LRT214 - routing of DMZ

Hello

for some reason I can't connect from the DMZ network to the internet.

Installation program:

Internal network: 192.168.0.0/255.255.255.0

DMZ: 192.168.100.0/255.255.255.0

WAN: connected to the cable-modem (DHCP)

Even with the firewall disabled.

So, for me, it seems that the unit is not "Routing" of the demilitarized zone.

At the moment I activated the firewall again and added two rules to give them access DMZ:

1 REFUSE all traffic to DMZ (any) to 192.168.0.0 - 192.168.0.255 (to deny access to the local network to DMZ)

2 ALLOW all traffic to DMZ (any) to EVERYTHING (in order to select "WAN" here, would be great!)

I had this problem before in the local network.

But I could solve this problem when I switched the "operating mode" 'router' for 'bridge '.

[Just a little note: after Linkysys support told me that the device if default!]

BTW... so far, I found no clue about the difference between these two modes.

Thanks a lot for your support

Who was I had the suspicion on the VLan to.

But I think that it is not completely right... you have a DMZ with a privat-ip-area, but these DMZ servers do not have access to internet (NAT number of DMZ in WAN) possible.

To be honest, I find the DMZ - of the implementation of the very strange LRT214.

No one expects such an implementation! And IMHO, this does not meet the definition of DMZ (see wikipedia).

Tags: Linksys Products

Similar Questions

  • VLAN native on LRT214

    Hello

    the vlan native of my ports trunks is not the vlan by default 1. so, how do you define an id vlan different native then 1 on the LRT214 router?

    THX,

    Stef

    As far as I know, you can't. The VLAN native should be VLAN1.

  • WRT1900AC: Cannot access the router remotely

    This can be a simple, but I'm scratching my head on it.

    I just took a 1900 for my personal use at home. I did a basic auto config (Nothing fancy, just Plain Jane).

    As part of the configuration process, I associated the router to a Smart Access account that is different from that assigned to the routers in my church.

    For some unknown reason, I can not access the router using the Smart app unless I am accessing Internet through the 1900. If I have Internet access through my Verizon FiOS router, the Smart application tells me that my wireless router is offline.

    I missed the 1900 and started from scratch using my office... again... combining the unit on the account. Once again, no luck.

    I have a session with my smartphone and tried again with my tablet. Still no luck.

    Just to make sure that there is no failure, I tried to access the routers of the Church... and has been able to do without any problem.

    Y at - it an option that I forget? I don't remember running into this situation when you configure the 6500 s and 6900 s.

    10,168 is also a private IP address.

    I recommend that you enter this address that you see on the WRT router in DMZ ISP modems. If there is a reservation on the ISP modem function, book it as well so it can't change it later. This will keep the DMZ address for the WRT router and you should be good here.

  • Router EA4500 do not open ports even in the demilitarized zone

    I have a router EA4500 running the following firmware: http://puu.sh/4l2Hb.jpg

    I wish to convey the following ports to host a game server: http://puu.sh/4l2Jb.png

    In case you're wondering peripheral ip # is correct and my computer has a static ip address: http://puu.sh/4l2KQ.png (photo taken from the ipconfig command)

    I made an exception for any of these ports in the windows firewall: http://puu.sh/4l2VU.png

    more evidence of the ports with an exception: http://puu.sh/4l2Xl.png

    What happens when I check to see if the port is open: http://puu.sh/4l30O.png (ip address hiden)

    I've done everything correctly to my knowledge, but the ports are not opened. I called my ISP and they claim to be not stop blocking ports. If there is problem of the ISP could someone explain to me exactly what I should ask them or tell them to do the next time I called their hotline?

    Also when I put the router mode dMZ (a mode that I understand to open all my ports) my ports are still closed which I don't really quite understand.

    To find out if this is a concern to the ISP, remove the router from the loop and connect your computer directly to the modem and do the ping test in this way. If the ports are still closed, then better check your ISP. I've seen other messages here in the forum in which their ISP did not allow for some ports to open same modem. If test you better than one.

  • DMZ connected network is not available

    My configuration:

    PIX - servers with gateway as pix - DMZ dmz - remote router - remote LAN

    When I try to reach remote LAN to dmz servers that I'm not able to reach.

    My servers have pix as gateway.

    PIX has road for Remote LAN. (PIX I n t have no problem to reach remote LAN)

    When I add remote LAN-specific routes pointing to local router then I n t have problem to reach the Remote LAN.

    My problem is the why of the pix as the gateway server not able to reach remote LAN.

    the problem is related to the v6.x pix golden rule.

    the golden rule does not fundamentally pix redirect the packets in and out the same interface. for example, server dmz try to send a packet to the remote lan. for now, dmz server has a default gateway for the interface of a pix dmz, dmz server passes the packet to the interface of dmz pix to begin with. PIX receives the packet comes from the dmz server and the remote lan. now, pix determines the next hop for this particular package is the router in the dmz, which is once again through the DMZ interface. as mentioned, the golden rule does not allow this operation because the packet is received on the interface of a pix dmz.

    the workaround, as mentioned earlier, martin is to change the default gateway on the dmz server. the default gateway should be the router in the dmz, then configure static routes on router.

    now, there are two choices with regard to the configuration of the ports on the router.

    a: Configure the pix as the gateway router dmz dmz interface by default and configure the static route to the Remote LAN. or

    two: Configure the remote router as the default gateway of the router dmz and configure a static route for pix inside the net.

    personally, I prefer the first options as server dmz may need access to the internet via the pix as well.

    leaving again watching the flow of traffic to dmz, DMZ router as the default gateway server; router DMZ with interface dmz pix for the default gateway and the static routes for remote lan.

    package from Server dmz for the lan remote will be forwarded to the dmz router. DMZ router will then forward the packet to the remote router based on the static routes; Alternatively, package from Server dmz to the internet or the pix inside the subnet will be forwarded to the dmz router. the dmz router will then package the pix dmz interface based on the default gateway settings.

  • How to set up the PS4 with aircard years 790 and netgear dc112a to get the connection of type 2?

    Hi I have the Aircard 790s with Netgear DC112A router card, I tried to connect my PS4 to the router to get a connection of Type 2, but I could not, what I have done is I have my PS4 gave an IP address static, portforwarded all the ports by using the settings in the router menu, (I don't know if I should make the port forward in the menu hotspot and I don't know what I use IP: the IP Address of the router or the period of INVESTIGATION PS4?) , I put my PS4 on DMZ in the router menu, and put the router in DMZ in the menu hotspot, I disabled it Upnp. I get the connection of type 3 on the PS4, what I have to do?

    From a conceptual point of view, putting the PS4 in DMZ on the router and the router in DMZ of the hotspot should work. Try to remove all the rules of port forwarding and reboot the router and access point.

    There are two other methods to try that might work:

    1. Remove the PS4 DMZ on the router, remove port forwarding rules all and re - activate uPnP on the router. Keep the router in DMZ of the hotspot.
    2. If the card Aircard has IP Passthrough mode, try to activate it. This should ask interface the router WAN receive the public IP address of the Aircard map. This will remove a layer of NAT. Then simply bring the router to work using DMZ or port forwarding and uPnP.

  • No voice with incoming calls PAP2T

    I bought a LinkSys PAP2T unlocked last year that worked beautifully until a few days ago. Outgoing calls work fine, but I now have problems with incoming calls only.

    When I receive an incoming call, the phone rings, but when I pick it up, I can't hear anything and cannot the caller on the other end. After a few seconds, my phone disconnects and begins to beep as if the line is busy. This occurs regardless of who calls me and whther they use a VoIP device or a normal PSTN phone. I have not changed the settings on the router (a Belkin) or the PAP2T, he simply stopped working a few days ago! I have a connection 10MB Virgin Media broadband service for my VoIP provider is Draytel that have verified the account and settings and says it works very well on their test kit.

    Since then, I tried just using line 2 and the deactivation of line 1 to do a hard reset of the PAP2T and updated the firmware to the latest version. Even tried to change the analog phone connected, but I still have the problem.

    Does anyone have any ideas as to why it suddenly stopped working with anything has been changed and what I might be able to do to fix? The PAP2T is still the title of the 12 month warranty period then maybe she developed a fault?

    Thank you very much in advance for all those who can help you.

    Cheers, Vic

    For me it looks like the problem of RTP streams - probably, it does not pass the firewall / nat on the path between SIP provider and you.

    This may have is that your Belkin router/NAT, or on internet ISP router/NAT enabled SIP ALG (Application Layer Gateway).

    If this is the case, you will need to disable SIP ALG on your router or ask your ISP internet to disable on the firewall router.

    Another question may have been if you (accidentally) changed the port forwarding on your Belkin router, or the PAP2T local LAN IP address changed and port forwarding is no longer works.

    So my proposals to check:

    -check and DISABLE SIP ALG on your Belkin (if the router has this feature)

    -check the port forwarding on your router Belkin... IF you set up port forwarding for 5060/61 you MUST set the same for RTP ports (16384-16483)

    -If you don't have port forwarding on your Belkin, try before installation of 5060-5061 AND 16384-16483 *.

    * (If this is too many ports, set the RTP on PAP2T portrange to 16384-16394 for example and then forward only go)

    -If neither of above of aid, change your SIP Line1 of 5060 for port we will tell 6070 and RTP ports to the beach we'll tell 17300-17310

    -Finally, you can do it on your side is to remove all the port forwarding and put the PAP2T to your router Belkin DMZ settings.

  • E1200 Playstation 3 Help!

    I have a router E1200 and my ISP is Comcast.

    I need help to find how to have the best settings for online play. I did the static IP set up. But I still have some lag on a connection. I called Comcast to see what I can do. They said his problems with the router.

    I enter the numbers to the right for PS3 in the simple Port Forwarding and Port Range Forwarding. I turn on the DMZ and seized the same IP address on my PS3

    and I entered the following DNS

    DNS1: 208.67.222.222, DNS2: 208.67.220.220
           

    Can someone help me on something that I missed?

    PS: I don't have a problem with resetting the router together and starting from scratch?

     

    Capo202 wrote:

    Yes my PS3 connected wired. When I play Madden NFL 13, he said that I was disconnected because of network.

    And when I play Black Ops 2. I've launched offline sometimes. When I do the speed Test on the PS3... The download speed and upload speed changes a lot... once its speed of 30 Mbps DL and changes to 8 Mbit/s DL

    You talked with your previous post that you have triggered and transmitted so ports on the router with DMZ active. In fact, the firing port and shipping should be use both and also DMZ won't go to work if is port triggering or transmission is activated. So, make sure you that DMZ is disabled. Another thing is since the firmware of the router is already updated, reset the router for 30 sec, disconnect/reconnect the power cord and wait as the power light is solid before you configure manually. What are the ports you have open on the router?

  • LaserJet M276nw MFP Color impossible to connect to Web Services, tried all the suggestions on the forum

    I tried all the possible suggestions on the forum. I opened all the ports suggested by HP support on my Belkin of N600 router. DMZ has changed IP address on the printer. We even directly wired ethernet for printer, still cannot connect to Web Services. Now I have to wait until April 4 a technician to remind me. Everything else works fine. I can print wireless from my laptop & smartphone. Just can not access Web Services, oh & firmware is up-to-date on printer & router. We changed the DNS settings for 8.8.8.8 & 8.8.4.4.

    Success! I had Verizon send me a new Modem/Router. The original was 10 years. Install a new one, did a "Restore Defaults" on the printer. Re-setup the wireless network wizard. Click Web Services & connected. Received my code from the printer. So, since I have a few towns away I figure I would try eprint. It worked... Woot woot!

  • Design of bridge of 1300 AP/change

    I have a client w / a 1300 AP filled in two buildings (building A, building B).  Background - building has had Internet, building B does not.  The link was constantly going down, so it was turned off and both sites now have Internet.  From time to time, building Internet B falls down (cheaper service) and would like to resurrect the wireless for failover.  There is no documentation, and we found the Air-PWRINJ-BLR2 unit, but can not find the AP unit without mounting in attics.  What is the device that allows us to configure it?  It has a port console - also the IP address is configured on the unit seems to be on the same LAN segment in building A (192.168.10.250 & 192.168.10.251).  I would like to place both ends of the bridge (the building) wireless in a static road route and DMZ port.  How the hell do I realize that if the bridge is configured with the same LAN segments as A building?  I have a router w / ready to plug several ports.

    I just need building B to be able to access the Internet via A building if their default internet goes down.

    Building a network

    192.168.10.0/24

    Building B network

    10.20.190.0/24

    Hello

    Yes is the console on the power injector port, port of the console for the AP. probably the best way to recover the bridge is to connect the 1310 at a port of etherernet of portable computers and use the port console to learn the IP address of the 1310 and then manage the 1310 with the graphical interface, it can be done with the CLI , but if you have not done a wireless bridge before sticking with the GUI. Both 1310's need to be on the same subnet, it's management is not to fill. the bypass is at level 2, except if you use VIRTUAL LANs, but with routers that shouldn't be a problem. Once you have configured the root router saves the config and allows him to congigure the router no root change IP address and the Non Root role. Connect network cables to the router ports apropriate and you should be set.

    That's assuming that you know the name of username/password for the AP from the default is Cisco/Cisco.

    If the antennas are setting your deck should be reliable.

    based on the level of the signal between the AP I would disable data rate using the flow of G data and possibley B disable the higher rates if the radio stats present of many retrys, mor at 10%.

    Bill

  • VPN Tunnel to the TOP but no traffic passing (PIX515)

    I'll put up a remote engineers access to off-site to access my network (using the cisco vpn client). I use PIX 515E software version 7.0 (3) 20 as a vpn server. I can establish a tunnel, but I can't access network resources. I can ping the external interface of the PIX. This is my setup: internet-router-pix-dmz(server farm). Please find attached my setup. Thanks in advance.

    After a glance at your policy, it seems that the Pool of IP, that is assigned to the clients behind the outside interface, runs behind the DMZ. I don't think it will work.

    In addition, defined distribution policy seems to be backward. Im sure that you intend to send traffic FROM the IP pool to 196.26.12.64/26. Your acl split is the opposite.

    In addition, your routing table does not contain a route for the 196 network, so the firewall will use the default route to the outside. If this is intentional, the clients and dst are on the outside, which is considered to be crossed. This is allowed on the SAA only with the same security setting configured.

  • Why would I need to DMZ router to scan?

    If you feel you have tried everything to get the scanner to communicate with the computer and nothing will do, a service representative can tell you to DMZ the printer.  Often I have heard the term used loosely, and it can be very confusing if taken the wrong way.  That's why I deliberately formulated my question as I did.  First of all, you don't want the router DMZ.  You want to DMZ IP address of the printer in the router to open ports which also insist on remaining blocked.

    I considered all the reasons, we'd lose communication with their scanner.  The reasons are plentiful and can leave a user struggling for hours trying to get their scanner to communicate with their computer.  After that a standard troubleshooting is complete, they turn to their router.  Of course, this message only relates to people who have their printers attached to their computer with an Ethernet cable or wireless.  Before I define exactly what means DMZ, first of all I want to look at why you want to do.

    Printers to communicate through several different ports.  Often routers are configured with an internal firewall to protect users of computers from outside attacks.  In this way, the only information that the computer receives comes from what the router allows through.  People might DMZ their computer for games purposes, but it would be a very bad idea.  People are misled by "reliable companies," which suggests this in order to access their personal files.  Essentially, the goal was really to contain the amount of traffic actually pass through the router at the same time so this is a feature of security and service.

    A printer has been designed to communicate through a series of ports, but sometimes these ports are blocked.  Maybe the router is due for an update, or a firmware update was conducted which could cause the printer to lose communication.  Often, people can still print which is what it makes it even more confusing.  Ports of printing are simple and well known in the world of routers.  However, scanners to operate on a level more complex.  Information is received by a port and another goes out.

    Some companies may even install a proxy server in order to reduce bandwidth and record or monitor traffic which is an example of a blocked port.  In addition, as an extra level of protection, routers differ in the configuration so that it is difficult to gain access to a network for malicious purposes.  Depending on the router and other sources of firewall, like on the computer (antivirus software and Windows Firewall), these ports may deny access to a device of 'unknown' otherwise on what seems to be a random basis.  Of course, it is not random, but the timing is always impeccable none-the-less.

    DMZ printer (also known as the port forwarding in some cases) would mean completely open all the ports of this device.  It stands for demilitarized Zone.  Open ports in this subnet to the router allows access without any additional security.  That's why doing it on the IP address of the computer is a bad idea because that which allows people outside access to your computer network.  With ports closed here, they are allowed access by the user as a download in an email that contains a virus.

    On a printer, there is no way to access the files, install viruses or damage to the printer.  Especially if it's just a home network, the risk of attack is null.  It's not as if they could tap into your network as long as it is password protected initially.  The pirates have honestly no reason to print on your printer, in order to open the ports for access to the printer is perfectly acceptable and safe.  Now, if you were totally to the DMZ the router, then Yes, but a advanced user would know the term, just so the application, expresses or misunderstood is still virtually impossible to do the entire router.  Instead, just follow these steps so that you know that there is nothing blocking the scanner to work.

    Because routers differ from a product, a non-technical person would better communicate with their provider internet router service or undertaking for them through the steps on how to do.  Directly into the router just looks like a bad idea if you have never done it before.  Sometimes the router companies will help you for free if you are in warranty, if not the biggest complaint I hear is that they want you to pay xx.xx amount to do what your internet service provider must be able to do it for free.  If you find that you are unable to find someone to do it for free, you can always search the router manual and find information in the title of port forwarding.  However, that information is not openly scattered on the world wide web because of the risk factor to plug the wrong numbers and completely block the communication with the printer.

    After I uninstalled the printer, temporarily disabled the startup and anti-virus programs, reinstalled the printer software and find I'm still able to analyze, the next thing I look at is the router.  A technical agent on the phone, I didn't have the right to access the 3rd party software and hardware, that I have been trained, so I sent an email, which included all the ports, the printer uses and at the request of a reminder.  You can just go down the list of ports and follow the instructions on how to open each one individually, or you could just DMZ IP address which opens all ports on the printer.  Seems easier to DMZ it or what is even easier to do just told someone else to do not understand the definition themselves.

    As I said, it can be confusing and frustrating, especially if it is beyond your level of troubleshooting, but everyone who has managed to do, so always the spokesperson saying they could analyze now.  9 times out of 10 it worked.  And at that time, he remained effectively resolved.  With regard to the other 10%, they had other issues inside the computer as well.

    So, if you are already in this situation, contact your router or your ISP company for how to do this.  Here is the list of ports that I would include in my email, which would also suggest updating the firmware on the router first, and then going on with port forwarding.  This is all from my understanding and experience, I learned this. It's rather simple information that I hope will help you understand why someone would tell you to do.

    Incoming (UDP) ports are ports of destination on the computer while outgoing ports (TCP) are ports of destination on the HP printer.

    • Incoming (UDP) ports: 137, 138, 161, 427

    • Outgoing (TCP) ports: 137, 139, 427, 9100, 9220, 9500

    The ports are used for the following functions:

    Print

    • UDP ports: 427, 137, 161
    • TCP port: 9100

    Download of photo card

    • UDP ports: 137, 138, 427
    • TCP port: 139

    Scanning

    • UDP port: 427
    • TCP ports: 9220, 9500

    The HP device status

    • UDP port: 161

    Faxing

    • UDP port: 427
    • TCP port: 9220

    Installation of device HP

    • UDP port: 427

    Ports of Web Services

    • UDP and TCP: 80, 443, 5222 and 5223

    Hello Ports

    • TCP and UDP: 5353 and 5297, 5298

  • Static routing LRT214 does not

    Hello

    I have a hard time with a static routing on LRT214.

    My configuration:

    * LRT214 (recently purchased), acting as a gateway to the internet, local subnet is 192.168.28.0/24

    * There is a local VPN (192.168.28.98) server on the local network, serving a LAN tunnel with subnet 192.168.29.0/24. on LRT214 port forwarding is configured

    I can connect to my VPN server on the internet, and I can access the machine running on the VPN server (for example via ssh).

    However, I can not connect to any other computer on my LAN, although I tried

    adding another subnet under Configuration > network > LAN settings

    * setting up a static route under Setup > Advanced Routing (kind of route add - net 192.168.29.0/24 gw 192.168.28.98)

    of course, when I add the itinerary of statitc over any computer on the local network, I can connect via VPN tunnel to the machine, so its clearly a problem of LRT214.

    Please help, how can I configure a static route for this scenario in the user Web interface?

    The SPI Firewall, intercept traffic.

    As far as I understand, it could be that when the VPN server sends data to another machine on the local network, this happens on layer 2 (where the SPI Firewall not listening), while the return on the VPN server traffic is routed higher up in the stack, where the SPI listening and intercept.

    So, I will use the above workarounds, or put the OpenVPN server on a different subnet or VLAN, which I do anyway. I tried a basic configuration of VLAN yesterday (just put the Server full VPN with all interfaces in one VLAN separated), with InterVLAN routing enabled, but there seems to be some particularities with it (like the ping works, but not ssh). In any case, it's another story. Thanks for you support.

  • Gather the router E2500 and Voip DMZ box

    I had an old belkin router which is dead.  I have port forwarding and DMZ through my box Voip IP 192.198.0.1XX (immutable de.0.1) my new router IP is 192.168.1.1 now (DMZ immutable a.0.1) and I'm not sure how to get all DMZ d together and without flow.  Any help would be greatly appreciated, I searched and found nothing on this issue.  Thank you

    Hey, mustache! Have you tried to specify the device in the DMZ by MAC address instead of the IP address? To do this, click here. Update us how it goes!

    Kind regards

    Ethel_10700

    Linksys technical support

  • DMZ-Link bandwidth does not change the routing table countin traffic

    Hey guys

    I'm INE laboratories dong and shoved a weird one that delivers.

    I have configured the dmz-link bandwidtha nd the extended communities to send, I get the bandwidth in the BGP routes, however the routing table does not change the proportion of traffic according to the bandwidth available link.

    Here is my configuration:

    Rack1R6 (config) #do sh run | dry BGP

    router bgp 100

    no synchronization

    The log-neighbor BGP-changes

    BGP dmzlink-bw

    155.1.146.0 netmask 255.255.255.0

    aggregate-address 155.1.0.0 255.255.0.0 summary only

    neighbour 54.1.1.254 distance-54

    neighbor 54.1.1.254 dmzlink-bw

    neighbour 155.1.67.7 distance-300

    neighbour 155.1.146.1 distance-100

    155.1.146.1 neighbor send-community times

    No Auto-resume

    Rack1R6 (config) #.

    Rack1R6 (config) #do sh ip bgp neigh 155.1.146.1 opponents

    Version of BGP table is 35, local router ID is 150.1.6.6

    Status codes: deleted, cushioning d s, history of h, * valid, > best, i - internal.

    r SIDE-failure, stale S

    Source codes: i - IGP, e - EGP,? -incomplete

    Network Next Hop path metrics LocPrf weight

    * > 28.119.16.0/24 54.1.1.254 0 54 I

    * > 28.119.17.0/24 54.1.1.254 0 54 I

    * > 112.0.0.0 54.1.1.254 0 0 54 50 60 I

    * > 113.0.0.0 54.1.1.254 0 0 54 50 60 I

    * > 114.0.0.0 54.1.1.254 0 0 54 I

    * > 115.0.0.0 54.1.1.254 0 0 54 I

    * > 116.0.0.0 54.1.1.254 0 0 54 I

    * > 117.0.0.0 54.1.1.254 0 0 54 I

    * > 118.0.0.0 54.1.1.254 0 0 54 I

    * > 119.0.0.0 54.1.1.254 0 0 54 I

    r > 155.1.0.0 0.0.0.0 32768 I

    Rack1R6 (config) #do sh ip bgp

    Version of BGP table is 35, local router ID is 150.1.6.6

    Status codes: deleted, cushioning d s, history of h, * valid, > best, i - internal.

    r SIDE-failure, stale S

    Source codes: i - IGP, e - EGP,? -incomplete

    Network Next Hop path metrics LocPrf weight

    * i28.119.16.0/24 204.12.1.254 0 100 0 54 I

    *>                  54.1.1.254                             0 54 i

    * i28.119.17.0/24 204.12.1.254 0 100 0 54 I

    *>                  54.1.1.254                             0 54 i

    * i112.0.0.0 204.12.1.254 0 100 0 54 50 60 I

    * > 0 0 54 50 60 54.1.1.254 I

    * i113.0.0.0 204.12.1.254 0 100 0 54 50 60 I

    * > 0 0 54 50 60 54.1.1.254 I

    * i114.0.0.0 204.12.1.254 0 100 0 54 I

    *>                  54.1.1.254               0             0 54 i

    * i115.0.0.0 204.12.1.254 0 100 0 54 I

    *>                  54.1.1.254               0             0 54 i

    * i116.0.0.0 204.12.1.254 0 100 0 54 I

    *>                  54.1.1.254               0             0 54 i

    * i117.0.0.0 204.12.1.254 0 100 0 54 I

    *>                  54.1.1.254               0             0 54 i

    * i118.0.0.0 204.12.1.254 0 100 0 54 I

    Network Next Hop path metrics LocPrf weight

    *>                  54.1.1.254               0             0 54 i

    * i119.0.0.0 204.12.1.254 0 100 0 54 I

    *>                  54.1.1.254               0             0 54 i

    r i155.1.0.0 155.1.146.4 0 100 0 I

    r>                  0.0.0.0                            32768 i

    s > 155.1.146.0/24 0.0.0.0 32768 0 I

    * > i205.90.31.0 155.1.13.3 0 100 0 200 254?

    * 155.1.67.7 0 300 200 254?

    * > i220.20.3.0 155.1.13.3 0 100 0 200 254?

    * 155.1.67.7 0 300 200 254?

    * > i222.22.2.0 155.1.13.3 0 100 0 200 254?

    * 155.1.67.7 0 300 200 254?

    Rack1R6 (config) #.

    # now R4 configuration

    Rack1R4 (config) #do sh run | dry BGP

    router bgp 100

    no synchronization

    The log-neighbor BGP-changes

    BGP dmzlink-bw

    155.1.146.0 netmask 255.255.255.0

    aggregate-address 155.1.0.0 255.255.0.0 summary only

    neighbour 155.1.45.5 distance-200

    155.1.45.5 route-neighbour card GAME-54 on

    neighbour 155.1.146.1 distance-100

    155.1.146.1 neighbor send-community times

    neighbour 204.12.1.254 distance-54

    neighbor 204.12.1.254 dmzlink-bw

    No Auto-resume

    Rack1R4 (config) #.

    Rack1R4 (config) #do sh ip bgp Synt.

    Local router BGP 150.1.4.4 identifier UNDER number 100

    BGP table version is 18, table 18 main routing version

    15 entries for network using 1980 bytes of memory

    18 entries for path using 936 bytes of memory

    9/7 BGP path/bestpath attribute entered using 1512 bytes of memory

    3 entries for BGP AS-path ACCESS using 72 bytes of memory

    1 entries PMO community, using 24 bytes of memory

    0 cache entries of BGP route-map with 0 bytes of memory

    0 cache entries of filter-list BGP using 0 bytes of memory

    Bit entries in the cache field: 3 courses (up to 5) with 96 bytes of memory

    BGP using 4620 total number of bytes of memory

    Activity 102/87 BGP prefixes, 243/225, scan interval to 60 seconds

    Neighbor MsgRcvd MsgSent V AS TblVer InQ OutQ Up/Down State/PfxRcd

    155.1.45.5 4 200 8615 8640 18 0 0 07:38:02 3

    155.1.146.1 4 100 8761 8668 18 0 0 00:14:34 3

    204.12.1.254 4 54 8724 8595 18 0 0 07:38:02 10

    Rack1R4 (config) #do sh ip bgp

    BGP table version is 18, local router ID is 150.1.4.4

    Status codes: deleted, cushioning d s, history of h, * valid, > best, i - internal.

    r SIDE-failure, stale S

    Source codes: i - IGP, e - EGP,? -incomplete

    Network Next Hop path metrics LocPrf weight

    * > 28.119.16.0/24 204.12.1.254 0 0 54 I

    * > 28.119.17.0/24 204.12.1.254 0 0 54 I

    * > 112.0.0.0 204.12.1.254 0 54 50 60 I

    * > 113.0.0.0 204.12.1.254 0 54 50 60 I

    * > 114.0.0.0 204.12.1.254 0 54 I

    * > 115.0.0.0 204.12.1.254 0 54 I

    * > 116.0.0.0 204.12.1.254 0 54 I

    * > 117.0.0.0 204.12.1.254 0 54 I

    * > 118.0.0.0 204.12.1.254 0 54 I

    * > 119.0.0.0 204.12.1.254 0 54 I

    * > 155.1.0.0 0.0.0.0 32768 I

    s > 155.1.146.0/24 0.0.0.0 32768 0 I

    * i205.90.31.0 155.1.13.3 0 100 0 200 254?

    *>                  155.1.45.5                             0 200 254 ?

    * i220.20.3.0 155.1.13.3 0 100 0 200 254?

    *>                  155.1.45.5                             0 200 254 ?

    * i222.22.2.0 155.1.13.3 0 100 0 200 254?

    Network Next Hop path metrics LocPrf weight

    *>                  155.1.45.5                             0 200 254 ?

    Rack1R4 (config) #do sh ip bgp neigh 155.1.146.1 opponents

    Rack1R4 (config) #do sh ip bgp neigh 155.1.146.1 opponents

    BGP table version is 18, local router ID is 150.1.4.4

    Status codes: deleted, cushioning d s, history of h, * valid, > best, i - internal.

    r SIDE-failure, stale S

    Source codes: i - IGP, e - EGP,? -incomplete

    Network Next Hop path metrics LocPrf weight

    * > 28.119.16.0/24 204.12.1.254 0 0 54 I

    * > 28.119.17.0/24 204.12.1.254 0 0 54 I

    * > 112.0.0.0 204.12.1.254 0 54 50 60 I

    * > 113.0.0.0 204.12.1.254 0 54 50 60 I

    * > 114.0.0.0 204.12.1.254 0 54 I

    * > 115.0.0.0 204.12.1.254 0 54 I

    * > 116.0.0.0 204.12.1.254 0 54 I

    * > 117.0.0.0 204.12.1.254 0 54 I

    * > 118.0.0.0 204.12.1.254 0 54 I

    * > 119.0.0.0 204.12.1.254 0 54 I

    * > 155.1.0.0 0.0.0.0 32768 I

    * > 205.90.31.0 155.1.45.5 0 200 254?

    * > 220.20.3.0 155.1.45.5 0 200 254?

    * > 222.22.2.0 155.1.45.5 0 200 254?

    Total number of prefixes 14

    Rack1R4 (config) #.

    # and where is the real problem, R1

    Rack1R1(config-Router) #do sh ip bgp

    Version of BGP table is 15, local router ID is 150.1.1.1

    Status codes: deleted, cushioning d s, history of h, * valid, > best, i - internal.

    r SIDE-failure, stale S

    Source codes: i - IGP, e - EGP,? -incomplete

    Network Next Hop path metrics LocPrf weight

    * i28.119.16.0/24 54.1.1.254 0 100 0 54 I

    * > I 204.12.1.254 0 100 0 54 I

    * i28.119.17.0/24 54.1.1.254 0 100 0 54 I

    * > I 204.12.1.254 0 100 0 54 I

    * i112.0.0.0 54.1.1.254 0 100 0 54 50 60 I

    * > I 204.12.1.254 0 100 0 54 50 60 I

    * i113.0.0.0 54.1.1.254 0 100 0 54 50 60 I

    * > I 204.12.1.254 0 100 0 54 50 60 I

    * i114.0.0.0 54.1.1.254 0 100 0 54 I

    * > I 204.12.1.254 0 100 0 54 I

    * i115.0.0.0 54.1.1.254 0 100 0 54 I

    * > I 204.12.1.254 0 100 0 54 I

    * i116.0.0.0 54.1.1.254 0 100 0 54 I

    * > I 204.12.1.254 0 100 0 54 I

    * i117.0.0.0 54.1.1.254 0 100 0 54 I

    * > I 204.12.1.254 0 100 0 54 I

    * i118.0.0.0 54.1.1.254 0 100 0 54 I

    Network Next Hop path metrics LocPrf weight

    * > I 204.12.1.254 0 100 0 54 I

    * i119.0.0.0 54.1.1.254 0 100 0 54 I

    * > I 204.12.1.254 0 100 0 54 I

    * i155.1.0.0 155.1.146.6 0 100 0 I

    * > I 155.1.146.4 0 100 0 I

    * > 205.90.31.0 155.1.13.3 0 200 254?

    * i 155.1.45.5 0 100 0 200 254?

    * > 220.20.3.0 155.1.13.3 0 200 254?

    * i 155.1.45.5 0 100 0 200 254?

    * > 222.22.2.0 155.1.13.3 0 200 254?

    * i 155.1.45.5 0 100 0 200 254?

    Rack1R1 (config - Router) # do sh ip bgp 112.0.0.0

    112.0.0.0/8, version 4 BGP routing table entry

    Paths: (2 available, best #2, table by default-IP-Routing-Table)

    MPIO: eBGP iBGP

    Announced for the update-groups:

    1          2

    54 50 60, (from a customer-RR)

    54.1.1.254 (metric 2560002816) of 155.1.146.6 (150.1.6.6)

    Origin, IGP, 0, 100, valid, internal multipath localpref metric.

    DMZ-Link Bw 250 KB

    54 50 60, (from a customer-RR)

    204.12.1.254 (metric 2560002816) of 155.1.146.4 (150.1.4.4)

    Origin, IGP, metric 0, localpref 100, valid, internal, multipath, best

    DMZ-Link Bw 12500 KB

    Rack1R1(config-Router) #do sh ip route 112.0.0.0

    Routing for 112.0.0.0/8 entry

    Known through 'bgp 100', 200, 0 distance metric

    54, internal type tag

    Last update of 204.12.1.254 ago 00:15:30

    Routing descriptor blocks:

    204.12.1.254, 155.1.146.4, there is 00:15:30

    Path metric is 0, number of shares of traffic 1

    AS hop 3

    Beacon road 54

    * 54.1.1.254, 155.1.146.6, there is 00:15:30

    Path metric is 0, number of shares of traffic 1

    AS hop 3

    Beacon road 54

    Rack1R1 (config - Router) #.

    as you can see, the BGP process in R1 receives the correct link DMZ bw but not indeed take...

    can you please help me if I makeover anything in my setup?

    Hello

    Can you please make sure you have a value of bandwidth on ALL your BGP peering physical interfaces? And you can also include the running-config 'router bgp XXXX' out of R1 as you have not understood what we (others are). Just to make sure that you have "bgp dmzlink-bw' configured on all peerings and overall in the process - it will still show in the output of the same community if it does not work on it.

Maybe you are looking for