[c-nsp] Incorrect bandwidth
Hi, I have an 2621XM running c2600-ik9s-mz.123-22a.bin and I noticed something strange. Reports were showing utilisation of more than 100%. This can be true in some cases but for E1 interfaces I always thought that the router calculates the correct bw depending on the number of channels used. e.g router#sh run int s0/0:0 Building configuration... Current configuration : 318 bytes ! interface Serial0/0:0no bandwidth configured description ** To PE *** no ip address encapsulation frame-relay IETF tx-ring-limit 2 tx-queue-limit 2 frame-relay lmi-type ansi max-reserved-bandwidth 100 service-policy input IN-S0/0:0 service-policy output OUT-S0/0:0 end ! router#sh interface Serial0/0:0 Serial0/0:0 is up, line protocol is up Hardware is PowerQUICC Serial description ** To PE *** MTU 1500 bytes, BW 1984 Kbit, DLY 2 usec, bw 1984 kbps reliability 255/255, txload 6/255, rxload 56/255 Encapsulation FRAME-RELAY IETF, loopback not set output omitted Timeslot(s) Used:1-31, SCC: 0, Transmitter delay is 0 flags number of timeslots used But the bandwidth calculated for the sub-interface has a different value: rotuer#sh run int s0/0:0.101 Building configuration... Current configuration : 175 bytes ! interface Serial0/0:0.101 point-to-point also no bw statement description Primary VPN WAN Link ip unnumbered Loopback10 ip flow ingress no cdp enable frame-relay interface-dlci 101 ! rotuer#sh interface Serial0/0:0.101 Serial0/0:0.101 is up, line protocol is up Hardware is PowerQUICC Serial Description: Primary VPN WAN Link Interface is unnumbered. Using address of Loopback10 MTU 1500 bytes, BW 1024 Kbit, DLY 2 usec, bw 1024 kbps reliability 255/255, txload 4/255, rxload 32/255 Encapsulation FRAME-RELAY IETF Last clearing of show interface counters never Any ideas if this is a bug? Am I missing something here? Thanks in advance Nasir Shaikh ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3550 as CE
Arie, Thanks. No I don't have a subrate link although I do intend to use (an aggregate) policer on the !G link. I am currently happily running 12.1(22)EA8 do you think I should upgrade to 12.2(44)SE? I only need to be able to do QoS marking based on IP acls. tia Nasir Shaikh -Original Message- From: Arie Vayner (avayner) [mailto:avay...@cisco.com] Sent: 11 January 2010 19:15 To: Shaikh,NM,Nasir,JBFQ R; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] 3550 as CE Nasir, Be careful about QOS requirements. If your WAN uplink is a subrate link (i.e. a 1GigE port with an SLAN of 1GigE) you need to perform egress shaping on that interface, which is not supported on 3550 (or most LAN switches). Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of nasir.sha...@bt.com Sent: Monday, January 11, 2010 18:00 To: cisco-nsp@puck.nether.net Subject: [c-nsp] 3550 as CE Hi, Due to the global shortage of 73xx routers I am contemplating to use some old 3550-12Ts as CE routers on a stie where a connection is required urgently. I will be using a fibre link from the local ADM as my WAN link (int g0/11 or g0/12 on the 3550) I have enough experience with the 3550 platform EMI with full routing but have always used it as a CPE behind the CE. Given the right GBIC, is there any reason why this won't work? Any experiences that someone would care to share? Thanks in advance Nasir Shaikh ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 3550 as CE
Hi, Due to the global shortage of 73xx routers I am contemplating to use some old 3550-12Ts as CE routers on a stie where a connection is required urgently. I will be using a fibre link from the local ADM as my WAN link (int g0/11 or g0/12 on the 3550) I have enough experience with the 3550 platform EMI with full routing but have always used it as a CPE behind the CE. Given the right GBIC, is there any reason why this won't work? Any experiences that someone would care to share? Thanks in advance Nasir Shaikh ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6506-E moving from sup2 to sup32
Hi, I am upgrading from sup2a to sup32 on a 6506-E remotely. I know that 2 different sups are not supported but would the chassis running with sup2a recognize a sup32 when inserted? Makes the upgrade much easier. Appreciate any experiences in this regard Nasir Shaikh | Senior Consultant | BT | Global Professional Services | Mob: +31 (0) 6 5463 5005 BT Meetme 0800 0200768 -Participants code:436 438 14# | E: nasir.sha...@bt.com | http://www.bt.com/consultingHYPERLINK http://www.bt.com/consulting; This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6500 - sup2a to sup32 upgrade
Hi, I am upgrading from sup2a to sup32 on a 6506-E remotely. I know that 2 different sups are not supported but would the chassis running with sup2a recognize a sup32 when inserted? Makes the upgrade much easier. Appreciate any experiences in this regard Nasir ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Rolling over preshared keys
Hi, I am familiar with auto rollover of CA certificates but is there also a way to do an automatic rollover for pre-shared keys? I am looking to do this in a still to be deployed DMVPN environment and security people would like a policy to change the keys periodically. Kind regards Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Export routes from VRF to the global routing table
Hi, I am also looking for a way to a complete mutual redistribution between 2 vrfs. For political reasons I am not allowed to put all the interfaces on the redistributing router in the same vrf. Is there some way to do it? If I mutually import/export the route-targets between both vrfs, would that do the trick? If yes, would I need anything else to make that work? Thanks in advance Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Leonardo Gama Souza Sent: 03 March 2009 14:12 To: Gustavo Rodrigues Ramos Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Export routes from VRF to the global routing table Hi Gustavo, Thanks for the feedback, but I would like to dynamically export the routes, not using static routing. Regards. From: Gustavo Rodrigues Ramos [mailto:gust...@nexthop.com.br] Sent: Mon 3/2/2009 22:30 To: Leonardo Gama Souza Cc: cisco-nsp Subject: Re: [c-nsp] Export routes from VRF to the global routing table Hello Leonardo, I guess you'll use route leaking to accomplish what you want. http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_e xample09186a0080231a3e.shtml Gustavo. On Mon, Mar 2, 2009 at 10:08 PM, Leonardo Gama Souza leonardo.so...@nec.com.br wrote: Hi list, I am almost confident this is not possible, but would like to confirm whether exporting routes from some VRF to the global routing table is possible or not. This would be a solution to overcome the constraints of using PBR+GRE setup. Thanks in advance. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Interesting NAToverload issue
Hi Andrew, Our client is using this option (in fact this service is being managed bu MSOL themselves). Only port 443 is allowed on the firewalls and in fact my NAT selection is based on traffic with destination ip of MS Exchange server and port 443. But it seems that the Outlook client will open a minimum of 12 TCP connections with the Exchange server. These connections increase as the client adds more mailboxes (group or functional mailboxes) or other services (OCS etc) At an average we see 17 tcp session per outlook client. Kind regards Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 -Original Message- From: Tolstykh, Andrew [mailto:atolst...@integrysgroup.com] Sent: 27 February 2009 07:24 To: John Kougoulos; Shaikh,NM,Nasir,JRS1 R Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Interesting NAToverload issue Long term your client should consider migrating to the RPC over HTTPS connectivity model (single HTTPS connection per client). http://technet.microsoft.com/en-us/library/bb123741.aspx --- Exchange Server 2003 enabled users to use the Windows RPC over HTTP Proxy component to access their Exchange information from the Internet. This technology wraps remote procedure calls (RPCs) with an HTTP layer. This allows the traffic to traverse network firewalls without requiring RPC ports to be opened. You do not have to use a virtual private network (VPN) to access Exchange servers across the Internet. You must allow only port 443 through your firewall, because Outlook requests use HTTP over SSL. If you already use Outlook Web Access with SSL or Exchange ActiveSync with SSL, you do not have to open any additional ports from the Internet. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of John Kougoulos Sent: Wednesday, February 25, 2009 5:49 AM To: nasir.sha...@bt.com Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Interesting NAToverload issue Hello, you could split the usage of nat pools based on statistics of the source IP addresses eg use 1 ip/overloaded nat pool for even source IPs and another IP for the odd source IPs Best Regards, John On Wed, 25 Feb 2009, nasir.sha...@bt.com wrote: Hi, I have a client who has moved their Microsoft Exchange servers to a service provider location (as part of a de-perimeterization strategy). These servers are reachable via the Internet. Thus, the client IP are NATted before they cross the corporate boundary. There are about 45000 users. Each user needs about 17-22 sessions (that's how MS Outlook works) and thus as many NAT entries Therefore a NAT pool is used with overload. It was working fine for more than a year now but suddenly the following phenomenon has been noticed. - When a user session is being built up and he has let's say 10 NAT entries using the first IP in the NAT pool and the port numbers run out, the next IP in the NAT pool is used to complete the required number of sessions. - Exchange server is apparently not happy with one client using 2 IP addresses and keeps (re-)building sessions untill all of them are using the same NATted IP. This can sometimes take upto 5 miniutes. Is there a solution to this problem? There is one single destination global address. Is there a way to force the usage of the same IP from the NAT pool for all NAT requests from a particular source IP? Platform is7206-vxr with NPE-G2 Thanks in advance Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net
[c-nsp] Interesting NAToverload issue
Hi, I have a client who has moved their Microsoft Exchange servers to a service provider location (as part of a de-perimeterization strategy). These servers are reachable via the Internet. Thus, the client IP are NATted before they cross the corporate boundary. There are about 45000 users. Each user needs about 17-22 sessions (that's how MS Outlook works) and thus as many NAT entries Therefore a NAT pool is used with overload. It was working fine for more than a year now but suddenly the following phenomenon has been noticed. - When a user session is being built up and he has let's say 10 NAT entries using the first IP in the NAT pool and the port numbers run out, the next IP in the NAT pool is used to complete the required number of sessions. - Exchange server is apparently not happy with one client using 2 IP addresses and keeps (re-)building sessions untill all of them are using the same NATted IP. This can sometimes take upto 5 miniutes. Is there a solution to this problem? There is one single destination global address. Is there a way to force the usage of the same IP from the NAT pool for all NAT requests from a particular source IP? Platform is7206-vxr with NPE-G2 Thanks in advance Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Interesting NAToverload issue
Hi John, That is indeed a good idea. But there are 2 routers doing this NAT and the load towards them is being load-balanced by the choke router before them. I will then have to configure NAT in such a way that each IP from the NAT pool can only be used for about 32000 sessions (as I cannot control which specific session will be routed to which NAT router by CEF on the choke router). But this is a good option. Thanks Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 -Original Message- From: John Kougoulos [mailto:k...@intracom.gr] Sent: 25 February 2009 12:49 To: Shaikh,NM,Nasir,JRS1 R Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Interesting NAToverload issue Hello, you could split the usage of nat pools based on statistics of the source IP addresses eg use 1 ip/overloaded nat pool for even source IPs and another IP for the odd source IPs Best Regards, John On Wed, 25 Feb 2009, nasir.sha...@bt.com wrote: Hi, I have a client who has moved their Microsoft Exchange servers to a service provider location (as part of a de-perimeterization strategy). These servers are reachable via the Internet. Thus, the client IP are NATted before they cross the corporate boundary. There are about 45000 users. Each user needs about 17-22 sessions (that's how MS Outlook works) and thus as many NAT entries Therefore a NAT pool is used with overload. It was working fine for more than a year now but suddenly the following phenomenon has been noticed. - When a user session is being built up and he has let's say 10 NAT entries using the first IP in the NAT pool and the port numbers run out, the next IP in the NAT pool is used to complete the required number of sessions. - Exchange server is apparently not happy with one client using 2 IP addresses and keeps (re-)building sessions untill all of them are using the same NATted IP. This can sometimes take upto 5 miniutes. Is there a solution to this problem? There is one single destination global address. Is there a way to force the usage of the same IP from the NAT pool for all NAT requests from a particular source IP? Platform is7206-vxr with NPE-G2 Thanks in advance Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EoMPLS restrictions
Hi, Can someone shed some light on the following limitation of EoMPLS? Layer 2 connection restrictions: - You cannot have a direct Layer 2 connection between provider-edge routers with EoMPLS Why is this? I have a MAN running MPLS where my PE are directly connected. I need to do extend my datacenter LANs from location A to location B. I was thinking of using EoMPLS but this limitation is bothering me because I don't understand this limitation. Anyone care to explain? Topology as under: CE--(trunk)dot1q(tunnel)--PE--MPLS--PE--tunnel(dot1q)trunk--CE | | MPLS MPLS | | CE--(trunk)dot1q(tunnel)--PE--MPLS--PE--tunnel(dot1q)trunk--CE The CE on the right hand side are under my control and there is another cascaded CE device behind which the data center resides. So I could convert the CE to a PE to resolve this. Any suggestions are welcome Nasir Shaikh This email contains information from BT Nederland N.V., which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you have received this email in error, please let me know immediately on the email address above. We monitor our systems, and may record your emails. BT Nederland N.V. Registered office: Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no: 33296214 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] How secure are VLANs and VRFs?
Hi, I am looking for some studies/papers to convince my customer (and myself) that VLANs can be as secure as physical segments and VRFs also provide a secure segregation of traffic. A few years back I came across a post referring to a document on the FBI or the NSA site stating that VLANs were deemed just as secure as physical wires. I am sure that there are Service Providers offering an Internet VRF over their MPLS cloud or enterprises with unfiltered Internet vrf on a campus. How do you convince a customer about the security of a vrf? Any references will be appreciated Nasir Shaikh CCIE #15845 | Senior Consultant | BT | Global Professional Services | E: nasir.sha...@bt.com | http://HYPERLINK http://www.bt.com/consultingwww.bt.com/consulting ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange IPSec problem
Hi, I have an Ipsec tunnel established between a 871 on the remote end and a 2811 on the central side. There are several other remote sites all connecting to the same central router. All IPSec tunnels are active. From this particular router I can ping servers/hosts on the central site without any problems. However, from a host (laptop) directly connected to the 871 there are strange problems. When doing a ping to a host it does not work. Next a traceroute is done to the host which is successful. Subsequent ping to the same host is successful. Same is true the other way around: From a server on the central site a ping to the laptop fails. A traceroute afterwards is successful. Subsequent pings are successful. Again, when doing pings from the router itself (using the LAN interface as source) there are no connectivity problems. Encryption / decryption counters are equal. There is no personal firewall running on the laptop. Anyone come across this issue? Regards Nas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-POS-1OC3 vs. PA-A3-OC3SMI
Sorry for cutting in into this thread but from the responses looks like my question would fit here too. We are about to provide a customer with a price for upgrading one of the STM-1 ISP links to an STM-4 link with a 200 Mb port. The router we have in place is a 7206 VXR NPE G1. What card would be suitable in this router to do the trick? I can't find an OC12 card using the configurator. The card I find that fits the 7206 is the PA-SRP-OC12. But this is not available in the configurator. Can anyone help me out with this one? Thank you and with best regards Nasir Shaikh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: vrijdag 19 september 2008 9:07 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] PA-POS-1OC3 vs. PA-A3-OC3SMI Yep. The PA-MC-STM-1: http://www.cisco.com/en/US/prod/collateral/modules/ps2033/ps2762/product _data_sheet09186a008007d6c0.html This card looks like it's more at home on the Europe side of the pond, i.e. handling STM1s, and breaking service down to E1s. You're absolutely right, of course. Mea culpa. Odd, though, that this card exists and its -OC3 brother doesn't... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OT: network inventory
Hi, Anybody familiar with (freeware/shareware) tools for a network inventory? Install-base is 100% cisco. Are there other utilities around that would scan the collected configurations and read relevant info (descriptions, ip add, link bandwidth etc)? Nasir Shaikh ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Placing a AON device on an existing /30 subnet
Hi, We are currently looking at Cisco 8340s and IPANEMA IP engines to deploy an application optimization service for one of our customers. These devices would have to be inserted in an existing point-to-point connection which is using a /30 subnet. For management of the device I would have to expand the subnet which requires renumbering. 1. For Cisco 8340s which have CDP functionality, can I give these devices a management IP address which is different from the subnet on which they are? I would have to use static routes for the devices to resolve the routing issue. Would this work? 2. Are there any other options to avoid the renumbering? Thanks Nasir Shaikh ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/