[c-nsp] BGP routes: 207k + 157k = 238k ???...
Hi guys, there is something I can't quite figure out with BGP. Let a bi-homed AS with only two BGP speakers (each of them has one eBGP session with a different upstream, they speak iBGP together). Router 1 receives 238k routes from provider A; so does router 2 from provider B. When looking at iBGP, it can be seen that router 1 sends 207k routes to router 2, while router 2 sends only 157k routes to router 1. I'm surprised by these numbers: the sum of routes from 1 to 2 plus routes from 2 to 1 not only does not equal 238k, but is even greater than 238k (I would have understood it was smaller). What does these numbers mean?... Vincent ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RES: Key-chain and MD5 authentication for IS-IS
Great. Helped a lot. Thanks. -Mensagem original- De: Oliver Boehmer (oboehmer) [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de janeiro de 2008 04:03 Para: Leonardo Gama Souza; cisco-nsp@puck.nether.net Assunto: RE: [c-nsp] Key-chain and MD5 authentication for IS-IS Leonardo Gama Souza wrote on Wednesday, January 23, 2008 11:10 PM: Hello everybody, Do you know whether I have to update the key chain string after an IOS upgrade? Let´s fancy from 12.2S to 12.0S... I'm only using it for IS-IS instance authentication. Have anyone ever run into this situation? You shouldn't need to update the keys, but I've seen cases where this was required after an upgrade (just re-entering the same key helped). I recall there was a bug somewhere in 12.2S where this was required for all keys (IIRC).. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] need clarification..
hi...what is the different between fastEthernet3/0/0 with fastEthernet0/3. is it same.??im still confuse.. looking forward to hear from u..thanks Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] need clarification..
A simple google search will get you back with millions :) below mentioned link is one of them http://www.petri.co.il/csc_how_router_interfaces_get_their_names_on_cisco_ro uters.htm Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bbe bie Sent: Thursday, January 24, 2008 5:50 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] need clarification.. hi...what is the different between fastEthernet3/0/0 with fastEthernet0/3. is it same.??im still confuse.. looking forward to hear from u..thanks Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 2811 crash...
Hi, I've got a 2811 that crashed with a bus error within a few hours of enabling Netflow export. I haven't opened a TAC case yet, but my curiousity was aroused by the address at which the error occured 0xDEADBEF3. This could almost be pronounced Dead Beef System returned to ROM by bus error at PC 0x41165340, address 0xDEADBEF3 at 20:33 Show region does not reflect this space as real: AMHtoSTL#sh region Region Manager: Start End Size(b) Class Media Name 0x0F80 0x0FFF 8388608 Iomem R/Wiomem:(uncached_iomem_region) 0x3F80 0x3FFF 8388608 Iomem R/Wiomem 0x4000 0x4F7F 260046848 Local R/Wmain 0x4006C38C 0x413319741812 IText R/Omain:text 0x4134 0x421C0D3F15207744 IData R/Wmain:data 0x421C0D40 0x424D963F 3246336 IBss R/Wmain:bss 0x424D9640 0x4F7F 221407680 Local R/Wmain:heap Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.3(8)T6, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2004 by Cisco Systems, Inc. Compiled Wed 29-Dec-04 15:07 by hqluong ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1) a uptime is 16 hours, 25 minutes System returned to ROM by bus error at PC 0x41165340, address 0xDEADBEF3 at 20:39:15 UTC Wed Jan 23 2008 System image file is flash:c2800nm-ipbase-mz.123-8.T6.bin Cisco 2811 (revision 53.51) with 253952K/8192K bytes of memory. Processor board ID FHK0846U0F1 2 FastEthernet interfaces 1 Serial interface 2 Channelized T1/PRI ports DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 62592K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102 Any thoughts on this? Is netflow export on a router passing only ~500Kb/s peak typically problematic? thanks! Brad Beck Senior Network Engineer Meritain Health 300 Corporate Parkway Amherst, NY 14226 716-319-5837 Direct [EMAIL PROTECTED] Interested in health and wellness? Take a look at Meritain Health! To learn more about Meritain Health, visit us at www.meritain.com ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify your systems administrator. ** BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Brad Beck TEL;WORK:716.319.5837 EMAIL;WORK;PREF;NGW:[EMAIL PROTECTED] N:Beck;Brad END:VCARD ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2811 crash...
Any particular reason you're running a 12.4T version? We've got a 2821 running 12.4(16a) doing netflow export, been rock-solid for months. Chuck Church Principal Network Engineer, CCIE #8776 Harris Information Technology Services EDS Contractor - Navy Marine Corps Intranet (NMCI) 1210 N. Parker Rd. | Greenville, SC 29609 Office: 864-335-9473 | Cell: 864-266-3978 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Beck Sent: Thursday, January 24, 2008 8:30 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 2811 crash... Hi, I've got a 2811 that crashed with a bus error within a few hours of enabling Netflow export. I haven't opened a TAC case yet, but my curiousity was aroused by the address at which the error occured 0xDEADBEF3. This could almost be pronounced Dead Beef System returned to ROM by bus error at PC 0x41165340, address 0xDEADBEF3 at 20:33 Show region does not reflect this space as real: AMHtoSTL#sh region Region Manager: Start End Size(b) Class Media Name 0x0F80 0x0FFF 8388608 Iomem R/W iomem:(uncached_iomem_region) 0x3F80 0x3FFF 8388608 Iomem R/Wiomem 0x4000 0x4F7F 260046848 Local R/Wmain 0x4006C38C 0x413319741812 IText R/Omain:text 0x4134 0x421C0D3F15207744 IData R/Wmain:data 0x421C0D40 0x424D963F 3246336 IBss R/Wmain:bss 0x424D9640 0x4F7F 221407680 Local R/Wmain:heap Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.3(8)T6, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2004 by Cisco Systems, Inc. Compiled Wed 29-Dec-04 15:07 by hqluong ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1) a uptime is 16 hours, 25 minutes System returned to ROM by bus error at PC 0x41165340, address 0xDEADBEF3 at 20:39:15 UTC Wed Jan 23 2008 System image file is flash:c2800nm-ipbase-mz.123-8.T6.bin Cisco 2811 (revision 53.51) with 253952K/8192K bytes of memory. Processor board ID FHK0846U0F1 2 FastEthernet interfaces 1 Serial interface 2 Channelized T1/PRI ports DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 62592K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102 Any thoughts on this? Is netflow export on a router passing only ~500Kb/s peak typically problematic? thanks! Brad Beck Senior Network Engineer Meritain Health 300 Corporate Parkway Amherst, NY 14226 716-319-5837 Direct [EMAIL PROTECTED] Interested in health and wellness? Take a look at Meritain Health! To learn more about Meritain Health, visit us at www.meritain.com ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify your systems administrator. ** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2811 crash...
On Thu, January 24, 2008 1:29 pm, Brad Beck wrote: I've got a 2811 that crashed with a bus error within a few hours of enabling Netflow export. I haven't opened a TAC case yet, but my curiousity was aroused by the address at which the error occured 0xDEADBEF3. This could almost be pronounced Dead Beef Yes - traditionally it's 0xDEADBEEF, I guess Cisco felt the need to distinguish between different sides of beef and so dropped an 'E' to add an index number :) Seriously, it's an old coder utility / humour combo - if there's memory that's you shouldn't be using, rather than leaving it full of random values, you fill it with DEADBEEF. If the program crashes or gives wrong answers, and you see DEADBEEF show up, you know it's a problem with looking at the wrong area of memory rather than some other kind of logic error. Why DEADBEEF and not some other 'magic' number is up there with why you find so many workstations of long-time coders with the MAC of their Ethernet card re-programmed to be nn:nn:nn:C0:FF:FE... Regards, Tim. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2811 crash...
On Thu, 2008-01-24 at 14:04 +, Tim Franklin wrote: Yes - traditionally it's 0xDEADBEEF, I guess Cisco felt the need to distinguish between different sides of beef and so dropped an 'E' to add an index number :) Seriously, it's an old coder utility / humour combo - if there's memory that's you shouldn't be using, rather than leaving it full of random values, you fill it with DEADBEEF. If the program crashes or gives wrong answers, and you see DEADBEEF show up, you know it's a problem with looking at the wrong area of memory rather than some other kind of logic error. Yup, the Jargon File entry backs this up. http://www.jargon.net/jargonfile/d/DEADBEEF.html Why DEADBEEF and not some other 'magic' number is up there with why you find so many workstations of long-time coders with the MAC of their Ethernet card re-programmed to be nn:nn:nn:C0:FF:FE... Maybe even with two Es in the end, like 00:0B:AD:C0:FF:EE, right? :-) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2811 crash...
On Thu, January 24, 2008 2:12 pm, Peter Rathlev wrote: Why DEADBEEF and not some other 'magic' number is up there with why you find so many workstations of long-time coders with the MAC of their Ethernet card re-programmed to be nn:nn:nn:C0:FF:FE... Maybe even with two Es in the end, like 00:0B:AD:C0:FF:EE, right? :-) Yeah, that too. Clearly I haven't had enough of it yet today... Regards, Tim. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EzVPN drops packets after first data burst
No, doesn't seem to be. I tried lowering the MTU on the client, nothing different. 2008/1/23, Frank Bulk - iNAME [EMAIL PROTECTED]: Anything to do with packet size? Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kristofer Sigurdsson Sent: Tuesday, January 22, 2008 7:42 AM To: Cisco NSP Subject: [c-nsp] EzVPN drops packets after first data burst Hi list, I have a Cisco 1841 router, IOS 12.4(12), Adv. IP Services. I'm using it for an EzVPN server where clients can VPN into a VRF which contains a local network. Clients can connect and start to use eg. Remote Desktop to a computer on the inside network, but as soon as some traffic starts flowing (like opening a browser in Remote Desktop), the session hangs and, according to the show crypto session remote peer detail, no new outbound (from the VPN server) packets come and I start seeing dropped inbound packets (dec'ed). Sample output: Crypto session current status Code: C - IKE Configuration mode, D - Dead Peer Detection K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication Interface: FastEthernet0/0 Session status: UP-ACTIVE Peer: x.x.x.x port 4406 fvrf: (none) ivrf: xx Phase1_id: Desc: (none) IKE SA: local x.x.x.x/4500 remote x.x.x.x/4406 Active Capabilities:CXN connid:233 lifetime:07:58:49 IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 10.10.210.158 Active SAs: 2, origin: dynamic crypto map Inbound: #pkts dec'ed 279 drop 69 life (KB/Sec) 4587796/86332 Outbound: #pkts enc'ed 432 drop 0 life (KB/Sec) 4587562/86332 Whatever the user tries to do on the VPN, the only thing that changes (apart from time) is the dec'ed drop packets. The number of packets dec'ed/enc'ed is not exactly consistant, but this always happens at the first burst of data across the link. The counters go to a few hundred, then this happens. The VPN connection stays up, nothing unusual in the client. It says transparent tunneling: active on UDP port 4500, so it probably doesn't matter that the client is behind NAT, right? The problem only depends on data going over the link, not time. If I'm just using ping, traceroute and SSH terminal access, there is no problem. As soon as I put a burst on the link, it hangs and does not recover. We have a few customers on the router, each using a different profile (pretty much same configuration) and different VRFs for inside networks. Same problem for all of them. Thanks in advance, Kristo Here's the relevant configuration: aaa group server radius RADIUS-XX server-private x.x.x.x auth-port 1645 acct-port 1646 key xxx ip vrf forwarding xx aaa authentication login AAA-XX group RADIUS-XX aaa authorization network vpn local ip vrf xx description xx rd 65365:7 route-target export 65365:7 route-target import 65365:7 ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 20 encr 3des authentication pre-share group 5 ! crypto isakmp policy 30 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group key x dns x.x.x.x pool xx acl xx group-lock save-password max-users 50 netmask 255.255.255.255 ! crypto isakmp profile vrf xx self-identity address match identity group client authentication list AAA-XX isakmp authorization list vpn client configuration address respond initiate mode aggressive local-address FastEthernet0/0 ! crypto ipsec security-association lifetime seconds 86400 crypto ipsec security-association idle-time 86400 ! crypto ipsec transform-set vpn esp-3des esp-md5-hmac ! ! dynamic-map vpn 1-6 and 8-... are other customers who also have the same problem ! crypto dynamic-map vpn 7 set transform-set vpn set isakmp-profile reverse-route ! crypto map vpn 65535 ipsec-isakmp dynamic vpn ! interface FastEthernet0/0 description Uplink ip address x.x.x.x 255.255.255.128 duplex auto speed auto crypto map vpn ! interface FastEthernet0/1.930 encapsulation dot1Q 930 ip vrf forwarding xx ip address 10.9.8.2 255.255.255.252 ! ! The RIP is to advertise the host routes to the VPN clients to another router on the inside (and receive routes from there) ! router rip version 2 ! address-family ipv4 vrf xx redistribute connected redistribute static network 10.0.0.0 network 192.168.0.0 network 192.168.124.0 no auto-summary version 2 exit-address-family ! ip local pool xx 10.10.210.100 10.10.210.200 group xx ! ip access-list extended xx (lots of networks) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list
Re: [c-nsp] PA-MC-T3 and T1 config questions
Thanks very much for the example Robert! Do you know if m23 framing on the T3 is a standard with channelized DS3's? I use a number of ATM DS3's and we use c-bit framing there. Thanks, -Nick Voth From: Robert Boyle [EMAIL PROTECTED] Date: Thu, 24 Jan 2008 02:02:47 -0500 To: Nick Voth [EMAIL PROTECTED], cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: Re: [c-nsp] PA-MC-T3 and T1 config questions At 01:20 AM 1/24/2008, Nick Voth wrote: Our platform is a 7206 VXR with the PA-MC-T3 card running the IP Plus feature set on a relatively new IOS. Like I said, I just need the T1's to do basic IP traffic. Here you go: controller T3 1/0 framing m23 cablelength 40 logging-events detail t1 1 channel-group 0 timeslots 1-24 t1 2 channel-group 0 timeslots 1-24 t1 3 channel-group 0 timeslots 1-24 t1 4 channel-group 0 timeslots 1-24 t1 5 channel-group 0 timeslots 1-24 t1 6 channel-group 0 timeslots 1-24 t1 7 channel-group 0 timeslots 1-24 t1 8 channel-group 0 timeslots 1-24 t1 9 channel-group 0 timeslots 1-24 t1 10 channel-group 0 timeslots 1-24 t1 11 channel-group 0 timeslots 1-24 t1 12 channel-group 0 timeslots 1-24 t1 13 channel-group 0 timeslots 1-24 t1 14 channel-group 0 timeslots 1-24 t1 15 channel-group 0 timeslots 1-24 t1 16 channel-group 0 timeslots 1-24 t1 17 channel-group 0 timeslots 1-24 t1 18 channel-group 0 timeslots 1-24 t1 19 channel-group 0 timeslots 1-24 t1 20 channel-group 0 timeslots 1-24 t1 21 channel-group 0 timeslots 1-24 t1 22 channel-group 0 timeslots 1-24 t1 23 channel-group 0 timeslots 1-24 t1 24 channel-group 0 timeslots 1-24 t1 25 channel-group 0 timeslots 1-24 t1 26 channel-group 0 timeslots 1-24 t1 27 channel-group 0 timeslots 1-24 t1 28 channel-group 0 timeslots 1-24 t1 1 fdl ansi t1 2 fdl ansi t1 3 fdl ansi t1 4 fdl ansi t1 5 fdl ansi t1 6 fdl ansi t1 7 fdl ansi t1 8 fdl ansi t1 9 fdl ansi t1 10 fdl ansi t1 11 fdl ansi t1 12 fdl ansi t1 13 fdl ansi t1 14 fdl ansi t1 15 fdl ansi t1 16 fdl ansi t1 17 fdl ansi t1 18 fdl ansi t1 19 fdl ansi t1 20 fdl ansi t1 21 fdl ansi t1 22 fdl ansi t1 23 fdl ansi t1 24 fdl ansi t1 25 fdl ansi t1 26 fdl ansi t1 27 fdl ansi t1 28 fdl ansi description ATT Channelized DS3 #1 Circuit ID XXX DMarc: Row 5, Rack 2, Panel 4, Pos 12 ! interface Serial1/0/1:0 description to ABC Corp - Circuit ID 123412341234 ip address 1.2.3.4 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress encapsulation ppp carrier-delay 10 fair-queue down-when-looped no cdp enable ! interface Serial1/0/2:0 description to DEF Corp - Circuit ID 567567567567 ip address 5.6.7.8 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress encapsulation ppp carrier-delay 10 fair-queue down-when-looped no cdp enable ! interface Serial1/0/3:0 description to BigPlace Inc. - Circuit ID 12349876 ip address 9.10.11.12.13 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress encapsulation ppp carrier-delay 10 fair-queue down-when-looped no cdp enable Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Well done is better than well said. - Benjamin Franklin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2811 crash...
I don't think I've ever worked on a Novell network that didn't have DEADBEEF as an internal network server address in use. Probably added a few myself... :) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Franklin Sent: Thursday, January 24, 2008 9:28 AM To: Peter Rathlev Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 2811 crash... On Thu, January 24, 2008 2:12 pm, Peter Rathlev wrote: Why DEADBEEF and not some other 'magic' number is up there with why you find so many workstations of long-time coders with the MAC of their Ethernet card re-programmed to be nn:nn:nn:C0:FF:FE... Maybe even with two Es in the end, like 00:0B:AD:C0:FF:EE, right? :-) Yeah, that too. Clearly I haven't had enough of it yet today... Regards, Tim. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EzVPN drops packets after first data burst
2008/1/22, David Freedman [EMAIL PROTECTED]: I dont see your crypto isakmp nat-keepalive statement. Good point. I just added that, setting it to 20 seconds, but unfortunately, the situation did not change. Thanks, though. -Kristo ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-MC-T3 and T1 config questions
Once upon a time, Nick Voth [EMAIL PROTECTED] said: Thanks very much for the example Robert! Do you know if m23 framing on the T3 is a standard with channelized DS3's? I use a number of ATM DS3's and we use c-bit framing there. I've got CT3s that are m23 and CT3s that are cbit. IIRC, PA-MC-T3 may auto-detect framing if you don't set it (although if you do that, once you see what it is, you might want to explicitly set it anyway). -- Chris Adams [EMAIL PROTECTED] Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Need help with F-VRF
Hello Future CCDEs, I have a router with dual WAN and one of them is in a VRF-lite, nothing there but another default route. I would like to be able to utilize that default route once the primary WAN is down. I have ip route 0.0.0.0 0.0.0.0 SecondaryWAN 250. When the primary interface down, i can see that in the global routing table. I have NAT and show ip nat trans seems okay. Turn on netflow and doing a source ping, i also see echo-reply packets back from the ping source. The local LAN is not inside the vrf-lite. Looking inside the vrf routing table, i dónt see the local lan. i cánt do ip route vrf vrf-lite local-lan-net interface-local-lan, since the router doesn't let you do it to the broadcast ethernet. result of show ip cache flow, destif is the same as srcif...look like the router doesn't know where the LAN is? SrcIf SrcIPaddressDstIf DstIPaddressPr SrcP DstP Pkts Fa0/0 ping-destination Fa0/0 vrf-lite wan int01 2 Thanks. -lmn ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-MC-T3 and T1 config questions
At 09:56 AM 1/24/2008, you wrote: Thanks very much for the example Robert! Do you know if m23 framing on the T3 is a standard with channelized DS3's? I use a number of ATM DS3's and we use c-bit framing there. You're welcome. Today, C-bit is typically used when you have a point to point circuit. M23 is typically used when you have a channelized DS3. Check with your carrier to make sure you are using the same setting. Basically, with M23, you can use the extra signaling slots which would have been used by CBit to recover from clock slips to carry signaling info. Here is a white paper with more than you ever wanted to know. http://www.sbei.com/files/ds3_wpaper.pdf -Robert Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Well done is better than well said. - Benjamin Franklin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need help with F-VRF
On Thu, January 24, 2008 3:20 pm, Luan Nguyen wrote: I have a router with dual WAN and one of them is in a VRF-lite, nothing there but another default route. I would like to be able to utilize that default route once the primary WAN is down. If there's *nothing* in it but a default route, why is it in a VRF? What are you trying to achieve with two routing tables on the router? I have ip route 0.0.0.0 0.0.0.0 SecondaryWAN 250. When the primary interface down, i can see that in the global routing table. I have NAT and show ip nat trans seems okay. Turn on netflow and doing a source ping, i also see echo-reply packets back from the ping source. The local LAN is not inside the vrf-lite. Looking inside the vrf routing table, i dónt see the local lan. i cánt do ip route vrf vrf-lite local-lan-net interface-local-lan, since the router doesn't let you do it to the broadcast ethernet. This isn't entirely clear, but if you're doing what it sounds like, a route to the LAN interface inside the VRF isn't going to make sense, because the LAN interface isn't in the VRF. Can you post config, and output from the commands you've mentioned? Regards, Tim. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MUX
We were using Marconi in our previous company and it worked fine... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Rathlev Sent: 23 January 2008 21:54 To: Mad Unix Cc: cisco-nsp Subject: Re: [c-nsp] MUX Hi Mad, CWDM is a nice and (relatively) cheap solution, but of course it requires special colour GBICs at each end. The cost of the passive CWDM muxer and special GBICs + stock for a rainy day can sometimes make provisioning an extra physical fiber look more attractive than otherwise, especially for short distances. But YMMV. Regards, Peter On Wed, 2008-01-23 at 22:41 +0100, Arie Vayner (avayner) wrote: Mr. madunix, Not sure what your requirements are, but if all you need is multiple GigE links over the same fiber, take a look at this: http://www.cisco.com/en/US/products/ps6575/index.html Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mad Unix Sent: Wednesday, January 23, 2008 21:44 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] MUX Dear ALL We are looking to get a MUX for the Fiber between our 2 buildings... out of your experience , what do you think about getting *Marconi OMS * http://www.ericsson.com/solutions/products/hp/Optical_Networks_pa.shtml since our LAN and WAN built on Cisco and Exterme devices. Thanks -- madunix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ CB Richard Ellis Limited, Registered Office: St Martin's Court, 10 Paternoster Row, London, EC4M 7HP, registered in England and Wales No. 3536032. Regulated by the RICS and an appointed representative of CB Richard Ellis Indirect Investment Services Limited which is authorised and regulated by the Financial Services Authority. This communication is from CB Richard Ellis Limited or one of its associated/subsidiary companies. This communication contains information which is confidential and may be privileged. If you are not the intended recipient, please contact the sender immediately. Any use of its contents is strictly prohibited and you must not copy, send or disclose it, or rely on its contents in any way whatsoever. Reasonable care has been taken to ensure that this communication (and any attachments or hyperlinks contained within it) is free from computer viruses. No responsibility is accepted by CB Richard Ellis Limited or its associated/subsidiary companies and the recipient should carry out any appropriate virus checks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need help with F-VRF
I am doing 2 dmvpn tunnels. One using the primary, one using the vrf. They both terminate into the same hub router. NAT config: ip nat inside source route-map NAT_SEC_WAN interface FastEthernet0/0 overload route-map NAT_SEC_WAN permit 10 match ip address PAT_ACL_1 match interface FastEthernet0/0 ip access-list extended PAT_ACL_1 permit ip 10.7.1.0 0.0.0.255 any VRF ip vrf fvrf interface FastEthernet0/0 ip vrf forwarding fvrf ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 100 ip route vrf fvrf 0.0.0.0 0.0.0.0 FastEthernet-nexthop ip route 0.0.0.0 0.0.0.0 Primary-interface track 500 I was tracking failover, but with F-VRF, probably no need to anymore. I need the lan to be outside, because normally, it would go out the primary non-vrf wan interface. A ping from the host on the lan to 4.2.2.2 Site7R1#show ip cache flow IP packet size distribution (506 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .146 .363 .162 .298 .000 .013 .000 .000 .000 .000 .000 .009 .000 .005 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 4 active, 4092 inactive, 94 added 4226 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 25800 bytes 0 active, 1024 inactive, 0 added, 0 added to flow 0 alloc failures, 0 force free 1 chunk, 1 chunk added last clearing of statistics never Protocol TotalFlows Packets Bytes Packets Active(Sec) Idle(Sec) Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-other 37 0.0 144 0.0 1.8 15.5 UDP-NTP 39 0.0 176 0.0 0.0 15.1 UDP-other1 0.0 4 261 0.0 0.1 15.3 ICMP13 0.0 5 100 0.0 7.6 15.4 Total: 90 0.0 276 0.0 1.8 15.3 SrcIf SrcIPaddressDstIf DstIPaddressPr SrcP DstP Pkts Fa0/1 10.7.1.2Fa0/0 4.2.2.2 01 0800 5 Fa0/0 4.2.2.2 Fa0/0 Fa0/0-IP 01 5 Site7R1#show ip nat trans Pro Inside global Inside local Outside local Outside global icmp Fa0/0-IP:13 10.7.1.2:13 4.2.2.2:13 4.2.2.2:13 Seem like the return nat doesn't work. Maybe i should use debug ip packet detail :) Thanks. lmn On Jan 24, 2008 10:49 AM, Tim Franklin [EMAIL PROTECTED] wrote: On Thu, January 24, 2008 3:20 pm, Luan Nguyen wrote: I have a router with dual WAN and one of them is in a VRF-lite, nothing there but another default route. I would like to be able to utilize that default route once the primary WAN is down. If there's *nothing* in it but a default route, why is it in a VRF? What are you trying to achieve with two routing tables on the router? I have ip route 0.0.0.0 0.0.0.0 SecondaryWAN 250. When the primary interface down, i can see that in the global routing table. I have NAT and show ip nat trans seems okay. Turn on netflow and doing a source ping, i also see echo-reply packets back from the ping source. The local LAN is not inside the vrf-lite. Looking inside the vrf routing table, i dónt see the local lan. i cánt do ip route vrf vrf-lite local-lan-net interface-local-lan, since the router doesn't let you do it to the broadcast ethernet. This isn't entirely clear, but if you're doing what it sounds like, a route to the LAN interface inside the VRF isn't going to make sense, because the LAN interface isn't in the VRF. Can you post config, and output from the commands you've mentioned? Regards, Tim. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 3560G ip routing and multicast ?
Hello, We like to understand how multicast is handled with Cisco 3560G in a very special case : when we don't enable multicast routing in the device. Problem is : - we have more than 100 machines in a /25 that does multicast using pim sparse-dense mode. - we have several 3560G with 2 (maybe more in the future) vlan with ! ip multicast-routing distributed ip igmp snooping vlan 10 immediate-leave ip igmp snooping vlan 20 immediate-leave ! interface vlan10 ip address 10.2.2.201 255.255.255.0 ip pim sparse-mode ! interface vlan20 ip address 10.2.3.201 é55.255.255.0 ip pim sparse-mode ! We like to add a dedicated 3560G to do the IP Unicast routing only : ! interface vlan10 ip address 10.2.2.254 255.255.255.0 ! interface vlan20 ip address 10.2.3.254 é55.255.255.0 ! Problem is that this device will receive the multicast (we have about 200 / 300 Mbps of multicast in general). How will be handled the multicast ? does packets will goes into CPU before discarded ? Unicast traffic will be less than 1 or 2% of bandwith in general on each ports... Thanks for yours informations. /Xavier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-MC-T3 and T1 config questions
On Thu, 24 Jan 2008, Nick Voth wrote: Thanks very much for the example Robert! Do you know if m23 framing on the T3 is a standard with channelized DS3's? I use a number of ATM DS3's and we use c-bit framing there. c-bit framing is normally used for clear-channel DS3s. m13/m23 framing is normally used for channelized circuits. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco WIC-1DSU-T1-V2 + 2811 + 12.4(11)T ??
Hi I have purchsed 1841 with same wic module .Is this below config work for point to point T1 connection. interface Serial0/0 ip address service-module t1 framing esf service-module t1 linecode b8zs service-module t1 timeslots 1-12 speed 64 Regards Gagandeep Jay Hennigan [EMAIL PROTECTED] wrote: joe mcguckin wrote: I can't get this combination to bring up a T1. Configured as encaps hdlc service-module t1 clock source line service-module t1 line b8zs service-module t1 frame esf service-module t1 timeslots all Indicator LED on WIC is green, with no alarms. Look closely at the jack on the WIC, the molded plastic on the back of where the plug inserts. Does it read STEWART? If not, you have a fake WIC. Even if it does, you might have a fake. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ - Now you can chat without downloading messenger. Click here to know how. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] command to peg interface up
All, Can anyone tell me what the config command to peg an interface as up even though its line down? I seem to recall seeing this just days ago. Thanks, Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] command to peg interface up
no keepalive ? - Jared On Thu, Jan 24, 2008 at 01:44:37PM -0500, Joe Maimon wrote: All, Can anyone tell me what the config command to peg an interface as up even though its line down? I seem to recall seeing this just days ago. Thanks, Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RES: command to peg interface up
No keepalive. Juliano Luz Analista de Redes e Telecomunicações Infra-Estrutura de Redes e Telecomunicações Telemática - Confederação SICREDI - Porto Alegre +55 (51) 3358-7113 http://www.sicredi.com.br -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Joe Maimon Enviada em: quinta-feira, 24 de janeiro de 2008 16:45 Para: cisco-nsp@puck.nether.net Assunto: [c-nsp] command to peg interface up All, Can anyone tell me what the config command to peg an interface as up even though its line down? I seem to recall seeing this just days ago. Thanks, Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ As informacoes contidas neste e-mail e nos arquivos anexados podem ser informacoes confidenciais ou privilegiadas. Caso voce nao seja o destinatario correto, apague o conteudo desta mensagem e notifique o remetente imediatamente. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] command to peg interface up
just do a no keepalive :) -lmn On Jan 24, 2008 1:44 PM, Joe Maimon [EMAIL PROTECTED] wrote: All, Can anyone tell me what the config command to peg an interface as up even though its line down? I seem to recall seeing this just days ago. Thanks, Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] command to peg interface up
yes. so unintuitive. Luan Nguyen wrote: just do a no keepalive :) -lmn On Jan 24, 2008 1:44 PM, Joe Maimon [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: All, Can anyone tell me what the config command to peg an interface as up even though its line down? I seem to recall seeing this just days ago. Thanks, Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-MC-T3 and T1 config questions
From: Robert Boyle [EMAIL PROTECTED] Date: Thu, 24 Jan 2008 10:46:25 -0500 To: Nick Voth [EMAIL PROTECTED], cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: Re: [c-nsp] PA-MC-T3 and T1 config questions At 09:56 AM 1/24/2008, you wrote: Thanks very much for the example Robert! Do you know if m23 framing on the T3 is a standard with channelized DS3's? I use a number of ATM DS3's and we use c-bit framing there. You're welcome. Today, C-bit is typically used when you have a point to point circuit. M23 is typically used when you have a channelized DS3. Check with your carrier to make sure you are using the same setting. Basically, with M23, you can use the extra signaling slots which would have been used by CBit to recover from clock slips to carry signaling info. Here is a white paper with more than you ever wanted to know. http://www.sbei.com/files/ds3_wpaper.pdf -Robert Very good info Robert. Thanks, -Nick Voth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] command to peg interface up
Joe Maimon wrote: yes. so unintuitive. Hey, it beats unkeepalive all :-) Jeff Luan Nguyen wrote: just do a no keepalive :) -lmn On Jan 24, 2008 1:44 PM, Joe Maimon [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: All, Can anyone tell me what the config command to peg an interface as up even though its line down? I seem to recall seeing this just days ago. Thanks, Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] command to peg interface up
Hey, it beats unkeepalive all :-) service enable undead? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Some assitance please...
I am opening a new office and have a 1.5 Meg DSL circuit being dropped to the C.O. from ATT with a few static IP's. I would like to use the Cisco 1801 W instead of the ATT modem as it offers me al the features I want, but I am no DSL expert. I understand the 1801 has a DSL modem built in. I would like to by pass the ATT modem and use the Cisco as my DSL modem, router and firewall along with the bridged wireless LAN. Is this possible? And what kind of information should I get from the ATT tech who does the initial install? I imagine I will need the VPI /VCI, but what other information would be needed? If people have some better ideas please feel free to let me know. I appreciate all the help in the past and also want to say thanks in advance most sincerely, Richard Golodner ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Some assitance please...
I don't recommend this to my clients. If you keep the ATT modem in there then you can unplug the router so you can troubleshoot the DSL circuit. It will make your life easier when dealing with ATT tech support. Just insist on a modem with no routing. Roy Richard Golodner wrote: I am opening a new office and have a 1.5 Meg DSL circuit being dropped to the C.O. from ATT with a few static IP's. I would like to use the Cisco 1801 W instead of the ATT modem as it offers me al the features I want, but I am no DSL expert. I understand the 1801 has a DSL modem built in. I would like to by pass the ATT modem and use the Cisco as my DSL modem, router and firewall along with the bridged wireless LAN. Is this possible? And what kind of information should I get from the ATT tech who does the initial install? I imagine I will need the VPI /VCI, but what other information would be needed? If people have some better ideas please feel free to let me know. I appreciate all the help in the past and also want to say thanks in advance most sincerely, Richard Golodner ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] FW: 1801 W with DSL
I am opening a new office and have a 1.5 Meg DSL circuit being dropped to the C.O. from ATT with a few static IP's. I would like to use the Cisco 1801 W instead of the ATT modem as it offers me al the features I want, but I am no DSL expert. I understand the 1801 has a DSL modem built in. I would like to by pass the ATT modem and use the Cisco as my DSL modem, router and firewall along with the bridged wireless LAN. Is this possible? And what kind of information should I get from the ATT tech who does the initial install? I imagine I will need the VPI /VCI, but what other information would be needed? If people have some better ideas please feel free to let me know. I appreciate all the help in the past and also want to say thanks in advance most sincerely, Richard Golodner ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Some assitance please...
On Thu, 24 Jan 2008, Richard Golodner wrote: I am opening a new office and have a 1.5 Meg DSL circuit being dropped to the C.O. from ATT with a few static IP's. I would like to use the Cisco 1801 W instead of the ATT modem as it offers me al the features I want, but I am no DSL expert. I understand the 1801 has a DSL modem built in. I would like to by pass the ATT modem and use the Cisco as my DSL modem, router and firewall along with the bridged wireless LAN. Is this possible? And what kind of information should I get from the ATT tech who does the initial install? I imagine I will need the VPI /VCI, but what other information would be needed? If the 1801 works like the SB107, then you don't need an external DSL modem. I deployed one of these at a remote site for a client and it works fine. As you mentioned, you will need the VPI and VCI. You may also need a username and password if the telco uses PPPoE to authenticate you and register you on their network. If the telco provided a DSL modem, you might be able to log into it to see what it has set for the VPI and VCI because getting that info from customer support can be trying at times. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Some assitance please...
[...] I imagine I will need the VPI /VCI, but what other information would be needed? You can ask them about the VPI/VCI and they may know but it's usually 0/35. Other than that there's lots of example configs out there on how to configure Cisco stuff with dsl. I'll throw a positive vote for the exercise as Cisco gear at least offers troubleshooting tools and good hardware support. I don't find it any more difficult to troubleshoot than discreet compontentry. ~JasonG ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco WIC-1DSU-T1-V2 + 2811 + 12.4(11)T ??
gagandeep singh wrote: Hi I have purchsed 1841 with same wic module .Is this below config work for point to point T1 connection. interface Serial0/0 ip address service-module t1 framing esf service-module t1 linecode b8zs service-module t1 timeslots 1-12 speed 64 Only if you are using just half of the T1 for data and you have the same timeslots on both ends. Otherwise you want: service-module t1 timeslots 1-24 speed 64 (which is the default). Also, on a point-to-point circuit depending on the carrier you may need to put: service-module t1 clock source internal on ONE (not both) end of the circuit. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Some assitance please...
Here is a great tool from Cisco that goes through a little bit of a wizard and asks the required information and then generates the configuration, not to mention the SDM application on those little ISR's is pretty neato and makes it easy to configure DSL connections, probably easier then some of the netcomms/billion/dlink/Linksys routers. http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_ex ample09186a008015407f.shtml to access SDM you just plug the device in and point a browser at it's IP which will be documented in the quick start guide. -Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Gurtz Sent: Friday, 25 January 2008 6:38 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Some assitance please... [...] I imagine I will need the VPI /VCI, but what other information would be needed? You can ask them about the VPI/VCI and they may know but it's usually 0/35. Other than that there's lots of example configs out there on how to configure Cisco stuff with dsl. I'll throw a positive vote for the exercise as Cisco gear at least offers troubleshooting tools and good hardware support. I don't find it any more difficult to troubleshoot than discreet compontentry. ~JasonG ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routes: 207k + 157k = 238k ???...
there is something I can't quite figure out with BGP. Let a bi-homed AS with only two BGP speakers (each of them has one eBGP session with a different upstream, they speak iBGP together). Router 1 receives 238k routes from provider A; so does router 2 from provider B. When looking at iBGP, it can be seen that router 1 sends 207k routes to router 2, while router 2 sends only 157k routes to router 1. I'm surprised by these numbers: the sum of routes from 1 to 2 plus routes from 2 to 1 not only does not equal 238k, but is even greater than 238k (I would have understood it was smaller). What does these numbers mean?... Welcome to BGP. A BGP speaker is only going to advertise its best external paths via iBGP. If it has selected your other BGP speaker as its best path, it will not (currently) advertise the externals that are not the best path. If you examine your BGP RIB closely, you should be able to find routes where the BGP speaker has both paths present. Regards, Tony ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2811 crash...
I've got a 2811 that crashed with a bus error within a few hours of enabling Netflow export. I haven't opened a TAC case yet, but my curiousity was aroused by the address at which the error occured 0xDEADBEF3. This could almost be pronounced Dead Beef Yes - traditionally it's 0xDEADBEEF, I guess Cisco felt the need to distinguish between different sides of beef and so dropped an 'E' to add an index number :) Actually what's probably happening is that some chunk of code has picked up this intentionally bogus value and is treating it as a pointer into a C structure and then referencing into that structure. Tony ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routes: 207k + 157k = 238k ???...
Welcome to BGP. A BGP speaker is only going to advertise its best external paths via iBGP. If it has selected your other BGP speaker as its best path, it will not (currently) advertise the externals that are not the best path. If you examine your BGP RIB closely, you should be able to find routes where the BGP speaker has both paths present. Tony, In your opinion, is there any downside to this behavior operationally (other than the time it takes for a unadvertised route to present itself in the event the advertised route is withdrawn?)? Thanks, Deepak ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Juniper - Cisco Catalyst Fast Ether Channel Load Balancing
Hi, Any suggestion will be very appreciated. Here's the scheme : Ports aggregation with trunking was success between Juniper - Cisco Catalyst, but i'm having problem with the load that is not balanced on each port. It might be the config still missing one line somewhere :) - a. rahman isnaini rangkayo sutan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routes: 207k + 157k = 238k ???...
On Jan 24, 2008, at 7:22 PM, Deepak Jain wrote: In your opinion, is there any downside to this behavior operationally (other than the time it takes for a unadvertised route to present itself in the event the advertised route is withdrawn?)? Other than that, Mrs. Lincoln, how was the play? ;-) The advantage to that behavior is that it helps reduce the state involved. If all iBGP speakers advertise all routes, then you end up with tables the size of (# of routes) * (# of BGP speakers) at every speaker. While this might not seem like a lot, consider the case of Tier 1 SPs who have 240k routes (+ internal routes) times 500 or so BGP speakers. DRAM is cheap, but it's not free. Tony ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 3845 and SDM?
Can someone explain to me something in regards to the 3845 and SDM? I have a new 3845 and it came default with a username and password of cisco. It also comes across saying something about using SDM to configure it. Is SDM included with the router? Is there a bin file I have to load or do I just point my browser to it and go? I thought I just point by browser to it and go but it never comes up all the way so I figured that maybe I was missing something. Also, this the first time I have bought a router that came pre setup with usernames. Thanks, - Never miss a thing. Make Yahoo your homepage. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routes: 207k + 157k = 238k ???...
On Thu, 24 Jan 2008, Tony Li wrote: there is something I can't quite figure out with BGP. Let a bi-homed AS with only two BGP speakers (each of them has one eBGP session with a different upstream, they speak iBGP together). Router 1 receives 238k routes from provider A; so does router 2 from provider B. When looking at iBGP, it can be seen that router 1 sends 207k routes to router 2, while router 2 sends only 157k routes to router 1. I'm surprised by these numbers: the sum of routes from 1 to 2 plus routes from 2 to 1 not only does not equal 238k, but is even greater than 238k (I would have understood it was smaller). What does these numbers mean?... Welcome to BGP. A BGP speaker is only going to advertise its best external paths via iBGP. If it has selected your other BGP speaker as its best path, it will not (currently) advertise the externals that are not the best path. If you examine your BGP RIB closely, you should be able to find routes where the BGP speaker has both paths present. Regards, Tony In addition to Tony's answer there is one other reason for this to occur - too little memory in one of the routers. If memory runs out in one of them then it can't install all the routes it needs to but you should see some error message in the log. But Tony's is the more logical explanation. -Hank ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/