li...@hojmark.org (Asbjorn Hojmark - Lists) wrote:
Yes, several things, including software downloads, have been totally
b0rken for the last several hours.
s/hours/years/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Hi Oil,
Below is my whole config of the ASR9K, now the tunnel can up.
mpls traffic-eng
interface TenGigE0/0/0/0
!
interface TenGigE0/1/0/0.1700
!
auto-tunnel mesh
group 1
destination-list 1
!
group 2
destination-list 2
!
tunnel-id min 1001 max 2000
!
auto-tunnel backup
Just enable the ip ospf demand-circuit cmd under the dial backup interfaces
The LSAs are than exchanged only once with DNA bit set, periodic refresh (30
min by default) is suppressed and LSAs are sent only when there's topology
change -therefore the remote site should be conf at least as stub
I guess that would go under the tunnel template used for auto-tunnels
adam
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of ??
Sent: Thursday, February 23, 2012 10:48 AM
To: Oliver Boehmer (oboehmer)
Cc:
I'm sorry the auto template is only used in ios
In XR you can specify the autoroute announce under attribute set
And than use that with the group
adam
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of ??
Sent:
Yes, correct. One more thing, in the IOS we configure the tunnel mpls
traffic-eng path-option 1 dynamic to automatic calculate the path, now in
the IOS-XR, no more?
Thanks/Xu Hu
在 2012年2月23日 下午6:15,Vitkovsky, Adam avitkov...@emea.att.com写道:
I'm sorry the auto template is only used in ios
In
Hey Guys,
Is anyone know the EFA progress of Cisco RMA?
The customer need us to do the analysis, they need the EFA report.
Thanks and Regards,
Hu Xu
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Hi Anton.
Yes you are correct.
I have GigE port facing LAC. And only 10Mpbs is allocated for this connection.
I want to ensure voice gets prioritized and so on...
I have original TOS headers reflected on the tunnel headers already.
From: Anton Kapela
In XR you’ll configure it the same - “path-option 1 dynamic” or “path-option 1
explicit name” under the tunnel-te interface
adam
From: 许虎 [mailto:jstuxuhu0...@gmail.com]
Sent: Thursday, February 23, 2012 11:58 AM
To: Vitkovsky, Adam
Cc: Oliver Boehmer (oboehmer);
I know, but my situation is auto-tunnel mesh.
Thanks and regards,
Xu Hu
On 23 Feb, 2012, at 19:35, Vitkovsky, Adam avitkov...@emea.att.com wrote:
In XR you’ll configure it the same - “path-option 1 dynamic” or “path-option
1 explicit name” under the tunnel-te interface
adam
Yes, correct. One more thing, in the IOS we configure the tunnel
mpls
traffic-eng path-option 1 dynamic to automatic calculate the path,
now in
the IOS-XR, no more?
No, as already mentioned earlier, there is currently no option to
specify different path-options for auto-mesh tunnels. so
Well for auto-tunnel it's dynamic by definition right?
I'm not sure whether you might somehow specify NHs that auto-tunnels should use
-doesn't make sense
Though you could use affinities in order to exclude some of the links used by
auto-tunnels
adam
-Original Message-
From: Gmail
I've always gotten it from our account team.
On Feb 23, 2012 6:02 AM, 许虎 jstuxuhu0...@gmail.com wrote:
Hey Guys,
Is anyone know the EFA progress of Cisco RMA?
The customer need us to do the analysis, they need the EFA report.
Thanks and Regards,
Hu Xu
Well for auto-tunnel it's dynamic by definition right?
I'm not sure whether you might somehow specify NHs that auto-tunnels should
use -doesn't make sense
yes, agreed, but you might want to specify some NHs the tunnels should NOT use
(i.e. exclude)..
but in 99% of the cases, dynamic is the
Account team? You mean they will give you the analysis report?
Thanks and regards,
Xu Hu
On 23 Feb, 2012, at 20:45, Chris Evans chrisccnpsp...@gmail.com wrote:
I've always gotten it from our account team.
On Feb 23, 2012 6:02 AM, 许虎 jstuxuhu0...@gmail.com wrote:
Hey Guys,
Is anyone know
Hi,
You need to request this from the TAC engineer BEFORE you start the RMA process.
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of ??
Sent: Thursday, February 23, 2012 13:00
To: cisco-nsp@puck.nether.net
Subject:
Could you suggest us the best practices to design a DC and Campus?
Currently we have only 2xN7K and we need deployment both networks
(Campus
and DC).
It's an interesting question, but could you be a tad more specific?
~JasonG
___
cisco-nsp
Ok. Before the RMA? Cisco will give us which kind of report? Depend on what?
Thanks and regards,
Xu Hu
On 23 Feb, 2012, at 21:10, Arie Vayner (avayner) avay...@cisco.com wrote:
Hi,
You need to request this from the TAC engineer BEFORE you start the RMA
process.
Arie
-Original
Yes, now that I think about it, it might be helpful to have a knob to instruct
a group of tunnels to use or exclude a particular hop
adam
-Original Message-
From: Oliver Boehmer (oboehmer) [mailto:oboeh...@cisco.com]
Sent: Thursday, February 23, 2012 2:00 PM
To: Vitkovsky, Adam;
The upgrade was done and a few things I can share:
1) the install script did not update correctly the boot variables:
boot kickstart bootflash:/n7000-s1-kickstart.5.2.3a.bin sup-1
boot system bootflash:/n7000-s1-dk9.5.2.3a.bin sup-1
boot kickstart
running a 7600 with s72033-advipservicesk9_wan-mz.122-33.SXH7
actually just installed device, added crypto key rsa ~ all normal here,
noting unusual to report.
but, oddly this is what i am seeing when i try and ssh to box.
The remote system refused the connection.
I have loaded ssh to 100s of
On 23/02/12 13:56, Chris Lane wrote:
running a 7600 with s72033-advipservicesk9_wan-mz.122-33.SXH7
actually just installed device, added crypto key rsa ~ all normal here,
noting unusual to report.
but, oddly this is what i am seeing when i try and ssh to box.
The remote system refused the
Make sure you notify your field team who is responsible for shipping the
device that EFA is sent to a different address.. We've accidentally sent
EFA request to normal RMA depots and that was not fun trying to track the
gear down..
On Thu, Feb 23, 2012 at 8:34 AM, Gmail jstuxuhu0...@gmail.com
Have a stored key on your ssh client already for that hostnamr or ip?
On Feb 23, 2012 8:59 AM, Chris Lane clane1...@gmail.com wrote:
running a 7600 with s72033-advipservicesk9_wan-mz.122-33.SXH7
actually just installed device, added crypto key rsa ~ all normal here,
noting unusual to report.
It usually means the server wasn't listening, was listening on a different
port or did not have the proper keys generated and could not negotiate
encryption. I don't know the debug options for ssh off the top of my head
but they should be simple to find on the interwebs if you need them. If
Thank you all to who replied.
This has been fixed.
it was a simple command i overlooked on the line vty
transport ssh.
thanks again
Chris
On Thu, Feb 23, 2012 at 9:08 AM, Andriy Bilous andriy.bil...@gmail.comwrote:
vty 0 4
transport input ssh
?
debug ip ssh on the router ssh -vvv on the
vty 0 4
transport input ssh
?
debug ip ssh on the router ssh -vvv on the client?
On Thu, Feb 23, 2012 at 2:56 PM, Chris Lane clane1...@gmail.com wrote:
running a 7600 with s72033-advipservicesk9_wan-mz.122-33.SXH7
actually just installed device, added crypto key rsa ~ all normal here,
noting
EFA and RMA are different.
We all know what RMA is.
When you EFA, you get your replacement part. However, you get a specific
address and shipper for your EFA. We've actually had private couriers
show up before. This needs to be arranged IN ADVANCE of your RMA.
Otherwise it goes to regular
Henry,
You are asking if we can explain what makes a 747 fly. There is a
short and uninformative answer and then there are the other 10,000 pages
of documentation we could go over.
There are a multitude of Nexus specific design guides on CCO. Depending
on your scale and your specific
Any restrictions in the line vty config?
Op 23-2-2012 14:56, Chris Lane schreef:
running a 7600 with s72033-advipservicesk9_wan-mz.122-33.SXH7
actually just installed device, added crypto key rsa ~ all normal here,
noting unusual to report.
but, oddly this is what i am seeing when i try and
It's not a subscription based service or anything like that. Normally an
EFA is something that is agreed upon between the customer and the TAC
engineer and a few other folks. The decision is made (usually
originating from within Cisco) that something is odd with this
particular widget and they
Hi
I am testing functionality between ASA 5510 and Fortigate 80C.
I am creating site-to-Site (IPSEC) VPN between two devices.
Do any one has configuration or suggestion to complete this task?
Thanks,
Hemal
___
cisco-nsp mailing list
Ok. Thanks, Hammer. Yesterday, we upgraded the 7609-s IOS, after reload one
es+t line card cannot up. Then the customer need us to provide EFA.
Thanks for your information.
Thanks and regards,
Xu Hu
On 23 Feb, 2012, at 23:46, -Hammer- bhmc...@gmail.com wrote:
It's not a subscription based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Small Business SRP 500 Series Multiple Vulnerabilities
Advisory ID: cisco-sa-20120223-srp500
Revision 1.0
For Public Release 2012 February 23 16:00 UTC (GMT)
Summary
===
Cisco Small Business (SRP 500) Series Services Ready Platforms
On 23.02.2012 16:47, Hemal Shah wrote:
Hi
I am testing functionality between ASA 5510 and Fortigate 80C.
I am creating site-to-Site (IPSEC) VPN between two devices.
Do any one has configuration or suggestion to complete this task?
Did you check the Fortinet Knowledgebase? They've got a pretty
Dear Cisco gurus,
I have the following simple config for a frame-relay T1 on Megapath's
network:
interface FastEthernet0/0
ip address x.x.x.x x.x.x.x (publicly addressable /29)
duplex auto
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
no fair-queue
Dear Cisco gurus,
I have the following simple config for a frame-relay T1 on Megapath's
network:
interface FastEthernet0/0
ip address x.x.x.x x.x.x.x (publicly addressable /29)
duplex auto
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
no fair-queue
That's actually common on DIA circuits with some companies. I know ATT does
this for their customers. It's an added layer of protection to make it harder
to attack the router, especially if you're running BGP. It might be a default
with Megapath as well. Best to ask them.
-Vinny
-Original
Odds are you have non routed address on the wan interface.
Bill wrote:
Dear Cisco gurus,
I have the following simple config for a frame-relay T1 on Megapath's
network:
interface FastEthernet0/0
ip address x.x.x.x x.x.x.x (publicly addressable /29)
duplex auto
speed auto
!
Hi Bill,
On Fri, Feb 24, 2012 at 5:09 AM, Bill b...@siliconics.net wrote:
[...]
The issue I have is, there's no connectivity from the router itself.
This is an IOS / PPP thing. Look at your routing table.
If you really need self ping to work with PPPoFR, there are a couple
of workarounds.
Hi again,
On Fri, Feb 24, 2012 at 6:58 AM, Dale Shaw
dale.shaw+cisco-...@gmail.com wrote:
This is an IOS / PPP thing. Look at your routing table.
Er, I may have misinterpreted your problem. What are you trying to
ping, exactly? The IP assigned to the Virtual-Template interface, a
directly
I need to extend a small number of VRFs between 2 DCs connected by Metro
Ethernet terminating on 6500s. Currently I am using a routed interface to
route traffic between the sites with no VRF support. I have no need extend
Vlans across the DC only route traffic between the VRFs. I am trying to
Bill,
Add:
interface serial0/0
ip unnumbered ethernet 0
And see if it helps.
Javier Henderson
jav...@cisco.com
On Feb 23, 2012, at 2:06 PM, b...@siliconics.net b...@siliconics.net wrote:
Dear Cisco gurus,
I have the following simple config for a frame-relay T1 on Megapath's
network:
On Feb 23, 2012, at 2:35 PM, Joe Maimon wrote:
Odds are you have non routed address on the wan interface.
The WAN interface has no IP address in his config actually:
interface Serial0/0
no ip address
-jav
___
cisco-nsp mailing list
Hi,
On Thu, Feb 23, 2012 at 03:08:05PM -0500, Chris Breger wrote:
I need to extend a small number of VRFs between 2 DCs connected by Metro
Ethernet terminating on 6500s. Currently I am using a routed interface to
route traffic between the sites with no VRF support. I have no need extend
Hm, I have to take this back. The interface has no address assigned, but
there's a template interface associated with it, negotiating PPP.
-jav
On Feb 23, 2012, at 2:35 PM, Joe Maimon wrote:
Odds are you have non routed address on the wan interface.
The WAN interface has no IP address in
I'm looking to upgrade from SRC4 to SRE5 and I'm wondering if there
are any gotchas, hiccups or non-public bugs that anyone might have
experience with.
IMO, you should be looking at 15.0 S. It's going to have longer life than
SRE.
(Yes, do a bug scrub. Yes, test it.)
-A
I am using GRE on ME3400 with my Core 7600.
...
Any known issue with ME3400 metroipaccess IOS?
GRE (or any other tunnel type) is unsupported on the ME 3400,
regardless of the IOS feature set.
Unsupported Global Configuration Commands
interface tunnel
While IANA may not have allocated anything for private use, 65536-65551 are
reserved for documentation, and those are of cause 32-bit numbers.
http://www.iana.org/assignments/as-numbers/as-numbers.xml
(A separate ASN per site, however, makes little sense to me).
-A
-Original Message-
All,
Is there a way to prevent AnyConnect from prompting users with local
identify certificates (including CaC ones) from being prompted when we
only have AAA selected for auth on the profile?
With the default automatic certificate selection, if they have one cert
installed it tries to use
Ok, few points.
FIrst, yes, Megapath is going to assign you a 172.16 address to your wan
interface. This is a pretty standard Covad / Megapath thing.
Next, when I've done this is memory served I had to use a dialer interface for
the actual interface and bind that to a sub interface using a
This may also be relevant and helpful in this situation:
http://blog.ine.com/2009/12/03/ping-thyself-yet-again-pppofr/
-Vinny
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados
Sent: Thursday, February 23,
Yeah.
Though Im not sure why it's working on the ME-3400G-2CS-A variant.
From: Asbjorn Hojmark - Lists li...@hojmark.org
To: 'ar' ar_...@yahoo.com
Cc: 'cisco-nsp' cisco-nsp@puck.nether.net
Sent: Thursday, February 23, 2012 1:20 PM
Subject: RE: [c-nsp] ME3400
On 2/23/2012 4:20 PM, Asbjorn Hojmark - Lists wrote:
I am using GRE on ME3400 with my Core 7600.
...
Any known issue with ME3400 metroipaccess IOS?
GRE (or any other tunnel type) is unsupported on the ME 3400,
regardless of the IOS feature set.
Unsupported Global Configuration Commands
If your talking Windows 32 and 64bit I've had the same issues over the
years albeit it was by far the minority of machines that would have
problems:
- The easiest work-around in the end has been to use AnyConnect 2.3, 2.4
onwards to 3.x have all had the same result.
- Different result re: clicking
Hi guys,
Now my customer wants to configure the SDR in their ASR9K, is anyone have
the experience of configuring SDR in ASR9K?
Do we need to buy any special license? Because when i configure the SDR in
ADMIN mode, will have the following failures:
sdr Cisco
location 0/RSP0/CPU0 primary
!!% LRd
I don't think there is support for multiple SDRs in ASR9k.
--
Tassos
Xu Hu wrote on 24/2/2012 08:06:
Hi guys,
Now my customer wants to configure the SDR in their ASR9K, is anyone have
the experience of configuring SDR in ASR9K?
Do we need to buy any special license? Because when i configure
Hi,
On 24 February 2012 19:06, Xu Hu jstuxuhu0...@gmail.com wrote:
Hi guys,
Now my customer wants to configure the SDR in their ASR9K, is anyone have
the experience of configuring SDR in ASR9K?
Do we need to buy any special license? Because when i configure the SDR in
ADMIN mode, will have
Yes, Cisco also said that in single-shelf routers cannot support multiple
mode. Maybe just support in GSR and CRS.
Anyway, thanks for your reply.
Have a nice weekend
Hu Xu
2012/2/24 Tassos Chatzithomaoglou ach...@forthnetgroup.gr
I don't think there is support for multiple SDRs in ASR9k.
--
59 matches
Mail list logo