Re: [c-nsp] CSM for service providers
Hi, On Tue, Apr 08, 2008 at 10:02:21PM +0100, Dean Smith wrote: Our next load balancing requirement is now in design...and I spent today with a Foundry SE. You might want to check out the Citrix Netscaler series. We discovered them about two years ago, and are happy users since then. We do have some Foundry loadbalancing gear as well, and it works most of the time, but overall, we like the Netscalers more. Not quite cheap, though :-( gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgpPWgkFj1fw3.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS pirating requests
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeremy McDermond Sent: Tuesday, April 08, 2008 3:42 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IOS pirating requests On Apr 8, 2008, at 4:58 AM, Ted Mittelstaedt wrote: You really need to be careful here. Keep in mind that for the last decade software vendors have been scruplously avoiding having shrinkwrap licenses tested in court, there's not been a single court case of a software vendor (like Microsoft or Cisco) suing anyone for violating a shrinkwrap license that they did not explicitly sign and agree to abide by. Not withstanding the issue of first sale doctrine, I don't think this is true. In _ProCD, Inc. v. Zeidenberg_, 86 F. 3d. 1447 (7th Cir. 1996) the Seventh Circuit said that Shrinkwrap licenses are enforceable unless their terms are objectionable on grounds applicable to contracts in general (for example, if they violate a rule of positive law, or if they are unconscionable). They further extended this to terms included in the box with hardware in _Hill v. Gateway 2000_, 105 F.3d 1147 (7th Cir. 1997). The Hills received a Gateway computer with terms and conditions inside including an arbitration clause. The Hills sought to get out of the arbitration clause, but the court held that because they kept the computer more than thirty days, that they had assented to the terms in the contract contained in the computer box. Note that the Uniform Commercial Code 2-204(1) says that A contract for the sale of goods may be made in any manner sufficient to show agreement, including conduct by both parties which recognizes the existence of such a contract. The fact that you kept your Cisco router and operated it could be interpreted as acceptance of the software agreement that went with it. I would agree that a shrinkwrap gives the vendor a bit more control over an embedded software program. No argument there - if for example I bought a Cisco router with IOS in rom, the shrinkwrap would be useful for preventing me from legally selling copies of the rom. Of course, what your missing is that since the rom is copyrighted - it says so on bootup, and likely on a sticker on the rom, as well as in the code in the rom - that really a shrinkwrap wouldn't be needed anyhow, as I could likely successfully be sued for copyright violation. But as for the implication that a shrinkwrap can get much beyond what is already enshrined in copyright law, that's a whole different argument. The Hill vs Gateway case isn't applicable to this discussion because it dealt with a contract within the system that covered hardware. It was not really a shrinkwrap license. (indeed, I fail to understand why people even used that terminology in that case since the complaint against Gateway was complaining about the hardware, not the software that was running on the hardware) You do not license hardware, you license software. You own hardware - or at least in the Hills case, when they bought their system they definitely owned the hardware. In any case, how the Hills went about it - attempting to get a class certified - was exactly the wrong way to do it. In reality, it was a simple fraud case. Gateway advertised and stated on the box that the machine contained a Millennium card, the system did not actually contain such a card. They printed surround sound on the boxes of the speakers, the speakers were in fact not surround sound. What should have happened was that the Hills should have filed a fraud complaint with their state Attourney General and collected up all the evidence to prove fraud, then let the AG sue Gateway for fraud. The contract inside the box would have had absolutely no relevance to an easily-proved fraud case, and GW2K would have been fined and likely forced to make restitution to all the owners. The Hills screwed up frankly because they got greedy. They knew that an AG settlement would have likely gotten them a lot less money than a successful class-action, so they jumped for the money. Now you can think what you want, but it's been my observation that judges usually take a dim view of individuals who come across wrongdoing and figure they are going to make a killing off of it, rather than reporting it to the police and working within the usual law-enforcement criminal proceedings, and quite often will twist the law around to screw those individuals out of their chance to open a cash cow. Anyway, getting back to the Cisco router IOS argument, I think the weakness here is that Cisco (at least with current product) is generally selling a lot of their routers as bundles that is, you aren't bying a chassis on one line item, and an IOS feature set on another. At least, that's what the order of the day is with the 1800,2800,3800 series of new product. Ironically, I think this is more of an anti-piracy measure, as what used to
Re: [c-nsp] IOS pirating requests
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tony Varriale Sent: Tuesday, April 08, 2008 7:48 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IOS pirating requests I would disagree with what's mostly here. But, I'm guessing both of us aren't lawyers. I do know what IS SOP these days. Buy the gear 3rd party then either the seller or buyer downloads and loads up some later software and/or different feature set. That, I know for sure, is illegal unless Cisco offers the code fix for a security issue. It is. Now, the catch also on the security fixes is that your only legal if the security fix you get from Cisco is applied to a router you have IOS licensed for. In the olden days, you would buy for example a 2500, and a IOS 2500 IP Feature set license, and maybe a service contract. If you don't maintain service on it, your still legal to get the security fix to IP Only since you own the IP Only Feature Set license. What you aren't legal on is if you go buy a used 2500 and never had an 2500 IP Only IOS license. In that case the security update isn't legal for you, because Cisco doesen't explicitly say you can use a security update on a router you don't have an IOS license for. They only explicitly say the security updates are free for contracted and non-contracted _customers_ the unsaid implication here is that you possess the license. Ted ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS pirating requests
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matthew Crocker Sent: Tuesday, April 08, 2008 11:19 AM To: Tony Varriale Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IOS pirating requests SOP is buy the chassis and routing engine new from Cisco, buy the line cards used. Best of both worlds, and legal However, if you do that and put the router under Cisco support, their hardware replacement won't cover your line cards. And I would suspect that technically, they wouldn't be obligated to support you either if you have problems with the line cards. Ted ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WCCP on 3845/3745
A sh run | in wccp gives me th following Larkhall_Academy#sh run | in wccp ip wccp 98 ip wccp 98 redirect in The ip wccp98 redirect in is applied to FastEthernet0/1 Attempting to remove either line with it's no version gives the same 'The WCCP service specified does not exist.' Error. Thanks George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Pace Balzan Sent: 08 April 2008 17:17 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] WCCP on 3845/3745 A copy of your config would be useful Or at least 'sh run | inc wccp' Cheers Mark Date: Tue, 8 Apr 2008 16:15:24 +0100 From: George Horton [EMAIL PROTECTED] Subject: [c-nsp] WCCP on 3845/3745 To: cisco-nsp@puck.nether.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hello I am trying to remove WCCP from a couple of routers a 3845 and a 3745. Both are giving me the same error to the command 'no ip wccp98' - 'The WCCP service specified does not exist.' however wccp is in the config and a sh ip wccp gives me:- Global WCCP information: Router information: Router Identifier: 172.29.157.13 Protocol Version:2.0 Service Identifier: 98 Number of Cache Engines: 0 Number of routers: 0 Total Packets Redirected:83561186 Redirect access-list:-none- Total Packets Denied Redirect: 0 Total Packets Unassigned:22 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Does anyone have any ideas on how I can remove WCCP? Thanks George ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ You might be interested in this... Find out what funding is available for schools in England over the next three years: http://www.rm.com/funding __ P.S. Think Green - don't print this email unless you really need to. This message is confidential, so please treat it appropriately and for its intended purpose only. In particular, if it refers to any technical data, terms or prices not generally available or known, such items are commercially sensitive information within the terms of the Freedom of Information Act 2000 and related laws. As it would be prejudicial to RM's commercial interests if these were disclosed, please refrain from doing so. As Internet communications are not secure, please be aware that RM cannot accept responsibility for its contents. Any views or opinions presented are those of the author only and not of RM. If you are not the intended recipient of this e-mail, please accept our apologies and arrange for copies of it to be deleted. For your information, RM may intercept incoming and outgoing email communications. RM Education plc Registered Office: New Mill House, 183 Milton Park, Abingdon, Oxfordshire, OX14 4SE, England Registered Number: 1148594 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again (was: CSM for service providers)
Dear All, On Tue, 8 Apr 2008, Peter Rathlev wrote: On Tue, 2008-04-08 at 22:15 +0200, Gert Doering wrote: snip PS: I'm sorry. This was my last 6500/7600 BU politics suck big time rant. Aww... It was beginning to get under my skin. ;-D While it won't change any time soon, this is just not the topic for this mailing list, and I'll try to return to constructive postings now. I guess some (a lot?) on this changed their 6500's for 7600's when they had the chance, seeing that it is the SP choice, but maybe in some time we can see what way things went. We, as a semi large-ish enterprise (government health care), chose to change away from 7600 to 6500 as core boxen for our metro/regional network. This was after a long period of problems with instability on SRB. Now we run 6500/SXF and it works like a charm, knock on wood. (For MPLS VPN + a little EoMPLS + a few service modules.) (I'm not trying to keep this thread going by the way. Really!) I have heard some success and failure stories of Cisco 7600. Probably we have to ask the 7600 BU to improve their software and take decisions that make sense: - They should improve quality of the IOS softwares!! - I have heard that SRD will be tested more thoroughly... But currently Cisco 7600 BU played on the customer loyalty... and exploited their inability to change. - Cisco 7600 BU should go something similar to safe harbour - They (6500 BU and 7600 BU) should support all new supervisor cards... RSP720 is not supported in 6500 and sup720-10GE series not supported in 7600. This is nonsense! - They can distinguish certain cards to be supported on Cisco 6500 or Cisco 7600 according the market segment. -LAN type switchingcards should be supported on both C7600 and C6500 - fabric enabled with *720* and non fabric enabled with sup32* and *720* Best Regards, Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again (was: CSM f or service providers)
On Wednesday 09 April 2008, Gert Doering wrote: Indeed. Worse, they are now building increasingly different chassis types with different capabilities - 6500-E with lots of power, and 7600-S with nice and shiny high-availability EOBC (if I understand the differences right). What I would really like is to run the RSP720-3CXL on our 6500's. At the moment, if one wants to run -3CXL mode across the entire chassis, 6500's will only support the VS-S720-10G-3CXL (which, as Janos pointed out, isn't even supported on the 7600). As much as the new supervisor is touting VSS, we really don't need that today, but could use the extra horsepower/features available on the card. Let us hope the upcoming switch fabric will be supported on both platform types. Alternatively, if it's not at all too impossible, Cisco could craft a daughter -3CXL card for the SUP720-3BXL so we can get -3CXL functionality with a simple supervisor module PFC upgrade. *sigh*, the things we wish for... Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SIP VoIP Config
Hi Tom I've managed to get it working, tanks. The working config follow in attach. Now I've a second issue. The outbound calls are supposed to come from a CT Server (with a Dialogic D/240SC-T1 card) that connects to the router via a T1. During the test phase I'm also using an FXS. From the telephone connected to the FXS the call goes fine but from a telephone connected to the CT server there's a lot of noise added to the call channel. Any idea? Kind regards Pedro -Original Message- From: Tom Storey [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 3:39 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [c-nsp] SIP VoIP Config The only thing I can see wrong is the following: 001665: *Apr 8 14:41:45.225 PCTime: //-1//SIP/Msg/ ccsipDisplayMsg: Sent: REGISTER sip:Destination_IP:5060 SIP/2.0 Via: SIP/2.0/UDP Source_IP:5060;branch=z9hG4bK5AC47 From: sip:[EMAIL PROTECTED];tag=54447D0-DBD To: sip:[EMAIL PROTECTED] Date: Tue, 08 Apr 2008 12:41:45 GMT Call-ID: B9EFB396-48E11DD-A57D8CCE-6E567B30 User-Agent: Cisco-SIPGateway/IOS-12.x Max-Forwards: 70 Timestamp: 1207658505 CSeq: 43 REGISTER Contact: sip:[EMAIL PROTECTED]:5060 Expires: 3600 Content-Length: 0 This is your router trying to register with your VoIP provider, but look at what your VoIP provider is sending back: 001667: *Apr 8 14:41:46.093 PCTime: //-1//SIP/Msg/ ccsipDisplayMsg: Received: SIP/2.0 404 Not found Via: SIP/2.0/UDP Source_IP:5060;branch=z9hG4bK5AC47 From: sip:[EMAIL PROTECTED];tag=54447D0-DBD To: sip:[EMAIL PROTECTED];tag=as60705731 Call-ID: B9EFB396-48E11DD-A57D8CCE-6E567B30 CSeq: 43 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Content-Length: 0 Since you do not specify an authentication command in your sip-ua configuration, the router is trying to register the number of your POTS dial-peer(s). Since the VoIP provider doesnt know about the numbers you are trying to register (888...) they are sending back a 404 to indicate the number is not valid. You should check with your VoIP provider and see if you have a username (i.e. phone number) and password you need to specify when setting up a SIP client, and use an authentication line like I have in my config. Tom On 08/04/2008, at 9:56 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Tom, In attach SIP messages. Note that I've replaced IP Addresses with Source_IP and Destination_IP or Destination_IP + n on the last octet. Destination_IP + n on the last octet means that on the SIP message I'm getting de destination SIP gateway address and some oder IPs that differ from the destination on the last octet. Pedro Wiliamo Matusse Telecomunicações de Moçambique (TDM) DSI Tel. +258 21 482820 Cell. +258 82 3080780 Fax: +258 21 487812 - Original Message - From: [EMAIL PROTECTED] Date: Tuesday, April 8, 2008 1:58 pm Subject: Re: [c-nsp] SIP VoIP Config Going to send debug ccsip messages out put. session target sip-server. Is sip-server actually what you have in there, or do you normally have an IP address? Not sure, I'm in Africa and have SIP gateway in US. In attach the updated SIP config. Pedro Wiliamo Matusse Telecomunicações de Moçambique (TDM) DSI Tel. +258 21 482820 Cell. +258 82 3080780 Fax: +258 21 487812 - Original Message - From: Tom Storey [EMAIL PROTECTED] Date: Tuesday, April 8, 2008 1:35 pm Subject: Re: [c-nsp] SIP VoIP Config Can you turn off all debugging, and then turn on debug ccsip messages and forward that to me. I also notice that in your dial-peer 100 config you have session target sip-server. Is sip-server actually what you have in there, or do you normally have an IP address? Can you send through a more recent copy of your SIP configuration? On 08/04/2008, at 8:44 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Tom, sending again Pedro Wiliamo Matusse Telecomunicações de Moçambique (TDM) DSI Tel. +258 21 482820 Cell. +258 82 3080780 Fax: +258 21 487812 - Original Message - From: Tom Storey [EMAIL PROTECTED] Date: Tuesday, April 8, 2008 1:22 pm Subject: Re: [c-nsp] SIP VoIP Config I dont see any attached files ? On 08/04/2008, at 8:21 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Tom Thank you. Adapted you config but still no working. Can you please have a look on the debug output in attach. Kind Regards Pedro Wiliamo Matusse Telecomunicações de Moçambique (TDM) DSI Tel. +258 21 482820 Cell. +258 82 3080780 Fax: +258 21 487812 - Original Message - From: Tom Storey [EMAIL PROTECTED] Date: Tuesday, April 8, 2008 10:55 am Subject: Re: [c-nsp] SIP VoIP Config Hi. If it helps, I recently configured a 1760 to connect to my ISPs VoIP service, and this is the config I used for my sip-ua: sip-ua authentication username 08 password no remote-party-id registrar ipv4:1.2.3.4 expires 3600
Re: [c-nsp] 6500 vs. 7600 revisited again
Mark Tinka wrote: On Wednesday 09 April 2008, Gert Doering wrote: Indeed. Worse, they are now building increasingly different chassis types with different capabilities - 6500-E with lots of power, and 7600-S with nice and shiny high-availability EOBC (if I understand the differences right). What I would really like is to run the RSP720-3CXL on our 6500's. At the moment, if one wants to run -3CXL mode Agreed; the CPU on the sup720 is laughably puny. Hell, even the one on the RSP720 isn't that fast, but at least it's an improvement. across the entire chassis, 6500's will only support the VS-S720-10G-3CXL (which, as Janos pointed out, isn't even supported on the 7600). As much as the new supervisor is touting VSS, we really don't need that today, but could use I note with concern that the Cisco product page lists the VSS as a different product to the base 6500. Ordinarily such a minor thing would not concern me, but as Gert has pointed out repeatedly, Cisco have made people very nervous about the 6500/7600 roadmap... the extra horsepower/features available on the card. Let us hope the upcoming switch fabric will be supported on both platform types. Ho ho. I doubt that very much. Alternatively, if it's not at all too impossible, Cisco could craft a daughter -3CXL card for the SUP720-3BXL so we can get -3CXL functionality with a simple supervisor module PFC upgrade. I was under the impression the PFC is not an FRU. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
I note with concern that the Cisco product page lists the VSS as a different product to the base 6500. Ordinarily such a minor thing would not concern me, but as Gert has pointed out repeatedly, Cisco have made people very nervous about the 6500/7600 roadmap... I've been watching all this conflict going on (and coming to the surface very often on this list) and i was wondering Based on what facts did cisco decide the seperation of the 6500/7600 platforms? I'm one of the few (would cisco do that if we were many?) like you, who didn't like this decision, but is there a possibility that there is something we're missing that actually made cisco follow that direction? -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
Hi, On Wed, Apr 09, 2008 at 10:54:15AM +0100, Phil Mayers wrote: Alternatively, if it's not at all too impossible, Cisco could craft a daughter -3CXL card for the SUP720-3BXL so we can get -3CXL functionality with a simple supervisor module PFC upgrade. I was under the impression the PFC is not an FRU. There is a 3B - 3BXL upgrade, which used to cost exactly the same as the price difference between a Sup720/3B and a Sup720/3BXL (so it's not a we'll send you a new Sup720). So I'd assume that a - 3CXL upgrade should also doable. Indeed, folks have tested Sup32 with a 3BXL update, and it works, but it's unsupported, and most likely there is a check in recent IOS versions to make sure it doesn't work anymore. We told you this is not supported!. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgp12WoAN2nug.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Too many platforms?
On Wed, Apr 09, 2008, mack wrote: Each one of these is catering to a smaller market segment. Basic economic would indicate that the market for a general purpose device is much larger than a more specialized device. Its great for selling new products into existing markets. Adrian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Too many platforms?
On Wed, April 9, 2008 12:27 pm, Adrian Chadd wrote: Its great for selling new products into existing markets. Or for losing existing markets to a vendor that isn't tearing itself apart with 'internal competition'. If I worked at Juniper, I'd be forwarding all the 'BU Wars' mails from this list to my colleagues as a morale booster, to my sales force as leads, and laughing myself stupid all the while... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again (was: CSM for service providers)
Hi, On Wed, Apr 09, 2008 at 05:29:55PM +0800, Mark Tinka wrote: Alternatively, if it's not at all too impossible, Cisco could craft a daughter -3CXL card for the SUP720-3BXL so we can get -3CXL functionality with a simple supervisor module PFC upgrade. As in -3BXL upgrade for the Sup32? Cisco could, of course, but that would mean less sales of new modules and completely new devices, so why should they do that? customer happiness? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgp0nvusJzU7V.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again (was: CSM for service providers)
Hi, On Wed, Apr 09, 2008 at 10:37:10AM +0200, Mohacsi Janos wrote: Probably we have to ask the 7600 BU to improve their software and take decisions that make sense: - They should improve quality of the IOS softwares!! - I have heard that SRD will be tested more thoroughly... But currently Cisco 7600 BU played on the customer loyalty... and exploited their inability to change. - Cisco 7600 BU should go something similar to safe harbour - They (6500 BU and 7600 BU) should support all new supervisor cards... RSP720 is not supported in 6500 and sup720-10GE series not supported in 7600. This is nonsense! Indeed. Worse, they are now building increasingly different chassis types with different capabilities - 6500-E with lots of power, and 7600-S with nice and shiny high-availability EOBC (if I understand the differences right). - They can distinguish certain cards to be supported on Cisco 6500 or Cisco 7600 according the market segment. -LAN type switchingcards should be supported on both C7600 and C6500 - fabric enabled with *720* and non fabric enabled with sup32* and *720* I agree with you - this would make sense, and give back the feeling that Cisco is a dependable business partner. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgp6bKndLZBEB.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Too many platforms?
On Wed, Apr 09, 2008, Tim Franklin wrote: On Wed, April 9, 2008 12:27 pm, Adrian Chadd wrote: Its great for selling new products into existing markets. Or for losing existing markets to a vendor that isn't tearing itself apart with 'internal competition'. If I worked at Juniper, I'd be forwarding all the 'BU Wars' mails from this list to my colleagues as a morale booster, to my sales force as leads, and laughing myself stupid all the while... I'd be more interested in sales data than mailing list posts. Remember, c-nsp posters aren't representative of the 6500/7600 userbase and I'm willing to reasonably bet that a large part of the current userbase doesn't care, especially in larger enterprises. The only data that matters here is general sales figures and customer feedback. For all the complaining, people seem to be complaining bitterly about buggy software, strange featureset migrations and crazy licencing whilst muttering at the next sales purchase of the above. What message does that send? :) (Off-topic!) Adrian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
Hi, On Wed, Apr 09, 2008 at 12:08:05PM +0200, Gert Doering wrote: There is a 3B - 3BXL upgrade, which used to cost exactly the same as the price difference between a Sup720/3B and a Sup720/3BXL (so it's not a we'll send you a new Sup720). So I'd assume that a - 3CXL upgrade should also doable. This is what I found on CCO - upgrade instructions from 3A to 3B/3BXL, so indeed, it's FRU. http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_16220.html gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgpmHaHSHkqg5.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Too many platforms?
Has anyone considered that Cisco may be branching out to too many platforms? The 6500 was a great success because it was all purpose. It can switch and route. It doesn't have all the bells and whistles of the 12000 series or the CRS-1 but it performs well. Cisco has split off the almost identical 7600 and added the competing Nexus. Now Cisco has (leaving out ME models and other spin offs): 1) CRS-1 high end router 2) 7600 mid range router 3) 6500 mid range general purpose 4) Nexus high end switch 5) 4500 mid range switch Each one of these is catering to a smaller market segment. Basic economic would indicate that the market for a general purpose device is much larger than a more specialized device. Any tech company need cutting edge products. But it seems to me that cisco is alienating its customers by splitting the 7600/6500 series. -- LR Mack McBride Network Administrator Alpha Red, Inc. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
On Wednesday 09 April 2008, Phil Mayers wrote: I was under the impression the PFC is not an FRU. Well, AFAIK, you can upgrade a SUP720 with a PFC-3A to one with a PFC-3B or PFC-3BXL. The upgrade kit also comes with a label to attach to front of the supervisor module, identifying its PFC-type accordingly :-). Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
Tassos Chatzithomaoglou wrote: I note with concern that the Cisco product page lists the VSS as a different product to the base 6500. Ordinarily such a minor thing would not concern me, but as Gert has pointed out repeatedly, Cisco have made people very nervous about the 6500/7600 roadmap... I've been watching all this conflict going on (and coming to the surface very often on this list) and i was wondering Based on what facts did cisco decide the seperation of the 6500/7600 platforms? I'm one of the few (would cisco do that if we were many?) like you, who didn't like this decision, but is there a possibility that there is something we're missing that actually made cisco follow that direction? Well, various people (myself included) have been briefed by their account teams. I was briefed from a 6500 BU perspective, others may be able to chime in but basically I was told the BUs want to go in different directions, and it was implied that the need to maintain 6500-7600 compatibility was hampering their efforts. It was also implied (bearing in mind I was talking to a 6500 guy) that the push came more from the 7600 side of the fence. Specifically I get the impression the 7600 BU feel they are or will be outpaced in the service provider market if they don't innovate rapidly. Basically the focus seems to be: 6500 == enterprise datacentre - high density, everything in hardware and best performance/line rate, support service modules for specific things e.g. ACE, FWSM, WISM 7600 == service provider - lower density, high performance but not line-rate, high-touch features like PPPoX termination, mac accounting, etc Put like that, the decision doesn't seem so unreasonable. But... The main problem as far as I can see is that Cisco have made (have had to make) decisions about what constitutes enterprise (6500) versus service provider (7600) and those decisions do not always overlap with all customers. Example: some service providers might consider re-selling virtual firewalls on an FWSM an SP, not enterprise feature. Example: some enterprises consider 5 minute bootup times and 600MHz CPUs on their core routers a bit 1990s... An ancillary problem, and one which draws much of the ire on this list, is that there still exists an overlap between the 7600 and 6500 BU, and that they are now *actively* competing with each other in those areas. People who happen to need features in those areas cannot get a straight answer out of either BU because no-one wants to lose business (because Cisco are based on commission) A final problem is that neither BU seems to have done particularly well in their first solo IOS fork. The phrase bug riddled crap springs to mind... Certainly Cisco must (should) have had numbers demonstrating the split was reasonable, and it's possible the group of people on this list, myself included, who dislike the split are a self-selecting minority. It doesn't mean I have to like it though. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
Hi, There is a 3B - 3BXL upgrade, which used to cost exactly the same as the price difference between a Sup720/3B and a Sup720/3BXL (so it's not a we'll send you a new Sup720). Yup. The WS-F6K-PFC3BXL= is just that: a new -3BXL PFC and some memory to upgrade the Sup itself to 1GB RAM. Regards, Marco van den Bovenkamp. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
On Wed, Apr 09, 2008 at 11:37:01AM +0100, Phil Mayers wrote: It was also implied (bearing in mind I was talking to a 6500 guy) that the push came more from the 7600 side of the fence. This was publicly confirmed also from the 7600 BU folks. In fact, they explicitly asked for the split and presented the business case for it to the top management which gave them green light. Since the number of 7600 chassis sold is approx 1/10-th of the 6500 ones, 7600 BU has less customers and thus needs to get more money from them. Thus we're seeing no support for 6500 chassis, per-linecard IPv6/MLPS licenses and the like stuff... With kind regards, M. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] TCLv2, Stream Association Failed: Requested codec=0x5=g711ulaw problem
Hi there, I'm having same problem as somebody described at http://puck.nether.net/pipermail/cisco-voip/2005-March/003376.html. I have Cisco 5350XM and am trying to run TCL IVR v2.0 script app_debitcard.tcl Basically the error is: Apr 9 07:50:43.987: //55274//MSM :/ms_asDone_buginf: Stream Association Failed: Requested codec=0x5=g711ulaw, Negotiated codec=0x=No Codec It happens when first media play function plays the au file and after going to next function second media play runs, but this error appears and voice/audio is not heard. I appreciate if somebody can help me in this regard. thanks, Ganbold -- And here I wait so patiently Waiting to find out what price You have to pay to get out of Going thru all of these things twice -- Dylan, Memphis Blues Again ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
Certainly Cisco must (should) have had numbers demonstrating the split was reasonable, and it's possible the group of people on this list, myself included, who dislike the split are a self-selecting minority. It doesn't mean I have to like it though. Time and customers will show if this split was a good decision. But the whole thing reminds me the DEC TOPS-10 / TOPS-20 / VAX war, the DEC we are a hardware company etc. Hopefully Cisco has read this IT history chapter (alt.sys.pdp10) and will not repeat the same mistakes. --John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
Hey Arie, I actually asked this same question to Cisco. The official response I got was this: Extract: This should work to some extent. However, for the large network I don't know how reliable you can run this system for sure. You are basically forcing static route in MSFC to forward traffic to the client vlan of the CSM. This is not something desirable way to do routing on the CSM. Especially bridge mode. There will only be 2 VIP's setup this way never anymore. There will be many additional VIPs that will be created using an VIP IP in the same address range as the real server addresses (Text book scenario). If the customer were to change the 2 VIP addresses it requires a massive amount of logistics to do so, hence the reason why I am considering doing it this way. I would really like to here what people have to say in relation to this response if I should be concerned in doing it like this for just 2 VIP's only. Regards, Brad On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) [EMAIL PROTECTED] wrote: Brad, You should just make sure the virtual IP is routable on the MSFC. The best way is to use the advertise command on the virtual server. Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Case Sent: Tuesday, April 08, 2008 02:27 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible? Hi Guys, I have a question that I simply cannot find an answer to on the Cisco site in regards to the CSM in Bridge mode. Is it possible to have the vserver (VIP) IP in a differnt subnet range than the real IP addresses in the serverfarm that is bound to it? In other words, as an example a typical bridge configuration is like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 10.20.220.100 tcp www serverfarm WEBFARM persistent rebalance inservice Is it possible to do something like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 50.40.220.99 tcp www Place the IP address in a different subnet than the IP's in the serverfarm serverfarm WEBFARM persistent rebalance inservice On the MSFC place a static route to route the 50.40.220.99 address towards the CSM IP on vlan 221. ip route 50.40.220.99 255.255.255.255 10.20.220.2 Please if somebody knows if this is or is not possible it would be highly appreciated to hear your feedback. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco PIX snmp filter
Hello Experts! Can the Cisco PIX v6 or v7 filter the SNMP request going through the firewall for a specific OID only? Thank you, BR ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
I have several VIPs in different subnets than the reals, but he's right to some extent, the static routing can be cumbersome. I inherited an environment where IP space overlapped, and existed on both sides of the CSM, and there were a bunch of more specific routes pointed toward the CSM client VLAN. At least in times moving forward if they insist on have VIPs and reals live on different subnets, I atleast now have a block of IPs pointed just toward the CSM for this purpose and nothing else... I'm not sure how else you would do it since the CSM VLAN interfaces don't become part of the IP routing table, but then again I haven't played with that too much, since I already inherited this mess... ;) Chris On 4/9/08, Brad Case [EMAIL PROTECTED] wrote: Hey Arie, I actually asked this same question to Cisco. The official response I got was this: Extract: This should work to some extent. However, for the large network I don't know how reliable you can run this system for sure. You are basically forcing static route in MSFC to forward traffic to the client vlan of the CSM. This is not something desirable way to do routing on the CSM. Especially bridge mode. There will only be 2 VIP's setup this way never anymore. There will be many additional VIPs that will be created using an VIP IP in the same address range as the real server addresses (Text book scenario). If the customer were to change the 2 VIP addresses it requires a massive amount of logistics to do so, hence the reason why I am considering doing it this way. I would really like to here what people have to say in relation to this response if I should be concerned in doing it like this for just 2 VIP's only. Regards, Brad On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) [EMAIL PROTECTED] wrote: Brad, You should just make sure the virtual IP is routable on the MSFC. The best way is to use the advertise command on the virtual server. Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Case Sent: Tuesday, April 08, 2008 02:27 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible? Hi Guys, I have a question that I simply cannot find an answer to on the Cisco site in regards to the CSM in Bridge mode. Is it possible to have the vserver (VIP) IP in a differnt subnet range than the real IP addresses in the serverfarm that is bound to it? In other words, as an example a typical bridge configuration is like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 10.20.220.100 tcp www serverfarm WEBFARM persistent rebalance inservice Is it possible to do something like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 50.40.220.99 tcp www Place the IP address in a different subnet than the IP's in the serverfarm serverfarm WEBFARM persistent rebalance inservice On the MSFC place a static route to route the 50.40.220.99 address towards the CSM IP on vlan 221. ip route 50.40.220.99 255.255.255.255 10.20.220.2 Please if somebody knows if this is or is not possible it would be highly appreciated to hear your feedback. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
On Wed, Apr 09, 2008 at 11:02:06PM +1000, Brad Case wrote: I actually asked this same question to Cisco. The official response I got was this: Extract: This should work to some extent. However, for the large network I don't know how reliable you can run this system for sure. You are basically forcing static route in MSFC to forward traffic to the client vlan of the CSM. This is not something desirable way to do routing on the CSM. Especially bridge mode. This response is completely bogus and highlights why I am frustrated with Cisco's support for the CSM. I have only ever heard of two people at Cisco that really understood the thing, and I've personally only talked to one. There will only be 2 VIP's setup this way never anymore. There will be many additional VIPs that will be created using an VIP IP in the same address range as the real server addresses (Text book scenario). If the customer were to change the 2 VIP addresses it requires a massive amount of logistics to do so, hence the reason why I am considering doing it this way. I would really like to here what people have to say in relation to this response if I should be concerned in doing it like this for just 2 VIP's only. I have over 400 VIPs on a CSM running in this way, in bridged mode, without advertise active. Any IP can be used as a VIP so long as traffic to that IP ends up directed to the CSM's client VLAN IP. The easiest way to do this is add a static route for the VIP to the CSM's client IP on the MSFC. So for your example below, you would need ip route 50.40.220.99 255.255.255.255 10.20.220.2. If you have an FT setup, you'll want the next-hop to be the client VLAN's alias IP. Ross Regards, Brad On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) [EMAIL PROTECTED] wrote: Brad, You should just make sure the virtual IP is routable on the MSFC. The best way is to use the advertise command on the virtual server. Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Case Sent: Tuesday, April 08, 2008 02:27 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible? Hi Guys, I have a question that I simply cannot find an answer to on the Cisco site in regards to the CSM in Bridge mode. Is it possible to have the vserver (VIP) IP in a differnt subnet range than the real IP addresses in the serverfarm that is bound to it? In other words, as an example a typical bridge configuration is like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 10.20.220.100 tcp www serverfarm WEBFARM persistent rebalance inservice Is it possible to do something like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 50.40.220.99 tcp www Place the IP address in a different subnet than the IP's in the serverfarm serverfarm WEBFARM persistent rebalance inservice On the MSFC place a static route to route the 50.40.220.99 address towards the CSM IP on vlan 221. ip route 50.40.220.99 255.255.255.255 10.20.220.2 Please if somebody knows if this is or is not possible it would be highly appreciated to hear your feedback. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Identifying BGP route flapping
We had an incident a little over a week ago where our upstream provider (which managers our edge routers) told us that the BGP routes were flapping between our two edge routers. Is there a MIB that we can poll to monitor the number of changes in routing tables, or BGP flaps? Regards, Frank ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Switch that can shape traffic per VLAN and re-writeVLAN ID?
The 3550 can perform per-port/per-VLAN MQC. I can't speak for the VLAN ID rewriting, though, and I don't believe this functionality exists in the 3560. Jon Hartman Network Engineering Verizon Internet Operations ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
This is the same way I'm doing it; there is a bit of administrative overhead though... Chris On 4/9/08, Ross Vandegrift [EMAIL PROTECTED] wrote: On Wed, Apr 09, 2008 at 11:02:06PM +1000, Brad Case wrote: I actually asked this same question to Cisco. The official response I got was this: Extract: This should work to some extent. However, for the large network I don't know how reliable you can run this system for sure. You are basically forcing static route in MSFC to forward traffic to the client vlan of the CSM. This is not something desirable way to do routing on the CSM. Especially bridge mode. This response is completely bogus and highlights why I am frustrated with Cisco's support for the CSM. I have only ever heard of two people at Cisco that really understood the thing, and I've personally only talked to one. There will only be 2 VIP's setup this way never anymore. There will be many additional VIPs that will be created using an VIP IP in the same address range as the real server addresses (Text book scenario). If the customer were to change the 2 VIP addresses it requires a massive amount of logistics to do so, hence the reason why I am considering doing it this way. I would really like to here what people have to say in relation to this response if I should be concerned in doing it like this for just 2 VIP's only. I have over 400 VIPs on a CSM running in this way, in bridged mode, without advertise active. Any IP can be used as a VIP so long as traffic to that IP ends up directed to the CSM's client VLAN IP. The easiest way to do this is add a static route for the VIP to the CSM's client IP on the MSFC. So for your example below, you would need ip route 50.40.220.99 255.255.255.255 10.20.220.2. If you have an FT setup, you'll want the next-hop to be the client VLAN's alias IP. Ross Regards, Brad On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) [EMAIL PROTECTED] wrote: Brad, You should just make sure the virtual IP is routable on the MSFC. The best way is to use the advertise command on the virtual server. Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Case Sent: Tuesday, April 08, 2008 02:27 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible? Hi Guys, I have a question that I simply cannot find an answer to on the Cisco site in regards to the CSM in Bridge mode. Is it possible to have the vserver (VIP) IP in a differnt subnet range than the real IP addresses in the serverfarm that is bound to it? In other words, as an example a typical bridge configuration is like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 10.20.220.100 tcp www serverfarm WEBFARM persistent rebalance inservice Is it possible to do something like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 50.40.220.99 tcp www Place the IP address in a different subnet than the IP's in the serverfarm serverfarm WEBFARM persistent rebalance inservice On the MSFC place a static route to route the 50.40.220.99 address towards the CSM IP on vlan 221. ip route 50.40.220.99 255.255.255.255 10.20.220.2 Please if somebody knows if this is or is not possible it would be highly appreciated to hear your feedback. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
Re: [c-nsp] 6500 vs. 7600 revisited again
We've performed such an upgrade from 3A to 3BXL, to get around the 256k FIB table limitation. The real bust comes when you have to upgrade all of the DFC's with the PFC. If you don't, it'll run in the least common denominator. Jon Hartman Network Engineering Verizon Internet Operations Hi, There is a 3B - 3BXL upgrade, which used to cost exactly the same as the price difference between a Sup720/3B and a Sup720/3BXL (so it's not a we'll send you a new Sup720). Yup. The WS-F6K-PFC3BXL= is just that: a new -3BXL PFC and some memory to upgrade the Sup itself to 1GB RAM. Regards, Marco van den Bovenkamp. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] C6k diag failure in lab, need to worry?
'ello, We just had a funny experience with a C6k/720 in our lab. We were testing SXF13 AIS, and during a reload we saw the following: 00:01:36: %SCHED-SP-7-WATCH: Attempt to monitor uninitialized watched bitfield (address 0). -Process= Shutdown, ipl= 0, pid= 256 -Traceback= 402C3A18 404ED840 4029C954 4029C940 00:01:40: %DIAG-SP-3-MAJOR: Module 5: Online Diagnostics detected a Major Error. Please use 'show diagnostic result target' to see test results. 00:01:40: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestAclDeny failed 00:01:41: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online Reload scheduled for 07:05:31 PST Wed Apr 9 2008 (in 13 seconds) Module 5 is the supervisor. Afterwards it reloaded and didn't do it again, also across several reboots. It's a Sup720-3B with a single WS-X6708-10GE and a WS-SVC-FWM-1. It never reaches starting GOLD for the DFC. I didn't have the time to do the show diagnostics result before reboot, and afterwards it say it never got a failure on TestAclDeny: fw1#sh diagnostic res mod 5 test 18 det Current bootup diagnostic level: minimal Test results: (. = Pass, F = Fail, U = Untested) ___ 18) TestAclDeny - . Error code -- 3 (DIAG_SKIPPED) Total run count - 1 Last test execution time Apr 09 2008 07:08:26 First test failure time - n/a Last test failure time -- n/a Last test pass time - Apr 09 2008 07:08:26 Total failure count - 0 Consecutive failure count --- 0 ___ fw1# None of the other tests show any failures either: show diagnostics result module 5 detail | incl failure gives only 0 and n/a stats. I can do diagnostic start module 5 test 18 all I want and no failures by the way, just getting %DIAG-SP-6-TEST_OK: Module 5: TestAclDeny{ID=18} has completed successfully and no problems. Is this something we should try and dig into, reporting it to TAC? Or should we just ignore this ~5 min delay in a lab reboot? We can't seem to reproduce it. :'( The box had just been upgraded to SXF13 AES shortly before (from SXF6 AIS) due to some miscommunications, and this was the first boot on SXF13 AIS, but I can't imagine this can have any impact. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Identifying BGP route flapping
That will work for local BGP flaps, but if you are trying to monitor BGP flaps on the net this will not work. You could setup a router that has BGP dampening enabled, this will give you a look into flaps on the net. harbor235 ;} On Wed, Apr 9, 2008 at 11:48 AM, Adam Armstrong [EMAIL PROTECTED] wrote: Frank Bulk wrote: We had an incident a little over a week ago where our upstream provider (which managers our edge routers) told us that the BGP routes were flapping between our two edge routers. Is there a MIB that we can poll to monitor the number of changes in routing tables, or BGP flaps? You can find out when the session last changed, how many messages have been sent across the session and how many updates have been sent across the session. Sadly i don't think there's a flap counter you can poll. adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Identifying BGP route flapping
Frank Bulk wrote: We had an incident a little over a week ago where our upstream provider (which managers our edge routers) told us that the BGP routes were flapping between our two edge routers. Is there a MIB that we can poll to monitor the number of changes in routing tables, or BGP flaps? You can find out when the session last changed, how many messages have been sent across the session and how many updates have been sent across the session. Sadly i don't think there's a flap counter you can poll. adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
Tassos Chatzithomaoglou wrote: I've been watching all this conflict going on (and coming to the surface very often on this list) and i was wondering Based on what facts did cisco decide the seperation of the 6500/7600 platforms? I'm one of the few (would cisco do that if we were many?) like you, who didn't like this decision, but is there a possibility that there is something we're missing that actually made cisco follow that direction? We were in the unfortunately position to buy a pair of 7600s right when the BUs split the 6500 and 7600. We had to run SR to get CALEA support. SR meant no support for the WebVPN linecard or the SLB linecard. The 7600 itself meant no support for inline IDS for the IDSM2 linecards. Unfortunately the Dynamic Config Tool allowed just such a system to be built. It wasn't until some of the hardware shipped that the errors were discovered and the shipments came to a halt. It took months to sort on the mess. We had to run SR; there wasn't another choice with the feature(s) we needed. Replacing the SLB with an ACE was an easy fix. Replacing the WebVPN module took forever to work out. In the end it was replaced with a pair of 3845s loaded out with the VPN crypto modules and SSL VPN licenses. During that time the RSP720 started shipping. However our order wasn't updated to take advantage of the RSP so we got stuck with the Sup720-3BXL. Talk about bad timing. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6k diag failure in lab, need to worry?
Peter, You can ignore this one, as it should not have any impact, after the second reload. We have seen this very rarely (once in 100+ reboots, on very few systems), where an ASIC was not intialized properly, and diagnostics was catching the condition, and resetting the supervisor. sukumar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Rathlev Sent: Wednesday, April 09, 2008 8:40 AM To: cisco-nsp Subject: [c-nsp] C6k diag failure in lab, need to worry? 'ello, We just had a funny experience with a C6k/720 in our lab. We were testing SXF13 AIS, and during a reload we saw the following: 00:01:36: %SCHED-SP-7-WATCH: Attempt to monitor uninitialized watched bitfield (address 0). -Process= Shutdown, ipl= 0, pid= 256 -Traceback= 402C3A18 404ED840 4029C954 4029C940 00:01:40: %DIAG-SP-3-MAJOR: Module 5: Online Diagnostics detected a Major Error. Please use 'show diagnostic result target' to see test results. 00:01:40: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestAclDeny failed 00:01:41: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online Reload scheduled for 07:05:31 PST Wed Apr 9 2008 (in 13 seconds) Module 5 is the supervisor. Afterwards it reloaded and didn't do it again, also across several reboots. It's a Sup720-3B with a single WS-X6708-10GE and a WS-SVC-FWM-1. It never reaches starting GOLD for the DFC. I didn't have the time to do the show diagnostics result before reboot, and afterwards it say it never got a failure on TestAclDeny: fw1#sh diagnostic res mod 5 test 18 det Current bootup diagnostic level: minimal Test results: (. = Pass, F = Fail, U = Untested) __ _ 18) TestAclDeny - . Error code -- 3 (DIAG_SKIPPED) Total run count - 1 Last test execution time Apr 09 2008 07:08:26 First test failure time - n/a Last test failure time -- n/a Last test pass time - Apr 09 2008 07:08:26 Total failure count - 0 Consecutive failure count --- 0 __ _ fw1# None of the other tests show any failures either: show diagnostics result module 5 detail | incl failure gives only 0 and n/a stats. I can do diagnostic start module 5 test 18 all I want and no failures by the way, just getting %DIAG-SP-6-TEST_OK: Module 5: TestAclDeny{ID=18} has completed successfully and no problems. Is this something we should try and dig into, reporting it to TAC? Or should we just ignore this ~5 min delay in a lab reboot? We can't seem to reproduce it. :'( The box had just been upgraded to SXF13 AES shortly before (from SXF6 AIS) due to some miscommunications, and this was the first boot on SXF13 AIS, but I can't imagine this can have any impact. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] CCNP bootcamp providers
Hi folks, My employer is looking to send a few folks to CCNP bootcamp classroom instruction. Anybody got an institution they really recommend or dislike, and reasons thereto? It seems there are a whole pile of technical learning places with very little distinction between them. At $7-10k a head, the bosses want to make sure they're going with the best. Thanks! --Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CCNP bootcamp providers
Adam Korab wrote: Hi folks, My employer is looking to send a few folks to CCNP bootcamp classroom instruction. Anybody got an institution they really recommend or dislike, and reasons thereto? It seems there are a whole pile of technical learning places with very little distinction between them. At $7-10k a head, the bosses want to make sure they're going with the best. If your goal is to have people with a piece of paper that says CCNP, then the $7-10k bootcamps are the way to go. If your goal is to have people who are competent at IP networking and Cisco configuration and troubleshooting, consider the Cisco Academy classes taught at many community colleges. Substantially less costly but a much slower (like a few semesters instead of a week) and more thorough process. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6k diag failure in lab, need to worry?
Hi Sukumar, Thanks for the information, which makes me more calm. :-) Regards, Peter On Wed, 2008-04-09 at 10:16 -0700, Sukumar Subburayan (sukumars) wrote: Peter, You can ignore this one, as it should not have any impact, after the second reload. We have seen this very rarely (once in 100+ reboots, on very few systems), where an ASIC was not intialized properly, and diagnostics was catching the condition, and resetting the supervisor. sukumar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Rathlev Sent: Wednesday, April 09, 2008 8:40 AM To: cisco-nsp Subject: [c-nsp] C6k diag failure in lab, need to worry? 'ello, We just had a funny experience with a C6k/720 in our lab. We were testing SXF13 AIS, and during a reload we saw the following: 00:01:36: %SCHED-SP-7-WATCH: Attempt to monitor uninitialized watched bitfield (address 0). -Process= Shutdown, ipl= 0, pid= 256 -Traceback= 402C3A18 404ED840 4029C954 4029C940 00:01:40: %DIAG-SP-3-MAJOR: Module 5: Online Diagnostics detected a Major Error. Please use 'show diagnostic result target' to see test results. 00:01:40: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestAclDeny failed 00:01:41: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online Reload scheduled for 07:05:31 PST Wed Apr 9 2008 (in 13 seconds) Module 5 is the supervisor. Afterwards it reloaded and didn't do it again, also across several reboots. It's a Sup720-3B with a single WS-X6708-10GE and a WS-SVC-FWM-1. It never reaches starting GOLD for the DFC. I didn't have the time to do the show diagnostics result before reboot, and afterwards it say it never got a failure on TestAclDeny: fw1#sh diagnostic res mod 5 test 18 det Current bootup diagnostic level: minimal Test results: (. = Pass, F = Fail, U = Untested) __ _ 18) TestAclDeny - . Error code -- 3 (DIAG_SKIPPED) Total run count - 1 Last test execution time Apr 09 2008 07:08:26 First test failure time - n/a Last test failure time -- n/a Last test pass time - Apr 09 2008 07:08:26 Total failure count - 0 Consecutive failure count --- 0 __ _ fw1# None of the other tests show any failures either: show diagnostics result module 5 detail | incl failure gives only 0 and n/a stats. I can do diagnostic start module 5 test 18 all I want and no failures by the way, just getting %DIAG-SP-6-TEST_OK: Module 5: TestAclDeny{ID=18} has completed successfully and no problems. Is this something we should try and dig into, reporting it to TAC? Or should we just ignore this ~5 min delay in a lab reboot? We can't seem to reproduce it. :'( The box had just been upgraded to SXF13 AES shortly before (from SXF6 AIS) due to some miscommunications, and this was the first boot on SXF13 AIS, but I can't imagine this can have any impact. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] CBWFQ-LLQ on PPPoE Virtual Templates
Hello, We have a 7206 running (C7200-IK9S-M), Version 12.3(20), RELEASE SOFTWARE (fc2). We are trying to get LLQ implemented on Virtual Template interfaces for our PPPoE DSL users: vpdn-group akrnaa01rr description SBC Akron VPDN Group accept-dialin protocol l2tp virtual-template 1 terminate-from hostname akrnaa01rr.oh.AADS local name xx lcp renegotiation always l2tp tunnel password 7 xxx interface Virtual-Template1 mtu 1492 ip unnumbered Loopback1 rate-limit output access-group 102 8000 1500 2000 conform-action transmit exceed-action drop no ip route-cache cef no ip route-cache no logging event link-status peer default ip address pool ppp keepalive 5 compress stac ppp max-bad-auth 5 ppp authentication pap ppp chap refuse service-policy output llq-policy end It seems to take it fine, but when I do a show policy-map interfaces I get the following output; Virtual-Template1 Service-policy output: llq-policy Service policy content is displayed only for cloned interfaces only such as vaccess and sessions I can't tell if this means that the service-policy is not enabled for the interface, or if it just doesn't show up. Any ideas? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Identifying BGP route flapping
We're not that desperate to monitor BGP flaps to install a router, and even, that's not a counter, is it? Sounds like there's no nice option to measure instability. Frank From: Mike Johnson [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2008 10:54 AM To: Adam Armstrong Cc: [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Identifying BGP route flapping That will work for local BGP flaps, but if you are trying to monitor BGP flaps on the net this will not work. You could setup a router that has BGP dampening enabled, this will give you a look into flaps on the net. harbor235 ;} On Wed, Apr 9, 2008 at 11:48 AM, Adam Armstrong [EMAIL PROTECTED] wrote: Frank Bulk wrote: We had an incident a little over a week ago where our upstream provider (which managers our edge routers) told us that the BGP routes were flapping between our two edge routers. Is there a MIB that we can poll to monitor the number of changes in routing tables, or BGP flaps? You can find out when the session last changed, how many messages have been sent across the session and how many updates have been sent across the session. Sadly i don't think there's a flap counter you can poll. adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CBWFQ-LLQ on PPPoE Virtual Templates
You can do: show run int virtual-access XXX It probably won't list it in there though. You can inject it into the interface via RADIUS using the Cisco-AVpair attribute Cisco-AVPair = lcp:interface-config#1=service-policy output llq-policy FYI, those users are technically PPPoVPDN - PPPoE and PPPoA users have a different template. Gregory Boehnlein wrote: Hello, We have a 7206 running (C7200-IK9S-M), Version 12.3(20), RELEASE SOFTWARE (fc2). We are trying to get LLQ implemented on Virtual Template interfaces for our PPPoE DSL users: vpdn-group akrnaa01rr description SBC Akron VPDN Group accept-dialin protocol l2tp virtual-template 1 terminate-from hostname akrnaa01rr.oh.AADS local name xx lcp renegotiation always l2tp tunnel password 7 xxx interface Virtual-Template1 mtu 1492 ip unnumbered Loopback1 rate-limit output access-group 102 8000 1500 2000 conform-action transmit exceed-action drop no ip route-cache cef no ip route-cache no logging event link-status peer default ip address pool ppp keepalive 5 compress stac ppp max-bad-auth 5 ppp authentication pap ppp chap refuse service-policy output llq-policy end It seems to take it fine, but when I do a show policy-map interfaces I get the following output; Virtual-Template1 Service-policy output: llq-policy Service policy content is displayed only for cloned interfaces only such as vaccess and sessions I can't tell if this means that the service-policy is not enabled for the interface, or if it just doesn't show up. Any ideas? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Switch that can shape traffic per VLAN and re-writeVLANID?
3750 Metro. This switch can preform vlan 'remapping' (cisco term.) on the enhanced services ports. -Original Message- From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Wed 4/9/2008 10:35 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Switch that can shape traffic per VLAN and re-writeVLANID? The 3550 can perform per-port/per-VLAN MQC. I can't speak for the VLAN ID rewriting, though, and I don't believe this functionality exists in the 3560. Jon Hartman Network Engineering Verizon Internet Operations ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Identifying BGP route flapping
I execute the follow a few times when I want to looking for flapping BGP routes. CPU intensive on the router, but its simple to implement. show ip route | inc 00:00 Mike Johnson wrote: That will work for local BGP flaps, but if you are trying to monitor BGP flaps on the net this will not work. You could setup a router that has BGP dampening enabled, this will give you a look into flaps on the net. -- === Clinton Work Airdrie, AB ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Identifying BGP route flapping
Maybe I missed something. Your upstream manages the routers, so can they not explain the route flaps? I would think the burden would be on them to demonstrate why your sessions reset? Was there an event which caused the flaps? Frank Bulk wrote: We're not that desperate to monitor BGP flaps to install a router, and even, that's not a counter, is it? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Learning L2 switching and spanning tree by doing
Hello, I cant seem to get myself to understand spanning tree, SVIs and all the sort by just reading, i dont have access to switches to get my hands to configure, any suggestions? Thanks, Kim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Learning L2 switching and spanning tree by doing
Start playing with IRB -- http://dcp.dcptech.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kim Onnel Sent: Wednesday, April 09, 2008 10:10 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Learning L2 switching and spanning tree by doing Hello, I cant seem to get myself to understand spanning tree, SVIs and all the sort by just reading, i dont have access to switches to get my hands to configure, any suggestions? Thanks, Kim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ethernet Freezeup
On Tue, Apr 08, 2008 at 08:36:57PM +0200, Andre Beck wrote: Hi Jon, On Tue, Apr 08, 2008 at 10:35:36AM -0500, [EMAIL PROTECTED] wrote: Is it possible that your interface is getting wedged? http://www.cisco.com/en/US/products/hw/iad/ps397/products_tech_note09186a0 0800a7b85.shtml Hard to say without having a sh int fa0/0 from when the issue hit. The description says that only a reload would clear this kind of problem, but it's old and things may have changed. My Fa0/0 input queue looks like Input queue: 0/75/0/2 (size/max/drops/flushes); Total output drops: 0 and I ponder what the two flushes may be. I did indeed have exactly two occasions of the interface hanging that could be cleaned with a clear int. Compare that with my 7200 : Input queue: 0/75/19755/291735 (size/max/drops/flushes); Total output drops: 715217 ... Received 23535684 broadcasts, 0 runts, 233 giants, 4480 throttles 568580 input errors, 0 CRC, 0 frame, 396581 overrun, 171629 ignored That's after around 5 weeks of uptime. We had a DoS attack a couple of weeks ago, that might explain the crazy numbers. BTW, it's not memory, neither of my two routers that have the problem are memory constrained nor do they have a lot of routes. Further, just giving it a clear int when it is running normally doesn't increment that counter. When it strikes again (hopefully auto-healed by my new EEM applet) and that counter increments, it's probably indeed an input queue overrun (wedged). Will the EEM applet leave something in your log when it resets the interface? Otherwise, if the auto-heal happens fast enough, you might not know that it kicked in. BTW, there's also a chance of the switch being involved. I've checked this a couple of times and never found anything. Also, the two routers affected are in wildly disparate environments. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco PIX snmp filter
On a PIX, no, version 7 snmp-map will let you filter with version only, you may be able to do what you are after on an ASA with an SSM- AIP module, but I haven't ever looked or tried. Ben On 09/04/2008, at 10:22 PM, Bagosi Rómeó wrote: Hello Experts! Can the Cisco PIX v6 or v7 filter the SNMP request going through the firewall for a specific OID only? Thank you, BR ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/