Re: [c-nsp] OSPF design
If you really want to use MPLS applications extensively and have a plan in using IPv6 in future. Why don't you think about ISIS instead of talking about OSPF areas. Just a suggestion, you better look into the comparison of ISIS and OSPF and all the implications. BR// Masood On 26-Oct-2010, at 12:49 PM, Rin wrote: Hi all, Thank you all for your replies. I summarize some discussion points for my case: + For 7600 routers, it is possible to design OSPF area 0 with 100 routers + If we do not configure summarization on ABR router, separating the network into different OSPF areas has no meaning in reducing LSDB size. + iSPF feature cannot preventing OSPF advertise topology changes to different OSPF areas. + Deploying inter-area TE tunnels makes TE optimal path selection harder From these points, I am confident to configure all routers (~100) in OSPF area 0. However, our network might be expanded in the future and more routers will participate into OSPF. So if the recommendation of maximum 50 routers inside an OSPF area is no longer suitable for strong router (i.e 7600), which threshold (number of routers, number of routes, TCAM utilization...???) should we care when design OSPF areas in ISP network? Thanks, Rin -Original Message- From: Benjamin Lovell [mailto:belov...@cisco.com] Sent: Monday, October 25, 2010 9:22 PM To: Rin Cc: Heath Jones; Robert Crowe (rocrowe); cisco-nsp NSP Subject: Re: [c-nsp] OSPF design If you are doing MPLE TE then you really don't want more than one area as then you get into inter-area TE tunnels which makes TE optimal path selection harder(not possible in some cases). -Ben On Oct 25, 2010, at 4:50 AM, Rin wrote: Dear all, Thank you for your replies. We use OSPF basically to advertise each router's loopback so that we can deploy L2 , L3 VPN between routers. There'll be no other external route advertised into OSPF. Thus, we will not configure summarization on any ABR router as well as stubby areas. I agree with Geoff's post that separating network into different OSPF areas cannot reduce LSDB size. If we separate into different areas, LSA1,2,3 are generated and all routers must trigger SPF for a topology change inside an area. If we do not separate into different areas, only LSA1,2 are generated and all routers must also trigger SPF for a topology change inside an area. According to below statement, iSPF helps each router to run SPF only on the changed portion of the topology. This means neither separating network into areas nor configuring inside an area will benefit from iSPF. Correct me if I'm wrong at this. OSPF uses Dijkstra's SPF algorithm to compute the shortest path tree (SPT). During the computation of the SPT, the shortest path to each node is discovered. The topology tree is used to populate the routing table with routes to IP networks. When changes to a Type-1 or Type-2 link-state advertisement (LSA) occur in an area, the entire SPT is recomputed. In many cases, the entire SPT need not be recomputed because most of the tree remains unchanged. Incremental SPF allows the system to recompute only the affected part of the tree. Recomputing only a portion of the tree rather than the entire tree results in faster OSPF convergence and saves CPU resources. Note that if the change to a Type-1 or Type-2 LSA occurs in the calculating router itself, then the full SPT is performed (source: http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/ospfispf.html) From your advice, I'm more likely to configure those 100 routers inside an OSPF area now. The reason why we design OSPF up to UPE devices because we also have FTTH switches configure as Layer 2, also we can deploy different Layer 3 redundancy techniques such Layer 3 loop prevention, MPLS TE..up to UPE layer. Thanks, Rin -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Heath Jones Sent: Saturday, October 23, 2010 6:05 AM To: Robert Crowe (rocrowe) Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF design Just remember that you cannot summarize (today) your main Loopback used for your LDP/BGP ID as there needs to be a full LSP from ingress-to-egress PE across areas, if you providing L2/L3VPN services. Is this because the lsp is label in label (outer being pe, inner being customer route)? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp
Re: [c-nsp] Application issue over ISP
have a look at the following URL.. http://www.ciscoblog.com/archives/2008/08/dynamic_failove.html Kind Regards, Masood Blogs: http://weblogs.com.pk/jahil/ Out of curiosity, what is ping based routing? 02 PM, jack daniels jckdaniel...@gmail.com wrote: Hi , I can run any protocol , cant run tunnel as other side is client who cant make changes On Sun, Dec 13, 2009 at 10:23 PM, Vincent C Jones v.jo...@networkingunlimited.com wrote: On Sun, 2009-12-13 at 21:06 +0530, jack daniels wrote: I have a scenario - CE ---ISP1 | | | ISP2 users behind CE connect to remote application , Now issue is if ISP1 LINK or ISP1 goes down I have times less than 4 sec for application to go via other link so that users are not imacted. So can there be any solution for traffic to converge before 2 request timeouts , so that my application users are not impacted. There are a wide variety of solutions, but whether or not they will work for you depends very much on both the specifics of the application and how you connect to your ISPs. Classic dual-homed BGP is not one of the solutions given your timeout requirements. Ping based routing may do the job if your user application can tolerate changing public IP addresses. If you have a presence at both ends of the public internet connection, you could also look at tunnel based solutions. -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 v.jo...@networkingunlimited.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Application issue over ISP
Ivan has this similar article with an working example applicable in real-life: http://www.nil.com/ipcorner/SmallSiteMultiHoming/ pelase read this article properly. might help you :) If the above article does not work for you; could you please b more specific about the issue like what is causing delay and what is the precise topology of the logical network like protocols, media and transmission. Kind Regards, Masood Blogs: http://weblogs.com.pk/jahil/ Gotcha. I am familiar with using SLA to track a route, but there is still the issue of convergence within the ISPs. We implemented a similar configuration in my environment using AS prepend on the least favored link, but it takes several minutes to converge globally. Thanks for the link. On Mon, Dec 14, 2009 at 8:52 PM, mas...@nexlinx.net.pk wrote: have a look at the following URL.. http://www.ciscoblog.com/archives/2008/08/dynamic_failove.html Kind Regards, Masood Blogs: http://weblogs.com.pk/jahil/ Out of curiosity, what is ping based routing? 02 PM, jack daniels jckdaniel...@gmail.com wrote: Hi , I can run any protocol , cant run tunnel as other side is client who cant make changes On Sun, Dec 13, 2009 at 10:23 PM, Vincent C Jones v.jo...@networkingunlimited.com wrote: On Sun, 2009-12-13 at 21:06 +0530, jack daniels wrote: I have a scenario - CE ---ISP1 | | | ISP2 users behind CE connect to remote application , Now issue is if ISP1 LINK or ISP1 goes down I have times less than 4 sec for application to go via other link so that users are not imacted. So can there be any solution for traffic to converge before 2 request timeouts , so that my application users are not impacted. There are a wide variety of solutions, but whether or not they will work for you depends very much on both the specifics of the application and how you connect to your ISPs. Classic dual-homed BGP is not one of the solutions given your timeout requirements. Ping based routing may do the job if your user application can tolerate changing public IP addresses. If you have a presence at both ends of the public internet connection, you could also look at tunnel based solutions. -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 v.jo...@networkingunlimited.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Runts in the network
you know these are frames with a frame size between 8 and 63 bytes with a valid CRC and no alignment errors. if this is the case, you may or may not have a problem. depending on the type of equipment, the vendor maybe using nonstandard frames. these frames are interpreted as runts. however, runts may be caused by a malfunctioning interface. in ATM cells have a 48 byte information field and a 5 byte header. This 53 byte cell falls within the definition of a under size packet and may be counted as a runt. find out what you have a bad ethernet card or atm :) Regards, Masood Blog: http://weblog.com.pk/jahil/ Any ideas how to troubleshoot this ? Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: terça-feira, 24 de Novembro de 2009 11:46 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Runts in the network Hello Group, I have 7200's acting as PE's and running 12.4.23 that show an abnormal numbers of runts. The interfaces where this can be seen are E1 channel-groups configured for frame-relay. This is the typical configuration: ! frame-relay switching ! controller E1 x/y channel-group 0 timeslots 1-31 ! interface Serialx/y:0 encapsulation frame-relay frame-relay traffic-shaping frame-relay lmi-type ansi frame-relay ip rtp header-compression frame-relay intf-type dce ! interface Serialx/y:0.100 point-to-point ip vrf forwarding MY-VRF ip address x.x.x.x x.x.x.x ip rip advertise 10 frame-relay interface-dlci 100 class MY-CLASS frame-relay ip rtp header-compression ! The E1 is completely clean but the serial interface shows runts: ROUTER#sh int sx/y:0 Serialx/y:0 is up, line protocol is up (...) Received 0 broadcasts, 12 runts, 0 giants, 0 throttles 12 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort (...) ROUTER# This happens everywhere in the network and there are many 7200's. The PA is the PA-MC-8TE1+. What could be the source of the problem ? I know what a runt is but i would like to understand why i have it all over the network. Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] delay eBGP sessions on startup?
probably Cisco needs a knob very similar to vendor Juniper out-delay. you can delay the time between when BGP and the routing table exchange route information. http://www.juniper.net/techpubs/software/junos/junos73/swconfig73-routing/html/bgp-config58.html#1016387 Regards, Masood On Mon, Nov 23, 2009 at 09:10:25AM +0100, Gert Doering wrote: bgp update-delay n the bgp update-delay command is used to tune the maximum time the software will wait after the first neighbor is established until it starts calculating best paths and sending out advertisements. Now, what does maximum time mean? Will it wait, or will it not? The documentation that I found claims that the default value is 120, which would certainly not agree with the observed behaviour. OTOH, Marco claims that he has seen 0 as a default... The docs make it look like more of a graceful-restart specific timer, not like advertisement-interval (intentionally delaying the propagation of new updates to try and consolidate them) or the on-startup delay behaviors available in the IGPs. http://www.cisco.com/en/US/products/ps6550/products_white_paper09186a008016317c.shtml The bgp update-delay n command may be entered on the Cisco NSF-capable router. The update-delay specifies the time interval- after the first peer has reconnected during which the restarting router expects to receive all BGP updates and the EOR marker from all of its configured peers. The default value of n is 120 seconds, and n is always measured in seconds. If the restarting router has a large number of peers, each with a large number of updates to be sent, this value may need to be increased from its default value. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Catalyst 4507R Single Point of Failure
not sure if this works on 4500... no environment-monitor shutdown temperature Kind Regards, Masood Blog: http://weblogs.com.pk/jahil/ Group, I'm now testing the faulty fan tray. I confirm that only one Fan is stopped. What happens with a different IOS/SUP is a surprise: 00:12:27: %C4K_IOSMODPORTMAN-4-FANTRAYPARTIALFAILURE: A fan or thermistor/s in system fan tray have failed 00:13:57: %C4K_IOSMODPORTMAN-4-FANTRAYGOOD: Fan tray is okay 00:24:52: %C4K_IOSMODPORTMAN-4-FANTRAYPARTIALFAILURE: A fan or thermistor/s in system fan tray have failed 00:31:27: %C4K_IOSMODPORTMAN-4-FANTRAYGOOD: Fan tray is okay IOS=cat4500-ipbase-mz.122-31.SGA8.bin So on this IOS, the auto-shutdown feature is not available. I will now downgrade to cat4000-i9s-mz.122-18.EW7.bin to see if i'm able to replicate the problem. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: Antonio Soares [mailto:amsoa...@netcabo.pt] Sent: sexta-feira, 20 de Novembro de 2009 10:19 To: 'cisco-nsp@puck.nether.net' Subject: RE: Catalyst 4507R Single Point of Failure The Fan Tray (4597) was replaced and now everthing is fine. I will try to test the Faulty Fan Tray during the day and i will let you know what i found. Still looking for an answer to this question: - Is there any way to disable the system auto-shutdown ? Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: Antonio Soares [mailto:amsoa...@netcabo.pt] Sent: quinta-feira, 19 de Novembro de 2009 16:30 To: 'cisco-nsp@puck.nether.net' Subject: RE: Catalyst 4507R Single Point of Failure More details about the system: IOS cat4000-i9s-mz.122-18.EW7.bin Dual Sup-IV (4515). We are going to replace the Fan Tray in about 2 hours. Then we will verify in the lab with more detail how many fans are failing. I'll keep you updated. But no matter how many Fans are faulty, i was expecting that, even if the entire Fan Tray fails, there was a way to override the system auto-shutdown. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: Antonio Soares [mailto:amsoa...@netcabo.pt] Sent: quinta-feira, 19 de Novembro de 2009 13:49 To: 'cisco-nsp@puck.nether.net' Subject: Catalyst 4507R Single Point of Failure Group, This is happening to a Catalyst 4507R: %C4K_IOSMODPORTMAN-4-FANTRAYBAD: Fan tray has failed %C4K_CHASSIS-2-INSUFFICIENTFANSDETECTED: Too few working fans in fan tray, the chassis will overheat. If not resolved, in 4 minutes all line cards will be placed into Reset-Mode %C4K_CHASSIS-2-INSUFFICIENTFANSSHUTDOWN: Resetting linecards due to fan tray failure %C4K_IOSMODPORTMAN-6-MODULEOFFLINE: Module 3 is offline %C4K_IOSMODPORTMAN-6-MODULEOFFLINE: Module 4 is offline %C4K_IOSMODPORTMAN-6-MODULEOFFLINE: Module 6 is offline %C4K_IOSMODPORTMAN-6-MODULEOFFLINE: Module 7 is offline %C4K_IOSMODPORTMAN-6-FANTRAYGOOD: Fan tray is okay I verified that only 1 out of 6 of the fans composing the Fan Tray is stopped. Any way to stop this automatic shutdown ? It's hard to understand why a Catalyst with Dual Supervisors and Dual Power Supplies will stop because of this. Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vlan across a routed link
whats wrong in extending your spanning-tree domain, as long as numbers of nodes are not too many? People are using trunk links between different sites across the world in an enterprise environment, and this is for what you use a trunk link. I would prefer the usage of trunk links and routed VLAN interfaces over EoMPLS and VPLS. (keeping in mind the throughput issues on EoMPLS, mtu problems and overall network complexity) Regards, Masood teklay gebremichael wrote: i work in a university which has three campuses. on each campuse, there is one cisco 6509 switch as a core switch. all other switches (L2) are in vtp client except the core switches. the campuses are connected with a routed link. so, one campuse, has 10.128.0.0/16 subnet and the others have a subnet of 10.129.0.0/16 and 10.130.0.0/16. rip v2 is used on the intercampuse links to advertise individaul vlans. here is my problem. i'm asked to create a vlan with a subnet id of 192.168.1.0/24. but computers in this vlan are located in the 10.128.0.0/16 campuse and 10.130.0.0/16 campuse.the link between the 10.128.0.0/16 and 10.130.0.0/16 is not trunk it is routed with ip address. so can any body suggest me how to implement such senario which allows one vlan (in this case 192.168.1.0/24) to be visible from the two campuses? i.e to propage that specific valn across a routed link not a trunk link. thanks You will need to convert the link from routed to switchport. That is, transform this: right, but think about the implications before doing so. You will extend your spanning tree domain over all the different sites, so this just asks for disaster to happen. And don't mention hey, I only do this for a single Vlan. Once you start offering this service, users will ask for it, and you end up doing this for many. Please consider technologies for this where you don't need to extend spanning tree. for example L2VPN (EoMPLS, VPLS), or loop-free topologies using VSS where you can disable STP between campuses.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network KPI
Key Performance Indicators (KPIs) can tell you how the network is performing according to certain parameters, but the chosen metrics may not be relevant to certain service classes. And if these are the ones that deliver the most revenue, operators could find themselves in trouble. Key Quality Indicators (KQIs) are typically a combination of several KPIs that can tell operators more about the end-user experience and usage patterns. To determine what the KPIs and KPQs should be on a wimax or any tcp/ip network, it must be borne in mind what customers are most interested in: fast access, good service quality and mobility. Consequently, KPIs can be focused on network procedures--such as attach, authentication, authorisation and creation/activation--which determine access (fast access to services is defined by the success of and speed of access to HTTP servers, to MMS centers, and to other dedicated services that could be offered via the operator's portal). Regards, Masood Blog: http://weblogs.com.pk/jahil/ hey all we work in a WiMAX operator , and i was wondering what are the best parameters to include in our KPI? _ Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME Route issue
check the show running-configuration. verify whether ip routing is enabled. The command, if enabled, appears towards the top of the output. hostname SW ! ! ip subnet-zero ip routing if not thn enable routing on the switch by using the ip routing command. SW(config)#ip routing Regards, Masood Blog: http://weblogs.com.pk/jahil/ hi all i have 2 switches ME-C3750-24TE with IOS c3750me-i5-mz.122-35.SE5.bin i defined an interface VLAN (management) int vlan 1 ip add 10.0.0.2 255.255.255.224 and defined a default route ip route 0.0.0.0 0.0.0.0 10.0.0.1 when i issue the command show ip route 0.0.0.0 router#sh ip route 0.0.0.0 Default gateway is not set Host Gateway Last UseTotal Uses Interface ICMP redirect cache is empty i have another device cisco ME-C6524GT-8S with IOS s6523-advipservicesk9-mz.122-18.ZU2.bin its configured the same way but when issuing the show ip route or show ip route 0.0.0.0 router#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 10.0.0.1 to network 0.0.0.0 10.0.0.0/27 is subnetted, 1 subnets C 10.0.0.96 is directly connected, Vlan1 S* 0.0.0.0/0 [1/0] via 10.0.0.3 is that normal ?? Thanks in advance _ Keep your friends updatedeven when youre not signed in. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Counters for null0?
show interface null0 always works on Cisco boxes. You can see in/out packets as well. Regards, Masood Blog: http://weblogs.com.pk/jahil/ Did you try looking at show interface null0? I am not sure it works, but give it a try as I do not have quick access to a lab where I can test this. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of luismi Sent: Wednesday, August 05, 2009 13:33 To: cisco-nsp Subject: [c-nsp] Counters for null0? Hi, is there any way to see how much traffic is going to null0 interface? I configured several routes to be forwarded to null0 and I would like to have some info about how much traffic is going there. If the IOS doesn't provide any information about it... is it possible to obtain that information using netflow? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Default route from ospf to bgp
To advertise a BGP default route to a BGP neighbor, use the neighbor default-originate router configuration command. /Regards, Masood I need to redistribute my default route from my ospf process to my bgp.do I use a route map to just allow my default ? Sent from my iPhone ___ / cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPTP devices
since all the pptp traffic gets process switched, Cisco would not meet the feasibility condition on Router; if i were you i will use a linux (Intel Core 2 Duo,4 Gig Mem) box running poptop (http://www.poptop.org/) for such a huge and increasing number of pptp users. Regards, Masood Blog: http://weblogs.com.pk/jahil/ I'm in the unfortunate position of having to support a bunch (100 or so now, 300 or so very soon) PPTP connections. Right now I'm using a 3825, and based on CPU performance it looks like I'll be lucky to get 200 on this thing with my typical end use usage patterns. Cisco seems to be pretty poor with rating PPTP performance on their devices, and would rather talk about L2TP (I don't blame them - it appears that pptp support has been dropped from the ASAs entirely). Does anyone have any idea what would be a good box for 300 to 500 (or even more) PPTP connections? The old VPN3000s seem to support this, but I can't get any real numbers on how many connections I can realistically support. I was thinking of just finding some powerful CPU IOS boxes and calling it a day on this one. Any better ideas? Thanks, Daryl ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Free NMS Tools
Nick, Network, Networking, Services, Desktop etc terms you need to understnd. you can use google uncle to help you. (you've got it all wrong. Networks run on servers and desktops running windows. That is all.) Networks run on servers who said that? in fact networks does not run on servers, services run on servers (http,ftp,dns,dhcp etc). Networks run on switches/routers. understanding of network/networking will definitely help you to understand BGP :) You are connected to internet because of BGP.. lols Regards, Masood 9 08:01, Saku Ytti wrote: My main grief with NMS I've looked at is virtually no integration with network devices out of the box. Saku, you've got it all wrong. Networks run on servers and desktops running windows. That is all. What is this BGP thing you talk about anyway? And why would anyone want to use it in the Real World? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Block https
Man, thts pretty straightforward. all u needed is http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080ab4ddb.shtml if i am remembering correctly, you can block https using proxy/cache server; If it is Squid thn i can help you. Regards, Masood Hi One I used a while ago to test was the below ip urlfilter allow-mode on ip urlfilter exclusive-domain deny www.theregister.co.uk is a while since ive used this but you can check the Cisco Docs for the ip urlfilter feature, if you want to block based on IP just use access lists as normal to block traffic to that IP. Regards Kev [][] Kev Barrass | YHMAN Operations Team [][www.yhman.net.uk] -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mohammad Khalil Sent: 15 July 2009 08:44 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Block https I want to block the url https://www.facebook.com Without using NBAR Using access-lists ?? And if I want to block based on the IP address it has a lot of IP addresses ( i dont want to block a whole class) And the cache only blocks based on HTTP port 80 _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Block URL ACCESS LIST
Please go to the following URL to begin: http://weblogs.com.pk/jahil/archive/2008/11/15/how-nbar-actually-classifies-the-traffic-flows.aspx Regards, Masood how can i block url using access-list ? _ Drag n dropGet easy photo sharing with Windows Live Photos. http://www.microsoft.com/windows/windowslive/products/photos.aspx ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] High CPU Usage
because it's interrupt level work the CPU is doing. you can try profiling the CPU and see what it says. can u get a couple of sh stacks and look at the interrupt level calls and see which one is going up the most. Regards, Masood I have a 2600 doing some GRE tunnel aggregation with IPSEC and a AIM-VPN. The CPU is consistently at 95%+, but none of the running processes are using nearly that much CPU. Is there some other place I should be looking? #sh processes cpu sorted CPU utilization for five seconds: 99%/61%; one minute: 99%; five minutes: 98% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 70 163085876 24727077 6595 15.31% 16.49% 14.22% 0 IP Input 14642276796 9771758 4326 8.24% 8.66% 7.46% 0 Crypto Support 16938417520 7286822 5272 5.22% 4.94% 5.12% 0 Crypto PAS Proc 621018268 2714504 7742 4.05% 4.99% 4.24% 0 Pool Manager 54 65680 2206 29773 2.20% 0.71% 1.20% 66 SSH Process 190 5281352 6682003790 0.48% 0.47% 0.45% 0 IP-EIGRP: HELLO 121 1163120 7759419149 0.24% 0.16% 0.13% 0 RBSCP Background 95 709328 1161174610 0.16% 0.07% 0.06% 0 CEF process ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] sh ip interface brief
r u running NAT on ths box, if yes; NVI, usually used for NATing out of VFRs. Regards, Masood Blog: http://weblogs.com.pk/jahil/ Hello, I have never seen interface named NVI0. What is this NVI0? router#sh ip interface brief Interface IP-Address OK? Method StatusProtocol GigabitEthernet0/0 x.x.x.x YES NVRAM upup GigabitEthernet0/0.1 x.x.x.xYES NVRAM upup GigabitEthernet0/0.2 x.x.x.xYES NVRAM upup GigabitEthernet0/1 x.x.x.x YES NVRAM upup FastEthernet0/0/0 unassigned YES unset updown FastEthernet0/0/1 unassigned YES unset updown FastEthernet0/0/2 unassigned YES unset updown FastEthernet0/0/3 unassigned YES unset updown Vlan1unassigned YES NVRAM updown *NVI0unassigned NO unset upup* Virtual-Access1unassigned YES unset down down Sincerely, Tseveen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco DSLAM ?
Yup Cisco does not make DSLAMs anymore. I think paradyne guys are doing great job in fact. http://www.paradyne.com/ Regards, Masood Juan, Cisco does not make DSLAMs for a long time now... Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Juan C. Crespo R. Sent: Wednesday, June 10, 2009 18:34 To: Cisco Post NSP Cc: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco DSLAM ? Guys Does anyone of you knows a good DSLAM for HDSL ADSL ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Opensource tool to measure Jitter for VoIP
MTR is a nice tool to check delay, loss and jitter stuff. If you wana keep track of historic logs, you can use nagios (or a tool like nagios). You can write your own scripts (using tcl, bash, perl or whatever u like) to monitor delay, jitter and loss and can feed the output to nagios for historic logs. Regards, Masood Hello, I'm looking for a way to measure Jitter for a VoIP network and i cant get my hands on IXIA or any fancy tool like that so i'm asking if anyone used any open source tool specifically for the matter. IPerf is an option but i've never used it, so can you guys point me if i can be used and what are the tests that i can try with it, my skills on *nix and these tools is similar to my skills with Chinese poetry ;) Thanks, Kas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12k Full BGP Feed Memory Requirements
it seems very special memory tweaking/management stuff.. LOLs :) i can't believe it. two full BGP feeds = 284k :P Regards, Masood Wow, this is unbelievable ! Can you show us your show proc mem | inc BGP ? Do you really have two full BGP feeds (about 284k prefixes each) ? Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: Ryan Werber [mailto:rwer...@epiknetworks.com] Sent: sexta-feira, 5 de Junho de 2009 2:38 To: Antonio Soares; cisco-nsp Subject: RE: [c-nsp] 12k Full BGP Feed Memory Requirements -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares I need help in order to calculate the memory needed to accomodate 2 or more Full BGP Feeds. This is for a 12400 running IOS. Today i saw this problem with some linecards: OUR GE-GBIC-SC-B's w/ 256MB Generally have about 100 megs of ram free with 2 directly connected full feeds, and at least 6 through ibgp. There may be a configuration issue. Only recently have our Engine-0 Cards been running out of memory, as they only have 128MB. bbr1.tor#execute-on slot 3 show proc mem | i Free = Line Card (Slot 3) = Total: 223634112, Used: 88582896, Free: 135051216 We have 12008's with GRP-B's w/ 512 RP Ram. Hope this helps! Ryan Werber Epik Networks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS/IP-VPN capable cards on Cat 6500
AFAIK VPLS is not supported on the Catalyst 6500 series. You should upgrade to the 7600 series with enhanced core facing interfaces, such as ES-cards or SIP-400/600 cards. Regards, Masood Thanks Arie. But ES cards are not supported on Cat6500, no? And also VPLS over MPLS on a SIP in Cat6500 - is it supported? If so do you know which SIP?Thanks, Marlon On Wed, Jun 3, 2009 at 9:19 PM, Arie Vayner (avayner) avay...@cisco.comwrote: Marlon, If you have DFCs on the regular LAN cards, then EoMPLS and L3VPN will be done in hardware and in distributed forwarding mode. For VPLS, you need to have either an ES20/ES40 card or a SIP card facing the core. Having this card means that again VPLS is done in hardware - some functionality is done on the regular DFCs and some on the egress core facing module. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Marlon Duksa Sent: Thursday, June 04, 2009 02:07 To: cisco-nsp@puck.nether.net Subject: [c-nsp] MPLS/IP-VPN capable cards on Cat 6500 Hi -Does anyone know which cards on Cat6500 support MPLS and separately IP-VPN, posibly at 40Gbps throughput? I'm looking for a distributed (DFC) forwarding solution? I know that Cat6500 is very limited in VPLS support, but IP-VPN and EoMPLS should be no problem, right? Thanks, Marlon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Juniper Simulator
wrong list for this question, you use cisco-nsp for cisco stuff. you can use juniper-nsp for juniper. Anyway You can use QEMU with Olive to emulate Juniper JUNOS. The following URL will take you to the page... http://tinyurl.com/o4gbba Regards, Masood Hey all how are u ? I am looking for a free simulator for Juniper routers Thanks in advance _ Windows Live: Keep your life in sync. Check it out! http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IO 7200 GE Improve Performance and help with the CPU Load?
cisco 7200 is a software based router so that every packet is punted to the NPE. You need to replace your NPE instead of PIC. which cisco 7200 series network processing engine you are running? what you get when do show version on this router? By using 'show processes cpu sorted 1min' you can check which process is eating NPE cpu cycles. Regards, Masood It have int fa0/0 30 second input rate 30616000 bits/sec, 13300 packets/sec 30 second output rate 4768 bits/sec, 12178 packets/sec int fa 0/1 30 second input rate 27478000 bits/sec, 4672 packets/sec 30 second output rate 19071000 bits/sec, 3774 packets/sec int ser4/0 (ds3 link) 30 second input rate 43264000 bits/sec, 11862 packets/sec 30 second output rate 28832000 bits/sec, 13590 packets/sec 59376 Total Thanks David Granzer escribió: Hi, could you post how much bandwidth and packet per second your 7200 ? Generally upgrade to I/O GE will not help much because the performance is based on the NPE used. regards, David On Wed, Jun 3, 2009 at 3:52 PM, Juan C. Crespo R. jcposei...@cantv.net wrote: Guys I have one POP with 90% of CPU Load (WCCP2, QoS and other minor stuff) and we are thinking about change the IO/7200-2FE by one IO/7200-GE could this help with this load? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IO 7200 GE Improve Performance and help with the CPU Load?
cisco 7200 NPE-400 is normally for customer premise equipment and DS1/DS3 aggregation. As per cisco performance of up to 400 kpps in cef switching. You can upgrade to NPE-G1 which provides performance of up to 1 million packets per second in cef switching (an increase of up to 250 percent over the cisco 7200 series npe 400) Regards, Masood NPE 400 CPU utilization for five seconds: 76%/75%; one minute: 74%; five minutes: 75% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 45 210365012 85449013 2461 0.23% 0.19% 0.19% 0 IP Input 11899161264 248440739399 0.23% 0.08% 0.06% 0 traffic_shape 1819988356 29194664684 0.00% 0.03% 0.02% 0 ARP Input 449353040 2274191 21701 0.00% 0.03% 0.04% 0 Check heaps 1011268080 11331204994 0.00% 0.02% 0.00% 0 EnvMon 63 8535512 47262546180 0.07% 0.01% 0.00% 0 Spanning Tree 2919555460389652 50187 0.00% 0.01% 0.00% 0 Per-minute Jobs 5 6393048430645 14845 0.07% 0.00% 0.00% 0 Pool Manager 11914495556 1901716 7622 0.00% 0.00% 0.00% 0 MFI LFD Timer Pr 59 5397356 1127172 4788 0.00% 0.00% 0.00% 0 WCCP V2 Protocol 11 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler 127912190100 41 0.00% 0.00% 0.00% 0 IPC Dynamic Cach 13 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager 14 1344312 11329870118 0.00% 0.00% 0.00% 0 IPC Periodic Tim 15 1196200 11329850105 0.00% 0.00% 0.00% 0 IPC Deferred Por 16 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager 17 44772 1140352 39 0.00% 0.00% 0.00% 0 Compute SRP rate 9 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager 19 028 0 0.00% 0.00% 0.00% 0 DDR Timers 20 0 2 0 0.00% 0.00% 0.00% 0 Dialer event 21 0 2 0 0.00% 0.00% 0.00% 0 Entity MIB API 22 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 23 770388 2845739270 0.00% 0.00% 0.00% 0 HC Counter Timer 24526422 239272 0.00% 0.00% 0.00% 0 Critical Bkgnd 25 3963452 4658455850 0.00% 0.00% 0.00% 0 Net Background 266188 3016 2051 0.00% 0.00% 0.00% 0 Logger 27 2206724 11329804194 0.00% 0.00% 0.00% 0 TTY Background 2865577956 11340517 5782 0.00% 0.00% 0.00% 0 Per-Second Jobs 8 144284 2275716 63 0.00% 0.00% 0.00% 0 ALARM_TRIGGER_SC 7 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun 31 0 1 0 0.00% 0.00% 0.00% 0 CSP Timer 6 0 2 0 0.00% 0.00% 0.00% 0 Timers 33 0 2 0 0.00% 0.00% 0.00% 0 Hawkeye Backgrou 34 0 1 0 0.00% 0.00% 0.00% 0 SONET alarm time 3 3297860 3024757 1090 0.00% 0.00% 0.00% 0 OSPF Hello 36 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN 37 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi 38 0 2 0 0.00% 0.00% 0.00% 0 Flash MIB Update 39 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM Input 40 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM TIMER 41 886 93 0.00% 0.00% 0.00% 0 TurboACL 42 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba 43 0 1 0 0.00% 0.00% 0.00% 0 AC Switch 44 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R 2 635356 2279979278 0.00% 0.00% 0.00% 0 Load Meter PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 46 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl 47 1608916 1520006 1058 0.00% 0.00% 0.00% 0 CDP Protocol 48 1785752 1202253 1485 0.00% 0.00% 0.00% 0 LDP 49 16 175 91 0.00% 0.00% 0.00% 0 OLM 50 0 1 0 0.00% 0.00% 0.00% 0 PPPATM Session d 51 0 2 0 0.00% 0.00% 0.00% 0 PASVC create VA 529512 1676 5675 0.00% 0.00% 0.00% 0 EEM ED Syslog 53 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP 54 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Memory Th 55 23596202778116 0.00% 0.00% 0.00% 0 EEM ED Timer 56 0
Re: [c-nsp] IO 7200 GE Improve Performance and help with the CPU Load?
The answer to your question... That's great but the IO7200GE could help with the cpu load? Nah :) What you need is NPE-G1 or NPE-G2 (double the speed of NPE-G1). Before making a decision, calculate your network bandwidth requirements. Regards, Masood That's great but the IO7200GE could help with the cpu load? if don't I must wait until get some budget Thanks mas...@nexlinx.net.pk escribió: cisco 7200 NPE-400 is normally for customer premise equipment and DS1/DS3 aggregation. As per cisco performance of up to 400 kpps in cef switching. You can upgrade to NPE-G1 which provides performance of up to 1 million packets per second in cef switching (an increase of up to 250 percent over the cisco 7200 series npe 400) Regards, Masood NPE 400 CPU utilization for five seconds: 76%/75%; one minute: 74%; five minutes: 75% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 45 210365012 85449013 2461 0.23% 0.19% 0.19% 0 IP Input 11899161264 248440739399 0.23% 0.08% 0.06% 0 traffic_shape 1819988356 29194664684 0.00% 0.03% 0.02% 0 ARP Input 449353040 2274191 21701 0.00% 0.03% 0.04% 0 Check heaps 1011268080 11331204994 0.00% 0.02% 0.00% 0 EnvMon 63 8535512 47262546180 0.07% 0.01% 0.00% 0 Spanning Tree 2919555460389652 50187 0.00% 0.01% 0.00% 0 Per-minute Jobs 5 6393048430645 14845 0.07% 0.00% 0.00% 0 Pool Manager 11914495556 1901716 7622 0.00% 0.00% 0.00% 0 MFI LFD Timer Pr 59 5397356 1127172 4788 0.00% 0.00% 0.00% 0 WCCP V2 Protocol 11 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler 127912190100 41 0.00% 0.00% 0.00% 0 IPC Dynamic Cach 13 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager 14 1344312 11329870118 0.00% 0.00% 0.00% 0 IPC Periodic Tim 15 1196200 11329850105 0.00% 0.00% 0.00% 0 IPC Deferred Por 16 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager 17 44772 1140352 39 0.00% 0.00% 0.00% 0 Compute SRP rate 9 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager 19 028 0 0.00% 0.00% 0.00% 0 DDR Timers 20 0 2 0 0.00% 0.00% 0.00% 0 Dialer event 21 0 2 0 0.00% 0.00% 0.00% 0 Entity MIB API 22 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 23 770388 2845739270 0.00% 0.00% 0.00% 0 HC Counter Timer 24526422 239272 0.00% 0.00% 0.00% 0 Critical Bkgnd 25 3963452 4658455850 0.00% 0.00% 0.00% 0 Net Background 266188 3016 2051 0.00% 0.00% 0.00% 0 Logger 27 2206724 11329804194 0.00% 0.00% 0.00% 0 TTY Background 2865577956 11340517 5782 0.00% 0.00% 0.00% 0 Per-Second Jobs 8 144284 2275716 63 0.00% 0.00% 0.00% 0 ALARM_TRIGGER_SC 7 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun 31 0 1 0 0.00% 0.00% 0.00% 0 CSP Timer 6 0 2 0 0.00% 0.00% 0.00% 0 Timers 33 0 2 0 0.00% 0.00% 0.00% 0 Hawkeye Backgrou 34 0 1 0 0.00% 0.00% 0.00% 0 SONET alarm time 3 3297860 3024757 1090 0.00% 0.00% 0.00% 0 OSPF Hello 36 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN 37 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi 38 0 2 0 0.00% 0.00% 0.00% 0 Flash MIB Update 39 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM Input 40 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM TIMER 41 886 93 0.00% 0.00% 0.00% 0 TurboACL 42 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba 43 0 1 0 0.00% 0.00% 0.00% 0 AC Switch 44 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R 2 635356 2279979278 0.00% 0.00% 0.00% 0 Load Meter PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 46 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl 47 1608916 1520006 1058 0.00% 0.00% 0.00% 0 CDP Protocol 48 1785752 1202253 1485 0.00% 0.00% 0.00% 0 LDP 49 16 175 91 0.00% 0.00% 0.00% 0 OLM 50 0 1 0 0.00% 0.00% 0.00% 0 PPPATM Session
Re: [c-nsp] Remove BGP AS path number number from an AS PATH
yup, you can't remove public AS from AS path. would you please share the idea why you wana remove it :) there are many other attributes to tweak bgp, y not u use them. BR\\ Masood I doubt that you can do that... but if this is to influence your outgoing traffic, then I would use local-preferences. Christophe -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Michalis Palis Sent: Thursday, May 28, 2009 9:49 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Remove BGP AS path number number from an AS PATH Hello All Is their a way to remove the first AS number (not private) from an AS path? For example we are receiving a route with AS PATH 123 456 456 456 and we want to remove the 123 AS and put in the BGP table the route with AS 456 456 456 . Thanks for your reply ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ Information from ESET Smart Security, version of virus signature database 4112 (20090528) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4112 (20090528) __ The message was checked by ESET Smart Security. http://www.eset.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How to improve C3750G switch uplink speed?
You are using this port for UPLINK, and it could be a trunk port. I strongly suggest you should not use portfast on this port. This way you can avoid loops and 30 second wait will be worth it. Regards, Masood Blog: http://weblogs.com.pk/jahil/ Hi, When I plug wire into c3750g port, it would wait about 30sec then change to uplink status. Are there any method can cut down uplink time? Regards, Pigsign ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6500-SFM insertion into production box, much of an impact?
Yea it is hot-swappable. You must install the Switch Fabric Module in either slot 5 or slot 6 of the Catalyst 6506 switch. For redundancy, you can install a standby Switch Fabric Module. The module first installed functions as the primary module. When you install two Switch Fabric Modules at the same time, the module in slot 5 acts as the primary module, and the module in slot 6 acts as the backup. If you reset the module in slot 5, the module in slot 6 becomes the primary module. Regards, Masood Blog: http://weblogs.com.pk/jahil/ -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ben Steele Sent: Monday, February 09, 2009 4:57 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WS-6500-SFM insertion into production box, much of an impact? Howdy, I'm looking for some info on the insertion of a SFM into a live 6500(Sup2 obviously), can't seem to find any info on Cisco as to the consequences this may have to traffic flowing through the Bus at the time(ie dropped packet rates), and I want to know if the modules go from using Bus only backplane to crossbar as soon as the module initiates or whether a reload would actually be required for this. Cheers Ben ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF not propagating - But for only one route...?
To redistribute static routes to subnets of classful networks you use redistribute static subnets under the ospf router configuration. Regards, Masood Blog: http://weblogs.com.pk/jahil/ redistributing statics/connected networks. For some reason 1 static route will not redistribute from the switch to the router and vice versa, redistribute connected redistribute static ip route 10.95.18.0 255.255.255.0 10.95.11.9 ! this is the problem route Have you tried 'redistribute static subnets'? No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.233 / Virus Database: 270.10.16/1926 - Release Date: 1/30/2009 5:31 PM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Per packet load balancing with low latency applications
Using CRTP along with MLPPP will have positive impact on your voice and low latency issues. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Joe Provo Sent: Thursday, January 15, 2009 5:33 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Per packet load balancing with low latency applications On Thu, Jan 15, 2009 at 12:25:18PM +, William wrote: Hello list, I've been looking at using per packet load balancing with a couple of serial links to use with a low latency market data application, in all the cisco docs they seem to mention how VoIP/Video applications may chuck their dummy out with packets arriving out of sequence. My question is what would cause the packets to arrive out of sequence? And has anyone been in my position before? what was the outcome? If these are wide-area links, latecy can vary due to grooming or other re-provisioning. If they are protected links, expect at some point during their life to switch ntependently and wind up with differing latencies. Per packet is going to be used because there will only be one machine on each end of the link talking to each other. Look at link-layer aggregation methods (mlpp for ptp, LAG for ether, etc) or getting a bigger pipe instead. Simple is good. Any more information/real life experiences on the matter are welcome. In my experience, per-packet always kills goodput. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP default-originate route
The default route is not announced to BGP neighbors, even if it's in the IP routing table and BGP table. This was true in old IOS releases, 12.4 and 12.2SRC announce BGP default route like any other network. To announce a default route to a BGP neighbor, you can configure neighbor default-originate. More information about the BGP default route by IVAN (truly geek) http://wiki.nil.com/BGP_default_route Regards, Masood -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Ingram Sent: Thursday, January 15, 2009 11:16 PM To: Brad Hedlund; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP default-originate route Thanks Would anyone from the SP area like to add any comments? From: Brad Hedlund [mailto:brhed...@cisco.com] Sent: Wed 1/14/2009 12:49 PM To: Scott Ingram; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP default-originate route On 1/14/09 11:19 AM, Scott Ingram sing...@clayton.com wrote: I think to keep it simple all I want is to do one site primary and the other standby only. Scott, I'm sure the SP guys will jump in at this point but that should be a fairly straight forward setup, where the standby site's PE is configured to crank up the metric for the default route from that location, such as padding ASN or manipulating MED, or any other BGP setting. Cheers, Brad Hedlund bhedl...@cisco.com http://www.internetworkexpert.org http://www.internetworkexpert.org/ IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] JUNOS funny or bad poetry
JUNOS guys promise they would not make it boring! If you don't want to configure something on JUNOS, spend some time with JUNOS haiku. http://weblogs.com.pk/jahil/archive/2009/01/07/juniper-junos-funny-poetry.as px ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RSP4 as route server? - seeking suggestions and opinions
You can also use JUNOS olive. http://juniper.cluepon.net/index.php/Olive Regards, Masood -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Cory Ayers Sent: Sunday, December 21, 2008 1:45 AM To: Ang Kah Yik Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] RSP4 as route server? - seeking suggestions and opinions I've only been recently tasked with looking into possible (re)uses for this box so I'm not sure how it managed to handle 2 sets of full routes either. 256M RAM will barely handle one BGP feed filtered to /23 (140k routes) The first thing that came to mind when tasked with this was actually Quagga/OpenBGPD. There appears to be a discussion on Linux Gigabit routers on the NANOG-ML but the discussion seems skewed towards forwarding performance rather than BGP scalability. If you're just looking for data gathering, go with Quagga. We've got an old SOHO box (533Mhz, 512M RAM, 512M Flash drive) running a lean install of Fedora with 8 BGP feeds (somewhat filtered) inbound, and another session to route-views. This replaced a 7200 NPE-300 w/256M that couldn't keep up a few years back. Cory ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Conditional BGP
A nice book on BGP Practical BGP By Russ White Regards, Masood BLOG: http://www.weblogs.com.pk/jahil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Boolootian Sent: Wednesday, September 24, 2008 6:06 AM To: [EMAIL PROTECTED] Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Conditional BGP 2) View the NANOG presentation archives. Several come to mind; I'll try to compile a list of suggestions, or just browse away. Search the presentation archive for Smith and BGP. Philip Smith's BGP tutorials are outstanding. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT - 802.3an - 10Gig over Cat 6a
I would recommended Juniper MX or EX Switches; it's time to enjoy line rate along with stable network operating system (JUNOS) + application/services ( MPLS, VPLS, QiQ etc) :) Regards, Masood BLOG: http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Henshaw Sent: Tuesday, September 16, 2008 8:51 AM To: Simon Hamilton-Wilkes; cisco-nsp@puck.nether.net Cc: [EMAIL PROTECTED] Subject: Re: [c-nsp] OT - 802.3an - 10Gig over Cat 6a Simon Hamilton-Wilkes wrote: SMC Tigerswitch 10g is the only thing I can see out there, $23 K for 20 ports in 1U. Extreme also have the X650. Not sure about availability. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7507 vs ssg 550
You can't replace Cisco 7500 with SSG550 (Firewall); Coz POS (OC3) is currently not available for SSG platform; Second SSG can run screenos only not JUNOS; screenos is the operating system for integrated Firewall/IPSec VPN solutions. Third SSG purpose-built security appliance, I would definitely not recommend SSG. T1, E1, Serial, DS3, Fe and SFP (copper or fiber) the only available interfaces for SSG devices. I would also recommend not replacing 7500 with just another idiot 7200 (software router, policy (route-maps), access-list, tunnels or a simple debugging will hang up the router). If you really need Gig throughput along with tunnels and policy routing; you need to consider line/wire rate router; it can be Cisco 76XX (be careful while selecting modules) or all juniper M/T Series routers along with AS PIC (go 4 M7i or M10i). Regards, Masood -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arie Vayner (avayner Sent: Wednesday, September 17, 2008 12:03 PM To: Faisal Muzammil; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] cisco 7507 vs ssg 550 Faisal, Why don't you take a look at a 7200/NPE-G2 (or even a 7201, which is a 1RU version of it). http://www.cisco.com/en/US/products/hw/routers/ps341/index.html http://www.cisco.com/en/US/prod/collateral/routers/ps341/product_data_sh eet0900aecd8047177b.html http://www.cisco.com/en/US/products/ps7253/index.html The advantage of changing to this kind of device is that it would be a natural upgrade from 7500 (which is a very old model...). All the configs should most likely transfer as a simple copy paste. Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Faisal Muzammil Sent: Tuesday, September 16, 2008 12:52 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] cisco 7507 vs ssg 550 Hi, We have a cisco 7507 router for our wan and are thinking of replacing it with juniper ssg 550. Currently we have 1 GEIP interface on the lan side of 7507 and 1 POS(STM/OC3) interface on the wan side. We have a few IP IP tunnels established and are running BGP over the wan and OSPF on the lan side. We also have the need of using PBRs. The main reason behind this change is that we are going to outgrow our STM capacity and need to upgrade to higher bandwidth on the wan side. hence similarly we will need to have a better option on the lan side instead of GEIP due to the limitation of 200mbps aggregate throughput on it. Thanks in advance for your suggestions regards Famz _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS PE Routers for a Mobile Carrier?
MPLS VPN, TE and QoS, If all you need in one BOX than better you go for Juniper M Series. Juniper M10i or M120/320. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saku Ytti Sent: Sunday, August 03, 2008 1:41 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS PE Routers for a Mobile Carrier? On (2008-08-02 20:20 +), Felix Nkansah wrote: I am working on an MPLS proposal for a mobile carrier (with 2mil+ customers). I need to decide on what routers to use as PE and P for their backhaul between 5 sites. I am torn between proposing the Cisco ASR 1000 OR the Cisco 7600 series as PE/P. Please let me know what your expert opinion is on this matter. They require MPLS VPN, TE, and QoS. You should find out very carefully if or not you can live with LAN card limitations. Without knowing specific of your QoS requirements, it's very likely that you are terminating customers to subinterfaces, effectively requiring HQoS which LAN cards do not do. Other limitations that pop in my mind are, no vlan local significance, no IPv6/uRPF (and chassis wide strict or loose in IPv4), no IPv6 CoPP, no TOS byte transparency, either you lose up-to /128 lookup or L4 lookups in IPv6. If you find out that you can't live with LAN cards, the main attraction of 7600/6500 goes away and you have much more options to choose from. ASR1k, MX, M, GSR, CRS. But if you are aware of all the catches with LAN interfaces and can live/workaround them, it's very good value to your money. However, in my book they suite much better LSR/P role than LER/PE role. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPPoE tunnel and Firewall
Im really getting confused while adding firewall for DSL subscribers. I want to protect my PPPoE subscriber from malicious traffic. Adding a firewall between DSLAMs and BRAS is kinda confused for me. The final topology is going to be like CPEß--DSLAMß---àFirewallß--BRAS---Ineternet From CPE to BRAS is PPPoE tunnel. The question Can firewall protect PPPoE customers from malicious traffic while sitting in transparent mode in front of BRAS. I wonder , firewall will skip the PPPoE tunnels traffic. If yes, than how do you guys protect BRAS internal traffic from one subscriber to another. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF on Secondary IP addresses.
Can OSPF establish as neighbors on secondary addresses? Do not have any luck unless the OSPF network interface is primary. Any ideas why and how do we go around this? What if a ROUTERA is connected to a wireless bridge which is serving multiple sites . Or there can be many other situation when you need to build adjacency on secondary IP address instead of primary IP. Oops I can't find any parameter (when I configure secondary address on Cisco Router) like preferred/primary . thanks to juniper guys for providing it ;) J Thanks in advance. Regards, Masood Ahmad Shah - ROUTERA interface FastEthernet1 ip address 2.100.220.113 255.255.255.248 ip address 2.100.220.97 255.255.255.248 secondary ip address 2.100.230.81 255.255.255.248 secondary no ip redirects no ip directed-broadcast ! router ospf 100 log-adjacency-changes area 3.3.3.102 stub no-summary network 2.100.230.80 0.0.0.7 area 3.3.3.102 -- ROUTERB interface Ethernet0 ip address 2.100.230.86 255.255.255.248 ! router ospf 100 log-adjacency-changes area 3.3.3.102 stub passive-interface BRI0 network 2.100.230.80 0.0.0.7 area 3.3.3.102 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3550-48 - 3560-48TS-E migration?
The thing I'm missing is, it does not support Policy-Based Routing (PBR) when forwarding IPv6 traffic:( The software supports IPv4 PBR only when the dual-ipv4-and-ipv6 routing template is configured. Here is the link for more on dual-ipv4-ipv6: http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1 2.2_25_see/configuration/guide/swsdm.html#wp1077854 Regards, Masood Ahmad Shah BLOG: http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon Lewis Sent: Thursday, May 15, 2008 7:24 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 3550-48 - 3560-48TS-E migration? Having just gone past the end of software maintenance date for the 3550, and with the need to start at least looking at supporting IPv6 on our customer aggregation switches in the not so distant future, I suppose it's time to seriously consider the 3560-48TS as a replacement / upgrade path for our 3550-48's. With the 3550-48's, we've been getting away with configuring generally all or nearly all the FE interfaces as routed ports using the default SDM template, and not run into any problems, even though this template is allegedly optimized for 8 routed interfaces. Can the 3560-48TS be used similarly without getting into software forwarding? I'd love to hear from someone using the 3560-48TS in a mixed v4/v6 environment with 48 routed ports, since cisco's docs that I've found so far don't seem to suggest how likely this is to work. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] If BGP is running on a circuit, if you ping the other end you get loss. kill the BGP (and thus the traffic..) no more loss.
I have written blog to your asked question about Netflow packets collecting/forwarding issue... http://weblogs.com.pk/jahil/archive/2008/05/02/how-to-netflow-with-csico-650 0.aspx Regards, Masood A Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Weaver Sent: Thursday, May 01, 2008 7:47 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] If BGP is running on a circuit, if you ping the other end you get loss. kill the BGP (and thus the traffic..) no more loss. Somewhat related to this thread, Is there some sort of 'magic' you have to do with a Sup720 to get it to export flows egress and ingress? It appears that there is quite a bit of traffic missing from the NetFlow data (most of it infact)... I simply applied ip route-cache flow to the layer3 vlans of interest and then setup the export commands as documented. Are there other steps required? Thanks, -Drew -Original Message- From: Aaron Glenn [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 30, 2008 7:44 PM To: Drew Weaver Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] If BGP is running on a circuit, if you ping the other end you get loss. kill the BGP (and thus the traffic..) no more loss. On Wed, Apr 30, 2008 at 5:54 AM, Drew Weaver [EMAIL PROTECTED] wrote: So, what are folks using these days for NetFlow analysis (software?) nfsen and pmacct. excellent open source products. aaron.glenn ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)
If you really need a firewall thn you must go for Netscreen. Netscreen is a truly firewall with pretty nice/stable packet inspection engine and pretty nice GUI/Command line interface. A single box (netscreen 500) will work like a charm for packet inspection, attack prevention and vpn tunnels termination. Oh yea you will not face any issue like icmp response packets or tcp flags... mtr is working fine too :) Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 04, 2008 12:39 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jarrod Friedland Sent: Friday, April 04, 2008 03:18 To: cisco-nsp@puck.nether.net Subject: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series) Hi All I wonder if anyone can offer me some sound professional opinion in terms of using a Check Point FW device v Cisco PIX (ASA 5500 Series) Devices. Currently we are using Checkpoint Devices however, I have an opportunity to possible include a pix device in our mix, however all my reading thus far seems to be more based on personal opinion than operational pro's and con's. Im looking for info in relation to can do's and cannots - Administration comparisons etc. If you are able to offer some insight but would like to take this offline, please let me know and I can send you my direct contact details. Since we're using both checkpoint asas, here's what I think about them. We only use them for ipsec (enduser site to site) and packet filtering. All kinds of protocol inspection run on seperate proxies, where they belong. Checkpoint has a great log viewer, but that's just about all I can say in their favor. They don't know how to apply rulesets to interfaces, just globally. Setting up vpns is a pain because they like to send out strange subnet configs. They're horribly expensive (we ran them on Nokia's, whose network cards do not support autoneg btw). Their support is pretty terrible as well. They also need arcane changes to their backend firewall database whenever something doesn't go as expected. Cisco ASAs are pretty cheap and have reasonable performance, but has lots of strange quirks. They don't decrement TTL by default (and I still haven't found a way to decrement it over vpn connections), handling icmp errors is a black art (still haven't gotten mtr working through asa's), do strange things with your tcp MSS, don't send out RSTs to denied connections, and other such fun stuff. Most of there can be configured to work correctly, but they're far from the default. Cisco's central management tool (Cisco Security Manager) is pretty horrible, I guess the lag is about 1 year between when the ASA gets a new feature and when Security Manager learns how to use it. On the other hand, the free gui (asdm) is pretty decent, and unliky checkpoint it comes with a cli. Software updates fixes don't get released as often as checkpoint, which I consider a downside for the ASAs. I still think ASAs are a step up from checkpoint gear, but neither are great. I'm seriously considering netscreens for my next rollouts. If I ever manage to convince the upper echelons here, I'd go with pf on either openbsd freebsd. // nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS pirating requests
Oh yea what is an IOS? April fool's day :) kidding IOS (Internet Operating System) is the software used on the vast majority of cisco systems routers and all current Cisco network switches. Oh don't ask what is an operating system :) Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ziv Leyes Sent: Wednesday, April 02, 2008 6:30 PM To: [EMAIL PROTECTED]; Jon Lewis; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IOS pirating requests What's an IOS anyway??? Ziv -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 02, 2008 4:16 PM To: Jon Lewis; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IOS pirating requests How do you do an IOS upgrade? :) -- Regards, Jason Plank CCIE #16560 e: [EMAIL PROTECTED] -- Original message -- From: Jon Lewis [EMAIL PROTECTED] Is it just me, or are others on the list getting daily requests from complete strangers along the lines of I saw your post to cisco-nsp about a particular IOS version...could you send me a copy of that IOS? Ok...maybe it's not daily...but I have gotten two in the past two days. For those who haven't asked yet, I'll save you some time. The answers are no, and if you want an IOS upgrade, talk to cisco. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7606(SUP32) 12.2(33)SRB2 arp-table problem.
Well, By default cisco IOS keeps learned ARP entries for 3 hours 59 minutes.. There might be some network scanner (worm or virus) around and scanning your network all the time. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrey O.Sokolov Sent: Monday, March 17, 2008 1:50 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7606(SUP32) 12.2(33)SRB2 arp-table problem. Good day! Cisco7606 with sup32, IOS 12.2(33)SRB2, c7600s3223_rp-ADVIPSERVICESK9-M On this device are fifteen vlan-interfaces. One interface have netmask /24 Three interface have netmask more than /30 Two of this interfaces are ospf-interface in different areas. Spontaneously (interval is from some minutes to some hours) this device transmit from two interface (one of them - ospf-interface) icmp who-has request to ALL device's in networks. This interfaces has not change his link-status before there comes this situation. Example: 15:22:39.18 arp who-has XXX.YYY.ZZZ.81 tell XXX.YYY.ZZZ.1 15:22:39.001018 arp who-has XXX.YYY.ZZZ.103 tell XXX.YYY.ZZZ.1 15:22:39.002017 arp who-has XXX.YYY.ZZZ.155 tell XXX.YYY.ZZZ.1 15:22:39.003018 arp who-has XXX.YYY.ZZZ.119 tell XXX.YYY.ZZZ.1 15:22:39.004018 arp who-has XXX.YYY.ZZZ.100 tell XXX.YYY.ZZZ.1 15:22:39.005018 arp who-has XXX.YYY.ZZZ.156 tell XXX.YYY.ZZZ.1 15:22:39.006018 arp who-has XXX.YYY.ZZZ.84 tell XXX.YYY.ZZZ.1 15:22:39.007018 arp who-has XXX.YYY.ZZZ.117 tell XXX.YYY.ZZZ.1 15:22:39.008018 arp who-has XXX.YYY.ZZZ.87 tell XXX.YYY.ZZZ.1 15:22:39.009018 arp who-has XXX.YYY.ZZZ.86 tell XXX.YYY.ZZZ.1 15:22:39.010018 arp who-has XXX.YYY.ZZZ.118 tell XXX.YYY.ZZZ.1 15:22:39.011018 arp who-has XXX.YYY.ZZZ.135 tell XXX.YYY.ZZZ.1 15:22:39.012018 arp who-has XXX.YYY.ZZZ.97 tell XXX.YYY.ZZZ.1 15:22:39.013018 arp who-has XXX.YYY.ZZZ.157 tell XXX.YYY.ZZZ.1 15:22:39.014018 arp who-has XXX.YYY.ZZZ.149 tell XXX.YYY.ZZZ.1 15:22:39.015018 arp who-has XXX.YYY.ZZZ.141 tell XXX.YYY.ZZZ.1 15:22:39.016018 arp who-has XXX.YYY.ZZZ.115 tell XXX.YYY.ZZZ.1 15:22:39.017018 arp who-has XXX.YYY.ZZZ.154 tell XXX.YYY.ZZZ.1 15:22:39.018018 arp who-has XXX.YYY.ZZZ.150 tell XXX.YYY.ZZZ.1 15:22:39.019017 arp who-has XXX.YYY.ZZZ.109 tell XXX.YYY.ZZZ.1 15:22:39.020018 arp who-has XXX.YYY.ZZZ.128 tell XXX.YYY.ZZZ.1 15:22:39.021018 arp who-has XXX.YYY.ZZZ.125 tell XXX.YYY.ZZZ.1 15:22:39.022018 arp who-has XXX.YYY.ZZZ.132 tell XXX.YYY.ZZZ.1 15:22:39.023017 arp who-has XXX.YYY.ZZZ.133 tell XXX.YYY.ZZZ.1 15:22:39.024017 arp who-has XXX.YYY.ZZZ.144 tell XXX.YYY.ZZZ.1 15:22:39.025017 arp who-has XXX.YYY.ZZZ.148 tell XXX.YYY.ZZZ.1 15:22:39.026018 arp who-has XXX.YYY.ZZZ.151 tell XXX.YYY.ZZZ.1 15:22:39.027017 arp who-has XXX.YYY.ZZZ.45 tell XXX.YYY.ZZZ.1 15:22:39.028031 arp who-has XXX.YYY.ZZZ.88 tell XXX.YYY.ZZZ.1 15:22:39.029018 arp who-has XXX.YYY.ZZZ.56 tell XXX.YYY.ZZZ.1 15:22:39.030017 arp who-has XXX.YYY.ZZZ.90 tell XXX.YYY.ZZZ.1 15:22:39.031018 arp who-has XXX.YYY.ZZZ.168 tell XXX.YYY.ZZZ.1 15:22:39.032020 arp who-has XXX.YYY.ZZZ.169 tell XXX.YYY.ZZZ.1 15:22:39.033021 arp who-has XXX.YYY.ZZZ.172 tell XXX.YYY.ZZZ.1 15:22:39.034017 arp who-has XXX.YYY.ZZZ.190 tell XXX.YYY.ZZZ.1 15:22:39.035018 arp who-has XXX.YYY.ZZZ.165 tell XXX.YYY.ZZZ.1 15:22:39.036017 arp who-has XXX.YYY.ZZZ.159 tell XXX.YYY.ZZZ.1 15:22:39.037017 arp who-has XXX.YYY.ZZZ.184 tell XXX.YYY.ZZZ.1 15:22:39.038018 arp who-has XXX.YYY.ZZZ.189 tell XXX.YYY.ZZZ.1 15:22:39.039017 arp who-has XXX.YYY.ZZZ.188 tell XXX.YYY.ZZZ.1 15:22:39.040017 arp who-has XXX.YYY.ZZZ.216 tell XXX.YYY.ZZZ.1 15:22:39.041017 arp who-has XXX.YYY.ZZZ.171 tell XXX.YYY.ZZZ.1 15:22:39.042018 arp who-has XXX.YYY.ZZZ.205 tell XXX.YYY.ZZZ.1 15:22:39.043017 arp who-has XXX.YYY.ZZZ.233 tell XXX.YYY.ZZZ.1 15:22:39.044017 arp who-has XXX.YYY.ZZZ.236 tell XXX.YYY.ZZZ.1 15:22:39.045017 arp who-has XXX.YYY.ZZZ.239 tell XXX.YYY.ZZZ.1 15:22:39.046018 arp who-has XXX.YYY.ZZZ.170 tell XXX.YYY.ZZZ.1 15:22:39.047017 arp who-has XXX.YYY.ZZZ.197 tell XXX.YYY.ZZZ.1 15:22:39.048018 arp who-has XXX.YYY.ZZZ.187 tell XXX.YYY.ZZZ.1 15:22:39.049017 arp who-has XXX.YYY.ZZZ.173 tell XXX.YYY.ZZZ.1 15:22:39.050017 arp who-has XXX.YYY.ZZZ.200 tell XXX.YYY.ZZZ.1 15:22:39.051017 arp who-has XXX.YYY.ZZZ.175 tell XXX.YYY.ZZZ.1 15:22:39.052017 arp who-has XXX.YYY.ZZZ.174 tell XXX.YYY.ZZZ.1 15:22:39.053017 arp who-has XXX.YYY.ZZZ.223 tell XXX.YYY.ZZZ.1 15:22:39.054017 arp who-has XXX.YYY.ZZZ.201 tell XXX.YYY.ZZZ.1 15:22:39.055017 arp who-has XXX.YYY.ZZZ.179 tell XXX.YYY.ZZZ.1 15:22:39.056017 arp who-has XXX.YYY.ZZZ.180 tell XXX.YYY.ZZZ.1 15:22:39.057017 arp who-has XXX.YYY.ZZZ.203 tell XXX.YYY.ZZZ.1 15:22:39.058018 arp who-has XXX.YYY.ZZZ.207 tell XXX.YYY.ZZZ.1 15:22:39.059017 arp who-has XXX.YYY.ZZZ.178 tell XXX.YYY.ZZZ.1 15:22:39.060017 arp who-has XXX.YYY.ZZZ.204 tell XXX.YYY.ZZZ.1 15:22:39.061017 arp who-has XXX.YYY.ZZZ.206 tell XXX.YYY.ZZZ.1 15:22:39.062017 arp who-has XXX.YYY.ZZZ.232 tell XXX.YYY.ZZZ.1 15:22
Re: [c-nsp] MST operation...
Have you configured the following attributes, # spanning-tre mst root # spanning-tre mst priority # spanning-tre mst pre-standard If you already have configured/played with the above commands than I would ask for the output of ... # show spantree mst X active (where x is your instance number) # show spantree summary mst # show spantree mst configuration # show spantree statistics mst mod/port instance ( mod/port the one connected to secondary switch) Regards, Masood Ahmad Shah BLOG: http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Fischer Sent: Tuesday, April 01, 2008 7:58 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] MST operation... I am running (2) Cat6509-E's with Sup720-3B's running IOS. They are connected via layer 2 by a (2)10GigE port-channel. Spanning tree is configured via MST with 3 instances - instance 0 (default), instance 1 (roots all odd-numbered VLANs to switch 1 - priority 4096), and instance 2 (roots all even-numbered VLANs to switch 2) - pretty simple configuration. Switch 2 is the secondary for odd-numbered VLANs (priority 8192), and the same is true for switch 1 on the even-numbered VLANs All was well, but we recently upgraded the code from 12.2(18)SXF12a to 12.2(18)SXF13 to address vulnerabilities Cisco published - not a quantum leap in terms of code revision. Now, the root of MST0 is properly situated, but both switches think they are the root for MST1 and MST2. I cannot, as yet, link this change in the operation of spanning-tree to the code upgrade - this is in a lab scenario for the time being. Debugging of spanning-tree events, root, and bpdu's revealed nothing occurring across the port-channel. The operation of the Port-channel seems to be fine from all reports on the switch. Even had a couple of CCIE's at the VAR look at it, and nothing jumped out at them as to being obvious. The switches were rebooted a couple times, and the MST configuration was cleared, and re-entered into the switch. Show spanning-tree MST detail reveals that packets are being exchanged between the two switches on MST 0 over the port-channel, but on MST's 1 2, but switches show transmits, but 0 receives across the port-channel. This has me a bit baffled, and thought I'd throw it out to this forum to see if anyone has seen similar behavior. Any and all insight and assistance in getting to the root cause of this (pun intended) is most sincerely appreciated. Regards, Steve Fischer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] concentrator issues since PUBLIC interface move
Whenever you change a subnet (network); you need to check to check/update the following.. Update your routing table accordingly. Update concentrator or between router access lists. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Ingram Sent: Monday, March 31, 2008 3:50 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] concentrator issues since PUBLIC interface move since I moved the public interface to another subnet I'm having issues with all my site to site vpn's that were active prior to the move. I went to all the remote sites and changed my address and reset each site. Now I have all sites connected however, TX data only. I'm running code 4.x on the concentrator and all other remote client access is ok just the site to site VPNs. IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] External Firewall
Normally people would put like show below.. WAN-Router-Firewall--LAN-Switch Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sridhar Ayengar Sent: Monday, March 24, 2008 9:55 PM To: Cisco NSPs Subject: [c-nsp] External Firewall I'm interested in adding a firewall to a network I admin at work. The gateway router on the network is a 7200 NPE-G1. What I want to know is whether I have to route all of my packets through my external firewall, or is there a way to have the firewall set state in the router to enable it to route packets in a session without the further involvement of the firewall? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multipoint L2TPV3 tunnel / MPLS VPN over IP Tunnel
Well, router is 7507 running with 12.4(16) rsp-jk9o3sv-mz.124-16.bin... I believe that 12.4 enterprise image is supporting such features... Is there any special release to get the advantages of multipoint L2TPV3 tunnel over 7500 or 7200... Regards, Masood Ahmad shah -Original Message- From: Oliver Boehmer (oboehmer) [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 05, 2008 12:23 PM To: Masood Ahmad Shah; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Multipoint L2TPV3 tunnel / MPLS VPN over IP Tunnel Masood Ahmad Shah wrote on Monday, February 04, 2008 11:47 PM: Is there any low end Cisco router for the multipoint L2TPV3 tunnel to configure MPLS VPN over IP Tunnel. I just can't buy Cisco 12000 only for the multipoint L2TPV3 tunnel. I was expecting a support of tunnel mode l2tpv3 in Cisco 7500 but I just can't see it. :( according to www.cisco.com/go/fn, the MPLS VPNs over IP Tunnels feature is available in recent 12.0S on 7200, 7500, 10700 and GSR. Which release are you using? The command syntax is tunnel mode l3vpn l2tpv3 multipoint on the tunnel.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPPoE L2 timeout recovery
It is very clear your Cisco DSL route sends PPPoE Active Discovery Initiation (PADI) frames to the ISP with no response. The PADI frame is the first in a series of PPPoE call-setup frames. If your ISP does not respond with a PPPoE Active Discovery Offer (PADO), PPPoE negotiation does not succeed. The only solution for this problem is to contact your ISP or check your line stability. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Gurtz Sent: Tuesday, February 05, 2008 12:25 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] PPPoE L2 timeout recovery I have a 3640A with a WIC1-ADSL residing in an NM-1FE1R2W. IOS is 12.4(13b) Periodically, about every month or two, the dsl link will drop and debugging output shows: ... Sending PADI: vc=0/35 ... padi timer expired Doing a shut no shut on atm2/0 seems to bring the line up back up and it then works fine for another month or two until I have to do it again. The amount of traffic doesn't seem to trigger this behavior. The shut no shut seems to cause a line retrain on this platform since the CD light goes out after the shut. Is this necessarily an ISP problem, or is there something I might be missing on my end like overflowing some NAT table or something? Any other config I should provide? ~JasonG -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF router gets separated from a broadcast domain
Is there any low end Cisco router for the multipoint L2TPV3 tunnel to configure MPLS VPN over IP Tunnel. I just can't buy Cisco 12000 only for the multipoint L2TPV3 tunnel. I was expecting a support of tunnel mode l2tpv3 in Cisco 7500 but I just can't see it. :( Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Multipoint L2TPV3 tunnel / MPLS VPN over IP Tunnel
Is there any low end Cisco router for the multipoint L2TPV3 tunnel to configure MPLS VPN over IP Tunnel. I just can't buy Cisco 12000 only for the multipoint L2TPV3 tunnel. I was expecting a support of tunnel mode l2tpv3 in Cisco 7500 but I just can't see it. :( Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISDN backup for MPLS CE Router
I believe that you side is CE --- PE. One thing is very important to know that you must reach your PE in appropriate manners while connecting using ISDN circuit.. If you want to use automatic failover and just can't run routing protocols..you can use IPSLA monitor If you can't use routing protocol your choice is IP SLA monitor. How to IPSLA: ip sla monitor 1 type echo protocol ipIcmpEcho primary-link-reachable-ip source-ipaddr switch-source-ip timeout 1500 threshold 2000 frequency 3 Start Monitring: ip sla monitor schedule 1 life forever start-time now Tracking: track 1 rtr 1 reachability Secondary Route: ip route 0.0.0.0 0.0.0.0 secondary-gateway track 1 Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zitouni Rachid Sent: Tuesday, January 22, 2008 8:45 PM To: Ali, Rijas: BB UAE (IT); cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ISDN backup for MPLS CE Router Hi, Use dialer watch: http://www.cisco.com/en/US/tech/tk801/tk379/technologies_configuration_examp le09186a0080094143.shtml On CE : you will need your default route to PE to be suppressed when CE-PE link fail somewhere = dynamic routing is the easier way to do it Obviously, your Head Office CE will need to know that the link between branch office CE and PE went down HiH Rachid De : Ali, Rijas: BB UAE (IT) [mailto:[EMAIL PROTECTED] Envoyé : mardi 22 janvier 2008 14:34 À : Zitouni Rachid; cisco-nsp@puck.nether.net Objet : RE: [c-nsp] ISDN backup for MPLS CE Router The CE will have ISDN WIC and it should dial out to my Head Office ISDN Aggregator (Cisco 3845) when the default route from ISP is missing. After this if at all there is a problem in MPLS cloud ( either ETH going down / route missing )from service provider data will flow Via ISDN . ALI RIJAS -Original Message- From: Zitouni Rachid [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 22, 2008 5:19 PM To: Ali, Rijas: BB UAE (IT); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ISDN backup for MPLS CE Router Just to make sure I understand your topology : ISDN will be CE-PE or CE-CE ? -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Ali, Rijas: BB UAE (IT) Envoyé : mardi 22 janvier 2008 14:05 À : cisco-nsp@puck.nether.net Objet : [c-nsp] ISDN backup for MPLS CE Router Hi Friends, Most of my branches connect to MPLS service provider using a ETH port on my CE. I am thinking of having a ISDN Backup for the MPLS VPN Link. Since ETH its very rare that the interface go down, So I have to look for the default route that ISP gives to my CE and if not available I will have to start ISDN. Please help me with some of your experience or documentation. ALI RIJAS This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC.Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised and regulated by the Financial Services Authority. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e
Re: [c-nsp] ISDN backup for MPLS CE Router
The question is, What your service provider suggest? Do they provide multiple eBGP sessions for CE, if yes they might want you to use it instead of static route and you might end with load balancing, route filtering so and soWell If you are going to use redundant eBGP you need to make it sure that you are getting correct next-hop interface while running with ISDN backup and vice versa... The easiest way you use static route for backup interface if it is being supported :) Yea You can use Dialer watch as well as IPSLA or dialer watch along with IPSLA... Regards, Masood Ahmad Shah -Original Message- From: Ali, Rijas: BB UAE (IT) [mailto:[EMAIL PROTECTED] Sent: Thursday, January 31, 2008 7:17 PM To: Masood Ahmad Shah; Zitouni Rachid; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ISDN backup for MPLS CE Router Friend, My CE has e-BGP with service provider PE. If the MPLS link is down or some routing issue with in MPLS cloud, my CE will dial in to my ISDN 3845 aggregator in my HO. If the link comes back / BGP is UP with PE , my CE should disconnect ISDN and work normally . I am not planning for ISDN redundancy with MPLS service provider. should I go with Dialer watch / IPSLA ? ALI RIJAS Network - Consultant Barclays Bank PLC 1st Floor, Building 4, Emaar Business Park, Sheikh Zayed Road, PO Box. 1891, Dubai, UAE (Dir): +971 4 3626703 (Mob): +971 50 6525497 (Fax): +971 4 3663133 (Email): [EMAIL PROTECTED] Weekend: Friday Saturday Registered Office in England: Registered No. 1026167, Registered Office: 1 Churchill Place London E145HP -Original Message- From: Masood Ahmad Shah [mailto:[EMAIL PROTECTED] Sent: Thursday, January 31, 2008 5:41 PM To: 'Zitouni Rachid'; Ali, Rijas: BB UAE (IT); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ISDN backup for MPLS CE Router I believe that you side is CE --- PE. One thing is very important to know that you must reach your PE in appropriate manners while connecting using ISDN circuit.. If you want to use automatic failover and just can't run routing protocols..you can use IPSLA monitor If you can't use routing protocol your choice is IP SLA monitor. How to IPSLA: ip sla monitor 1 type echo protocol ipIcmpEcho primary-link-reachable-ip source-ipaddr switch-source-ip timeout 1500 threshold 2000 frequency 3 Start Monitring: ip sla monitor schedule 1 life forever start-time now Tracking: track 1 rtr 1 reachability Secondary Route: ip route 0.0.0.0 0.0.0.0 secondary-gateway track 1 Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zitouni Rachid Sent: Tuesday, January 22, 2008 8:45 PM To: Ali, Rijas: BB UAE (IT); cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ISDN backup for MPLS CE Router Hi, Use dialer watch: http://www.cisco.com/en/US/tech/tk801/tk379/technologies_configuration_examp le09186a0080094143.shtml On CE : you will need your default route to PE to be suppressed when CE-PE link fail somewhere = dynamic routing is the easier way to do it Obviously, your Head Office CE will need to know that the link between branch office CE and PE went down HiH Rachid De : Ali, Rijas: BB UAE (IT) [mailto:[EMAIL PROTECTED] Envoyé : mardi 22 janvier 2008 14:34 À : Zitouni Rachid; cisco-nsp@puck.nether.net Objet : RE: [c-nsp] ISDN backup for MPLS CE Router The CE will have ISDN WIC and it should dial out to my Head Office ISDN Aggregator (Cisco 3845) when the default route from ISP is missing. After this if at all there is a problem in MPLS cloud ( either ETH going down / route missing )from service provider data will flow Via ISDN . ALI RIJAS -Original Message- From: Zitouni Rachid [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 22, 2008 5:19 PM To: Ali, Rijas: BB UAE (IT); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ISDN backup for MPLS CE Router Just to make sure I understand your topology : ISDN will be CE-PE or CE-CE ? -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Ali, Rijas: BB UAE (IT) Envoyé : mardi 22 janvier 2008 14:05 À : cisco-nsp@puck.nether.net Objet : [c-nsp] ISDN backup for MPLS CE Router Hi Friends, Most of my branches connect to MPLS service provider using a ETH port on my CE. I am thinking of having a ISDN Backup for the MPLS VPN Link. Since ETH its very rare that the interface go down, So I have to look for the default route that ISP gives to my CE and if not available I will have to start ISDN. Please help me with some of your experience or documentation. ALI RIJAS This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system
[c-nsp] MPLS PE to PE over GRE/IPIP
I'm in process to connect two or more Provider Edge router using GRE/IPIP tunnels. What were your experiences? If the answer is yes than I would love to ask how do you connect a PE to another PE using the GRE/IPIP tunnel interfaces. Keeping in mind that I'm going to carry multiple customers traffic (VRF BGP-VPN) between these PEs. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Here are the key network tools any network engineer shouldn't be without :) Packet sniffing (ethereal, tcpdump) terminal/console (v100) ping traceroute arp hping (ip spoofing, flooding to test your link or firewall and packet manipulation send custom ICMP, UDP and TCP packets) nslookup ssh (I don't like telnet anymore) nmap (TCP/UDP port scanner) gogle (www.google.com) Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph Jackson Sent: Tuesday, January 29, 2008 1:23 AM To: Cisco Subject: [c-nsp] Top 10 Network Engineering Tools Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MAC address from cisco IOS switches
I don't have any problem with below Cisco snmp query while retrieving learned mac table from a Cisco switch. snmpwalk -v2c -c nexsecure 192.168.0.1 RFC1213-MIB::atPhysAddress I suggest you must run with -v2c instead of -v 1 Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Prabhu Gurumurthy Sent: Tuesday, January 29, 2008 1:51 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] MAC address from cisco IOS switches All, We have close to 15 2960 switches connected to twin 3750's with 15+ VLANs in the domain. 3750's are stacked and it is the VTP server with 2960's being client. There are no switches acting in transparent mode. I want to get the MAC addresses from 3750's and 2960 using SNMP, instead of logging into each switch and looking up mac address using sh mac address-table. I looked through Cisco website and stumbled upon this website: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080 1c9199.shtml This document deals only with Catalyst not IOS. Is there a easy way to get MAC entries using SNMP on IOS switch. BTW I am using pgurumur-vm-openbsd (OpenBSD): [~] 10.200.3.0: [1500]$ snmpget -v 1 -c silver4ro c2960-04 sysDescr.0 SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc2) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 10-May-07 16:43 by antonino when I query RFC1213-MIB::atPhysAddress I am getting the following entries but not the entire list pgurumur-vm-openbsd (OpenBSD): [~] 10.200.3.0: [1498]$ snmpwalk -v 1 -c silver4ro c2960-04 1.3.6.1.2.1.3.1.1.2 RFC1213-MIB::atPhysAddress.93.1.10.42.166.19 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.57.93.1 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.57.93.20 = Hex-STRING: 00 1C 0F 9D 26 41 RFC1213-MIB::atPhysAddress.93.1.10.57.166.241 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.200.1.253 = Hex-STRING: 00 1C 0F A6 63 44 sh mac address-table: Mac Address Table --- VlanMac Address TypePorts --- - All0100.0ccc.STATIC CPU All0100.0ccc.cccdSTATIC CPU All0180.c200.STATIC CPU All0180.c200.0001STATIC CPU All0180.c200.0002STATIC CPU All0180.c200.0003STATIC CPU All0180.c200.0004STATIC CPU All0180.c200.0005STATIC CPU All0180.c200.0006STATIC CPU All0180.c200.0007STATIC CPU All0180.c200.0008STATIC CPU All0180.c200.0009STATIC CPU All0180.c200.000aSTATIC CPU All0180.c200.000bSTATIC CPU All0180.c200.000cSTATIC CPU All0180.c200.000dSTATIC CPU All0180.c200.000eSTATIC CPU All0180.c200.000fSTATIC CPU All0180.c200.0010STATIC CPU All..STATIC CPU 1000c.30fa.d6c0DYNAMIC Gi0/48 1001c.0fa6.6306DYNAMIC Gi0/48 7001c.0fa6.6306DYNAMIC Gi0/48 64001c.0fa6.6306DYNAMIC Gi0/48 64001c.0fa6.6342DYNAMIC Gi0/48 93001c.0fa6.6300DYNAMIC Gi0/48 93001c.0fa6.6306DYNAMIC Gi0/48 93001c.0fa6.6344DYNAMIC Gi0/48 136000b.46f4.b740DYNAMIC Gi0/48 136000b.5fb6.4760DYNAMIC Gi0/48 136000c.30fa.d6c0DYNAMIC Gi0/48 1360010.7b9b.d840DYNAMIC Gi0/48 1360014.a850.dfbdDYNAMIC Gi0/48 136001c.0fa6.6306DYNAMIC Gi0/48 136001c.0fa6.6347DYNAMIC Gi0/48 1360030.4882.79afDYNAMIC Gi0/3 41000b.46f4.b741DYNAMIC Gi0/48 410010.7b9b.d861DYNAMIC Gi0/48 41001c.0fa6.6306DYNAMIC Gi0/48 41001c.0fa6.6341DYNAMIC Gi0/48 44000c.30fa.d6c0DYNAMIC Gi0/48 44001c.0fa6.6306DYNAMIC Gi0/48 44001c.0fa6.634aDYNAMIC Gi0/48 450004.23a6.467cDYNAMIC Gi0/48 450019.b9ea.ed0cDYNAMIC Gi0/48 45001c.0fa6.6306DYNAMIC Gi0/48 45001c.0fa6.634bDYNAMIC Gi0/48 450030.bd71.5c67DYNAMIC Gi0/48 90.747c.a0a7DYNAMIC Gi0/48 900004.23a6.37c3DYNAMIC Gi0/48 900005.1bbd.8500DYNAMIC Gi0/48 900007.4d22.7c70DYNAMIC Gi0/48 900008.744f.d97dDYNAMIC Gi0/48 90000b.db78.d8bcDYNAMIC Gi0/48 90000b.db7d.2f55DYNAMIC Gi0/48 90000d.565e.ef7dDYNAMIC Gi0/48 90000d.566e.3780DYNAMIC Gi0/48 90000d.5692.b1fbDYNAMIC Gi0/48 90000d.5699.1e48DYNAMIC Gi0/48 90000d.5699.41d3DYNAMIC Gi0/48 90000d.56be.89ceDYNAMIC Gi0/48
Re: [c-nsp] OT: CCVP Bootcamp in Dubai, India or South Africa
I suggest you consult to ipexpert.com. They are going well for such trainings since years... Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felix Nkansah Sent: Friday, January 25, 2008 7:11 PM To: Cisco certification; cisco-nsp@puck.nether.net Subject: [c-nsp] OT: CCVP Bootcamp in Dubai, India or South Africa HI, I am interested in a CCVP-level hands-on bootcamp in Dubai, India or South Africa. My sponsor is interested in a training with a lot of hands-on exposure. Has any of you gotten experience taking up training in this area in any of the locations specified. Please let me know which training institute. Regards, Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] need clarification..
A simple google search will get you back with millions :) below mentioned link is one of them http://www.petri.co.il/csc_how_router_interfaces_get_their_names_on_cisco_ro uters.htm Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bbe bie Sent: Thursday, January 24, 2008 5:50 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] need clarification.. hi...what is the different between fastEthernet3/0/0 with fastEthernet0/3. is it same.??im still confuse.. looking forward to hear from u..thanks Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Snmp restart on router
Yea, Absolutely correct, if you do no snmp community string the UDP listener exist and it has been verified by using ip socket and show proc cpu | inc SNMP... I tried to find some other ways but no luck The only answer is to restart router device. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tolstykh, Andrew Sent: Saturday, January 19, 2008 3:17 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Snmp restart on router This is not the case, removing and reapplying the SNMP community string wont reset the SNMP process. Even on the modular IOS attempting to restart the SNMP process will take down additional core processes. The answer that I got from my SE was no, clean SNMP process restart is not possible. HTH, Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Masood Ahmad Shah Sent: Friday, January 18, 2008 10:51 AM To: 'Gabriel Mateiciuc'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Snmp restart on router If you want to restart SNMP process on Cisco router, you can use commands as listed below... no snmp-server community whatever-it-is snmp-server community whatever-it-is by doing this you will have restarted snmp process :) Why you want to restart SNMP process? Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gabriel Mateiciuc Sent: Friday, January 18, 2008 9:14 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Snmp restart on router Does anyone know if/how the snmp process can be restarted ? Gabriel Mateiciuc Academia de Studii Economice Departamentul Reţele Echipa Infrastructura +40 (21) 3191900 x 122 +40 (21) 3191901 x 122 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Snmp restart on router
If you want to restart SNMP process on Cisco router, you can use commands as listed below... no snmp-server community whatever-it-is snmp-server community whatever-it-is by doing this you will have restarted snmp process :) Why you want to restart SNMP process? Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gabriel Mateiciuc Sent: Friday, January 18, 2008 9:14 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Snmp restart on router Does anyone know if/how the snmp process can be restarted ? Gabriel Mateiciuc Academia de Studii Economice Departamentul Reţele Echipa Infrastructura +40 (21) 3191900 x 122 +40 (21) 3191901 x 122 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Concentrator and DHCP server problem
It should work fine as long as the relay and filters are configured properly. I'm writing the steps which works fine for me. 1. From the VPN Concentrator console, select Configuration System IP Routing DHCP Relay. Select the Enabled check box to activate DHCP relay, and enter the forwarding IP address and subnet mask. 2. From the VPN Concentrator console, select Configuration Policy Management Traffic Management Assign Rules to Filter. In the resulting screen (shown below), move the DHCP In and DHCP Out rules from Available Rules to Current Rules in Filter. While reviewing your debug logs I can see that your dhcp server address has been configured 172.28.32.13 instead of your listed dhcp server address 172.28.33.13; might be typo error :) Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wasim hasan Sent: Sunday, January 13, 2008 9:00 PM To: cisco-nsp@puck.nether.net Cc: [EMAIL PROTECTED] Subject: [c-nsp] Concentrator and DHCP server problem Dear all my vpn concentrator is not able to give ip to remote access vpn client. concentrator is acting as dhcp rely agent. Concentrator priviate interface is connected with a pix firewall dmz who is also acting as dhcp rely for some other networks in its dmz. concentrator is able to ping dhcp and all the connectivity is okay. i m getting following errors while client tries to connect with concentrator.\ 1033 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/29 RPT=5452 DHCP poll timeouts routine entered 1034 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/30 RPT=5452 DHCP poll stats: callbacks 0, active CBs 0, total CBs 1 1035 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/15 RPT=44 DHCP task: Timeout type 0, msg 0x7049db8 1036 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/36 RPT=30 DHCP no response to DISCOVER sent to 172.28.32.13 (xid 3684789027) 1037 01/13/2008 16:48:34.670 SEV=7 DHCPDBG/40 RPT=30 DHCP attempt to get next server failed (xid 3684789027) 1038 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/28 RPT=194 DHCP restart servers routine entered 1039 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/38 RPT=45 DHCP obtained first server 172.28.32.13 port 67 (xid 3684789027) 1040 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/46 RPT=45 DHCP sending DISCOVER to server 172.28.32.13 port 67 (xid 3684789027) kindly help me out. I cant disable dhcp rely on pix bcz other subnet will suffer. my dhcp server is working fine and assigning ip to rest of all my network. please help me out. dhcp server address is 172.28.33.13 pix dmz ip 172.28.95.2 concentrator 172.28.95.95 static (inside,edn) 172.28.32.13 172.28.32.13 netmask 255.255.255.255 access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.32.0 255.255.255.0 access-list nonat extended permit ip 172.28.92.0 255.255.255.0 172.28.37.0 255.255.255.0access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.37.0 255.255.255.0access-list nonat extended permit ip 172.28.64.0 255.255.255.0 172.28.37.0 255.255.255.0nat (inside) 0 access-list nonat dhcp filter is applied on concentrator public interface. DHCP rely is enable. Regards, Wasim Hassan Wateen Telecom Sr. Executive OM Cell: +242-6281124 +242-7066846 _ Put your friends on the big screen with Windows VistaR + Windows LiveT. http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_ MediaCtr_bigscreen_012008 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS on CAT5500
Someday ago I was talking to one of my Juniper friend and he was saying that you can't use one Cisco box as P and PE simultaneously though you can use Juniper. If it worked and work like a charm, please share your experience. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brandon Price Sent: Saturday, January 19, 2008 12:10 AM To: Phil Bedard Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS on CAT5500 PE1 to P is 100mb link which supports Jumbo frames no problem. The 5500 also acts as a PE for a few of our COLO customers so It needs to Be running MPLS while I transition the WAN links from PE1 to PE2 Hope that makes sense.. Brandon Price Sterling Communications Inc. /31 --- The Subnet Formally Known as Unusable -Original Message- From: Phil Bedard [mailto:[EMAIL PROTECTED] Sent: Friday, January 18, 2008 10:57 AM To: Brandon Price Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS on CAT5500 What is the PE1 to P link? I would try very hard to not use the 5500 as a P router. Maybe MPLSoGRE would work? Or using the 5505 as a bridge? If they are both Ethernet, then just trunk things through. Phil On Jan 18, 2008, at 12:46 PM, Brandon Price wrote: Guys, I apologize if this is a lame-brain question but I am new to MPLS... We have a pretty simple MPLS VPN setup comprised of the following 3 routers: PE1 -- P - PE2 PE2 is a new router we are transitioning customers to. PE1 is 7206VXR 12.4(17) PE2 is CAT6513/SUP720-3B 12.2(18)SXF12 the P router is a Cat5500 catos6.4(23a) / RSM ios12.2(46a) the P to PE2 link is a 1GB link on a WS-X5410 blade. According to cisco's Catalyst Jumbo Frame documentation this blade does not support a larger mtu than 1500. However if you enable dot1q trunking yet transmit on the native VLAN the switch will accept an additional 4 bytes. My question is, since the P router will always be the penultimate hop in this layout ? will having room for just 1 label be sufficient? Also the RSM in the cat5500 only supports TDP for label distribution ? Any potential drawbacks to this? Thanks, Brandon Price Sterling Communications Inc. /31 --- The Subnet Formally Known as Unusable ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Stress testing.
you can test (SYN flood and ICMP) using hping www.hping.org. Whenever I configure a firewall I always use this tool. Hmm BGP testing I never come across this before. If you found one please share. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J.P. Racine Sent: Thursday, January 17, 2008 8:46 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Stress testing. Does anyone have any links to network stress testing ( SYN Flood / BGP or ICMP ) tools that will compile on a linux AMD 64 architecture? Thanks! -- J.P. Racine [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] tcpdump on ios?
Well, All in all Cisco needs to improve packet sniffing tools on their platforms. What would you do if you come from juniper and used to use [EMAIL PROTECTED] monitor traffic detail interface em0 no-resolve print-ascii Address resolution is OFF. Listening on em0, capture size 1514 bytes 12:58:43.311620 In IP (tos 0x0, ttl 128, id 25379, offset 0, flags [none], proto: UDP (17), length: 78) 192.168.10.101.137 192.168.10.255.137: UDP, length 50 0x 0050 da36 e12f 0800 4500...P.6./..E. 0x0010 004e 6323 8011 40c7 c0a8 0a65 c0a8[EMAIL PROTECTED] 0x0020 0aff 0089 0089 003a ec0a fc36 0110 0001...:...6 0x0030 2044 4244 4a44 4343 4f44...DBDJDCCOD 0x0040 4244 4744 4943 4f44 4244 4143 4f44 4244BDGDICODBDACODBD 0x0050 4144 4443 4143 4100 0020 0001 ADDCACA. I strongly suggest an integrated tool to debug IP payloads (like tcpdump). They also need to work on dependencies and only platform specific features, why the heck I need to disable something to get another thing or I need to buy a new router just for a feature :) Also I suggest a feature such as commit and rollback n can really make backing out of changes a no brainer. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aamer Akhter (aakhter) Sent: Sunday, January 13, 2008 1:31 AM To: Saku Ytti; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] tcpdump on ios? Hi Folks, It really depends on what the intent is. If the intent is to track flows transiting the router, then these debug commands are (IMHO) not the best way. Eg, a problem with debug cef is going to be not all packets are CEF switched (eg PBR, MPLS). These are really meant to troubleshoot the specific switching/forwarding system(s) I think the original poster was looking for only tracking of flows, not interested in payload gathering etc (so the tcpdump in the subject line might be conveying more than actually required). For that purpose, NetFlow should suffice. For specifically creating pcap files on the router, IP router traffic export (RTE) has been mentioned. RTE can create pcap files on a remote tftp or locally (disk,usb etc). The limitation there is that it is only available on certain platforms and there it only captures TCP traffic. I'm trying to help prioritize the case for supporting non-TCP traffic so if there is solid interest please drop me an email. SPAN and lawful intercept (LI) are also options providing you're on the right platform and an image that has LI. Regards, -- Aamer Akhter / [EMAIL PROTECTED] Ent Commercial Systems, cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Saku Ytti Sent: Saturday, January 12, 2008 1:30 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] tcpdump on ios? On (2008-01-12 10:42 -0500), Luan Nguyen wrote: But on a simple router, to track down a problem for a few seconds... no logging console logging buffer debugging no ip route-cache on interfaces access-list to match or set interface condition debug ip packet detail access-list (dump). would do fine? Since new CEF code in 12.2S, in software platforms using CEF for switching you can debug CEF switched packets virtually for free (as well as mirror, which was already mentioned in the thread earlier). Debugging is not surprisingly 'debug ip cef packet ..'. Thanks, -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] tcpdump on ios?
On juniper router you can use monitor traffic interface . AFAK with Cisco you need to mirror a port and put it to some linux or windows box along with packet sniffer tools ether-real, tcpdump so and so... Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of matthew zeier Sent: Saturday, January 12, 2008 2:05 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] tcpdump on ios? I'm trying to track down an issue and recall some method to watch traffic going through a router based on an ACL. Can't recall the syntax though. help? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] tcpdump on ios?
Oh, don't use it on production router with high number of packets. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott McGrath Sent: Saturday, January 12, 2008 2:14 AM To: matthew zeier Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] tcpdump on ios? debug ip packet - BE VERY CAREFUL with this one matthew zeier wrote: I'm trying to track down an issue and recall some method to watch traffic going through a router based on an ACL. Can't recall the syntax though. help? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] tcpdump on ios?
Ruter IP Traffic Export can be used only on switching platform, you can't use with distributed platform; sniffing machine must be on same LAN and should be in router arp table. Debug ip packet even using access-list sometime sucks. I strongly suggest, free up a switch port and attach a machine to it the one running packet sniffer tool. Mirror router switch port to sniffer machine and sniff whatever you want t. Oh sorry for writing about Juniper; I was just working on it a while ago :) Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Prall Sent: Saturday, January 12, 2008 2:19 AM To: 'matthew zeier'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] tcpdump on ios? Either Router IP Traffic Export (RITE) http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c /part30/h_rawip.htm Or debug condition ? then the appropriate debugs such as debug ip packet or interface. David -- http://dcp.dcptech.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of matthew zeier Sent: Friday, January 11, 2008 4:05 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] tcpdump on ios? I'm trying to track down an issue and recall some method to watch traffic going through a router based on an ACL. Can't recall the syntax though. help? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP soft reconfiguration inbound
I have had experienced that sometime BGP session goes down/up if you add or remove soft-reconfiguration inbound. I will try to check this tonight if I get time. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Rathlev Sent: Tuesday, December 18, 2007 7:29 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP soft reconfiguration inbound On Tue, 2007-12-18 at 12:30 +, Mohamed Ahmad wrote: Hi guys, I was wondering what was the effect of disabling soft-reconfiguration inbound on our neighbor statement with our provider (basically a live network). I was looking at the ram usage and it's been going up slowly. We currently receive full table from our provider but filter to get only default (I know we can get them to just send a default but we might remove filter in the future to get full routes on an upgraded router). Any ill effects of removing the soft-reconfiguration inbound? Many thanks, This shouldn't reset your BGP session, so you should be able to do it on a live network. I've only tested it on our CE-boxes (C3560) so I don't know for sure though. Regards, Peter Rathlev ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MTU Issue on QinQ Eth link with MPLS
Well, better you check current MTU settings using command # sh interfaces | inc MTU And cheers :) Yes of course you need to adjust routers MTU as well; if you are running with MPLS or gre Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 03, 2008 9:19 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MTU Issue on QinQ Eth link with MPLS Quoting Matt Carter [EMAIL PROTECTED]: Catalyst 2950/2955 Series http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration _example09186a008010edab.shtml#c5 You can classify the Catalyst 2950/2955 Series switches into two major groups, where one supports baby giants (up to 1530 bytes), but the other does not. However, this refers to traffic that flows through the switch. Packets destined to the management (VLAN) interface can support only 1500 bytes. These models of 2950 switches support only 1500 bytes: WS-C2950-12 WS-C2950-24 WS-C2950-48 WS-C2950C-24 WS-C2950T-24 These models of 2950/2955 switches support up to 1530 bytes: WS-C2950G-12-EI WS-C2950G-24-EI WS-C2950G-24-EI-DC WS-C2950G-48 WS-C2950G-48-EI All models of 2950 LRE Series switches All models of 2955 Series switches Thanks Matt - Do the models that support baby giants do it natively, or must I issue the system mtu 1530 in global conf? Must I also adjust the mtu on the 7200's FE Ints? - This e-mail was sent via Data FX Online WebMail http://www.datafx.com.au/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Tunnel a VLAN across the WAN?
Reference: http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note091 86a00807213f5.shtml The General Routing Encapsulation (GRE) tunnel is not supported by the Cisco Catalyst 3750 Series Switches. Even though this feature can be configured with CLI, the packets can be neither switched by hardware, nor by software, which increases the CPU utilization. Note: Only Distance Vector Multicast Routing Protocol (DVMRP) tunnel interfaces are supported for multicast routing in the Catalyst 3750. Even for this, packets cannot be switched with hardware. The packets routed through this tunnel must be switched through software. The larger number of packets forwarded through this tunnel increases CPU utilization. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Ollie Sent: Thursday, January 03, 2008 9:59 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Tunnel a VLAN across the WAN? Is there a way using 3750's to tunnel a VLAN across my WAN? The people that run the cafeterias are installing cash registers on two different campuses that supposedly need to be on the same L2 VLAN. AFAIK they are only running IP but I may be wrong on that. I have 3750's on either end that can terminate the tunnels. I've never done anything like this so I'm not sure what to search for (the search terms that occurred to me didn't result in anything that looked useful). Yes, I know it's a bit of a silly idea but I didn't choose the cash registers and they just dropped this in my lap five minutes ago and wanted it done ASAP :(. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Scheduling daily reload
Why the heck your service provider (upstream ISP) not using ppp keepalives. They should use ppp keepalives on their BRAS. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gert Doering Sent: Wednesday, January 02, 2008 2:54 PM To: Eric Helm Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Scheduling daily reload Hi, On Tue, Jan 01, 2008 at 09:13:23PM -0600, Eric Helm wrote: I've seen this happen with PPPoX connections when either the ISP makes a config change that causes the BRAS to disconnect the PPP session and for whatever reason the CPE doesn't receive the disconnect message so the PPP session remains active and thus never re-negotiates a new session. PPP keepalives will nicely take care of this. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025 [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Happy New Year !
Happy New year Wish to clear CCIE this year. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hash!!! Sent: Monday, December 31, 2007 5:38 PM To: cisco-nsp@puck.nether.net; 'certification Cisco' Subject: [c-nsp] Happy New Year ! GS, Hoping that this new year leads you towards path of new found glories.much higher than CCIE ;) Enjoy! ..Hash ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Something like MTR, but forced path
You can't do this by using pooling or interval based monitoring system. You need to work on syslog or event based traps. I believe that your equipment at both end is Cisco. You must track reachable IPs and generate syslog or event traps if the next hope or whatever IP is unreachable. Here is an example Here what you want to monitor: ip sla monitor 1 type echo protocol ipIcmpEcho 192.168.75.3 source-ipaddr 192.168.3.254 timeout 2000 threshold 2500 frequency 3 Here I'm defining time domain: ip sla monitor schedule 1 life forever start-time now Here I'm starting track: track 123 rtr 1 reachability You will find logs as show below on every event. *Dec 19 12:53:19.204 PKT: %TRACKING-5-STATE: 123 rtr 1 reachability Up-Down *Dec 19 12:53:24.204 PKT: %TRACKING-5-STATE: 123 rtr 1 reachability Down-Up For same you can also use Cisco Embedded Event Manager http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home. html Regards, Masood Ahmad Shah BLOG: http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tuc at T-B-O-H.NET Sent: Wednesday, December 19, 2007 6:38 PM To: Ed Ravin Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Something like MTR, but forced path On Tue, Dec 18, 2007 at 09:01:50PM -0500, Tuc at T-B-O-H.NET wrote: I'm basically looking for something I can run on Unix and give me a curses view of IPs I give it to ping at the same time. You could use Mon: http://mon.wiki.kernel.org/index.php/Main_Page (Info deleted for brevity) Curses MTR bolds the lettering when it has a ping loss which I want to catch my eye. In my shop, we have Mon set to write to our terminals when it has something important to tell us. As an FYI, the problem I have is I'm having connection losses between my site and the wireless WISP's gateway. I think the packet is getting to the backhaul link at the site here, but not to the other end of the backhaul here. I want to run a set of pings [...] That sounds like a job for Smokeping: http://oss.oetiker.ch/smokeping/ (Info deleted for brevity) I want something formalized since sending pings that just show a loss somewhere in the middle don't mean anything. I've done that with Smokeping - tell Smokeping to ping everything in a particular path. Lining up the resulting graphs with records of service outages is usually very informative. I appreciate your reply. I actually have smokeping running on both ends, but I'm looking for something that can run in an xterm while I'm writing email and I can see it actually pinging live. The others are snapshots of the network, not real time. If it pings every 5 minutes, for 20 seconds, and the next 270 seconds the network is down, then comes back, the utilities are going to show 100% up. Unless the intermittent issue happens during the polling cycle, we won't see it. I'm running into the problem of the WISP seeing the graphing show 100% up, while I'm sitting here with 64 second chunks of network disappearing. I also can't prove its ONLY my site happening, since I am only at this one site. I wanted something that I could leave running in a screen on one of his DD-WRT installed Buffalo (SIGH... That lawsuit sucks) routers. Thanks, Tuc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bridging two VLANs together
Well, If I understand you are talking about inter-vlan bridging. Yes it should work fine. You may need to add bridge 2 protocol ieee It's bridge protocol global configuration command to define the type fo STP. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk Sent: Wednesday, December 12, 2007 9:15 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Bridging two VLANs together We have a unique situation where our transport equipment can't bridge the traffic between two endpoints, so we would like to dump off each link's VLAN onto our router (7609-S with WS-X6748-GE-TX blades) where it can perform the bridging. Any reason why the following configuration wouldn't work? interface GigabitEthernet1/31 description Customer networks switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 221-222 switchport mode trunk end interface Vlan221 description Site 1 no ip address bridge-group 2 bridge-group 2 spanning-disabled ! interface Vlan222 description Site 2 no ip address bridge-group 2 bridge-group 2 spanning-disabled ! Some of you might ask why not put the endpoints in the same VLAN, but the endpoints don't maintain an MAC address table so there's nothing to make them exchange traffic with each other. Regards, Frank ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] parallel tunnels / different traffic classes
Does Cisco IOS support multiple parallel tunnels carrying different traffic classes for a long time. If the answer is yes, please share some experience. Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] default route behavoir
Yes that's the answer. If you can't use routing protocol your choice is IP SLA monitor. How to IPSLA: ip sla monitor 1 type echo protocol ipIcmpEcho primary-link-reachable-ip source-ipaddr switch-source-ip timeout 1500 threshold 2000 frequency 3 Start Monitring: ip sla monitor schedule 1 life forever start-time now Tracking: track 1 rtr 1 reachability Secondary Route: ip route 0.0.0.0 0.0.0.0 secondary-gateway track 1 Not tested, but it should work fine :) Cheers, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Granados Sent: Wednesday, December 12, 2007 4:17 AM To: Matlock, Kenneth L; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] default route behavoir I forget if it's supported as well but you could use object tracking in the IP SLA features to track a far end device for whether it's reached or not and flop routes in the event one is not reached. (in place of an IGP) This works great for DSL backup, something similar should work here. - Original Message - From: Matlock, Kenneth L [EMAIL PROTECTED] To: cisco-nsp@puck.nether.net Sent: Tuesday, December 11, 2007 3:10 PM Subject: Re: [c-nsp] default route behavoir Currently both routes are equal cost, so the first packet (or flow, can't remember which off the top of my head) takes the first route, and the next packet (or flow) takes the 2nd route, and the 3rd packet (or flow) takes the 1st route, etc. In order to do it, you can change the metric on the non-preferred route so it's only used if the other route is unavailable. ip route 0.0.0.0 0.0.0.0 10.50.6.2 ip route 0.0.0.0 0.0.0.0 10.50.5.24 2 now, keep in mind that the switch will only determine that 10.50.6.2 is down if the interface that 10.50.6.2 is connected changes state to down. If the state doesn't change, that route's still valid even if 10.50.6.2 is no longer responding. In order to solve that, you need to run a dynamic protocol between this 3560 and the upstream routers/switches. (I don't know off the top of my head if/what the 3560 supports). Ken Matlock Network Analyst (303) 467-4671 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Letkeman Sent: Tuesday, December 11, 2007 4:01 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] default route behavoir Hello, I'm unsure how the default route behavior is supposed to be on a 3560 switch. I have a remote office that is connected with two wireless links to a main building. Right now I have this in my configuration for redundancy, but it is using both links and just randomly taking either one. ip route 0.0.0.0 0.0.0.0 10.50.6.2 ip route 0.0.0.0 0.0.0.0 10.50.5.24 Is there a way to tell the switch to only use 10.50.6.2 and not use 10.50.5.24 unless 10.50.6.2 is down? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] default route behavoir
Well, Cisco 3560 support IP SLA. The following Cisco routers and switches support IP SLA. http://download.dartware.com/contrib/probes/Cisco_IP_SLA_Probe_Users_Guide.d oc Regards, Masood Ahmad Shah -Original Message- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 12, 2007 6:32 AM To: Masood Ahmad Shah Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] default route behavoir On Wed, Dec 12, 2007, Masood Ahmad Shah wrote: Yes that's the answer. If you can't use routing protocol your choice is IP SLA monitor. Does this actually work on the 3560? The last I checked the commands were supported but they did nothing.. Adrian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ATM Interface (range pvc feature)
I'm configuring C3660 for PPPoE subscribers. I'm just trying to use feature range [range-name] pvc start-vpi/start-vci end-vpi/end-vci under ATM interface configurations. Router(config)#interface atM 1/0.4 multipoint Router(config-subif)# Here I can't find range command. Router(config-subif)# I tried different IOS version 12.2 and 12.3, but it did not help. I'm running now with c3660-telcoentk9-mz.123-22.bin. It would be nice, If someone can confirm the support of range command under ATM interface in 3600 series routers. Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ospf external route showing as updated quite so often in routing table
OSPF router support the ability to set the LSA refresh time on non-DNA LSAs. If you are in a normal environment that the admin does this to decrease the number of LSA refreshes versus the drastic steps to using DNA LSAs. What is LSA refresh time? Is it same on all routers? Did you change it somewhere or on some router? Regards, Masood Ahmad Shah http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kumar, Prashanth Sent: Thursday, November 29, 2007 8:16 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ospf external route showing as updated quite so often in routing table I have a situation where all ospf external routes on multiple cisco routers showing update time refreshed. It is as if the routing table for those routes are updated 4 to 10 sec ago. I don't think Routes are flapping as some of routes are only one hop away. I am wondering if there is something in network causing this or is it a IOS issue. I checked this on bunch of cisco 65xx and 38xx. All are showing the same symptom. Any help would be appreciated. Routers are running different IOS ver 12.2 line. There is no network issue or high cpu I have noticied on all these routers. Thx Prashanth If I do a show ip route xx#sh ip route 159.153.4.4 Routing entry for 159.153.4.4/32 Known via ospf 1, distance 110, metric 202, type extern 1 Redistributing via bgp 64700 Last update from 10.21.252.41 on GigabitEthernet0/0, 00:00:04 ago Routing Descriptor Blocks: * 10.21.252.41, from 10.14.0.24, 00:00:04 ago, via GigabitEthernet0/0 Route metric is 202, traffic share count is 1 After 10 sec xx#sh ip route 159.153.4.4 Routing entry for 159.153.4.4/32 Known via ospf 1, distance 110, metric 202, type extern 1 Redistributing via bgp 64700 Last update from 10.21.252.41 on GigabitEthernet0/0, 00:00:00 ago Routing Descriptor Blocks: * 10.21.252.41, from 10.14.0.24, 00:00:00 ago, via GigabitEthernet0/0 Route metric is 202, traffic share count is 1 But show ip ospf database external 159.153.4.4 shows LSA age incrementing Type-5 AS External Link States Routing Bit Set on this LSA LS age: 627 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 159.153.4.4 (External Network Number ) Advertising Router: 10.14.0.24 LS Seq Number: 8000ECE2 Checksum: 0x6323 Length: 36 Network Mask: /32 Metric Type: 1 (Comparable directly to link state metric) TOS: 0 Metric: 110 Forward Address: 0.0.0.0 External Route Tag: 0 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ATM Switching Design Issue
Just to let you guys know... I got the answer, from a pure circuit standpoint, no; And it can't be considered a cross connect. I would need external MUX/DACS system to do that. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Masood Ahmad Shah Sent: Saturday, December 01, 2007 1:11 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ATM Switching Design Issue I want to use Cisco 3660 for atm aggregation. Like I have two IMA 4 port E1 Port adapter modules, ATM OC3, multimode Port adapter, 1 port and they all comes in the same chassis Cisco 3660. I want to know is it possible with Cisco 3660, Does 3660 support it if the answer is yes then how can I make cross connect between multiple IMA interfaces and OC3 interface in single chassis; and then further I can connect that OC3 interface to upstream OC3 router. ---Cisco3660 ---|---Cisco 7507 4 E1 - \ atm crossconnect ATM IMA --ATMOC3-|ATM-OC3 4 E1 / ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ATM Switching Design Issue
I want to use Cisco 3660 for atm aggregation. Like I have two IMA 4 port E1 Port adapter modules, ATM OC3, multimode Port adapter, 1 port and they all comes in the same chassis Cisco 3660. I want to know is it possible with Cisco 3660, Does 3660 support it if the answer is yes then how can I make cross connect between multiple IMA interfaces and OC3 interface in single chassis; and then further I can connect that OC3 interface to upstream OC3 router. ---Cisco3660 ---|---Cisco 7507 4 E1 - \ atm crossconnect ATM IMA --ATMOC3-|ATM-OC3 4 E1 / ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Dialup problems on a AS5300
http://www.cisco.com/warp/public/108/mica-hw-ts-17882.html Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Shore Sent: Tuesday, November 27, 2007 4:16 AM To: 'Cisco-nsp' Subject: [c-nsp] Dialup problems on a AS5300 We appear to be having dialup issues on one of our AS5300s. Unfortunately they are not covered under a SmartNet (and can't be added to a contract beginning Summer 06). I've been hoping these things would keep on working until we could kill our dialup offering but apparently this one may be shooting craps on us. I am not a access server buff and I'm not really sure what to look for. I see 47 modems marked as bad, 18 stuck in the download pending state, and 35 active out of 192 modems. Our average success rate has dropped to 79%. Some modems not yet marked as bad are down to 5x% success. I'll send the 'sh modem' to anyone interested off list (too long for here). This problem was believed to have been solved this AM before I got to the office by our CO guys. They disconnected each of the circuits, let it error out, and then reconnected. They thought this fixed the problem. I believe they simply kicked off the live customers, thus fixing the busy signal issue. Does anyone have any ideas what I can check? What causes the 5300 to think a modem is bad and is it really, in fact, bad? I'm rather stumped on this one. I hate to take the spare 5300 out of our primary POP to replace it because it died in the Spring during a physical move in the CO. We had to buy a grey-market PRI module to get it back online since you can't buy new or refurb parts anymore. These things had been powered up and running for numerous years until this Spring when we redid both POPs and moved them around. Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Port Traceroute utility?
UNIX: http://michael.toren.net/code/tcptraceroute/ Windows: http://tracetcp.sourceforge.net/ Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Charles Sent: Wednesday, November 07, 2007 12:03 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Port Traceroute utility? This is going to sound weird, but I am looking for a utility that will let me tracroute on a specific port to see if and where a port is being blocked on a network... I run into issues where customers have ACLs on their network (that they don't know about) and it is causing network failures... (usually TFTP...)... Jonathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GE over copper port adapter for a 7206VXR
Not Cat5... You need to have Cat 5e or Cat 6... Simple Cat 5 will not work for 1000BaseT Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob Chan Sent: Wednesday, October 10, 2007 4:14 AM To: Vincent Aniello Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] GE over copper port adapter for a 7206VXR I think a 1000BaseTX Cat5 UTP GBIC can be used. On 10/9/07, Vincent Aniello [EMAIL PROTECTED] wrote: Does Cisco offer a Gigabit Ethernet over copper port adapter for a Cisco 7206VXR chassis? I have a NPE-G1 processor in the router, which comes with 3 GE over copper ports, but I need to add one more. The PA-GE card seems to only accept fiber connections. Any help would be appreciated. Thanks. --Vincent Disclaimer: Any references to Pipeline performance contained herein are based on historic performance levels which Pipeline expects to maintain or exceed but nevertheless does not guarantee. Congested networks, price volatility, or other extraordinary events may impede future trading activities and degrade performance statistics. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] single interface multiple VRF
Is it Possible to have 2 or more VRF tables existing on one single Interface Eth/Serial. If the answer is yes, how do you guys do that. Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] single interface multiple VRF
I know if you use VRF-Lite you binds logical interfaces to a VRF (normally one WAN-interface and one LAN-interface). If there is only one WAN-link, it must be divided into sub-interfaces (with F/R, channel-groups, Vlans etc). The same applies to single LAN-ports. Is it correct? How exactly you guys use VRF when you bound to terminate all of your client on single or two interfaces along with GRE tunnel IP Source and Destination VRF membership. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Masood Ahmad Shah Sent: Friday, October 05, 2007 3:01 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] single interface multiple VRF Is it Possible to have 2 or more VRF tables existing on one single Interface Eth/Serial. If the answer is yes, how do you guys do that. Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Swtich Broadcast/Multicast
Switch Model: 3550 Some of the ports on the Switch is experiencing Broadcast and Multicast problems. I want to configure it so that broadcasts do not take more than 30% of the bandwidth and Multicast does not take more than 20% of the bandwidth. For broadcast traffic, the port should forward again when it falls below 25%. For Multicast traffic, the port should forward again when it falls below 15%. Please suggest recommended settings. Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Swtich Broadcast/Multicast
I have come to this solution and I hope things will get smooth by using these interface mode commands storm-control broadcast level 30 25 storm-control broadcast level 25 15 what do you guys suggest? Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Masood Ahmad Shah Sent: Tuesday, September 25, 2007 6:50 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Swtich Broadcast/Multicast Switch Model: 3550 Some of the ports on the Switch is experiencing Broadcast and Multicast problems. I want to configure it so that broadcasts do not take more than 30% of the bandwidth and Multicast does not take more than 20% of the bandwidth. For broadcast traffic, the port should forward again when it falls below 25%. For Multicast traffic, the port should forward again when it falls below 15%. Please suggest recommended settings. Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MTU settings/GRE tunnel
Please always CC to mailing list so others can see it and share their experience/thoughts Regards, Masood Ahmad Shah -Original Message- From: Nick Kraal [mailto:[EMAIL PROTECTED] Sent: Friday, September 21, 2007 10:54 PM To: Masood Ahmad Shah Subject: Re: [c-nsp] MTU settings/GRE tunnel Thanks Masood for the advice. We got stuck bing time accessing some internal web servers. Narrowed this down to MTU/MSS issues. Adjusting the MSS helped out a lot. Will try the other pointers given. Much appreciated and regards, -nick/ Masood Ahmad Shah wrote: use 'ip tcp adjust-mss 1400' on a router seeing traffic in the clear to force MSS to 1400 so IP datagram size to 1420 (of course 1400 is just a guess), this will cover all TCP traffic. Set ip mtu 1500 on GRE tunnel interface (yes 1500 bytes).. Reasoning: - - GRE encapsulation clears the DF bit UNLESS 'tunnel path-mtu-discovery' is set on the tunnel interface (if turned on the tunnel MTU will be dynamically adjusted upon receipt of ICMP) - - IPsec encapsulation copies the DF and adjusts the path MTU upon receipt of ICMP UNLESS 'crypto ipsec df-bit clear/set' is configured in the crypto map - - router will fragment when forwarding to any interface whose MTU is smaller than the received IP packet. This happens often when forwarding to a GRE tunnel whose MTU is 1476 per default... The last point forces the router to drop all 1500-bytes packets and to send an ICMP message when a DF packet is received. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Kraal Sent: Thursday, September 20, 2007 12:51 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] MTU settings/GRE tunnel Dear all, We are setting up tunnels within our network, and are using some previous documented configurations for this. We will use this to enable virtual P2P BGP sessions to isolate certain parts of our routing table. Cheap, temporary, and fast. interface Tunnel0 ip address 192.168.100.9 255.255.255.252 no ip unreachables no ip proxy-arp ip mtu 1524 tunnel source Loopback1 tunnel destination 10.10.10.10 Is there any information/advice/rule-of-thumb on setting the MTU size on the tunnel interface? Thanks in advance, -nick/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7507 IOS ver. recommendation: 12.0S or 12.2S or whatever?
It's just not new features. New release contains new features and bug fixes from an older version. FYI.. I'm mentioning some of the 12.0 bugs URL:- http://seclists.org/bugtraq/1998/Dec/0117.html http://www.cisco.com/en/US/products/products_security_advisory09186a00808399 d0.shtml try googling for more. Regards, Masood Ahmad Shah From: Aaron [mailto:[EMAIL PROTECTED] Sent: Saturday, September 22, 2007 12:36 AM To: Masood Ahmad Shah Cc: [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 7507 IOS ver. recommendation: 12.0S or 12.2S or whatever? Unless there are features you need in 12.4, use 12.0. And make sure all your cards are vips to get the benifits of dcef. 12.0(32)SY is pretty good. Aaron On 9/21/07, Masood Ahmad Shah [EMAIL PROTECTED] wrote: Rule of thumb ...keep new updates.. Latest is 12.4 (16) for 7507... Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 21, 2007 4:51 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7507 IOS ver. recommendation: 12.0S or 12.2S or whatever? Hi folks, Please, I need your advice. Which IOS ver. is mostly recommended for 7507 running mostly as an ethernet customer access router? Our hardware configs are: 7507, dual RSP4 256D/32+F, VIP2-50s w/ PA-FE-TXs, old serials (FSIPs). Our feature config is a standard provider package: lots ISL/dot1q customer subintefaces, dCEF, BGP4, netflow ver. 5 , ACLs. And a little bit of some service stuff that we can switch off if needed for moving to the right image: NAT, GRE, NBAR, rate-limit, traffic-shaper. So, we are IPv4 only, no IPv6, no MPLS, no non-IP stuff. Today I noticed our cybuses are upto ~100mbps load, so dCEF is definitely not working for us, that's the reason why we should switch IOS version. Also, it turned out today our dCEF really suffer from named-ACLs bug. Oh, yes. Please, advise. Thank you, indeed. -- Ilia Zubkov, CIO, Educational Network Ltd. Phone: +7 (495) 988-8990 Cell: +7 (985) 139-7739 Web: http://www.edunet.ru/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MTU settings/GRE tunnel
use 'ip tcp adjust-mss 1400' on a router seeing traffic in the clear to force MSS to 1400 so IP datagram size to 1420 (of course 1400 is just a guess), this will cover all TCP traffic. Set ip mtu 1500 on GRE tunnel interface (yes 1500 bytes).. Reasoning: - - GRE encapsulation clears the DF bit UNLESS 'tunnel path-mtu-discovery' is set on the tunnel interface (if turned on the tunnel MTU will be dynamically adjusted upon receipt of ICMP) - - IPsec encapsulation copies the DF and adjusts the path MTU upon receipt of ICMP UNLESS 'crypto ipsec df-bit clear/set' is configured in the crypto map - - router will fragment when forwarding to any interface whose MTU is smaller than the received IP packet. This happens often when forwarding to a GRE tunnel whose MTU is 1476 per default... The last point forces the router to drop all 1500-bytes packets and to send an ICMP message when a DF packet is received. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Kraal Sent: Thursday, September 20, 2007 12:51 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] MTU settings/GRE tunnel Dear all, We are setting up tunnels within our network, and are using some previous documented configurations for this. We will use this to enable virtual P2P BGP sessions to isolate certain parts of our routing table. Cheap, temporary, and fast. interface Tunnel0 ip address 192.168.100.9 255.255.255.252 no ip unreachables no ip proxy-arp ip mtu 1524 tunnel source Loopback1 tunnel destination 10.10.10.10 Is there any information/advice/rule-of-thumb on setting the MTU size on the tunnel interface? Thanks in advance, -nick/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ATM + 7505
Well, I don't think one can connect ATM25 with OC3 interface coz the chipset being used for ATM 25 is different. The only thing left is ATM25 chipset module or interface, I don't know exactly; if it exist or not Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sridhar Ayengar Sent: Thursday, September 20, 2007 8:26 PM To: Cisco NSPs Subject: [c-nsp] ATM + 7505 Is there any way to hook an ATM25 device to a 7505? Or a 7206VXR? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cap'ing each host/ip to bw limits
Packeteer packet shaper is bestGo for it... Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Bedard Sent: Thursday, September 13, 2007 9:08 PM To: matthew zeier Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] cap'ing each host/ip to bw limits Well you can limit the bandwidth based on application, such that peer to peer or ftp downloads are not maxing out all of your available bandwidth.There are some good NAC (network access control) inline devices from places like Elacoya or Packeteer which can limit on per- user and per-application, if you need that kind of granularity. Phil On Sep 13, 2007, at 11:54 AM, matthew zeier wrote: So I wonder if there's an alternative method to prevent over saturation (or at least reduce it's impact on everyone else)... Phil Bedard wrote: Yes, unless they are static IP addresses and you configure policing for every single individual IP, but that doesn't sound like much fun... Phil On Sep 13, 2007, at 9:29 AM, matthew zeier wrote: Phil Bedard wrote: What platform are you using? The 6500/7600 w/SUP720 can do per- user microflow policing, which would probably accomplish what you are after. As for the router type platforms like the 7200/GSR I'm not aware of any such feature outside of dial profiles. 3845 so I'm guessing I'm out of luck here. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] gigabit ports/modules for 7507 and 7513 routers
Supported GE modules are GEIP and GEIP+... Maximum data throughput 350 Mbps to 400n Mbps. It can vary in some circumstanz. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Tinka Sent: Thursday, August 09, 2007 9:22 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] gigabit ports/modules for 7507 and 7513 routers On Wednesday 08 August 2007 06:05, Howard Leadmon wrote: On that topic, does anyone know what type of real world throughput one should be able to get on the onboard GE ports? I know they aren't limited by the PCI bus, as they are built in, but can they be run full bore, or anything close to it? On a slightly similar note, the 7201 FAQ suggests the 4th Gig-E port directly hangs off the PCI-X bus and can reach wire speed for all packet sizes... This would be interesting (if actually possible), but wonder how much of this would be affected by (or would affect) the CPU. We are planning to deploy some 7201's in the network, and would like to test this when we receive them. If anyone else has already had the pleasure, please share. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7500 CPU SDRAM/Packet SDRAM
Can someone describe the functions and difference between CPU SDRAM and Packet SDRAM for platform 7500. Also the difference of SRAM and DRAM for same platform. Regards, Masood Ahmad Shah ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] automatically enable debugs after a reload
For example, to enable debugging of incoming SSH connections, use the following EEM applet: event manager applet EnableDebugging event syslog occurs 1 pattern %SYS-5-RESTART action 1.0 cli command enable action 2.0 cli command debug ip ssh For versions of IOS that don't support EEM but do support the config command 'do', you could modify the config off of the router and add a 'do debug...' command to the end then copy the config back directly into the startup-config. It's messy I know, but it does work. Regards, Masood Ahmad Shah Nexlinx BLOG: http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tassos Chatzithomaoglou Sent: Tuesday, August 21, 2007 4:22 PM To: Oliver Boehmer (oboehmer) Cc: cisco-nsp Subject: Re: [c-nsp] automatically enable debugs after a reload I'm trying to check if CSCed45578 applies to our case, but the first tests show that the proposed workaround doesn't work. -- Tassos Oliver Boehmer (oboehmer) wrote on 21/8/2007 8:25 πμ: Tassos Chatzithomaoglou wrote on Monday, August 20, 2007 6:54 PM: I'm trying to troubleshoot an issue which appears just after a reload and i need to have some debugs enabled as soon as the router boots up. Is there a way i can enable some debugs before a reload and keep them active after the reload? PS: I tried the EEM functionality (event syslog %SYS-5-RESTART, action cli debug) which works fine, but i was hoping for something easier and maybe safer (am i really catching the data starting from the best possible moment?) There is no formal way to enable debugs right after reload, but next to the EEM solution, you could add the below lines to your startup-config (via copy remote-location startup-config) to achieve the same, but we can't be sure that this will necessarily catch all debugs right from the start. [...] ! enable Radius accounting right after startup config is parsed privilege exec level 1 debug radius ! do debug radius ! [...] Guess it really depends on what you need to do.. Which problem are you trying to solve? oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7204vxr freeze-up question
Well, I strongly recommend replacing radio unit with another device. There are some legacy gigabit intel chipset cards and they have problem while transmitting even octets to Cisco GE interfaces. The workaround was to update intel NIC drivers. If you believe that you have intel card than I guess you can't update the drivers for your radio unit and you may need to consult with vendor. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Wednesday, August 22, 2007 11:44 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 7204vxr freeze-up question Here's output from a sh controller during the outage state: Interface GigabitEthernet3/0(idb 0x6363B6DC) Hardware is WISEMAN 2.1, network connection mode is auto network link is up loopback type is none startup time: 176602 usec GBIC type is 1000BaseSX idb-lc_ip_turbo_fs=0x606372F4, ip_routecache=0x11(dfs=0/mdfs=0), max_mtu=1528 fx1000_ds(tx)=0x6363CE6C(0x6363CE6C), registers(tx)=0x3D80(0x3D80), cu rr_intr=0 rx cache size=2000, rx cache end=1872, rx_nobuffer=0 FX1000 registers: CTRL =0x18180005, STATUS=0x000F FCAL =0x00C28001, FCAH =0x0100, FCT =0x8808, FCTTV =0x16E3 RCTL =0x00428032, RDBAL0=0x2000B000, RDBAH0=0x, RDLEN0=0x0800 RDH0 =0x0038, RDT0 =0x0037, RDTR0 =0x, IMS =0x02D6 TCTL =0x000400FA, TIPG =0x00A0080A, TQC =0x, TDBAL =0x2000C000 TDBAH =0x, TDLEN =0x1000, TDH =0x00BA, TDT =0x00BA TXCW =0xC1A0, RXCW =0xCC0041A0, FCRTL =0x80001200, FCRTH =0xAFF0 RDFH =0x14D7, RDFT =0x14D7, TDFH =0x03A7, TDFT =0x03A7 RX=normal, enabled TX=normal, enabled Device status=full-duplex, link up, tx clock, rx clock AN status=done(RF:0 , PAUSE:3 ), SYNC'ed, rx idle stream, rx invalid symbols, rx idle char GBIC registers: Register 0x00: 01 07 01 00 00 00 01 00 Register 0x08: 00 00 00 01 0D 00 00 00 Register 0x10: 32 16 00 00 41 47 49 4C Register 0x18: 45 4E 54 20 20 20 20 20 Register 0x20: 20 20 20 20 00 00 00 00 Register 0x28: 51 46 42 52 2D 35 36 38 Register 0x30: 39 20 20 20 20 20 20 20 Register 0x38: 30 30 30 30 00 00 00 58 Register 0x40: 00 1A 00 00 30 31 31 30 Register 0x48: 31 36 30 38 32 36 34 31 Register 0x50: 38 36 34 35 30 31 31 30 Register 0x58: 31 36 30 30 00 00 00 D8 PartNumber: QFBR-5689 PartRev: F SerialNo: 0110160826418645 Options: 0 Length(9um/50um/62.5um): 000/500/220 Date Code: 01101600 Gigabit Ethernet Codes: 1 PCI configuration registers: bus_no=6, device_no=0 DeviceID=0x1000, VendorID=0x8086, Command=0x0116, Status=0x0200 Class=0x02/0x00/0x00, Revision=0x03, LatencyTimer=0xFC, CacheLineSize=0x10 BaseAddr0=0x4904, BaseAddr1=0x, MaxLat=0x00, MinGnt=0xFF SubsysDeviceID=0x1000, SubsysVendorID=0x8086 Cap_Ptr=0x Retry/TRDY Timeout=0x PMC=0x00210001 PMCSR=0x Software MAC address filter(hash:length/addr/mask/hits): need_af_check = 0 0x00: 0 .. .. 0 0xC0: 0 0100.0ccc. .. 0 0xD0: 0 0007.8420.e854 .. 0 FX1000(type=0x98) Internal Statistics: rxring(128)=0x2000B000, shadow=0x6363D310, head=56, rx_buf_size=512 txring(256)=0x2000C000, shadow=0x6363D53C, head=186, tail=186 tx_int_txdw=0, tx_int_txqe=0, rx_int_rxdmt0=0, rx_int_rxt0=0 tx_count=0, txring_full=0, rx_max=0, filtered_pak=0 rx_overrun=0, rx_seq=0, reg_read=0, reg_write=0 rx_count=128, throttled=1, enabled=1, disabled=1 rx_no_enp=0, rx_discard=0, link_reset=0, pci_rev=3 tbl_overflow=0, chip_state=2, tx_nonint_done=0, tx_limited=0 reset=5(init=0, check=0, restart=4, pci=0), auto_restart=1 tx_carrier_loss=1, fatal_tx_err=0, tx_stucks_count=1 isl_err=0, wait_for_last_tdt=0, ctrl=1885, ctrl0=1895 rx_stucks_count=2, rdtr_fpd=3 HW addr filter: 0x6363DD68, ISL disabled, Promiscuous mode multicast Entry= 0: Addr=0007.8420.E854 Entry= 1: Addr=.. Entry= 2: Addr=.. Entry= 3: Addr=.. Entry= 4: Addr=.. Entry= 5: Addr=.. Entry= 6: Addr=.. Entry= 7: Addr=.. Entry= 8: Addr=.. Entry= 9: Addr=.. Entry=10: Addr=.. Entry=11: Addr=.. Entry=12: Addr=.. Entry=13: Addr=.. Entry=14: Addr=.. Entry=15: Addr=.. FX1000 Statistics (PA3) CRC error0 Symbol error 0 Missed Packets 0 Single Collision 0 Excessive Coll 0 Multiple Coll0 Late Coll0 Collision0 Defer497 Receive Length 0 Sequence Error 0 XON RX 0
Re: [c-nsp] E1 controller - clock problems with 'line' fine with 'internal'
Circuits from the SAME carrier can generally share a clock because the carrier will generally have a single clock source for all their circuits. If you have 3 E1 from the same carrier, on one of the E1's you would configure clock source primary and the rest could be clock source internal, because the internal clock would be synced to the primary line. You can also configure each interface as clock source line which is the default. All E1's need a clock source, either your end or their end, and if this is a carrier circuit, than they provide the clock and you need either clock source line or clock source primary on one E1, and clock source internal on the others. Regards, Masood Ahmad Shah Nexlinx BLOG: http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ras Sent: Wednesday, August 22, 2007 5:14 PM To: c-nsp Subject: [c-nsp] E1 controller - clock problems with 'line' fine with 'internal' I've recently run into a slightly strange problem with one of my E1 circuits. We operate a hub-and-spoke setup, where a number of lines terminate into a single aggregation router on our side, and into a bunch of different locations/CPEs on the remote end. For all these lines, we have always had 'clock source line' for the E1 controller on both the aggregation router and the CPE routers. This has worked fine and the controllers show no errors. I've just commissioned a new line into the same aggregation router, exactly the same equipment on the CPE side (2811, VWIC2-1MFT-G703), exactly the same equipment on PE side (2811, VWIC2-2MFT-G703). But this time, we were seeing continuous 'Slip Secs' (top marks to whoever made that term up incidentally), which were also showing up as 'Errored Secs' (but crucially, never 'Errored Secs'). After much investigation and a VWIC/chassis swap later, we were in exactly the same position. I think tried configuring the aggregation controller (just for that one port) with 'clock source internal' and bang all the errors disappeared completely. It's now been running well over 48h without a single errored second, versus 1 second per second before. For reference, the aggregation router now has: controller E1 0/0/1 framing NO-CRC4 clock source internal channel-group 0 timeslots 1-31 and the CPE has: controller E1 0/1/0 framing NO-CRC4 channel-group 0 timeslots 1-31 Has anyone seen anything like this before and/or know what might cause this? My telco insists that they've tested the circuit end to end and it's working as expected (and to be fair, it is now..) Thanks, Ras ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7204vxr freeze-up question
Well, which IOS version you run? I know there are some issues with Intel chipset while it gets connected into cisco GBIC. I strongly suggest updating driver of NIC (if there is), upgrade IOS or change your NIC to check it out... Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Wednesday, August 15, 2007 8:43 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7204vxr freeze-up question Hi, I'm running into an issue with a 7204VXR/NPE-300 router with 128MB RAM. A 1000Base-SX GBIC is plugged into one of the slots (not sure of the part # of the card into which the GBIC plugs). We were running some dueling gateways speed tests with the router (packet stream is sent via iPerf to router A, which forwards it to router B, which forwards it back to router A, which forwards it back to router B, until TTL is decremented to 0). Soon after I start sending 75Mbps - 80Mbps of traffic to the router's gig interface via iPerf, the gig interface stops sending / receiving any traffic whatsoever. The CLI of the router remains up, the gig interface reports it is up / up, memory and cpu utilization remain low. No logs are generated. Traffic on other interfaces is unaffected. I shut / no shut the gigabit interface, but traffic still refuses to pass. Only a reload of the router rectifies the issue. I wonder if there is a debug command that could provide some insight into the problem. At this point I am suspecting a hardware issue (GBIC, card, or backplane). Thanks for any insights Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPLS over Tunnels
VPLS uses edge routers that can learn, bridge and replicate on a VPN basis. These routers are connected by a full mesh of tunnels, enabling any-to-any connectivity. Here's the URL... http://www.cisco.com/en/US/products/ps6648/products_ios_protocol_option_home .html Regards, Masood Ahmad Shah BLOG: http://www.weblogs.com.pk/jahil/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 08, 2007 12:34 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] VPLS over Tunnels Hello, Trying to find some doc about implementing VPLS over TE Tunnels. Something similar to Implementing MPLS VPN over TE Tunnels http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a 0080125b01.shtml Tks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/