Re: [c-nsp] WS-X6724-SFP and 7600 S Chassis with RSP720-3CXL
Gert Doering wrote on Saturday, February 16, 2008 1:25 PM: Hi, On Sat, Feb 16, 2008 at 01:04:13PM +0200, Saku Ytti wrote: And actually, as another poster pointed out, ES20 isn't 10k more, but same price as SIP600+1x10GE. Which makes it actually quite interesting (... if it would work with SXF/SXH software, but that's a separate issue). Can the ES20 interfaces do MAC accounting? yes, according to http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/es20lc/bald ovw.htm#wp1104186 oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Windows networking across subnets
I'm not sure what's your scenario, but I'll describe you a working one A router wih both subnets on the same interface, such as: interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip address 192.168.2.1 255.255.255.0 secondary ip directed-broadcast ! Then, from a PC with the IP address 192.168.1.2 open the StartRun window and type \\192.168.2.2 (make sure that PC has some shared folder) This way there's no reason you can't see the other PC sharing, without needing DNS, WINS, AD or whatever... What else do they need? Regards, Ziv -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Blodgett Sent: Thursday, February 14, 2008 8:39 PM To: james edwards Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Windows networking across subnets MS 2000. I am just looking to see if there is a router/network hardware solution for this. The do not want to map drives, they want to see all shares/printers in Network Barrio. Welcome to government. If there is not a network solution that is all I need to know; then it becomes not my problem. Not really a Windows guy either, but if you are running NBT (netbios over tcp), to get all the entries in the network neighborhood you would have to run a WINS server. If you disable NBT in favor of raw smb over TCP, I'm not sure but I'd guess the WINS functionality was put into active directory. Mike james -- *** * Michael Blodgett __ __ _ _ * * WAIL Lab Manager \ \/ /\ |_ _| | * * University of Wisconsin - Madison \ \ /\ / / \| | | | * * Rm 7394, 1210 W. Dayton \ \/ \/ / /\ \ | | | | * * Madison, WI, 53705\ /\ / \ _| |_| | * * 608-658-4093 \/ \/_/\_\_|__| * * [EMAIL PROTECTED]* *** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DHCP Option 82 Oddities
Don't you know that every vendor will call an unresolved or less important bug a feature? Therefore there won't be any fixes, because you don't fix something if it's not broken... :) Ziv -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Travis Sent: Thursday, February 14, 2008 8:29 PM To: [EMAIL PROTECTED] Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] DHCP Option 82 Oddities I had seem that document. I was hoping someone would have a fix to this feature ;) On Thu, Feb 14, 2008 at 4:09 AM, [EMAIL PROTECTED] wrote: We just turned on DHCP Option 82 on our Cisco switches and we are seeing some oddities in the logs. The switch seems to relay the incorrect port number to the logs. For instance, if a device is connected to 1/0/4, the logs will show 1/0/6. The difference of 2 is consistent until we get to higher port numbers, around port 24. At that point the difference increases to 4. So if a device is connected to 1/0/40, the log says it's connected to 1/0/44. Has anyone else encountered this error? Is there anything that has to be configured on the switch to fix this? It seems to be an error in the way the switch relays the information. This is documented (well, at least part of it), and therefore it's a feature not a bug :-) See for instance http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00808e0574.html#wp1069615 In the port field of the circuit-ID suboption, the port numbers start at 3. For example, on a switch with 24 10/100 ports and small form-factor pluggable (SFP) module slots, port 3 is the Fast Ethernet x/0/1 port, port 4 is the Fast Ethernet x/0/2 port, and so forth, where x is the stack member number. Port 27 is the SFP module slot x/0/1, and so forth. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HSRP With Multicast
On Sat, Feb 16, 2008 at 08:29:27PM +0530, Hitesh Vinzoda wrote: Hi, I m having a HSRP running between two 4507 and PIM Sparse on SVI's of both the interface. I had configured Static RP for multicast for a specific group. Now the problem is when PIM Sparse is enabled on HSRP interfaces (SVI's on both 4507 ) multicast doesnt work. when i remove from any one of them, it works !!! Can neone tell me that whether it is problem with DR ( Designated router) or what... i want to have PIM Sparse enabled on both the SVI's. Thanks in advance Ronnie See http://tinyurl.com/yv38qc IP Multicast - Why Doesn't PIM Sparse Mode Work with a Static Route to an HSRP Address? Document ID: 13783 Faced myself in a similar situation and had to change to dynamic routing protocols to get pim sparse mode to work. hth Reinhold ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Switch 3750-24p / ratelimit and/or traffic shaping
Hi, I'm not (yet) familiar with Cisco switches... but what is the best solution to do ratelimit/shaping on one interface... The goal is to limit the bandwith for one computer connected on one interface... For example, to authorize max 5 Mbits for this computer (incoming and outgoing traffic)... If you have some documentation or a example (better)... it will be great ;) Thanks in advance. -- Cedric Gavage -- openpgp: 0x92B34D5E ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Switch 3750-24p / ratelimit and/or traffic shaping
Cedric Gavage wrote: The goal is to limit the bandwith for one computer connected on one interface... For example, to authorize max 5 Mbits for this computer (incoming and outgoing traffic)... The best you can hope for is to rate-limit outbound traffic to the PC and police it inbound from the PC. Policing will impact TCP flows pretty badly. Assuming a 100Mbps connection to the PC: policy-map police-5mbps class class-default police 500 bc 8000 exceed-action drop int fa x/y srr-queue bandwidth limit 10 service-policy input police-5mbps Note: 'srr-queue bandwidth limit' specifies a percentage of the port speed which will be used for egress rate limiting. 10 is the minimum value - so in this example, assuming a 100Mbps connection, traffic will be limited to 10Mbps. If you forced the port to 10Mbps you could limit it to 5Mbps by setting the limit to '50'. Alternatively if all traffic to this PC is always entering the switch via a known port you could apply an ingress policy-map with a policer at that point. Check the software configuration guide for the particular IOS version you're running on the 3750 for more info. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Windows networking across subnets
At 01:39 PM 2/14/2008, Mike Blodgett wrote: MS 2000. I am just looking to see if there is a router/network hardware solution for this. The do not want to map drives, they want to see all shares/printers in Network Barrio. Welcome to government. If there is not a network solution that is all I need to know; then it becomes not my problem. Not really a Windows guy either, but if you are running NBT (netbios over tcp), to get all the entries in the network neighborhood you would have to run a WINS server. If you disable NBT in favor of raw smb over TCP, I'm not sure but I'd guess the WINS functionality was put into active directory. WINS is old technology from Windows NT and hasn't been needed for WAN networking with Windows since 2000. If you are using active directory and only use Windows 2000/2003/2008/XP/Vista computers and haven't restricted any ports needed by Windows networking, just set the remote side to use the AD servers for DNS and the remote machines will register themselves and everything will just work. Obviously, all computers you want to talk need to have their default gateway and netmask set appropriately too. -Robert Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Well done is better than well said. - Benjamin Franklin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10G vs. EtherChannel over WDM MUX on 7600
The Etherchannel depends on your traffic makeup. If you have a ton of traffic between two hosts, then it's not going to do you much good. For something like an Internet distribution of src/dst it works very well. You should have no issues with Etherchannel over CWDM, it's agnostic to the transport mechanism, and many have done it beofre. A passive CWDM mux is going to be a little cheaper than buying 10G cards for the 7600, and offers more flexibility. That being said I'd probably do the 10G straight away if you have the money to do so, but Etherchannel +CWDM has some additional benefits when it comes to protection against interface failure. Phil On Feb 16, 2008, at 11:05 AM, Zahid Hassan wrote: Dear All, I am trying to increase bandwidth between my 7600s running as PE/P routers with 1G line cards terminating dark fibre links. I am exploring the following two options: Option I - - replace the 1G lines cards with 10G on the 7600s - terminate the dark fibre links on the 10G line cards Option II -- - terminate the dark fibre links on passive CWDM MUX - EtherChannel multiple 1G interfaces over CWDM MUX My main concern is about the efficiency of different load-balancing algorithm offered in the EtherChannel technology in terms of maximum achievable bandwidth. Also, is there any issues of running Etherchannel over passive CWDM MUX ? I will be really grateful for any comments or inputs on this. Regards, Zahid ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10G vs. EtherChannel over WDM MUX on 7600
Phil On Feb 16, 2008, at 11:05 AM, Zahid Hassan wrote: Dear All, I am trying to increase bandwidth between my 7600s running as PE/P routers with 1G line cards terminating dark fibre links. I am exploring the following two options: Option I - - replace the 1G lines cards with 10G on the 7600s - terminate the dark fibre links on the 10G line cards Do the 1G cards have to come out? See below. Option II -- - terminate the dark fibre links on passive CWDM MUX - EtherChannel multiple 1G interfaces over CWDM MUX If you were to run *D* WDM, you could run 10G and 1G MUXed over the same fibre, offering card/xenpak failure protection, giving you some connectivity in the event of a 10G failure. Or even multiple 10G, to save you from individual XenPak, but perhaps not linecard failure. Depends how much money you want to spend, and what your topology is. I've 1G links running alongside my 10G, as all my 10G in each chassis is on one card, and I decided that all my eggs in one slot was not too clever an idea (as rare as linecard failures seem to be ;) ). That said, I've lots of pairs, as it's a campus environment, and I just added the 10G alongside my existing 1G links. -- ian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Bizarre MPLS label problem, hex value?
Hi, I've tried all the MPLS troubleshooting docs I've been able to find, and hard resets of BGP sessions, but I must be missing something. I have four routers in a row, A B C D, I want packets to go inside a VRF from A to D. Packets travel from B to D without any problem, but not from A to D. My problem is general over all the VRFs I have tested. I've chosen as example a vrf in which all the routers concerned have interfaces (so they're all PE routers . . . that's not a problem, is it?) A#sh ip cef vrf ${vrf} 0.0.0.0 0.0.0.0 0.0.0.0/0, version 109, epoch 0, cached adjacency ${B as seen from A} 0 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Recursive rewrite via ${D loopback} 0x20, tags imposed {413} via ${D loopback}, 0 dependencies, recursive next hop ${B as seen from A}, GigabitEthernet0/1.7 via ${D loopback}/32 valid cached adjacency tag rewrite with Recursive rewrite via ${D loopback} 0x20, tags imposed {413} What does that 0x20 mean?? I would have expected something like what I get when I try the same diagnostics starting from router B : B#sh ip cef vrf ${vrf} 0.0.0.0 0.0.0.0 0.0.0.0/0, version 105, epoch 0, cached adjacency ${C as seen from B} 0 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Fa6/0, ${C as seen from B}, tags imposed: {396 413} via ${D loopback}, 0 dependencies, recursive next hop ${C as seen from B}, FastEthernet6/0 via ${D loopback}/32 valid cached adjacency tag rewrite with Fa6/0, ${C as seen from B}, tags imposed: {396 413} C#sh mpls forwarding-table labels 396 Local OutgoingPrefixBytes tag Outgoing Next Hop tagtag or VC or Tunnel Id switched interface 396Pop tag ${D loopback}/32 157406938041 Fa1/0 ${D seen from C} D#sh mpls forwarding-table labels 413 Local OutgoingPrefixBytes tag Outgoing Next Hop tagtag or VC or Tunnel Id switched interface 413Untagged0.0.0.0/0[V] 1076956933 Fa0/0.12 192.168.12.4 If I understand correctly, the MPBGP session between A and D is OK, but something is stopping A from learning the local tag on B . . . the local tag that I would have expected to see instead of VPN-route-head when I did the sh ip cef on B. The BGP sessions between the two look OK : B#sh ip bgp ne ${A loopback} | b For address family: VPNv4 Unicast For address family: VPNv4 Unicast BGP table version 449551, neighbor version 449551 Index 1, Offset 0, Mask 0x2 peer-group-mpls peer-group member Sent Rcvd Prefix activity: Prefixes Current: 0 59 (Consumes 3840 bytes) Prefixes Total:88 59 Implicit Withdraw: 88 0 Explicit Withdraw: 0 0 Used as bestpath: n/a 60 Used as multipath:n/a 0 OutboundInbound Local Policy Denied Prefixes:--- VPN Imported prefix: 29n/a Bestpath from this peer: 59n/a Bestpath from iBGP peer: 2624n/a Total: 2712 0 Number of NLRIs in the update sent: max 29, min 0 Connections established 7; dropped 6 Last reset 01:42:21, due to Peer closed the session Connection state is ESTAB, I/O status: 1, unread input bytes: 0 A#sh ip bgp ne ${B loopback} | b For address family: VPNv4 Unicast For address family: VPNv4 Unicast BGP table version 419097, neighbor version 419097 Index 1, Offset 0, Mask 0x2 peer-group-mpls peer-group member Sent Rcvd Prefix activity: Prefixes Current: 60 44 (Consumes 2816 bytes) Prefixes Total:60 88 Implicit Withdraw: 60 44 Explicit Withdraw: 0 0 Used as bestpath: n/a 43 Used as multipath:n/a 0 OutboundInbound Local Policy Denied Prefixes:--- Suppressed duplicate: 0 44 VPN Imported prefix: 19n/a Bestpath from this peer: 1n/a Bestpath from iBGP peer: 2374n/a Total: 2394 44 Number of NLRIs in the update sent: max 61, min 0 Connections established 4; dropped 3 Last reset
Re: [c-nsp] cisco-nsp Digest, Vol 63, Issue 71
Anyone seen this: Have a router set up with one static NAT translation for remote access. About every other day, the ability to RDP in from the outside is lost. To restore, I have to no the command and then re-enter it. And then it works. no other functionality is lost (site-to-site VPN, user access to Internet, default gateway, etc., all remain good). I have looked at the debug options but it seems with nat, it is either all or nothing.which plays havoc with a syslog server. Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SmartNet coverage on Cisco's chassis-based products
On Mon, Feb 11, 2008 at 05:28:09PM -0600, Justin Shore wrote: Tony Varriale wrote: Are they cheaper once you buy the software license? Let's not forget, the software license is not transferrable. That's a typical oops not only in this method but from 3rd party resellers. This may be blasphemy here but I'm really surprised that no one has ever taken the big C to court on this particular issue because C would almost certainly lose. It's difficult for a customer to initiate the legal action, because they'd be asking the court to rule on a hypothetical (i.e. asking the court to declare that if the customer were to attempt to use a transferred license, they'd not be violating any of Cisco's rights) or publicly stating that they had breached Cisco's interpretation and asking the court to say that no violation of Cisco's rights had occurred. Courts don't generally do that (and, in the latter case, a company probably wouldn't publicly admit their violation of Cisco's interpretation, because there's no advantage do doing so). What courts are good at is ruling on actual claims. So, here, what we'd need is for (1) Cisco to demand a relicensing fee from a customer using transferred software, (2) that customer to refuse to pay, and (3) Cisco to sue that customer. That's unlikely to happen, becasue the risk/reward to Cisco for filing suit just isn't there. If Cisco sues and loses, then everyone starts transferring licenses, because a judge said it was legal. That's a big risk, considering that currently, most customers play by Cisco's interpretation already, just out of fear that Cisco might win. So, basically, the potential reward of suing is that the small percentage of people running on transferred licenses would start paying; the risk is that a judge tells the world that Cisco's interpretation is unenforcable. There's no reason at all for Cisco to take the risk. Microsoft fought that battle against people selling the copy of Windows that came bundled with their PC or their PC and OS when they bought a new model. MS lost and set a perfect precedent. The courts found that the Doctrine of first sale does apply to OSs and bundled software. (see Softman v. Adobe) Just because C calls it a license doesn't mean that it actually is. To be clear, I think Cisco's position is unenforcable and that they'd lose in court. But the situation with Cisco is more complicated, because customers with SmartNet often aren't running the IOS that came with the box; they've upgraded (as allowed by their SmartNet contract) over time. While the right to transfer the software that came with the box might be clearly established, the right to transfer the software obtained pursuant to a SmartNet contract isn't as clear. Not that I want to take on the Big C. It is something that I've wondered about for years. If MS, Adobe and others were slapped down by the courts on this very thing then why not the Big C? Cisco hasn't make the mistake of suing anyone. -- Brett ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bizarre MPLS label problem, hex value?
Nathan wrote on Monday, February 18, 2008 12:59 AM: Hi, I've tried all the MPLS troubleshooting docs I've been able to find, and hard resets of BGP sessions, but I must be missing something. I have four routers in a row, A B C D, I want packets to go inside a VRF from A to D. Packets travel from B to D without any problem, but not from A to D. My problem is general over all the VRFs I have tested. I've chosen as example a vrf in which all the routers concerned have interfaces (so they're all PE routers . . . that's not a problem, is it?) No, it's not. B and C will act as P routers for an LSP from A to D. A#sh ip cef vrf ${vrf} 0.0.0.0 0.0.0.0 0.0.0.0/0, version 109, epoch 0, cached adjacency ${B as seen from A} 0 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Recursive rewrite via ${D loopback} 0x20, tags imposed {413} via ${D loopback}, 0 dependencies, recursive next hop ${B as seen from A}, GigabitEthernet0/1.7 via ${D loopback}/32 valid cached adjacency tag rewrite with Recursive rewrite via ${D loopback} 0x20, tags imposed {413} What does that 0x20 mean?? I don't know offhand, but in order to proceed, you need to follow the recursion to find out the outer (IGP/LDP) label of the packet. The 413 shown above is the vpn label received via MBGP. A seems to have multiple paths to D, so the final label stack will be determined at run-time. Please do show ip cef ${D loopback} on A to find out. I would have expected something like what I get when I try the same diagnostics starting from router B : B#sh ip cef vrf ${vrf} 0.0.0.0 0.0.0.0 0.0.0.0/0, version 105, epoch 0, cached adjacency ${C as seen from B} 0 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Fa6/0, ${C as seen from B}, tags imposed: {396 413} via ${D loopback}, 0 dependencies, recursive next hop ${C as seen from B}, FastEthernet6/0 via ${D loopback}/32 valid cached adjacency tag rewrite with Fa6/0, ${C as seen from B}, tags imposed: {396 413} B only has a single IGP path to D, so the full label stack is printed. C#sh mpls forwarding-table labels 396 Local OutgoingPrefixBytes tag Outgoing Next Hop tagtag or VC or Tunnel Id switched interface 396Pop tag ${D loopback}/32 157406938041 Fa1/0 ${D seen from C} D#sh mpls forwarding-table labels 413 Local OutgoingPrefixBytes tag Outgoing Next Hop tagtag or VC or Tunnel Id switched interface 413Untagged0.0.0.0/0[V] 1076956933 Fa0/0.12 192.168.12.4 If I understand correctly, the MPBGP session between A and D is OK, but something is stopping A from learning the local tag on B . . . the local tag that I would have expected to see instead of VPN-route-head when I did the sh ip cef on B. As explained above: A looks to have multiple IGP paths, so you need to do the recursion yourself and verify all possible paths. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA 7.2(3) SNMP issues?
Hi, On Saturday, February 16, 2008 6:38 AM, [EMAIL PROTECTED] wrote: On Fri, 15 Feb 2008, Brian Landers wrote: On Feb 15, 2008, at 11:37 AM, Jeff Kell wrote: Recently upgraded 7.2(2) - 7.2(3)12 and our network monitors stopped reading interface stats off the ASAs. Anyone know of any issues? We can get system status fine, so it's not an SNMP permissions issue; but interface stats disappeared. We saw the same issue when going from 7.2(3) - 7.2(3)12. Going back to 7.2(3) release fixed it. Nothing I can find in Bug Toolkit or the 7.2(3) interim release notes to explain it, though. I also ran into this; it appears you can snmpwalk the counters in IF-MIB but you can't snmpget them: % snmpwalk -v 2c -c blah asa .1.3.6.1.2.1.31.1.1.1.6 IF-MIB::ifHCInOctets.1 = Counter64: 11871409813 IF-MIB::ifHCInOctets.2 = Counter64: 58711253205 IF-MIB::ifHCInOctets.3 = Counter64: 504682365 IF-MIB::ifHCInOctets.4 = Counter64: 2510676 IF-MIB::ifHCInOctets.5 = Counter64: 0 % snmpget -v 2c -c blah asa .1.3.6.1.2.1.31.1.1.1.6.1 IF-MIB::ifHCInOctets.1 = No Such Instance currently exists at this OID I keep forgetting to submit the bug to Cisco, mostly because 7.2(3) works well enough for me and our particular configs aren't affected by the security issue it has... yes, there is a bug: Version 7.2.3.12 is affected by bug CSCsl88067 which is the issue you are having. From TAC you got the image 7.2.3.17, there is this issue fixed. Regards, Frank ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Windows networking across subnets
On 2/17/08, Robert Boyle [EMAIL PROTECTED] wrote: At 01:39 PM 2/14/2008, Mike Blodgett wrote: MS 2000. I am just looking to see if there is a router/network hardware solution for this. The do not want to map drives, they want to see all shares/printers in Network Barrio. Welcome to government. If there is not a network solution that is all I need to know; then it becomes not my problem. Not really a Windows guy either, but if you are running NBT (netbios over tcp), to get all the entries in the network neighborhood you would have to run a WINS server. If you disable NBT in favor of raw smb over TCP, I'm not sure but I'd guess the WINS functionality was put into active directory. WINS is old technology from Windows NT and hasn't been needed for WAN networking with Windows since 2000. If you are using active directory and only use Windows 2000/2003/2008/XP/Vista computers and haven't restricted any ports needed by Windows networking, just set the remote side to use the AD servers for DNS and the remote machines will register themselves and everything will just work. Obviously, all computers you want to talk need to have their default gateway and netmask set appropriately too. -Robert He will need a WINS server if he is wanting what I think he is (I'm a network guy but our shop is an enterprise windows 2003 AD setup). What he is most likely wanting is to beable to see other computers on differnet subnets through network neighborhood. There is only two ways to get that to happen. 1) Set up a WINS server and point all clients to that. 2)Have all clients be in the same broadcast domain or use IP-helper command to forward all broadcasts to the subnet that has the DHCP servers (if there are any). This will then allow you to view computers in network neighborhood. We had to do the ip helper setup since the boss didn't want a WINS server. Also without broadcast forwarding or a WINS server certain windows based tools won't work correct if they have to emunerate computers/roles or users. HTH Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/