On 07/05/2009, at 7:48 AM, Matthew Huff wrote:
It's an SFP port rather than a copper 10/100/1000. Every Cisco SFP
port fiber or copper is 1g only.
Annoyingly, the current Nexus 2000 FEX box (2148T) offers GigE only
copper ports (1G-BASE-T via RJ45) which is a real shame as it's a nice
wa
Morning,
I have been working with BGP for a few months now and am trying to get a
grasp of it.
I have an assignment that requires to have multiple bgp sessions running on
a single router and the prefixes advertised from each prefix appearing so.
Does this make sense? Am a bit foggy on this and w
Hi All,
I know you can only have one service-policy in/out on an interface - but
what if you need to rate limit mulitple IP's that transit through the
interface???
A bit of background first...
We have several customers (100's of them) who we handle the IP/Internet
side of things for and we u
Ah. Makes sense.
--Original Message--
From: Matthew Huff
To: Charles Wyble
To: Jay Ford
Cc: cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Nexus 5000?
Sent: May 6, 2009 2:48 PM
It's an SFP port rather than a copper 10/100/1000. Every Cisco SFP port fiber
or copper is 1g only.
Mat
Which is entirely possible on an ATM/kiosk style interface.
--Original Message--
From: Michael
Sender: cisco-nsp-boun...@puck.nether.net
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Wireless Splash Screen Cisco AP Aironet
Sent: May 6, 2009 4:02 PM
Peter Pauly wrote:
> Is it possible
Probably too late to resolve this issue.. but at least for the record..
7304/NSE100 doesn't officially support DSL/L2TPv2 aggregation, so that's
you can configure this but it just doesn't work..
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@pu
Well, according to the TAC case I had opened on this, it seems that
because the SUP32 has its TCAM full and is getting exception errors (it
has the full internet routing tables), this is likely the culprit to why
uRPF in loose mode is not behaving as expected.
I guess this is more fuel for the
Hi Ross
actually i can't get if SUP running SSO why you think configuration will be
loaded from active to standby during switchover ? !
SSO maintains control plane and data plane resiliency and both SUP have
active IOS image and synchronized configuration
best regards
--Ibrahim
On Wed, May
Peter Pauly wrote:
> Is it possible to use this without a AAA server? Guests typically
> don't have a userid and password. We just want them to agree to our
> usage terms.
Sorry, just being curious, what would you do if a client clicks "I don't
agree"?
_
It's an SFP port rather than a copper 10/100/1000. Every Cisco SFP port fiber
or copper is 1g only.
Matthew Huff | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
-Original Message
- no 10/100; copper Ether is 1G only
Why? Can't the silicon do 10/100/1000? I mean that is what most kit is
sold as right?
I mean granted many folks have 1gbps ports on their kit but it
almost seems like they go out of there way to avoid the 10/100
compatibility.
On 5/6/09 1:39 PM, "Michael Balasko"
wrote:
> My understanding is that the current 5K line will NEVER do L3,
> but someone more internal to Cisco can confirm/rebuff that statement.
This is true. Nexus 5000 is a low latency cut through switching
architecture. High performance and low price pe
On Wed, May 06, 2009 at 04:39:40PM -0400, Jared Mauch wrote:
> I would recommend trying to get the devices on SXF16 or SXI1 if
> possible. You may need to send a break and interrupt the boot process
> on one (hope you have good OOB and know how to do this).
What do you mean "you may need to s
I would recommend trying to get the devices on SXF16 or SXI1 if
possible. You may need to send a break and interrupt the boot process
on one (hope you have good OOB and know how to do this).
This is also reinforces the reason some people do not run dual
processor systems. They sometimes f
> It's my understanding that Non Cisco SFPs which are Cisco coded have DOM
> ³Digital Optical Monitoring² specified in the part number description, which
> is what Cisco specs for these units. Does anyone else have information on
> determining how non Cisco SFP are Cisco coded?
Not necessarily. Bo
Ouch. nasty race condition from the looks of it. Those little corner
cases that are oh so very sharp.
Ross Vandegrift wrote:
Hey guys,
Today, due to what appears to be a major problem in SXF13, we
experienced two sequential crashes, taking out both SUPs in a 6500
within the time it takes
It's my understanding that Non Cisco SFPs which are Cisco coded have DOM
³Digital Optical Monitoring² specified in the part number description, which
is what Cisco specs for these units. Does anyone else have information on
determining how non Cisco SFP are Cisco coded?
As far as 'lower quality' S
On Wed, 2009-05-06 at 14:42 -0400, Jeff Kell wrote:
> Anyone running a 3750 or 4500 as a PE router (nothing fancy, just
> inter-VRF iBGP that really "imports/exports" routes)?
>
> We have a VRF-lite network but at this point only one iBGP mesh point
> (PE). There are cases where some of the nodes
Hey guys,
Today, due to what appears to be a major problem in SXF13, we
experienced two sequential crashes, taking out both SUPs in a 6500
within the time it takes to boot. TAC case is going.
According to the crashinfo droppings left along the way, we
experienced three crashes:
1) module 6 is a
Hey all, I'm trying to script a few things using SNMP (data collection, mainly).
I've essentially found the OIDs I need, but it seems like there is no way to
separate routes by how they originate.
For example if you do an snmpwalk ... ipRouteNextHop, it shows you all of the
routes in the entire
They are OMG deep(30 inches) so make sure that doesn't cause you any
issues. My understanding is that the current 5K line will NEVER do L3,
but someone more internal to Cisco can confirm/rebuff that statement.
My pet peeve is that on the 5010's we bought you cannot assign an IP
address to a VLAN
The other con to deploying N2K/N5K today is that they don't yet support port
channeling of 1G connections down to the hosts which is sometimes common for
Oracle RAC clusters or VMware ESX environments. This will be resolved when
they start supporting virtual Port-Channels in the N5K series sometime
I've deployed a couple of 5020s with 2148ts because I need the 10Gb port
density (for low-latency communication between a lot of 10Gb servers and
for aggregation of 1Gb ports). I don't know enough of your client's
requirements to say whether this is the right choice for them, but one
potential
Anyone running a 3750 or 4500 as a PE router (nothing fancy, just
inter-VRF iBGP that really "imports/exports" routes)?
We have a VRF-lite network but at this point only one iBGP mesh point
(PE). There are cases where some of the nodes attached to the current
PE could ideally route between VRFs l
On Wed, 6 May 2009, ChrisSerafin wrote:
I have a client that Cisoc is recommending the Nexus line of switches for
their data center. They will be using IBM blade switches and I'm guessing
these would be the 'core'.
They are looking at (2) Nexus 5010's and (2) Nexus 2000's.totaling 60K.
I'
It sounds like you aren't using FC through them, so I'm guessing they were
positioned as a high density, low cost 10g solution. Along with being
cheaper, they will also be more green.
The 2ks are high density low cost 1g solutions.
Note there is no layer 3 on the 5ks at this time.
tv
- O
I agree.
I set this up with windows 2008 recently. My Linksys wireless router and
my cisco 1841 authenticate to AD. I haven't hooked it up to a VPN yet
but that's possible.
As for one time passwords, http://www.wikidsystems.com/community-version
and http://directory.apache.org/
I don't kno
I haven't tested how exactly this feature works.
But you can always have in the usage terms "if you agree please login with
username guest, password guest".
another thing is that you can preprint card for visitor access cards with
username/password on them so that in case you want to locate
I have a client that Cisoc is recommending the Nexus line of switches
for their data center. They will be using IBM blade switches and I'm
guessing these would be the 'core'.
They are looking at (2) Nexus 5010's and (2) Nexus 2000's.totaling 60K.
I'm wondering why this would be recommended
Is it possible to use this without a AAA server? Guests typically
don't have a userid and password. We just want them to agree to our
usage terms.
On Wed, May 6, 2009 at 9:41 AM, John Kougoulos wrote:
> Hello,
>
> have a look at consent feature for routers
>
> http://www.cisco.com/en/US/docs/ios/
Hello,
have a look at consent feature for routers
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/auth_fw.html
you can also setup something like chillispot:
http://www.chillispot.info/
Regards,
John
On Wed, 6 May 2009, Johnny Ramirez Colmenares wrote:
We have a guest network and I would li
We have a guest network and I would like redirect the users to a simple screen
that welcomes them to our network, have them read our terms and continue.
...That's it. Not a login screen, just information.
We have 3 Cisco Aironet 1200 series connected to the Guest VLAN.
How can this be done?
JR C
Hi,
I'm working in a migration of a CheckPoint Firewall to an ASA5520. I freeze
on a situation that seems ASA cannot "reproduce" CheckPoint configuration.
Follow the scenario:
- IP Address X on the Internet access IP Address X1 in the Inside network
through the X-NAT Address.
- IP Address Y on th
On 06/05/2009, Marc Haber wrote:
> Hi,
>
> Just in case, in which price range do the "cheapest"
> one-time-password-token authentication schemes start for this user
> count?
>
Yubikey is nice
http://www.yubico.com/home/index/
mike
___
cisco-nsp mailin
Thomas Braun writes:
> There is also a windows port of freeradius, it needs cygwin.
I remember reading something about "not for production use" on the
freeradius mailing list.
> I haven't used it under windows, but under Linux you can do anything you
> want.
Excluding the GUI (Yes I know about
I concur with Patrick, if you already have a Windows domain/AD server
install the IAS service and configure it to set up your VPN. I set up a
Pix 306E to authenticate off a companies AD on one of the jobs I did.
As I recall the only pain was finding out that I needed to install IAS
services which
The Windows server platform includes Internet Authentication Services (IAS)
which provides RADIUS authentication against either AD or the local user
database on the Windows server itself. Just install the service.
Patrick
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mai
The cheapest solution is already there, Windows2003 server can act as a radius
server, it doesn't have to use necessarily the same users, new users can be
added to a special new group only for the VPN authentication.
Also using the AD can be useful, the user can be set to have permission to
acce
Hi,
i use freeradius for the same installation on linux.
There is also a windows port of freeradius, it needs cygwin.
I haven't used it under windows, but under Linux you can do anything you
want.
Maybe you give it a try.
Regards
thomas
a small company is planning to deploy client VPN using
Hi,
a small company is planning to deploy client VPN using the Cisco VPN
client and an 1841 in their office. They have 50 employees, about 15
of them mobile, a couple of Windows 2003 servers (no virtualization
yet) and are mostly an all-windows shop. They neither want their users
to authenticate t
I think it's a general case that link failure detection time on copper is about
500ms, while on fiber is about 50ms.
Also, the default debounce timer is much lower on fiber ports:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/intrface.html#wp1044898
--
On Tue, 5 May 2009 20:16:11 -0400, Mike Louis wrote
> Hey Folks,
>
> One of my Cisco SEs told me the other day that there was a limitation
> in the GLC-T GBICs that prevented the switch from recognizing a link
> up/down faster than 500 msec. This could cause a noticeable blip in a
> voice call
42 matches
Mail list logo