> Hi list,
>
> I was wondering if anyone here has been able to establish any
real-world
> correlation between the relative complexity of a BGP import filter (a
route-
> map with various match clauses which reference various other
prefix/AS-path
> lists to set metric/preference attributes on incomi
On Sep 3, 2010, at 11:03 AM, Jeremy Reid wrote:
> Any trench experience anyone can share would be greatly appreciated!
Have you implemented iACLs, CoPP, vty ACLs, SNMP ACLs, GTSM, et. al. in order
to keep unwanted traffic off the RP (including the BGP process)?
Hi list,
I was wondering if anyone here has been able to establish any real-world
correlation between the relative complexity of a BGP import filter (a route-map
with various match clauses which reference various other prefix/AS-path lists
to set metric/preference attributes on incoming prefixe
Is there any way to get a SA-VAM card working in a 7500? I have both
VIP2-50s and VIP4-80s available to me. The card doesn't show up in
"show inventory". That said, I don't know if there's a problem with the
hardware or not.
Peace... Sridhar
__
Dear Sir/Madam,
My question is very elementary for someone who has good knowledge about it.
I have Cisco AS5350XM gateway with (Cisco IOS Software, 5350 Software
(C5350-IS-M), Version 12.4(20)T1, RELEASE SOFTWARE (fc3)) software. I'm
trying to configure fax on our gateway like follow call flow.
F
Gurus,
I'm looking for a way to pass ACLs via radius. I'm running a 7206
with 12.4(9)T2 and Radiator 4.4 using a MySQL database. Authentication,
static IPs, framed-routes, and even policy route-maps are all working,
but not this! The docs seem to imply that is supported but I cannot
figure
On 09/02/2010 10:05 AM, Andrew Miehs wrote:
> My biggest issue however is with the management/ loopback interface.
>
> Does everyone just use a cname for the switch/ router name - and the reverse
> lookup for this address is then the 'real' interface name?
For PTR records, I generally stick to th
On Thu, 2010-09-02 at 16:34 -0400, Jon Lewis wrote:
> cloud-uplink-sw-1#sh int count broad
>
> Port BcastSuppDiscards
> Gi0/1 0
> Gi0/2 0
> Gi0/3 0
> ...
>
> The switch is running the latest code (12.2(55)SE). All the counters are
Hi all,
Currently, one of our locations uses a Cisco router (7204VXR) as a
termination device for PPPoE. We use a loopback address, loopback1, for
the ip pools. Recently, our company decided to add on a new node, coming
in off another GigabitEthernet interface. The interface is broken into 4
Hi,
> Can someone explain to me how this:
>
> http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008082c464.shtml#err2
>
> ...is anything other than a terrible, terrible idea?
>
> Do people disable this in their networks?
but thats the way it works - MIC error causes all TKIP
Hi All,
I have a 7606/RSP720 with a ES+20g card, doing PPPoE termination, as
configured below.
Problem I'm having is that I want to put certain users in a different ip
pool (which happens to be in a different vrf that only allows them
access to one server (the OpenACS server that controls t
Back on the topic of storm-control, I recently deployed some new 3560G
switches and configured them with storm-control. There are some
interesting differences in storm-control on the 3560G and 6500.
The 3560G allowd me to configure storm-control using either bps or pps
rates. I chose to use
For switches capable of doing etherchannel load-balancing on IP address (e.g.,
src-dst-ip on a 3750)...
If there is a "trunked" port-channel, does this still apply at the vlan src/dst
IP ?
Jeff
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
htt
What I've found works best (especially for NMS like OpenView, Nagios, etc) is
to setup a loopback interface. Setup DNS with a A record for the loopback
interface as the "One True Name(tm)". Then setup all reverse PTR records for
all interfaces to be the same as the forward for the loopback. Then
On Thu, 2 Sep 2010, Andrew Miehs wrote:
Thanks for both the answers so far.
My biggest issue however is with the management/ loopback interface.
Does everyone just use a cname for the switch/ router name - and the reverse
lookup for this address is then the 'real' interface name?
To add to m
On Thu, 2 Sep 2010, Andrew Miehs wrote:
Thanks for both the answers so far.
My biggest issue however is with the management/ loopback interface.
Does everyone just use a cname for the switch/ router name - and the reverse
lookup for this address is then the 'real' interface name?
What I do h
Gert Doering wrote:
I'm shopping on ebay. Is there any way to tell the difference by
looking at them? The ones marked "PA-2FE-TX/ISL" or "PA-2FEISL-TX" are
two different parts? Because they seem to be the same price. The ones
with no mention at all of ISL sell for $150-200 more.
I'm not sur
On Thu, 2010-09-02 at 19:43 +0200, Guillaume FORTAINE wrote:
> For your information :
>
> http://docs.google.com/viewer?url=http://www.hyperchip.com/H40GPresentation.pdf
1) Not exactly Cisco related
2) Retarded use of URLs
3) Looks like a advertisement and nothing else
I wish Evolution had a kil
Hi,
On Thu, Sep 02, 2010 at 07:43:52PM +0200, Guillaume FORTAINE wrote:
> http://docs.google.com/viewer?url=http://www.hyperchip.com/H40GPresentation.pdf
Nice. Has anyone seen this? Does it do what it promises? ("multi-40G
interfaces in 1 RU space", "full IPv4, IPv6, MPLS routing")
gert
--
US
Hi,
On Tue, Aug 31, 2010 at 10:35:41AM -0400, Sridhar Ayengar wrote:
> I'm shopping on ebay. Is there any way to tell the difference by
> looking at them? The ones marked "PA-2FE-TX/ISL" or "PA-2FEISL-TX" are
> two different parts? Because they seem to be the same price. The ones
> with no
Characters from star wars? Sports teams?
On Thu, Sep 2, 2010 at 12:52 PM, wrote:
> Device and interface naming is a fairly religious topic in most places. I
> snapped a screenshot from one of our docs and uploaded a picture:
> http://img842.imageshack.us/i/interfacenaming.png/
> or
> http://i
Yes, we CNAME the device.[sub].domain.com to the correct management
interface (whatever it is) on the device.
So sometimes we manage via loopback, sometimes via dedicated management
port, and sometimes via another interface (gig1/48).
We automated a tool to generate all the DNS records for our in
Hello,
For your information :
http://docs.google.com/viewer?url=http://www.hyperchip.com/H40GPresentation.pdf
Best Regards,
Guillaume FORTAINE
Tel : +33(0)631092519
___
cisco-nsp mailing list cisco-nsp@puck.nethe
Thanks for both the answers so far.
My biggest issue however is with the management/ loopback interface.
Does everyone just use a cname for the switch/ router name - and the reverse
lookup for this address is then the 'real' interface name?
Thanks
Andrew
Device and interface naming is a fairly religious topic in most places. I
snapped a screenshot from one of our docs and uploaded a picture:
http://img842.imageshack.us/i/interfacenaming.png/
or
http://img842.imageshack.us/img842/4277/interfacenaming.png
Hopefully one of those 2 links works.
We ba
Hi all,
have spent the last couple of hours looking and haven't been able to find a
satisfactory solution to naming cisco siwtch interfaces.
I am currently looking after a lot of Cisco 6500s and would like to clean up
DNS so that reverse lookups = forward etc.
I would like to suggest that we do
Jeff,
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Jeff Kell
> Sent: Thursday, September 02, 2010 10:21 AM
> To: cisco-nsp
> Subject: [c-nsp] Relaying DHCP through small remote VPN (ASA 5505)...
>
> Have a remot
Am I misreading, or did he say it wasn't under the 'interface vlan', but under
the 'vlan' itself? :)
I just looked on mine, and it's under the vlan config (Version 4.2(3) software).
NEX7000EDC1(config)# vlan 4
NEX7000EDC1(config-vlan)# ?
ip Configure IP features
media
The service-policy command doesn't appear to be there under the SVI...
nx01(config)# int vlan 304
nx01(config-if)# ?
bandwidth Set bandwidth informational parameter
carrier-delay Specify delay for interface transitions
delay Specify interface throughput delay
description
Hi Matt, Arie,
Yes, the documentation is incorrect in that section, I will work to
get that updated.
Arie is right, you apply qos service policies to the vlan itself, not
the SVI, in NXOS. That's to decouple SVI creation and policy
application for vlans.
For an L2 switchport, L3 interface,
Thanks, Elmar. That *was* too easy and way too intuitive. (I did not
expect that from Cisco. ;-)
Humbly,
cjw
> Date: Thu, 2 Sep 2010 10:39:44 +0200
> From: "Elmar K. Bins"
> To: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Cisco Routers: Performance benchmark
> Message-ID: <20100902083944.
Have a remote setup w/ASA 5505... essentially setting up a site-to-site tunnel
and
routing a local inside subnet back to the main campus. (Default inside route
part of
crypto-map match so all traffic is tunneled).
Everything is working, but I'm less than excited about the 5505s DHCP
abilities
Has the root bridge changed? Assuming that the 6503 is the root bridge it
wouldn't have been responsible for blocking a port and stopping loops.
Also, is there any way it could have been caused by users or other activity
on the network?
On Wed, Sep 1, 2010 at 10:26 AM, Jens S Andersen wrote:
On 02/09/10 14:16, Nick Hilliard wrote:
On 02/09/2010 13:59, Phil Mayers wrote:
I've since done a bit more reading, and apparently this behaviour
(shutting down the radio) is mandated by WPA1 and the solution is to
move to WPA2. It seems bizarre - shut down the entire radio - but there
we go.
Matt,
You should be able to apply the qos policy on the "vlan" (as opposed to
"interface vlan"):
Let me know if it works for you.
This is the doc, but I think it might be wrong (for the syntax) - let me
know, and I will see internally.
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/n
On Wed, 1 Sep 2010, Sascha Pollok wrote:
I *think* (read: I might be wrong but) that the PSes also switch off
and show OUTPUT FAIL when the router is shutdown from the supervisor.
I have seen this e.g. on a 6509 (what was the difference between the
7600 and ... just kidding) that got shutdown fr
On 02/09/2010 13:59, Phil Mayers wrote:
> I've since done a bit more reading, and apparently this behaviour
> (shutting down the radio) is mandated by WPA1 and the solution is to
> move to WPA2. It seems bizarre - shut down the entire radio - but there
> we go.
It's hobson's choice, isn't it:
a.
On Thu, 2010-09-02 at 08:04 +0200, Jens S Andersen wrote:
> The router is doing layer2 and 3. (OSPF, HSRP, PVST)
> The router is totally unresponsive, even after the loop is broken (by
> shutting an interface on the neighbour-router).
> Power off helps.
Have you tried console access at this t
On 02/09/10 11:51, Phil Mayers wrote:
Can someone explain to me how this:
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008082c464.shtml#err2
...is anything other than a terrible, terrible idea?
Do people disable this in their networks?
I've since done a bit more readin
Hi,
Is it possible to attach a QoS service policy (in this case a simple
ICMP policier) to a VLAN interface on the N7k platform (NX-OS
5.0(2a))? The docs suggest it is possible, but the service-policy
command doesn't appear to be available in interface configuration mode
for an SVI (the command is
I'm working on that platform. :)
Rodney
On 9/2/10 3:02 AM, E. Versaevel wrote:
The only time i wanted to use it was on our ASR1004 wich didn't support it :)
(and that was for troubleshooting input errors on the interface so i doubt
those would have shown up (was recieving packets in an unco
Can someone explain to me how this:
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008082c464.shtml#err2
...is anything other than a terrible, terrible idea?
Do people disable this in their networks?
___
cisco-nsp mailing list ci
Re Rodney,
rod...@cisco.com (Rodney Dunn) wrote:
> Yep! Here is the quick wiki page with an example on CSC (Cisco Support
> Community):
>
> https://supportforums.cisco.com/docs/DOC-5799
Just a hint: Would it be remotely possible for Cisco to use valid
certificates?
Elmar, still trying to open
war...@gmail.com (Christopher J. Wargaski) wrote:
> Thanks for posting the URL for the router performance matrix. Anyone
> know of a similar matrix for switches (L2 & L3) and firewalls?
Have you tried s/router/switch/ in the URL?
Life can be so easy.
> > Not all as requested, but a start:
> >
Reality is a network should be designed for the worst case you will have to
deal with not the average case.
This is often a business decision versus an engineering decision.
Ie. 95th percentile vs 99th percentile.
Or you don't run a controversial web site so you don't need to worry as much
about
> ...so if we have test results with these
> frame-sizes, we can be sure if the router we wanna buy can work under the
> highest load of the passing traffic on our network or not.
maybe for pure forwarding, but what if you throws acls, qos, fw, ids,
nat, etc into the equation? enabling more featur
--- On Thu, 2/9/10, bored to death wrote:
>
> for example, RFC 2544 says you should give benchmark
> results on traffic with
> frame-sizes of 64, 128, 256, 512, 1024, 1518 byte. and in
> theory if we have
> combination of packets with different frame-sizes,
> performance is almost equal
> to
The only time i wanted to use it was on our ASR1004 wich didn't support it :)
(and that was for troubleshooting input errors on the interface so i doubt
those would have shown up (was recieving packets in an unconfigured vlan))
Op 1-9-2010 21:35, Rodney Dunn schreef:
> Yep! Here is the quick wi
48 matches
Mail list logo
