Re: [c-nsp] GE Copper in 7140
On Mon, 31 Mar 2008, Kris Amy wrote: Just wondering what is the easiest/cheapest way to add Gig-e (copper) to a 7140? I'm not sure if the WS5482 or WS5483 is supported in a PA-GE. Copper GBICs are not supported in the PA-GE, but it works anyway (there are numerous references to people who have tried if you google a bit). That is the only way I can think of. -- Mikael Abrahamssonemail: [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat6500 - Support for MPLS and IPv6
Hi, On Sun, Mar 30, 2008 at 10:52:04PM -0400, Juno Guy wrote: It is my understanding that somewhere after the 12.2SX release MPLS and IPv6 will no longer be supported on the 6500 (but will continue to be supported on the 7600 as I understand). Well, as far as I understand, this is currently not the case, and I haven't seen any announcement to that extent. (Except as has already been written: the *modular* variant of SXF had no support for either, but that was not yet, and not not any longer). OTOH, personally, I have great distrust for the 7600/6500 BUs, and it wouldn't surprise me to come to a point in the future where I need to decide do I want support for 32 bit AS numbers, or do I want support for my existing hardware. Cisco needs to do a *lot* to get back the customer trust that these two BUs have destroyed. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgp1JA44zszNn.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2 SRC opinions?
Hello! On Sun, Mar 30, 2008 at 01:43:43PM +0200, Andrew Alston wrote: Just thought I would add to the SRC issue list real quick. I've just had a router with SRC running on it do something really weird (and painful). I changed a route-map to add an entry and permit an additional prefix. I soft cleared the bgp session outbound, prefix still refused to announce. I hard cleared the bgp session, it came back up, but then refused to announce *ANY* prefix's I wrote the config, and did a reload. BGP session came back up and it announced all the original prefix's but the new ones . I seen exactly the same bug... :( I already open a TAC case but still wait for solution. As workaround You may delete entire BGP neighbor configuration and recreate it again, no need to reload. I agree thats Cobra is very buggy and it should be used as last resort only software. -- Dmitry Kiselev ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IOS XR Multicast RPF Check
Does anyone know the algorithm used to calculate the RPF interface in IOS XR? It does not appear to select the route with the lowest AD, unlike other IOS versions such as 12.0S. Seems to simply prefer multicast routes over unicast routes (e.g. mbgp over unicast bgp) without performing any initial AD check. Thanks, Paul. -- HEAnet Limited Ireland's Education Research Network 5 George's Dock, IFSC, Dublin 1, Ireland Tel: +353.1.6609040 Web: http://www.heanet.ie Company registered in Ireland: 275301 Please consider the environment before printing this e-mail. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7609 6000W-DC PWR supply cabling Question
Hi all The 6000W-DC power supply takes four pairs of 4AWG PWR cables, my question is the following. Which way is this setup cabled? 1. all 4 pairs of cables going back to a single circuit breaker of ( 6000/48 = 125Amp ) 2. each pair of cables going back to a separate circuit breaker of ( 6000/4 = 1500/48 = 31.25 Amp ) I am not an electrical guy but I would have thought that the idea is that the breaker trips before the cable burns, so I would assume option 2? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] concentrator issues since PUBLIC interface move
Whenever you change a subnet (network); you need to check to check/update the following.. Update your routing table accordingly. Update concentrator or between router access lists. Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Ingram Sent: Monday, March 31, 2008 3:50 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] concentrator issues since PUBLIC interface move since I moved the public interface to another subnet I'm having issues with all my site to site vpn's that were active prior to the move. I went to all the remote sites and changed my address and reset each site. Now I have all sites connected however, TX data only. I'm running code 4.x on the concentrator and all other remote client access is ok just the site to site VPNs. IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ppp limit ccp
Joe Maimon wrote on Monday, March 31, 2008 3:26 PM: Anybody know exactly what this command does? Cant find it documented. router(config)#ppp limit ccp ? 1-8000 Number of CCP sessions allowed as the name suggests, one can limit the number of PPP sessions where compression is negotiated as CCP is very expensive from a performance point of view.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ppp limit ccp
CCP refer to Compression Control Protocol, so i guess the command refers to the max number of ppp sessions with compression enabled. It's probably used to keep the cpu usage down. -- Tassos Joe Maimon wrote on 31/3/2008 4:26 μμ: Anybody know exactly what this command does? Cant find it documented. router#conf t Enter configuration commands, one per line. End with CNTL/Z. router(config)#ppp ? limit Set the limit router(config)#ppp l router(config)#ppp limit ? ccp Max. number of CCP sessions allowed router(config)#ppp limit cc router(config)#ppp limit ccp ? 1-8000 Number of CCP sessions allowed router(config)#ppp limit ccp ? 1-8000 Number of CCP sessions allowed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7609 6000W-DC PWR supply cabling Question
On Mon, 31 Mar 2008, William Jackson wrote: The 6000W-DC power supply takes four pairs of 4AWG PWR cables, my question is the following. Which way is this setup cabled? 1.all 4 pairs of cables going back to a single circuit breaker of ( 6000/48 = 125Amp ) 2.each pair of cables going back to a separate circuit breaker of ( 6000/4 = 1500/48 = 31.25 Amp ) I am not an electrical guy but I would have thought that the idea is that the breaker trips before the cable burns, so I would assume option 2? I can't speak specifically to the needs of DC, but in the AC world, that same power supply takes two 208V or 240V 20A circuits to fully energize the unit. Since the AC distro plant is centered around 120VAC 3-phase power, each one of those circuits will take up two breaker positions and each pair will be phased the same way. The 6500s are fitted out with dual power supplies, with one being fed with a pair of circuits from one output panel and the other pair from another panel. I would think in a DC environment you'd want all of the circuits for one power supply to come from one breaker panel, but separate breakers, then feed the second supply from another breaker panel. The reason for this is that if you feed one supply from more than one breaker panel, the power supply might be taken out of service if it's only partially energized. I'd think you would want the feed from the rest of your DC distro plant to the breaker panel to be sized and fused high enough to handle the combined draw of all of your output circuits, or whatever margins are dictated by your local building/electrical codes. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7609 6000W-DC PWR supply cabling Question
William Jackson wrote: Which way is this setup cabled? 1.all 4 pairs of cables going back to a single circuit breaker of ( 6000/48 = 125Amp ) Even if all 4 were on the same breaker, you'd distribute your current across all four pairs. I am not an electrical guy but I would have thought that the idea is that the breaker trips before the cable burns, so I would assume option 2? Each of the four pairs should return to their own dedicated breaker. They should, however, be all fed off the same bus. Cisco's site should have the install guides for the PSU somewhere. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Configuration Guidelines for QoS Service Classes
I'm looking for various L2/L3 QoS guidelines, regarding the DSCP/CoS values used in a network. Cisco QoS baseline (http://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper0900aecd80295a9b.pdf) defines specific values for different classes of traffic. RFC 4593 (http://tools.ietf.org/html/rfc4594) defines different values for some of the traffic classes. IEEE Std 802.1D-2004 (http://www.dcs.gla.ac.uk/~lewis/teaching/802.1D-2004.pdf) defines even more different values for some of the traffic classes. What are you guys using? Are you following any of the standards or you have your own? -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ppp limit ccp
Oliver Boehmer (oboehmer) wrote: Joe Maimon wrote on Monday, March 31, 2008 3:26 PM: Anybody know exactly what this command does? Cant find it documented. router(config)#ppp limit ccp ? 1-8000 Number of CCP sessions allowed as the name suggests, one can limit the number of PPP sessions where compression is negotiated as CCP is very expensive from a performance point of view.. oli Thanks, I suppose, sounds right. I found it while looking for something to counteract the effect of a mismatch configuration, where provider side is configured for mlppp with authentication and the customer isnt. Apparently, ppp events clocked in at 99% CPU utilization, which is a little eyebrow raising. Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7609 6000W-DC PWR supply cabling Question
On Mon, Mar 31, 2008 at 01:39:31PM +0200, William Jackson wrote: The 6000W-DC power supply takes four pairs of 4AWG PWR cables, my question is the following. Which way is this setup cabled? 1.all 4 pairs of cables going back to a single circuit breaker of ( 6000/48 = 125Amp ) 2.each pair of cables going back to a separate circuit breaker of ( 6000/4 = 1500/48 = 31.25 Amp ) Each pair would go back to a seperate breaker. If you are expecting a max draw of 31.25A, you'll need a 40A breaker on each. You'd be able to get away with 5AWG, but 4AWG is probably more commonly found. Typically, you are feeding the rack with an A and B power feed anyway, but in this case, the tech note in the installation manual says you need to feed all 4 pairs for each from the same feed, so one PEM from A feed, and the other PEM from the B feed. I guess Cisco just didn't feel like requiring 00AWG cable from its customers or whatever is needed to handle it in one shot for this beast. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2 SRC opinions?
SRC (supposedly) has fixes for a couple of annoying SRB(1|2) issues at least: CSCsh60112 - static route to null0 does not get re-inserted into RIB after sso CSCsk55892 - OSPF neighbors flaps on ABR for NSSA area Right now I'm not using these in a border role so there's not much use of prefix-lists or route-maps, hopefully the platform will mature some before we look at using 7600s to replace our aging GSR borders. ~Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitry Kiselev Sent: Monday, March 31, 2008 2:50 AM To: Andrew Alston Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 12.2 SRC opinions? Hello! On Sun, Mar 30, 2008 at 01:43:43PM +0200, Andrew Alston wrote: Just thought I would add to the SRC issue list real quick. I've just had a router with SRC running on it do something really weird (and painful). I changed a route-map to add an entry and permit an additional prefix. I soft cleared the bgp session outbound, prefix still refused to announce. I hard cleared the bgp session, it came back up, but then refused to announce *ANY* prefix's I wrote the config, and did a reload. BGP session came back up and it announced all the original prefix's but the new ones . I seen exactly the same bug... :( I already open a TAC case but still wait for solution. As workaround You may delete entire BGP neighbor configuration and recreate it again, no need to reload. I agree thats Cobra is very buggy and it should be used as last resort only software. -- Dmitry Kiselev ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] mlppp performance
Hi, I'm bonding (4) aDSL lines at a customer location and am only seeing about 66 - 75% of the performance I was expecting. Is this normal? I wonder if an IOS upgrade will help things. I actually have two customer locations experiencing the same issue. The client routers are 2811's with 512MB RAM running IOS 12.3(8)T6. They are plain vanilla configs, running at ~2% CPU with lots of memory to spare. The head end is a 7205 / NPE200 w/ 128MB RAM and IOS 12.3(15b), terminating about 100 ATM aDSL lines. CPU is at about 14% and memory utilization is low. The head end reports: Multilink3, Bundle up for 11:29:07, 1/255 load Receive buffer limit 48768 bytes, frag timeout 1000 ms 0/0 fragments/bytes in reassembly list 5 lost fragments, 1046793 reordered 0/0 discarded fragments/bytes, 0 lost received 0x30FA03 received sequence, 0x4C98A7 sent sequence Member links: 4 active, 1 inactive (max not set, min not set) Vi7, since 11:29:07 Vi8, since 11:29:05 Vi4, since 11:28:59 Vi9, since 11:27:50 Vt3 (inactive) Customer end: Multilink1, Endpoint discriminator is xxx Bundle up for 11:28:50, 7/255 load Receive buffer limit 48768 bytes, frag timeout 1000 ms 0/0 fragments/bytes in reassembly list 137 lost fragments, 1453838 reordered 86/57363 discarded fragments/bytes, 0 lost received 0x4C7B86 received sequence, 0x30F120 sent sequence Member links: 4 active, 1 inactive (max not set, min not set) Vi4, since 11:28:48 PPPoATM link, ATM PVC 0/35 on ATM0/3/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vi5, since 11:28:42 PPPoATM link, ATM PVC 0/35 on ATM0/0/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vi6, since 11:27:33 PPPoATM link, ATM PVC 0/35 on ATM0/2/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vi3, since 11:28:50 PPPoATM link, ATM PVC 0/35 on ATM0/1/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vt1 (inactive) Thanks for any insight. Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SP Labs (was: 7600 Questions)
I have one exact replica of everything in my lab. By lab you mean production network, right? ;) From: Justin Shore [EMAIL PROTECTED] Date: Thu, 27 Mar 2008 23:55:48 -0500 To: Jared Mauch [EMAIL PROTECTED] Cc: cisco-nsp@puck.nether.net Subject: [c-nsp] SP Labs (was: 7600 Questions) Jared Mauch wrote: On Thu, Mar 27, 2008 at 09:47:44PM -0500, Justin Shore wrote: http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet0 900aecd8057f3b6.html There are a couple tables on that page. Compare that with the numbers on this page and you should get the technical differences. http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_dat a_sheet09186a0080159856_ps4835_Products_Data_Sheet.html The RSP has twice the CPU, twice the RAM for the RP, and twice the NVRAM. Bottom line is that the new version of the Sup is the same price as the old version. No sense in buying the old one unless you just want to make the color scheme on the cards match up. :-) Or unless you have sparing/logistics economies of scale. What I'd give to have spares... I'm curious, how many SPs out there have labs to test out new code, new deployment options and concepts, burn in new gear, recreate bugs, etc? I'm trying to justify the purchase of some spare hardware to be used as lab equipment. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This email and any attachments (Message) may contain legally privileged and/or confidential information. If you are not the addressee, or if this Message has been addressed to you in error, you are not authorized to read, copy, or distribute it, and we ask that you please delete it (including all copies) and notify the sender by return email. Delivery of this Message to any person other than the intended recipient(s) shall not be deemed a waiver of confidentiality and/or a privilege. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Vlan interface vs. sub-interface
I'm trying to put together a table of advantages (and disadvantages) of a vlan interface (SVI) vs. a sub-interface of a physical port. So far, I have the following. SVI Advantage: -Ability to add redundant link to the L3 interface -Better counter and statistics displayed through CLI Disadvantage: -Need to be mindful of Spanning Tree issues on redundant links -The number of SVI supported maybe limited dependent on platform? Physical port sub-interface - Advantage: -Easier to configure and supported on more platforms? Disadvantage: -Inability to add L2 redundant links -Statistics on CLI limited -Bandwidth limited to physical port Are there more significant advantages/disadvantages (e.g. buffer limit, queue depth) that I'm missing? Thanks, Nate ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EasyVPN IOS-ASA55xx
Hi William, On Mon, 2008-03-31 at 14:24 +0100, William wrote: Hi List, With the help of Kaj I was able to resolve the authentication issue. I'm now having an access-list issue I think... It seems the user can connect from behind their 800 router to our network but we cannot make a connection back to them, the behavior is like when you have EasyVPN on 'client mode'. For example when we try to ping we get: %ASA-3-106014: Deny inbound icmp src inside:11.11.11.1 dst inside:22.22.22.2 (type 8, code 0) Do you have the icmp permit net type interface commands in your configuration? There was no access-list applied to the inside, so I did the following for testing: access-list inside_access_in extended permit ip any any then access-group inside_access_in in interface inside The access-list is getting hit but I'm still getting denys in the logs. I can't see what else could be stopping the packets? You have to allow ICMP separately, an ACL entry is not enough I'm afraid. A little un-intuitive, but that's Cisco. :-) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2 SRC opinions?
I'm seeing the same behavior in SRB2 and have a TAC case open as well. Jim Munroe -Original Message- From: Dmitry Kiselev [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2008 3:50 AM To: Andrew Alston Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 12.2 SRC opinions? Hello! On Sun, Mar 30, 2008 at 01:43:43PM +0200, Andrew Alston wrote: Just thought I would add to the SRC issue list real quick. I've just had a router with SRC running on it do something really weird (and painful). I changed a route-map to add an entry and permit an additional prefix. I soft cleared the bgp session outbound, prefix still refused to announce. I hard cleared the bgp session, it came back up, but then refused to announce *ANY* prefix's I wrote the config, and did a reload. BGP session came back up and it announced all the original prefix's but the new ones . I seen exactly the same bug... :( I already open a TAC case but still wait for solution. As workaround You may delete entire BGP neighbor configuration and recreate it again, no need to reload. I agree thats Cobra is very buggy and it should be used as last resort only software. -- Dmitry Kiselev ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EasyVPN IOS-ASA55xx
Hi Peter, I did try the icmp permit commands but that still doesnt fix my issue. I also get DENY's come up in the logs when I try to telnet to the devices over the vpn (on the client 800 end). Regards, William On 31/03/2008, Peter Rathlev [EMAIL PROTECTED] wrote: Hi William, On Mon, 2008-03-31 at 14:24 +0100, William wrote: Hi List, With the help of Kaj I was able to resolve the authentication issue. I'm now having an access-list issue I think... It seems the user can connect from behind their 800 router to our network but we cannot make a connection back to them, the behavior is like when you have EasyVPN on 'client mode'. For example when we try to ping we get: %ASA-3-106014: Deny inbound icmp src inside:11.11.11.1 dst inside:22.22.22.2 (type 8, code 0) Do you have the icmp permit net type interface commands in your configuration? There was no access-list applied to the inside, so I did the following for testing: access-list inside_access_in extended permit ip any any then access-group inside_access_in in interface inside The access-list is getting hit but I'm still getting denys in the logs. I can't see what else could be stopping the packets? You have to allow ICMP separately, an ACL entry is not enough I'm afraid. A little un-intuitive, but that's Cisco. :-) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EasyVPN IOS-ASA55xx
On Mon, 2008-03-31 at 21:01 +0100, William wrote: I did try the icmp permit commands but that still doesnt fix my issue. I also get DENY's come up in the logs when I try to telnet to the devices over the vpn (on the client 800 end). %ASA-3-106014: Deny inbound icmp src inside:11.11.11.1 dst inside:22.22.22.2 (type 8, code 0) This is an ICMP deny, specifically addressed by the icmp permit commands. If you get denys from TCP connections the log messages will be different. They should actually tell you which ACL denies the traffic. (If it says it's an implicit deny on an interface without an ACL.) Their format (the log message number) could give a clue. I'm just shooting in the dark, but according to the above message the traffic enters and exits the same interface; do you have the same-security-traffic permit intra-interface command for that? Otherwise I'm blank. :-) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GE Copper in 7140
The only reason I need this is to get copper ethernet with an MTU 1500. It seems that the FE ports do not support a custom MTU. Cheers, Kris On 31/03/08 5:13 PM, Mikael Abrahamsson [EMAIL PROTECTED] wrote: On Mon, 31 Mar 2008, Kris Amy wrote: Just wondering what is the easiest/cheapest way to add Gig-e (copper) to a 7140? I'm not sure if the WS5482 or WS5483 is supported in a PA-GE. Copper GBICs are not supported in the PA-GE, but it works anyway (there are numerous references to people who have tried if you google a bit). That is the only way I can think of. -- Cheers, Kris Amy Enterprise IP P: 1300 347 287 F: 07 3018 0282 M: 0411 202 258 E: [EMAIL PROTECTED] ### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.f-secure.com/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GE Copper in 7140
Kris Amy wrote: The only reason I need this is to get copper ethernet with an MTU 1500. It seems that the FE ports do not support a custom MTU. There is tag-switching mtu, if all you need it for is passing MPLS. adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GE Copper in 7140
Hi Adam, We already have that inplace for our MPLS traffic but we need a larger MTU for our VPDN/L2TP backhaul. Cheers, Kris On 1/04/08 9:59 AM, Adam Armstrong [EMAIL PROTECTED] wrote: Kris Amy wrote: The only reason I need this is to get copper ethernet with an MTU 1500. It seems that the FE ports do not support a custom MTU. There is tag-switching mtu, if all you need it for is passing MPLS. adam. -- Cheers, Kris Amy Enterprise IP P: 1300 347 287 F: 07 3018 0282 M: 0411 202 258 E: [EMAIL PROTECTED] ### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.f-secure.com/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mlppp performance
One bit of advice I can offer to this is make sure all 4 lines are exactly the same speed, shape them if you have to, mis-matched speed on mlppp can result is sub optimal performance for the entire bundle. Ben On 01/04/2008, at 4:13 AM, Adam Greene wrote: Hi, I'm bonding (4) aDSL lines at a customer location and am only seeing about 66 - 75% of the performance I was expecting. Is this normal? I wonder if an IOS upgrade will help things. I actually have two customer locations experiencing the same issue. The client routers are 2811's with 512MB RAM running IOS 12.3(8)T6. They are plain vanilla configs, running at ~2% CPU with lots of memory to spare. The head end is a 7205 / NPE200 w/ 128MB RAM and IOS 12.3(15b), terminating about 100 ATM aDSL lines. CPU is at about 14% and memory utilization is low. The head end reports: Multilink3, Bundle up for 11:29:07, 1/255 load Receive buffer limit 48768 bytes, frag timeout 1000 ms 0/0 fragments/bytes in reassembly list 5 lost fragments, 1046793 reordered 0/0 discarded fragments/bytes, 0 lost received 0x30FA03 received sequence, 0x4C98A7 sent sequence Member links: 4 active, 1 inactive (max not set, min not set) Vi7, since 11:29:07 Vi8, since 11:29:05 Vi4, since 11:28:59 Vi9, since 11:27:50 Vt3 (inactive) Customer end: Multilink1, Endpoint discriminator is xxx Bundle up for 11:28:50, 7/255 load Receive buffer limit 48768 bytes, frag timeout 1000 ms 0/0 fragments/bytes in reassembly list 137 lost fragments, 1453838 reordered 86/57363 discarded fragments/bytes, 0 lost received 0x4C7B86 received sequence, 0x30F120 sent sequence Member links: 4 active, 1 inactive (max not set, min not set) Vi4, since 11:28:48 PPPoATM link, ATM PVC 0/35 on ATM0/3/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vi5, since 11:28:42 PPPoATM link, ATM PVC 0/35 on ATM0/0/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vi6, since 11:27:33 PPPoATM link, ATM PVC 0/35 on ATM0/2/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vi3, since 11:28:50 PPPoATM link, ATM PVC 0/35 on ATM0/1/0 Packets in ATM PVC Holdq: 0 , Particles in ATM PVC Tx Ring: 0 Vt1 (inactive) Thanks for any insight. Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlan interface vs. sub-interface
One of the big advantages of sub-interfaces over VLAN interfaces is that if 'VLAN 100' on one port is a totally different network to 'VLAN 100' on another. Using a sub-interface you can configure them as unique L3 interfaces. I've done this a lot with dot1q handoffs, and it works nicely. Is there a mechanism in place for QinQ mappings to a SVI? Never really dealt with that before, but now I'm curious. David Nate wrote: I'm trying to put together a table of advantages (and disadvantages) of a vlan interface (SVI) vs. a sub-interface of a physical port. So far, I have the following. SVI Advantage: -Ability to add redundant link to the L3 interface -Better counter and statistics displayed through CLI Disadvantage: -Need to be mindful of Spanning Tree issues on redundant links -The number of SVI supported maybe limited dependent on platform? Physical port sub-interface - Advantage: -Easier to configure and supported on more platforms? Disadvantage: -Inability to add L2 redundant links -Statistics on CLI limited -Bandwidth limited to physical port Are there more significant advantages/disadvantages (e.g. buffer limit, queue depth) that I'm missing? Thanks, Nate ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] About ipsec error in phase 1
Hi, When we have setup C1812J for IPsec, the phase 1 failed... The below message was generated on facing node. # debug crypto isakmp error ISAKMP: Error while processing SA request: Failed to initialize SA ISAKMP: Error while processing KMI message 0, error 2. ISAKMP:(0):deleting SA reason Death by retransmission P1 state (I) MM_NO_STATE (peer *.*.*.*) I checked the configuration, but it is the same parameter with facing node... In which situation is this error message generate? Regards, HS ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlan interface vs. sub-interface
I've never seen a mixed L2/L3 platform that supported SVIs where you could make subinterfaces and set vlan encapsulation ? David Coulson wrote: One of the big advantages of sub-interfaces over VLAN interfaces is that if 'VLAN 100' on one port is a totally different network to 'VLAN 100' on another. Using a sub-interface you can configure them as unique L3 interfaces. I've done this a lot with dot1q handoffs, and it works nicely. Is there a mechanism in place for QinQ mappings to a SVI? Never really dealt with that before, but now I'm curious. David Nate wrote: I'm trying to put together a table of advantages (and disadvantages) of a vlan interface (SVI) vs. a sub-interface of a physical port. So far, I have the following. SVI Advantage: -Ability to add redundant link to the L3 interface -Better counter and statistics displayed through CLI Disadvantage: -Need to be mindful of Spanning Tree issues on redundant links -The number of SVI supported maybe limited dependent on platform? Physical port sub-interface - Advantage: -Easier to configure and supported on more platforms? Disadvantage: -Inability to add L2 redundant links -Statistics on CLI limited -Bandwidth limited to physical port Are there more significant advantages/disadvantages (e.g. buffer limit, queue depth) that I'm missing? Thanks, Nate ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MST operation...
I am running (2) Cat6509-E's with Sup720-3B's running IOS. They are connected via layer 2 by a (2)10GigE port-channel. Spanning tree is configured via MST with 3 instances - instance 0 (default), instance 1 (roots all odd-numbered VLANs to switch 1 - priority 4096), and instance 2 (roots all even-numbered VLANs to switch 2) - pretty simple configuration. Switch 2 is the secondary for odd-numbered VLANs (priority 8192), and the same is true for switch 1 on the even-numbered VLANs All was well, but we recently upgraded the code from 12.2(18)SXF12a to 12.2(18)SXF13 to address vulnerabilities Cisco published - not a quantum leap in terms of code revision. Now, the root of MST0 is properly situated, but both switches think they are the root for MST1 and MST2. I cannot, as yet, link this change in the operation of spanning-tree to the code upgrade - this is in a lab scenario for the time being. Debugging of spanning-tree events, root, and bpdu's revealed nothing occurring across the port-channel. The operation of the Port-channel seems to be fine from all reports on the switch. Even had a couple of CCIE's at the VAR look at it, and nothing jumped out at them as to being obvious. The switches were rebooted a couple times, and the MST configuration was cleared, and re-entered into the switch. Show spanning-tree MST detail reveals that packets are being exchanged between the two switches on MST 0 over the port-channel, but on MST's 1 2, but switches show transmits, but 0 receives across the port-channel. This has me a bit baffled, and thought I'd throw it out to this forum to see if anyone has seen similar behavior. Any and all insight and assistance in getting to the root cause of this (pun intended) is most sincerely appreciated. Regards, Steve Fischer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/