On Fri, Nov 06, 2009, Dale Shaw wrote:
I don't have the option to up the MTU; the supplied underlying circuit
is an L2 ethernet metro ethernet style service.
Do you know for sure that the carrier MTU doesn't have the headroom you need?
I'm going to make that assumption in case it is
On Thu, Nov 05, 2009, Rens wrote:
I have already done up to 400 Mbps with 2811 or 2821 (don't remember)
You just have to make sure your MTU is high enough depending on the frame
sizes you want to tunnel.
Just out of morbid curiousity - so will the router terminating L2TPv3 actually
fragment
Please read the Cisco 3750 IOS configuration guide. It specifically
states that PBR and VRF on the same interface is not permitted.
There is also apparently a PBR and fast-PBR mode which if i recall
does something akin to either software or hardware switching.
I'm not sure of the details. It is
On Thu, Oct 29, 2009, David Hughes wrote:
The smartest/sanest thing to do, IMHO, would be to work at migrating
to NX-OS, feature-set by feature-set. It's by far the cleanest and
best-designed OS platform Cisco have come out with to date.
Couldn't agree more. NX-OS looks like a great
On Tue, Sep 01, 2009, Dracul wrote:
Hi List,
I'm planning to setup WCCP + Squid.
Hi!
If the squid server should be offline or the squid process dies, will the
users? port 80 requests automatically redirect to the ?live? internet
connection??
Yes!
Because in old forced redirection
of packets like they
would just have some momentary
lapse of connection (browsing or downloading via http)
On Tue, Sep 1, 2009 at 2:52 PM, Adrian Chadd adr...@creative.net.auwrote:
On Tue, Sep 01, 2009, Dracul wrote:
Hi List,
I'm planning to setup WCCP + Squid.
Hi
G'day,
I'm trying to configure up bi-directional WCCPv2 on a Cisco 3750
with redirect lists to limit the traffic being redirected.
I'm trying it on 12.2(50)SE2 ipservicesk9.
If I add a redirect list to the wccpv2 service definitions the
traffic becomes CPU processed.
If I remove the redirect
On Mon, Jun 22, 2009, Adrian Chadd wrote:
G'day,
I'm trying to configure up bi-directional WCCPv2 on a Cisco 3750
with redirect lists to limit the traffic being redirected.
I'm trying it on 12.2(50)SE2 ipservicesk9.
If I add a redirect list to the wccpv2 service definitions the
traffic
int fa0/1
port monitor fa0/22
?
On Mon, May 25, 2009, Tuc at T-B-O-H wrote:
Hi,
Has anyone done a port debug on a C2924:
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC10, RELEASE
SOFTWARE (fc1)
I just need to see all the traffic on a specific port
On Fri, May 22, 2009, Dale Shaw wrote:
Can anyone provide any insight?
Adrian Chadd, I'm shining the bat torch towards the sky, are you out there?
:-)
Sigh. Yes i'm here. :)
Unless stuff has changed, WCCPv2 will just still be matching on bits in your
packet headers and rewriting next hops
On Fri, May 08, 2009, Jeff Kell wrote:
Don't have this problem with 3560s and up, they behave as expected.
(Just verified on a 3560 w/12.2(35)SE). Appears to be a 3550-thing.
Maybe I just need a stimulus upgrade grant :-)
Have you tried it on a 3550 running 12.2?
Adrian
On Thu, May 07, 2009, Jeff Kell wrote:
Bug or feature?
From my POV, Feature. I've never had 100% reliable ACL logging on
the Catalyst 3550 and thus don't rely on it. :)
(It forwards packets good though!)
Adrian
___
cisco-nsp mailing list
On Tue, Apr 07, 2009, Christina Klam wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
We have been having some problems with wccpv2 working through a GRE
tunnel between a 6504e (version
s3223-ipservicesk9_wan-mz.122-33.SXI.bin) and a Squid server (RHEL5).
The tunnel is up; and
On Mon, Mar 23, 2009, Ramcharan, Vijay A wrote:
All,
I'm just looking for confirmation that GRE on the 3750G is done in
software with the resulting low throughput (~20Mbps with iperf across
GRE tunnel on 3750G). All testing and reading that I've done indicates
that the hardware on the 3750
On Wed, Feb 18, 2009, Brett Looney wrote:
I'm interested in using a cisco router as a DNS server and I was
wondering if anyone has real world experience or documentation that
could inform me as to how many users/clients could one router handle
if it were the primary dns server.
Don't do
Hm, are the servers configured in some kind of active/failover or somesuch?
I vaguely remember the default Windows method of failover causing no end
of trouble to default-configured Cisco switches as MAC addresses pingpong
between ports..
Adrian
On Wed, Nov 26, 2008, Vigar, Damien wrote:
Hi
On Wed, Sep 24, 2008, matthew zeier wrote:
Am I overthinking this? After yesterday's CRG failure
(blog.mozilla.com/it/) I was left with a failed 3750 and got the RMA
this evening.
Is it as simple as replacing the dead unit with this one? I've already
made sure the replacement is
On Wed, Sep 24, 2008, matthew zeier wrote:
How's that done?
in conf mode:
switch 1 renumber new number
Then reload. Make sure you've provisioned the right switch type in the stack
(switch new number provision switch type).
(Have you read the 3750 stacking chapters in the IOS config guide?
On Tue, Sep 23, 2008, Wilkinson, Alex wrote:
0n Mon, Sep 22, 2008 at 06:52:21PM -0400, Jason Lixfeld wrote:
Attaching a access-list 100 permit ip any any log-input to the
interface and/or subinterface via ip access-group didn't show
anything - the interface counters
On Tue, Sep 23, 2008, adrian kok wrote:
Hi all
ls any different to setup vlan between catalyst 4000
and 2960?
I need to setup the cisco2800 to have vlan this 4000
switch
ls it easy?
how setup the trunk port in 4000 switch?
I'd suggest finding the catalyst OS (catos) configuration
On Tue, Sep 23, 2008, Mario Spinthiras wrote:
Wouldn't it be a lot wiser to migrate to IOS ? I know this is possible and
I'm sure it's a step forward than anything else. Can anyone shed some light
on the worthiness of migrating to IOS other than the obvious (consistency ,
easier)
I believe
On Sun, Sep 14, 2008, matthew zeier wrote:
I would be interested in the results of such an experiment (I was about
to research this this week myself).
Church, Charles wrote:
I got curious last week when I saw this thread. From my (AS 26296)
point of view, there aren't a whole lot of
On Fri, Sep 12, 2008, Garry wrote:
Only thing I could suggest for now is using three squids (could be done
on that single machine) with three different outgoing IPs, which in turn
can be routed statically to one line each through route maps ... then
use a fourth squid instance (towards the
On Mon, Sep 08, 2008, David Hawthorne wrote:
btw, one of the surprising tricks we learned was that the range
start_port end_port specification won't fill up TCAM on the 6500/7600
IFF your port ranges fall on bit boundaries just like networks do.
I'm sure I've read that documented
Bill is practically right. The semantics for Cisco ACLs aren't here's a set
of IP ranges, apply this behaviour, they're a linear walk of rules from
top to bottom applying behaviour at each step. Collapsing that into the
smallest set of possible operations is -not- taught at first/second year
On Fri, Aug 29, 2008, Dan Letkeman wrote:
How many nat translations could an 827 router handle? This is for a
school environment where there are about 300 workstations (assuming
that not everyone would be browsing at once) and a 7mbit internet
connection. Could this router handle this kind
On Sat, Aug 30, 2008, Dan Letkeman wrote:
I'm currently running a 2621 just behind the 827(s) which is doing CEF
load distribution. I plan on putting in a 2800 series router with the
firewall IOS. Do you know if there is a way you can do PPPOE on a sub
interface? I plan on having up to 7
Squid also does a reasonable job and there are patches to integrate
it into SmartFilter and other commercial products.
Adrian
On Sat, Aug 23, 2008, Teller, Robert wrote:
I am using securecomputings webwasher and the setup works really well.
It's a little more then bluecoat but cheaper if you
On Sun, Aug 17, 2008, Dan Letkeman wrote:
Is there a way to connect it to the router and use policy routing, and
the verify availability option so that if the content filter is down
the system still works with out it?
Yes.
* Does the content filter speak WCCPv2? Or can you glue it to Squid?
On Thu, Aug 14, 2008, Christian MacNevin wrote:
Hi
So the marketing machine tells me 3650s do ACLs in hardware and zero
performance hit blah blah.
Anyone had any real world experience with high loads of packets on
every interface under a simple ACL?
they perform like the 3550's - It Just
.. i just saw this post.
*puts on WCCP hat, wishes he had a PIX hat to put on*
On Fri, Jul 11, 2008, ghostonthewire wrote:
hi, Howard.
Howard Leadmon wrote:
On the CE I have the following in the config:
!
http proxy incoming 80
!
wccp router-list 1 xx.xx.xx.xx (xx is the IP address
On Wed, Jun 25, 2008, Wilkinson, Alex wrote:
Hi all,
We have a:
Cisco 7204VXR (NPE200) processor (revision B) with 114688K/16384K bytes of
memory.
We are loosing our EIGRP neighbour adjaceny due to exhausting our memory usage
(i think): e.g.
EIGRP: Retransmission retry limit
On Mon, Apr 14, 2008, Charles Glass wrote:
Testing with Squid (2 caches) and mask assignment I was able to get 32
mask values per cache. The weight attribute did not appear to have any
effect on distribution of the mask values as it does with hash
assignment.
Then use squid. :)
I would
On Fri, Apr 11, 2008, Charles Glass wrote:
WCCP has been configured to use GRE forwarding and HASH assignment.
Bzzt!
I understand that GRE forwarding with HASH assignment is not the
preferred configuration for WCCP on a 7600 and that GRE is not
supported in hardware.
Configuring L2
On Wed, Apr 09, 2008, mack wrote:
Each one of these is catering to a smaller market segment.
Basic economic would indicate that the market for a general purpose device
is much larger than a more specialized device.
Its great for selling new products into existing markets.
Adrian
On Wed, Apr 09, 2008, Tim Franklin wrote:
On Wed, April 9, 2008 12:27 pm, Adrian Chadd wrote:
Its great for selling new products into existing markets.
Or for losing existing markets to a vendor that isn't tearing itself apart
with 'internal competition'.
If I worked at Juniper, I'd
On Tue, Apr 01, 2008, Alex Balashov wrote:
Strangely, if I Google npe 225 gige I get all sorts of results for
router configurations that appear to include the NPE 225 and a PA-GE,
for instance:
http://www.cisco.com/en/US/products/hw/routers/ps341/products_data_sheet09186a0080088724.html
On Tue, Apr 01, 2008, Jose wrote:
I'm thinking of upgrading our NPE300/400s along with their PA-FE-TX port
adapters with NPE-G1s in order to get jumbo frame support for
terminating EoMPLS xconnects. I've tried searching on CCO and Google
but couldn't find a definitive answer as to whether
On Mon, Mar 24, 2008, Mike Johnson wrote:
This thread has gone a little off course, I am really interested in L3 to
the access.
In addition, are there any reasons for not doing it or good reasons to do
it?
Probably because edge to us can mean lots of different things.
current Cisco and
On Fri, Mar 21, 2008, James Slepicka wrote:
Maybe only a consideration in the data center, but you can't do NIC
teaming across multiple switches for fault tolerance.
Sure you can.
(Oh, you want me to tell you how?)
Adrian
___
cisco-nsp mailing
.
Adrian
On Fri, Mar 21, 2008, James Slepicka wrote:
!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
html
head
meta content=text/html;charset=ISO-8859-1 http-equiv=Content-Type
/head
body bgcolor=#ff text=#00
enlighten mebr
br
Adrian Chadd wrote:
blockquote cite=mid
On Mon, Mar 17, 2008, Deny IP Any Any wrote:
I have a 6506 with a Sup2 running in Hybrid (7.6/12.1) mode. It has a
X6548-GE-TX, with many high-bandwidth devices on it. I am not seeing
any interface errors, and nothing but zero's in a 'show asicreg port
pinnacle err', however, I am getting
On Fri, Mar 14, 2008, Joseph Jackson wrote:
Do you get wire speed out of those GigE ports? I remember reading some where
that the G1 could only push around 750mbs. I can't find the info now so I
might just be crazy.
I don't have any G1/G2's in production. I'm just going off the
On Fri, Mar 14, 2008, Sridhar Ayengar wrote:
Anyways, just wanted to chime in letting you know you're definitely not the
only person facing these issues ; ) I would definitely upgrade to NPE-1G or
2G if it's in budget though as that will be a significant upgrade from a
performance
On Sat, Mar 08, 2008, Troy Davis wrote:
One option is a transparent proxy like Squid. Direct and embedded
Youtube URLs are fairly consistently constructed; as long as you can
filter based on the HTTP 1.1 Host header, blocking *.swf from
*.youtube.com would prevent movie playback.
.. and
On Tue, Mar 04, 2008, Joe Maimon wrote:
Is there any way to get the vxr to support analog dialup access using
pri t1's?
IIRC, If there's no DSPs there's no analog dialup.
Adrian
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On Tue, Mar 04, 2008, Joe Maimon wrote:
IIRC, If there's no DSPs there's no analog dialup.
What about the MIX port adapters?
No idea. I've personally never rolled analog dial services on a 7200.
I was involved in terminating L2TP/L2F from 5200's/5300's, and that
was late last century.
On Thu, Feb 28, 2008, Mark Tinka wrote:
Hello.
As promised, here are the links that discuss BCP's for ISP
large scale routing, showing the use of OSPF and iBGP for a
scalable and comprehensive internal routing policy:
ftp://ftp-eng.cisco.com/pfs/isp-workshops/BGP_Presentations/bgp-3.pdf
On Fri, Feb 15, 2008, Joseph Jackson wrote:
vpdn username [EMAIL PROTECTED] password *
All the commands go in ok but when I do a debug pppoe packets it looks like
the pix can't find the pppoe server. It does the discovery but never gets a
response so fails. The telstra setup email
Well, Satellite IP is a fun task in itself to get right.
I'd suggest looking at QoS policy/class maps and getting yourself up to scratch
on the different methods of queueing that are available.
There's plenty of good documentation on QoS and the Cisco Way Of Doing It
on the Cisco website. Go
On Mon, Feb 04, 2008, Daniel Hooper wrote:
Tftpdnld from the console if your device supports it, takes the pain
away.
.. only if the rom monitor or internal IOS supports a network interface. ;)
I'm guessing thats not so much of a problem with stuff today, but
in the past, I have fond memories
On Mon, Feb 04, 2008, Daniel Hooper wrote:
The more I think about it the more I can see the hassles in it, no
password resets, no uploading of boot images in case you lose the
running image.. but surely there is something better out there then
serial console port? Anyone got any ideas'?
On Mon, Feb 04, 2008, Casey Mills wrote:
I am new to Cisco and trying to get started. I have a 2611 router
with a couple ethernet ports to get started. I would like to set it
up for home use. DHCP client on one port, DHCP server on the other,
and NATing. Can someone point me to a website
On Sun, Jan 27, 2008, Eugeniu Patrascu wrote:
My feeling is that Cisco is trying to make some extra money by forcing
people to buy the installation from them. Just like any other router I
presume the CRS-1 has an installation manual, no ?
Have you seen a photo of a CRS-1 cluster?
Adrian
On Sun, Dec 16, 2007, Aaron R wrote:
Hi Guys,
I am having some trouble with a dial solution that I am hoping someone can
help me with. My current setup involves a dialup pstn modem on the aux port
for the purpose of remote access. I am using ip unnumbered on the dialer
interface so that it
On Wed, Dec 12, 2007, Masood Ahmad Shah wrote:
Yes that's the answer. If you can't use routing protocol your choice is IP
SLA monitor.
Does this actually work on the 3560? The last I checked the commands
were supported but they did nothing..
Adrian
On Fri, Nov 16, 2007, matthew zeier wrote:
I have gear in Amsterdam and in San Jose. Pushing log files from
Amsterdam to San Jose through rsync seems to top out at 7Mbps even
though the box doing the push is pushing much more out to the Internet.
If I run several rsync's it goes
On Sat, Nov 10, 2007, Ian Henderson wrote:
starting with the Cisco Catalyst 4500 with Cisco IOS Software
Release 12.2(40)SG, the Supervisor Engine 6-E offers Quack
support, which detects, disables, and logs counterfeit
components.
And what an awesome feature
On Sat, Oct 27, 2007, matthew zeier wrote:
I made need a (cost effective) bgp-capable router for a remote
deployment which would only need to announce -1- route and take in a
default route from -1- provider. Also needs to push 100Mbps of traffic.
A 3750 (EMI) can do this fine, right?
G'day,
I built a new 3750 stack today and I couldn't manage to bring all
7 members in. The members are a 48-port gige, 2x24 port gige, 3 x 48 port
10/100 and
1 x 24 port 10/100. This failed switch is a 24-port gige 3750.
00:29:57: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 5 has changed
On Thu, Oct 18, 2007, Jonathan Charles wrote:
Issue a format flash:
It takes about 2 seconds and wipes it clean...
Besides, no one uses SDM anyway...
oh crap all of my CME files are gone!
Its generally fine to start with, but then strange crap happens. Phones
don't ring right, new phones
Did you delete the file or erase the flash first?
Obviously a show flash would've been a great thing to do
when emailing this out as the default 2800 CF cards ship with
other gunk on them as well.
Adrian
adrian
On Thu, Oct 18, 2007, omar parihuana wrote:
Hi lists,
I'm trying load the
On Mon, Oct 15, 2007, Joe Maimon wrote:
So after over a year of issues with ACL's/CBAC I get the word.
CBAC is unsupported on 7500 series
However, a google search of CBAC 7500 turns up:
http://www.cisco.com/en/US/products/hw/routers/ps359/prod_brochure09186a00800886e4.html
This isnt
On Wed, Oct 10, 2007, Masood Ahmad Shah wrote:
Not Cat5... You need to have Cat 5e or Cat 6... Simple Cat 5 will not work
for 1000BaseT
I'm sure it works, just not as well as you think..
Quoting Gigabit Ethernet article from Wikipedia (of course, its Wikipedia, so
its
not an authoritative
What you want is Reliable Static Routing Backup Using Object Tracking
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html
* setup an SLA to ICMP ECHO ping an IP
* setup a tracking object to track an SLA entry
* setup a default route to only trigger
Thought about setting switches into vtp mode transparent
before peeling them off the actual domain?
Adrian
On Fri, Oct 05, 2007, Jeff Kell wrote:
I'm trying to split a branch building off of the main campus VTP domain and
not having much success.
Currently we have one VTP domain that
On Fri, Sep 21, 2007, stevek wrote:
I am sure someone somewhere has asked this before:
Is anyone familiar with a way to deploy a per-session rate-limit on the
7200 platform? I have a number of 7200s which are attached to campus
networks and we are looking to limit per-user or per-session
On Thu, Sep 13, 2007, Skeeve Stevens wrote:
Hey all
I know BGP on switches has been discussed a lot, and how, yes it is unwise
from number of routes perspective.
But what I am looking for is setting up a 3550 with about a dozen ISP's
connected to it.
The ISP's would BGP peer and
On Mon, Sep 10, 2007, Michail Litvak wrote:
Hi All,
I have 6506 with sup720bxl3, and configure bridge between two SVI.
bridge irb
!
interface Vlan60
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Vlan61
no ip address
bridge-group 2
bridge-group
On Mon, Sep 10, 2007, Phil Mayers wrote:
I can ping through this catalyst, but OSPF don't work. Seems multicast
traffic don't passed through bridge.
I seriously doubt this will work well on a 6500; it's undoubtedly done
in software on the MSFC, and the mantra is if it isn't supported in
Does anyone know if there's a roadmap forward for IPv6 support with WCCPv2?
I've had a few people ask me when Squid will support IPv6 WCCPv2 interception.
Thanks,
Adrian
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On Thu, Sep 06, 2007, Raymond Macharia wrote:
Actually I did try a regular Cisco SFP with no progress at all, the Wireless
equipment LED lights up indicating some kind of physical connection but the
Cisco remains totally unresponsive, its as if there is no connection at all.
I even tried using
On Fri, Sep 07, 2007, Mark Tinka wrote:
On Tuesday 04 September 2007 21:06, Vincent De Keyzer wrote:
The fact is that I can create a .1q interface on a PA-4E
port -...
Just curious; does the 802.1Q encapsulation actually work on
this PA?
Yup! I just verified it between a 7204 (with
On Fri, Sep 07, 2007, Mark Tinka wrote:
On Friday 07 September 2007 11:36, Adrian Chadd wrote:
Yup! I just verified it between a 7204 (with PA-8E's and
a PA-4E) via a 2924XL to a 3640:
Interesting... thanks.
I should've also included:
System image file is slot0:c7200-is-mz.123-16.bin
On Sun, Aug 26, 2007, Networkers wrote:
Let me know if you have questions. Here is the show policy and the relevant
part of the 2621's config.
Aha, lets see.
#show policy int multi1
Multilink1
Tsk!
interface Multilink1
bandwidth 3072
ip address Public.IP.Goes.Here 255.255.255.0
On Thu, Aug 23, 2007, Skeeve Stevens wrote:
Hi all,
Can anyone please tell me how to initiate a DSL connection (forcing to
authenticate) on an 877, and is it any different on an 837, etc.
It seems to wait some sort of random period before retries.
Its just a normal dialer session. Fiddle
On Mon, Aug 13, 2007, Robert Boyle wrote:
At 10:38 PM 8/13/2007, a. rahman isnaini r. sutan wrote:
Am I right to say that MLPPP could utilize all bundled T1/E1 100% ?
Or it might be wouldn't work normally as there some headers added on ?
And recommended is 75% for a normal load balancing.
On Wed, Jul 25, 2007, Saku Ytti wrote:
Does anyone have any links handy which documents the reality of this
feature, or am I just hallucinating during long sessions about 10GE copper
provisioning in (Western Australian) datacentres?
Your best bet is to talk to your SE. I don't think much
On Wed, Jul 25, 2007, Ian MacKinnon wrote:
Oh I had heard something about this, and then could not find anything so
thought I was making it up :-)
Anybody got any public info?
Besides that stuff is under NDA. Guess you'll have to speak to your
SE about it. At least the replies confirmed I
G'day,
The 'enterprise' presentations from Cisco I occasionally attend have been
going on about a feature on the 6500 roadmap which pairs two 6500's
together into one virtual router/switch.
Does anyone have any links handy which documents the reality of this
feature, or am I just hallucinating
On Fri, Jul 20, 2007, Sridhar Ayengar wrote:
Winders, Timothy A wrote:
So what is everyone doing with these forklifted 7507's? I just replaced my
7507 and it's sitting powered off in the corner.
I wish more of them got on ebay for us hobbyists/home users to pick
over. I'd love to get
On Mon, Jul 16, 2007, Ahmad Cheikh Moussa wrote:
Hi!
David Granzer wrote:
you can not use bandwidth on input direction.
I've got the same error, when I use the priority
command. It doesn't matter what I configure in that
policy-map, I've got this error.
Why would you police/bandwidth
On Mon, Jul 16, 2007, Rodney Dunn wrote:
Why would you police/bandwidth on inbound data? You've already
received it.
I used to argue that same point. But I've since backed off
of it a bit. The reason is a deployment scenario where a
user (customer) connects but has multiple egress
On Fri, Jul 13, 2007, Paul Stewart wrote:
Hi folks...
I'm trying to come up with a cheap Cisco solution for IP Phone deployment.
The reason I stress cheap is because it's for my house;)
I need to take 3 SIP connections and one analog land-line into a router/box
of some form and then
On Tue, Jun 26, 2007, Skeeve Stevens wrote:
Damn and Awesome ;-)
Now I know what the concept is called. but needing a router sucks.
You don't -need- a router, you just need clearly defined boundaries between
your internal network and your borders.
There's no magic rule which states you
On Tue, Jun 19, 2007, Jeff Kell wrote:
Steve Feldman wrote:
No, the 3548XL is layer 2 only. I think the layer 3 features started
showing up in the 3550 series switches.
IIRC, the XLs are all L2 only. The 29nnXLs were strictly 100Mbps while
the 35nnXLs had Gig (uplinks).
The
On Wed, Jun 20, 2007, Brian wrote:
We're trying to forward all http traffic to a web filtering service on the
Internet. They require the http traffic forwarded to a name and then
forwarded to port 3128. I was thinking of creating a route-map and setting
the next-hop to be the IP address.
you're
changing the next-hop to the inside interface of a NAT layer that
implements what I describe above.
- billn
On Wed, 20 Jun 2007, Adrian Chadd wrote:
On Wed, Jun 20, 2007, Brian wrote:
We're trying to forward all http traffic to a web filtering
On Wed, Jun 20, 2007, Aman Chugh wrote:
Just wanted to jump in after reading the thread, I had integreated my Cisco
IOS firewall router using a url filter with websense, I would like to know
if I can integreate web proxy on the internet with my Cisco IOS firewall and
which web proxies on the
On Tue, Jun 12, 2007, Rikard Stemland Skjelsvik wrote:
Actually we route to the LAN in the other end out the WAN interface
ip route x.x.x.x 255.255.255.192 FastEthernet0
Why do you do this rather than routing to an IP address on the other
end of the WAN interface?
(Why do people do this? Is
On Tue, Jun 12, 2007, matthew zeier wrote:
I'm supposed open a remote office in China and the requirement is that
all domestic traffic go out ProviderA.cn and all other traffic out IPSEC
tunnel to the US office.
The actual stated goal was that any domain ending in .cn go out the
I've done ratelimiting on similar kit but on the l3 ports, ie:
int fa2
switchport access vlan 2
!
int fa3
switchport access vlan 3
!
int vlan 3
ip addr x.x.x.x y.y.y.y
insert generic rate limiting here
!
Rate limiting on the SVI will work fine if all ports on that vlan are
going to be
On Tue, Jun 05, 2007, Richey wrote:
I've always been told that the card slots in the non VXR 7206s were not hot
swappable. I've got a non VXR 7206 with 1 AC and 1 DC power supply. The DC
needs to come out and an AC stuck back in it's place because it's new home
does not have DC power
On Tue, Jun 05, 2007, Shakeel Ahmad wrote:
Guys,
In a scenario, we want to advertise the connected network (Loopback
interface) into Two OSPF process. It works fine but while advertising we
need to keep our loopback Classful as connected redistribution doesn't allow
classless.
.. redist
On Fri, May 25, 2007, Jonathan Charles wrote:
So, I am curious, can you pull a CF card from a 2821 while the router
is up and running?
I've had to do it a few times in production and have done it plenty of
times in the lab. Routing doesn't get upset. Different story if you're
running something
On Mon, May 14, 2007, Brian Turnbow wrote:
Wanted to post an update on this in case anyone else ever has problems.
The only way I found to resolve this issue was to move traffic onto different
interfaces , removing the router on a stick routing.
Did you stick the port into a SPAN group and
On Fri, May 11, 2007, Ed Ravin wrote:
I don't recall the exact numbers, but I remember that even a mere 20-30 Mb
of traffic in short packets would send the 7200 begging for mercy. I don't
need to screen out all potential attacks, but I do need the ability to
screen out any particular attack
On Thu, Apr 05, 2007, Alex Campbell wrote:
Hi all,
I'm looking at putting two 3560Gs in front of a couple of servers in a
high-availability configuration, and hoping that someone who has tried a
similar setup could provide some guidance. A rough diagram of the
approach I'm considering is
Hiya,
My coworkers have reported seeing issues with various upgrades to IOS and ASA
software revisions as of late. The symptoms are IPSEC tunnels don't establish
between the latest ASA software (updated for the security fixes) and some issues
with with 12.4(11)T advanced ip services/security
99 matches
Mail list logo