We have had a few strange unidirectional link problems and I thought
that I could detect them using UDLD. So I thought I knew how it
worked. I
I have a 6500 with a gig SFP LH mod connected to a 3750 with the same
SFP.I enabled UDLD AGGRESSIVE mode on bot ends and they both
On Tue, 30 Jun 2009 17:49:05 +0400, nishal goburdhan nis...@is.co.za
wrote:
On Thu, Jun 25, 2009 at 08:20:26PM +0400, victor wrote:
Even more than that :) because the design was verified, simulated and
approved by a Cisco Systems lab in Raleigh (NC)
Insubordination regarding this matter may
On Tue, 2009-06-30 at 09:59 -0400, Jeff Fitzwater wrote:
We have had a few strange unidirectional link problems and I thought
that I could detect them using UDLD. So I thought I knew how it
worked. I
...
I thought that breaking on side of the fiber would only bring down one
end
I then disabled the UDLD and disconnect the fiber again and still had both
ends show link failure.
Q So why does both ends go down? Is this a new code feature for gig
fiber ports or did I miss something?
Are the ports set to auto? Auto-neg will notice one-way link, and not
bring up
On Tue, Jun 30, 2009 at 09:59:35AM -0400, Jeff Fitzwater wrote:
Q So why does both ends go down? Is this a new code feature for
gig fiber ports or did I miss something?
GigE autonegotiation reports remote-fault to the other end.
M.
___
GE/10G can detect a physical unidirectional fiber link itself, UDLD
is not necessary to detect this type of failure.
UDLD is needed for exactly the case you mention, or for cases where
one side of the link is braindead but does not bring the physical
link down (ie, software problem).
HTH,
Thanks all for the info on UDLD. In my case the test did not work as
expected because the port was in auto-negotiate, as it should be.
Disabling it allowed the port to stay up even if the other end was
down (no light).
Enabling the UDLD worked as I would expect in this case. But in the
On Tue, 30 Jun 2009 18:56:17 +0400, victor vi...@list.ru wrote:
On Tue, 30 Jun 2009 17:49:05 +0400, nishal goburdhan nis...@is.co.za
wrote:
On Thu, Jun 25, 2009 at 08:20:26PM +0400, victor wrote:
Even more than that :) because the design was verified, simulated and
approved by a Cisco
Hi all.
Can someone help me out here.
I'm having trouble getting tacacs+ to work an a nexus 5010.
When ever I'm trying to access the nexus the debug prints.: Skipping DEAD
TACACS+ server 10.0.100.233
I can ping and telnet to the tac-server from the nexus. Am I missiing somthing
in my config ??
I assume this is either a bug, or something else equally enjoyable.
Today, I noticed that one of our switches was acting up, so I logged into it
and did the usual show interfaces, sh proc cpu sort, etc etc.
I noticed that the switch's uplink interface indicated that it was doing
700Mbps to the
On Tue, 30 Jun 2009, Drew Weaver wrote:
I noticed that the switch's uplink interface indicated that it was doing
700Mbps to the router it is connected to, the router indicated that it
was only getting 200Mbps from the switch.
I've seen similar discrepancies with 3550s gigabit uplinked to
I have a few MPLS routers running BGP as the routing protocol.
I added a public IP'ed interface on a free ports on the same router, and
I'm able to get to it and use it for Internet bound traffic if I wish. I
would like to configure an IPSEC VPN to provide backup if the MPLS
provider fails.
We use Fluke's Netflow Tracker for netflow analysis. I've run into a weird one
though. Our netflow export from our distribution switches which are running
12.2(33)SXI1 does not seem to export the dscp bits, but our core switches
running 12.2(33)SXI1 as well, do export the dscp bits. The
Hello,
I am trying to download the Cisco ITP configuration guide for the *
12.4(11)SW3* software release.
The file can be seen in the ITP configuration guides list
http://www.cisco.com/en/US/products/sw/wirelssw/ps1862/products_feature_guides_list.html
.
Unfortunately, it keeps on prompting me
Trunk port or access port?
One of the main places I've seen mismatching amounts of tx/rx is on
trunk ports, where either the switchport trunk allowed vlan doesn't
match on both sides, or in the case of the router interface, you only
have .1Q subinterfaces configured for certain VLANs, but other
I have a new ISP for one of our locations, and we currently have a
pair of Cisco PIXs in an active/standby config. The new ISP wants to
give us a /30 for this MetroE WAN link, with one of the IPs being used
for their equipment on their side of the circuit (aka, our default
gateway). This only
By any chance does anybody here know the new terminology used for ASA and
FWSM?
Renelson
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi,
On Tue, Jun 30, 2009 at 03:44:35PM -0400, Deny IP Any Any wrote:
What are my options to get this to work?
Change ISPs.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
If switching ISPs is not a choice, although I agree it is a good one, then I
need a little more information.
Are you running PIX's that are pre 7.x or 6.3(5)?
I have not tried this before on the 6.3(5) line, but you might be able to leave
off this line:
failover ip address outside x.x.x.x
If
Same here...
-Jeff
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Randy
Sent: Tuesday, June 30, 2009 4:02 PM
To: cisco-nsp@puck.nether.net; Felix Nkansah
Subject: Re: [c-nsp] OT: Help on Cisco ITP Configuration Guide -
At the location below there is a file called Access to Cisco IP
Transfer Point (ITP) User Documentation and Release Notes, which
contains the following text:
Cisco restricts the use and distribution of Cisco IP Transfer Point
(ITP) user documentation
and release notes. If you desire access and
Hi,
I've spent some time already trying to locate the mib that has the
status (and admin status) of bgp peer that is in a vrf. There is
cbgpPeerPrevState oid but it only seems to cover ipv4 peers (at least
when I query the ASRs we try to monitor). I can get the number of
prefixes learnt from a
I am not sure exactly how you are trying to configure the PIX, but I
guess you need to have an IP for each PIX, and then a VIP in the same
subnet used for real traffic forwarding.
You can tell your SP to use /30, so for example, they allocate
192.168.1.1 for their side, and 192.168.1.2 for your
Would anyone like to have a stab at this
Hi,
I am at the beginning of building a best practices document for data
centre design. I am wondering if anyone can poiunt me to the right
document that I can start with. I am looking at a Cisco centric solution.
Following documents are
On Tue, 2009-06-30 at 14:11 -0500, ChrisSerafin wrote:
I have a few MPLS routers running BGP as the routing protocol.
I added a public IP'ed interface on a free ports on the same router, and
I'm able to get to it and use it for Internet bound traffic if I wish. I
would like to configure an
Drew Weaver wrote:
I assume this is either a bug, or something else equally enjoyable.
Today, I noticed that one of our switches was acting up, so I logged into it
and did the usual show interfaces, sh proc cpu sort, etc etc.
I noticed that the switch's uplink interface indicated that it was
On Tue Jun 30 13:47 , Arne Larsen / Region Nordjylland sent:
Hi all.
Can someone help me out here.
I'm having trouble getting tacacs+ to work an a nexus 5010.
When ever I'm trying to access the nexus the debug prints.: Skipping DEAD
TACACS+ server 10.0.100.233
I can ping and telnet to the
--- On Tue, 6/30/09, Deny IP Any Any denyipany...@gmail.com wrote:
From: Deny IP Any Any denyipany...@gmail.com
Subject: [c-nsp] using a /29 mask on a /30 point-to-point
To: cisco-nsp@puck.nether.net
Date: Tuesday, June 30, 2009, 12:44 PM
I have a new ISP for one of our locations, and we
Hello:
Hi,
I am at the beginning of building a best practices document for data
centre design. I am wondering if anyone can poiunt me to the right
document that I can start with. I am looking at a Cisco centric
solution.
Following documents are currently being looked at.
Not
Are both interfaces configured with 'load-interval 30'?
Furthermore that could be due to lack of 64-bit interface counter support on
the router.
-Mensagem original-
De: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] Em nome de Drew Weaver
Enviada em:
Data center best practices? Are you a content house? Are you an
ISP? Are you a colo provider? Given that there are multiple best
practices for those scenarios alone not to mention if you are a
content house your network is built to support your application...
that's one hell of a long
Hi Team,
I am interested in subscribing to a GOOD online email filtering service,
through which all emails destined to an enterprise domain transit, are
scanned and filtered for spam and viruses, before legitimate mails relayed
to the destination mail server.
As a bonus, the service should also
On Tue, 30 Jun 2009, Leonardo Gama Souza wrote:
Are both interfaces configured with 'load-interval 30'?
In my case yes.
Furthermore that could be due to lack of 64-bit interface counter
support on the router.
I've seen that via SNMP, but never noticed the CLI interface rate counters
Hi Matt,
Interesting, I was unaware that conditional adv didn't support route-maps with
the continue-clause.
I don't have boxes handy to try it but what if you were to have two sequences
in you non-exist route map -
route-map non-exist permit 5
match ip-address prefix-list A
route-map
Hi all,
I'm configuring a PIX 501 running v6.3.5 code to terminate VPN connections from
remote users. I've got the config intact, but need to learn how the PIX handles
these connections internally.
Here's the relevant config:
access-list nonatvpn permit ip 192.168.0.0 255.255.255.0 192.168.1.0
On Tue, 2009-06-30 at 15:44 -0400, Deny IP Any Any wrote:
Could I configure the subnet on my side of the WAN as a /29? My
broadcast address would be wrong, but since its basically a
point-to-point anyway, I shouldn't need broadcasts. I realize this is
semi-evil, and might get my Internet
On Tue, 2009-06-30 at 16:56 -0700, Jared Gillis wrote:
So my inside network is 192.168.0.0/24, and the vpnclients will get
addressed into 192.168.1.0/24 (correct?), and there will be no NAT on
communication between them.
Correct, your nat (inside) 0 acccess-list nonatvpn
My question is, are
Using Peter's example below, just leave off the 10.0.0.3 standby address. The
failover and state information will still be passed between the firewalls and
you can get by with a /30. If for some reason you're running 6.3(5), go to
Kingston.com and buy yourself 2 sets of (2) 64MB CL2 100Mhz
On Tue, 30 Jun 2009, Renelson Panosky wrote:
By any chance does anybody here know the new terminology used for ASA and
FWSM?
Could you clarify what you mean by new terminology?
Thanks
jms
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
I don't think it is virtual context? There are some limiltations
Regards
-mike
On Jun 30, 2009, at 6:23 PM, Justin M. Streiner strei...@cluebyfour.org
wrote:
On Tue, 30 Jun 2009, Renelson Panosky wrote:
By any chance does anybody here know the new terminology used for
ASA and
FWSM?
These claims depend on the level of attack. Firewalls do have features,
for instance, they can proxy a tcp-syn connection and not send it to the
server if it doesn't get an ack. If the firewall can sustain the
attack, and the server doesn't have syn-cookies, this would be a
mitigation of a ddos
On Jul 1, 2009, at 11:02 AM, Quinn Mahoney wrote:
irewalls do have features,
for instance, they can proxy a tcp-syn connection and not send it to
the
server if it doesn't get an ack.
Doesn't scale. Server alone handle this much better, even without syn-
cookies.
Also they obviously
The server alone handles a syn attack much better, Without a firewall
proxying the tcp connection? That would depend on how many servers
there are and what the firewalls can handle. The server never gets
traffic from the spoofed addresses with the firewall, or from a
load-balancer that
On Jul 1, 2009, at 12:09 PM, Quinn Mahoney wrote:
Without a firewall proxying the tcp connection? That would depend
on how many servers
there are and what the firewalls can handle. The server never gets
traffic from the spoofed addresses with the firewall, or from a
load-balancer that
If you're the customer (having only CE routers), this is a classic
primary/backup problem, only this time using BGP as the core routing
protocol.
If you're the provider (using MPLS between your BGP routers to offer
whatever services), you can run MPLS over GRE over IPSec on the backup link
(just
Works like designed. The PFC3A doesn't export QoS informations. This has
been one major reason to go for the B version for us some times ago at
Qimonda. (rem: QoS-netflow-collecting seems a L2-netflow-feature; this
is supported in the B versions only)
Matthew Huff schrieb:
We use Fluke's
46 matches
Mail list logo