cheers,

Einar

On Jun 10, 2013, at 1:13 PM, Cisco Developer Community Forums <cdicuser@developer.cisco.com<mailto:cdicuser@developer.cisco.com>> wrote:

Gildas Le Peron has created a new message in the forum "API and programming": --------------------------------------------------------------  i don't think so , when i do this command "show onep session all" for see if there are sessions or no , we see there is no session . And after i did this command :" onep stop session all " . But i have always the same error  message  when i do "datapath transport gre interface Vlan101".
--
To respond to this post, please click the following link: http://developer.cisco.com/web/onepk/community/-/message_boards/view_message/16029384 or simply reply to this email.

Subject: Re: New Message from Joseph Clarke in onePK - API and programming: RE: prob
Replied by: Viktor S. Wold Eide on 10-06-2013 10:29:03 AM
Config and version information follows below.

Best regards
Viktor


OnePK-2#show running-config
Building configuration...

Current configuration : 1493 bytes
!
! Last configuration change at 12:34:36 UTC Mon Jun 10 2013
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OnePK-2
!
boot-start-marker
boot system flash c2951-universalk9-mz.SPA.153-2.T.bin
boot-end-marker
!
!
enable secret 4 XXX
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
ipv6 multicast rpf use-bgp
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2951/K9 sn FCZ154920DH
!
!
username XXX
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.0.100.12 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.227.12 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.0.225.12 255.255.255.0
duplex auto
speed auto
!
router ospf 1
passive-interface GigabitEthernet0/2
network 10.0.0.0 0.255.255.255 area 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 0 0
password XXX
login
transport input all
!
scheduler allocate 20000 1000
onep
datapath transport gre interface GigabitEthernet0/1
transport socket
start
!
end

OnePK-2#


OnePK-2#show version
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.3(2)T,
RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 28-Mar-13 13:17 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M13, RELEASE SOFTWARE (fc1)

OnePK-2 uptime is 2 hours, 48 minutes
System returned to ROM by reload at 12:23:25 UTC Mon Jun 10 2013
System image file is "flash:c2951-universalk9-mz.SPA.153-2.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found
at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2951/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FCZ154920DH
3 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO2951/K9          FCZ154920DH



Technology Package License Information for Module:'c2951'

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
------------------------------------------------------------------
ipbase        ipbasek9      Permanent      ipbasek9
security      None          None           None
uc            None          None           None
data          None          None           None

Configuration register is 0x2102

OnePK-2#

2013/6/10 Cisco Developer Community Forums <cdicuser@developer.cisco.com>

> Joseph Clarke has created a new message in the forum "API and
> programming":
> -------------------------------------------------------------- Can you post
> the config and show version from this router?
> --
> To respond to this post, please click the following link:
> http://developer.cisco.com/web/onepk/community/-/message_boards/view_message/16033267or simply reply to this email.

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Derek Fawcus on 10-06-2013 10:54:25 AM
Try this:

onep
    no datapath transport gre interface GigabitEthernet0/1
    datapath transport gre interface Vlan101

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Joseph Clarke on 10-06-2013 11:48:43 AM
Sorry, too much going on.  I remember you sending the config now.

Can you also try to configure the transport around an ethernet interface with an IP (not on the switching module)?  And be sure no existing "datapath" command is configured first.  If so, take it out with a "no".

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Joseph Clarke on 10-06-2013 11:50:06 AM
Ah, so GigabitEthernet0/1 works!  Good, it really should.  If you want to switch to Vlan101 now, you will need to do the "no" command like Derek suggested.  Then it should be switchable to VLAN 101.

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Gildas Le Peron on 11-06-2013 03:11:36 AM
 Thank you for your answers , it works now !  I have an other question : Is it possible to retrieve packets of two Vlan interfaces ? Because with my mistake i understand so that it not possible to retrieve packets from two interfaces .  Thank you for your help .

Subject: Re: New Message from Gildas Le Peron in onePK - API and programming: RE: Re
Replied by: Einar Nilsen-Nygaard on 11-06-2013 03:17:05 AM
Gildas,

The datapath transport command is for setting up the packet transport from the device to the DPSS client(s). It need not be the same interface as you wish to capture packets from. You can register to receive packets from multiple interfaces while just having one datapath transport command in your config.

So, yes, it is possible to get packets from multiple interfaces.

Cheers,

Einar

On Jun 11, 2013, at 9:11 AM, Cisco Developer Community Forums <cdicuser@developer.cisco.com<mailto:cdicuser@developer.cisco.com>> wrote:

Gildas Le Peron has created a new message in the forum "API and programming": --------------------------------------------------------------  Thank you for your answers , it works now !  I have an other question : Is it possible to retrieve packets of two Vlan interfaces ? Because with my mistake i understand so that it not possible to retrieve packets from two interfaces .  Thank you for your help .
--
To respond to this post, please click the following link: http://developer.cisco.com/web/onepk/community/-/message_boards/view_message/16073642 or simply reply to this email.

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Gildas Le Peron on 13-06-2013 02:31:45 AM
Thank you for your answer !

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Gildas Le Peron on 13-06-2013 08:51:39 AM
Sorry but i have an other problem .Yesterday , i received packets from the Vlan interface that i wanted . But today , i don't understand i don't receive this packets whereas i didn't change my code . I verified if the configuration of my router is correct and i think yes because it didn't change since yesterday and i verified with the command "show run". I used code of the tutorial "datapath " .

Thank you for your help .

Subject: RE: Re: New Message from Gildas Le Peron in onePK - API and programming: RE
Replied by: Joseph Clarke on 13-06-2013 09:59:56 AM
Check to make sure dpss_mp is still running.  If it is, try restarting it and your app.  If things still don't work, post the output of "show cef dpss" and "debug cef dpss".

Attachments

    Outcomes