--- Begin Message ---
Not sure what you mean by "brick" ? I have a 1002-HX running 16.6.4,
similar output as yours and I have 3+ years of uptime and about 20G+
traffic rolling through it...
On 12/15/2021 2:11 PM, Dave Peters - Terabit Systems wrote:
There are some Cisco bugs for other units
--- Begin Message ---
On 6/28/21 6:13 PM, Lee Starnes wrote:
I have some ASK9010 chassis that are getting upgraded fan trays from v1 to
v2. My question is to upgrade these, is it possible to pull one and replace
it and then pull the other and replace or will the system have issues with
mixed fan
On 9/23/20 12:48 PM, Ted Pelas Johansson wrote:
> router isis WanCmp
> is-type level-2-only
> net 49.0001...0452.00
> address-family ipv6 unicast
> !
> interface TenGigE0/0/2/0
> address-family ipv4 unicast
> !
You'll also need this for each AF...
address-family ipv4 unicast
On 4/29/20 12:23 PM, Sander Steffann wrote:
> That combined with the whole mess with "your PSU and fan tray are not
> compatible with the 64-bit OS a few years ago" makes me avoid the platform.
We got bit by this, not just by the 64-bit thing, but when Cisco
deprecated and stopped supporting the
On 7/18/19 1:09 AM, Richard Mikisa wrote:
> Issue was mismatched MTU. I reduced them down to 2000 after a ping
> sweep and its been steady since.
I would ping across the link with DF bit set and see what the maximum
size packet you can successfully transmit over the point-to-point and
set your
+1 for the N93K. Using 93180YC-EX on both 10G and 25G connected hosts
for VSAN and on the network side it's been solid.
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP: https://inoc.net/~rblayzor
On 7/25/18 10:41 AM, Doug McIntyre wrote:
Nexus switches are quite suitable. (NB: Nexus is
What (if any) 25GB server NIC’s has anyone had good success with using the
Nexus 93128-EX ?
Anyone with experience with the Mellanox MCX4111A-XCAT ConnectX-4 ? I assume
one would have to use compatible SFP-H25G-CUxM to keep the Nexus side happy?
TIA for any feedback/experiences you could
NAS-port-type doesn’t really help as I could have multiple port types over the
bba-group.
Already going option 2, but it’s becoming un-maintainable with hundreds of
intfs, even using regex matching… Also when moving/adding/removing ports from
the router, I want to avoid having to alter the
I’m trying to find a way to have an IOS-XE BRAS send some sort of group
identifying RADIUS attribute based on either bba-group or PPP enabled
interface. Is this possible? I do understand there is agent.id or circuit.id
but those come from the access side and not something I can use. I do also
Most SP’s support community tags of their directly connected customer prefixes.
That may be your path of lease resistance.
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP Key: 78BEDCE1 @ pgp.mit.edu
> On Oct 17, 2016, at 4:14 PM, Nick Cutting wrote:
>
> Good
--- Begin Message ---
On Feb 1, 2016, at 4:52 PM, Aaron wrote:
>
> wow, check out the interface names at the bottom of the list, yeah the names
> that start with "H" !!
>
> RP/0/RP0/CPU0:eng-lab-5001-1#sh ip int br
> Mon Feb 1 15:37:16.489 CST
Been looking at these for a
--- Begin Message ---
On Oct 5, 2015, at 5:20 AM, Gert Doering wrote:
>
> ASR9001 is what you want for a peering router.
+1 on this. You can also save yourself some cash up front and go with ASR9001S
with half the ports and bandwidth for almost half the initial cost.
--
---BeginMessage---
What doesn’t work about it?
On the 9K the rate will be applied to each member in the bundle individually,
not as an aggregate. So in your config below, each link in the bundle will be
policed to 1 Gbps, not 1Gbps over the entire bundle.
--
Robert
inoc.net!rblayzor
Jabber:
On May 12, 2015, at 1:05 PM, Maile Halatuituia maile.halatuit...@tcc.to wrote:
Traffic has been forward from the Server by a PBR on the MSFC base on server
source address. I can see it on the ACE when debug, the normal destination
nat is working but the issue happen when the slb mechanism
On Mar 18, 2015, at 3:59 AM, Mark Tinka mark.ti...@seacom.mu wrote:
What I want is an ASR920 with 40x or 48x ports, with 4x 10Gbps SFP+ uplinks,
all line rate.
Then how about an ASR9001?
--
Robert
inoc.net!rblayzor
http://inoc.net/
___
On Mar 18, 2015, at 3:16 AM, Mohammad Khalil eng_m...@hotmail.com wrote:
I have Cisco ASR 903 with two RSPs
When I console to one for the RSPs , i am in the rommon mode
When I try to browse for the bootflash , I get the below message
rommon 1 dir bootflash:
ERROR:: PRSSTAT.BREN is NOT
prevention in BGP is seeing the same originating AS and
dropping the prefixes.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco
to be free to use and a pay for
support option.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
, etc.. that's when they get a bit more complex and
time consuming.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
to setup queueing policies
on all of your interfaces in the network. RSVP will do the admission control,
but you'll still need to have your service policies on all the interfaces the
LSP's traverse.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor
network are NOT congested (utilized at or above line rate) AND
I'm seeing ip sla probes reporting 200 ms latency will qos solve this?
Congestion management and congestion avoidance are moot points if there is no
congestion in the network.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http
2 x ASR9001 operating in a cluster might be an option. Each has 4 SFPP ports
which will do 1Gbps or 10Gbps.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
with it.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
don't seem to be showing traffic on the correct EVC's.
Kind of a mess.
- Counters will break completely on an RSP switchover. They just zero out and
stop incrementing. (I have a TAC case/bug on this one)
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor
selection is effected by configured or calculated interface cost?
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
the default scale to l3 or l3xl scale and you'll be good for
1M+ routes. Of course L3 scale eats up L2 scale and vice versa, so choose your
battles wisely.
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp
the 9K, it would
make a decent Internet facing router or massive Ethernet transport/aggregation
platform... not both. Maybe this changed with the new RSP's...
--
Robert Blayzor
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp
management interfaces now on some of the G2's, but need another
interface to trap some IP exported streams (10 - 20Mbps max). I
cannot find anything that states what the limited packet forwarding
is. Anyone have any more info or real world experience?
TIA
--
Robert Blayzor, BOFH
INOC, LLC
server load balancing switches or appliances that support
this today?
--
Robert Blayzor, BOFH
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco
and VLANing, but I don't have that option. Also there may be
just one or more than one client behind each switch port, (ie: servers
from another switch may be connected to the 6509).
TIA
--
Robert Blayzor, BOFH
INOC, LLC
rblay...@inoc.net
http://www.inoc.net/~rblayzor
to limit the IP address they can
arp for, and we'd also be able to ACL their ingress.
Doing L3 routing is not out of the question. Something we can easily
do with a VRF. We just want to remove the extra step of having them
have to add the routes on each device to access the SAN.
--
Robert
% load
over to the standby box as well.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
to accomplish? As previously mentioned the
7500 is EoS. You may want to look at a 7200 NPE-Gx running 12.2SB.
Then you can keep RBE.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp
obtain it via TAC.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail
what slots you choose.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net
. (possible but unlikely) The same goes for any
UDP type service. Since ACL's are not stateful, you have to
explicitly allow all packets to complete a bi-direction flow. (unless
you can cheat by using established of course).
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http
to replace a stateful firewall kind of defeats the purpose
and ends up being more trouble than it's worth. (IMHO)
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
for the ASR, but if
you're looking for multi-gigabit encrypted links I'd look at the 7600
with the IPSEC offload SIP/SPAs.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp
immediately.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
bandwidth percent 5
class class-default
fair-queue
policy-map atm-3m-voip
class class-default
shape average 300
service-policy max-voice
Then you can apply your policy map to the sub interface
HTH.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net
On May 22, 2008, at 12:11 PM, Steven Pfister wrote:
Does anyone have a working L2TPv3 tunnel between two 3640s?
According to the feature navigator, L2TPv3 doesn't exist on the 3600
series.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor
l2tpv3 foo
ip local interface ...
interface FastEthernet0/1
xconnect 2.2.2.2 555 pw-class test_l2tp
If the tunnel comes up and you can pass traffic, then it goes down,
that's not authentication. If it were an authentication issue, your
tunnel should not be coming up at all.
--
Robert
because 0/8 is IANA reserved doesn't mean it's not a valid prefix.
Default should only be matched on a zero sized prefix, not zero's in
the first eight bits of the network.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor
as part of a attribute returned from a
RADIUS server. I know there may be an issue with packet size, but I
think most 512-1024 bit keys should be able to fit in a standard
authentication based response.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac
RFC3704, Section 5 seems to have the best information on the use of
ingress/edge filtering and the use of loose/strict RPF.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier than debugging
Windows
sure you're
getting good clocking from both providers, have you tried one and not
the other, etc?
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier than debugging
Windows
, this could save your
configuration from being 1000's of lines long. Also makes it easier
when you actually have to scroll through your running config! ;-)
HTH.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier
: Framed-Route = 192.168.1.0/29
Will just work...
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier than debugging
Windows.
___
cisco-nsp mailing list cisco
in SB11, but was not.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier than debugging
Windows.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
server farms.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier than debugging
Windows.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
...;) Looked at both modes and didn't see how either
would work
unfortunately
If these are Linux or *BSD servers, you could look at CARP.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier than
are all on the same L2 VLAN. You need a Layer3 hop in there
somewhere.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Mac OS X. Because making Unix user-friendly is easier than debugging
Windows.
___
cisco
. I guess you can
look at it as eating your own dogfood by making yourself use the same
services/hardware as you offer to your customers. ;-)
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Design: The activity of preparing for a design review
, 3560, 3750, etc.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
SELECT * FROM users WHERE clue 0
0 rows returned
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
in looking at it for a full route table today, as you'd only be
replacing them with the XL in a few short months. (maybe sooner)
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Unix is user friendly - it's just picky about it's friends
Pingsta is clearly breaking federal laws.
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
It's obvious they are harvesting email addresses from this list.
Regardless if someone was carefully selected to receive their
mailings, if someone didn't opt in, it's spam.
--
Robert Blayzor
to admit you're being a
little over the top.
Actually I'm not. Even if it's just ONE message, Pingsta is breaking
the law, period.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
My Other machine is your Linux Box
___
cisco-nsp
being a bit peeved if they purchased a 7200 for
roughly $25k and it failed on the 91st day with no Smartnet.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Debugger: A tool that substitutes afterthought for forethought.
___
cisco
server. (along with statics and other things).
If you really want to use DHCP, maybe you should scrap PPPoX and just
use RBE.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
SELECT * FROM users WHERE clue 0
0 rows returned
scrambling, and your device doesn't allow you to enable it... good luck.
If there is a scrambling mis-match on either of the PVC... it won't
work... period.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
SELECT * FROM users WHERE clue 0
0 rows returned
you take the channels out of the DS3 and get them to IMA? You'll have
to use an external mux and feed the T1's back into the router.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Life's unfair - but the root password helps
=x.x.x.x y.y.y.y
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Design: The activity of preparing for a design review.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
not sure what they're actually putting
at the end of the T1.
The other thing is, while VPN internetworking seems to be supported on
the 7200 (which is ok for one end), I'm not sure (or doubt) that it's
supported on the 1800 ISR's..
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor
the broken AAA
server giving out the same IP address for multiple sessions.
Easier yet, if possible, set the pool up in the router and let it
control giving out dynamic addresses. You can just use a static pool in
the virtual-template or tell it which pool to use from the AAA server.
--
Robert
Paul Stewart wrote:
Is there a way to have SLB answer a virtual address that is forwarded to the
real IP of *one* of the servers while maintaining an active/standy
configuration? The docs only talk about load balancing itself.
Sorry, forgot to answer the second part of this...
Yes, you
Paul Stewart wrote:
My last question would then be if we ran NAT with SLB then the servers
having to cross layer3 comes out of the equation correct... because with
NAT, there would be a translation happening which would handle the actual
SLB portion?
I personally have not found NAT based SLB
Seth Mattinen wrote:
My understanding is that traffic can't traverse the same interface for
or be on the same L2 in any form for SLB to work.
Correct. As stated in previous message, there must be an L3 hop between
the clients and the virtual servers/server farms.
-Robert
Paul Stewart wrote:
So, what's a good hardware solution (bearing in mind that we can still do
this in software on the servers)?? Cisco used to make load balancing
hardware at one time but I don't think they are involved with that any
longer?? Open to hardware suggestions.. preferably
Arie Vayner (avayner) wrote:
Hmm... I am writing from (long term) memory here...
I can't test it right now, but what most likely has to be done is to
build 2 different vservers, and use the vlan num classifier (with a
different vlan ID per vserver).
Both vservers can use the same
. Sounds like the telco has theirs set for NNI and
his set for UNI. They could make his a community VLAN, but for the
telco, probably easier just to set his ports to NNI unless they expect
more uplinks.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
Life's unfair
to ports configured with
switchport mode dot1q-tunnel?
How are these actually connected to your network and 6500's? The
ME3400's have UNI ports which can only pass traffic to an NNI ports and
not to any other ports. (unless you setup some community VLAN's etc)
--
Robert Blayzor
INOC
[EMAIL
of throughput are
you looking for on each port on average and are you looking for just one
big layer2 network, any uplinks, layer3 ports? You can stack low cost
chassis probably all day long but other than just having 2000 ports,
what are you trying to achieve?
--
Robert Blayzor
INOC
[EMAIL PROTECTED
is that you have something on the far end that's just nailing something
big from a LAN or whatever it's happening quickly and you're not seeing
it in the 5 minute averages.
--
Robert Blayzor
INOC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
FreeBSD, Putting the 'Operating' back into OS
using prefix-list ?
c7600-lab0(config-router)#neighbor 1.1.1.1 prefix-list foo ?
in Filter incoming updates
out Filter outgoing updates
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A
log | top 5 (shows top 5 lines)
top and last could easily be replaced with head and tail, but that's
just the unix geek coming out! :-)
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580
quality is super, it's just acceptable. I'm sure
compared to a cell call, it sounds great! ;-)
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580 500E 66F9 0BFC
I do not fear computers. I fear
PDU's, etc.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580 500E 66F9 0BFC
Email is packaged by intellectual weight, not volume. Some settling of
contents may have occurred during
Frank Bulk wrote:
Any ideas?
Run your own local NTP server that uses the DNS based pools, then point
your routers to the IP address of your server.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720
better accuracy
rather than depending on some unknown public time source.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580 500E 66F9 0BFC
Hackers have kernel knowledge
of situation?
Try something like:
aaa authorization network PTP none
Then under your multilink interface something like:
ppp authorization PTP
You may need the ppp authorization PTP under each PPP serial link,
it's been a while.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com
the traffic to. Just go to CCO and search for lawful
intercept, lots of docs come up.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580 500E 66F9 0BFC
Justify my text? I'm sorry but it has
81 matches
Mail list logo