Re: [c-nsp] Netflow / 3560 platform
Hi, On Wed, Jul 30, 2008 at 07:00:22PM -0700, Brian Spade wrote: Hi, adding back cisco-nsp On Wed, Jul 30, 2008 at 6:54 PM, Buhrmaster, Gary [EMAIL PROTECTED]wrote: Can anyone explain why Cisco fails to support Netflow on the 3560 Catalyst switches? They did not build the hardware to support it. One of the many feature/cost choices made on that platform during the design. These routers are software based -- Cisco 800, 1800, 2800, and 3800 -- and support Netflow. That's the point: they are software based. You can do everything on SW based platforms. The 3560 is hardware based, and it's fairly simple hardware, as opposed to a 6500/7600, which has more complex (and more expensive!) hardware. So the 3560 hardware just cannot do it, because implementing it would have made the box much more expensive. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgp6D0yUBh2CD.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 ACE/FWSM Modules??????????
I am working on implementing two 6509 chassis setup using vss and ace/fwsm modules. Anyone know of any good books for the ACE and FWSM modules? Neither ACE nor FWSM is currently supported in a Catalyst 6500 running VSS. The NAM is the only service module supported today. (See the VSS Config Guide on http://tinyurl.com/yqg97w) You will need to run the 6500s in a standard HSRP / STP setup. -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 ACE/FWSM Modules??????????
FWSM is supported with 12.2(33)SXI On Thu, Jul 31, 2008 at 3:25 AM, Asbjorn Hojmark - Lists [EMAIL PROTECTED]wrote: I am working on implementing two 6509 chassis setup using vss and ace/fwsm modules. Anyone know of any good books for the ACE and FWSM modules? Neither ACE nor FWSM is currently supported in a Catalyst 6500 running VSS. The NAM is the only service module supported today. (See the VSS Config Guide on http://tinyurl.com/yqg97w) You will need to run the 6500s in a standard HSRP / STP setup. -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] XR OS-SHMWIN-2-ERROR_ENCOUNTERED
Howdy ho, Have a CISCO GSR 12416/PRP running XR 3.6.1 and it has started continually whining about :- LC/0/0/CPU0:Jul 31 10:15:47.970 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:15:50.337 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:17.989 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:19.372 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:48.014 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:49.269 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical CCO says log a tac case, but was wondering if anybody had some ideas of what this error is and how to go about fixing it thanx - Mind Like A Steel Trap - Rusty And Illegal In 37 States. Nic Tjirkalli Verizon Business South Africa Network Strategy Team Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. Company Information:http:// www.verizonbusiness.com/za/contact/legal/ This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] special routing (vrf?) with Cisco 3825
Hello, We'd like to set up a special routing between remote sites. The network looks like the following: Site #1 LANSite #2 LAN Site #3 LAN || | Site #1Site #2 Site #3 CE router CE router CE router || | || | /---\ | | | Service Provider's MPLS backbone | | | \---/ | | Central Site CE router | Firewall | Central LAN We have 4 sites over an IP VPN. All traffic is routed through the central CE router (the network is configured to hub spoke mode). Direct traffic between sites is not allowed, only through the central CE router. In addition, we have to pass the traffic through the Firewall which is going to or coming from the Site #3. 1. So the route from site #1 to site #3 should look like: Site #1 LAN --- Site #1 CE router --- SP network --- Central CE router --- Firewall --- Central CE router --- SP network --- Site #3 CE router --- Site #3 LAN 2. The route from site #3 to site #2 should look like: Site #3 LAN --- Site #3 CE router --- SP network --- Central CE router --- Firewall --- Central CE router --- SP network --- Site #2 CE router --- Site #2 LAN The Central CE router is Cisco 3825. Is this idea can be achieved with current Cisco technologies? If yes, how does this technology called? I've read about VRF, it might help, but I'm not sure. Could you please point out the main steps to configure this? I have a few years Cisco experience, mostly with lan, but I have never ever used complex routing stuffs like this. I just need a minimal info to start and I'll try to implement. In the first step, I'm just curious if this can be done or you know better solution to do this job. Thanks in advance, Szabolcs Horvath ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] special routing (vrf?) with Cisco 3825
Horvath, What you are describing is Hub and Spoke VPN... As you are using it already, it should be easy to make the traffic pass the firewall. Have you discussed it with your SP? In general, you could take a look at these links: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a008093505e.html http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_hub_spoke.html Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Horv?th Szabolcs Sent: Thursday, July 31, 2008 12:37 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] special routing (vrf?) with Cisco 3825 Hello, We'd like to set up a special routing between remote sites. The network looks like the following: Site #1 LANSite #2 LAN Site #3 LAN || | Site #1Site #2 Site #3 CE router CE router CE router || | || | /---\ | | | Service Provider's MPLS backbone | | | \---/ | | Central Site CE router | Firewall | Central LAN We have 4 sites over an IP VPN. All traffic is routed through the central CE router (the network is configured to hub spoke mode). Direct traffic between sites is not allowed, only through the central CE router. In addition, we have to pass the traffic through the Firewall which is going to or coming from the Site #3. 1. So the route from site #1 to site #3 should look like: Site #1 LAN --- Site #1 CE router --- SP network --- Central CE router --- Firewall --- Central CE router --- SP network --- Site #3 CE router --- Site #3 LAN 2. The route from site #3 to site #2 should look like: Site #3 LAN --- Site #3 CE router --- SP network --- Central CE router --- Firewall --- Central CE router --- SP network --- Site #2 CE router --- Site #2 LAN The Central CE router is Cisco 3825. Is this idea can be achieved with current Cisco technologies? If yes, how does this technology called? I've read about VRF, it might help, but I'm not sure. Could you please point out the main steps to configure this? I have a few years Cisco experience, mostly with lan, but I have never ever used complex routing stuffs like this. I just need a minimal info to start and I'll try to implement. In the first step, I'm just curious if this can be done or you know better solution to do this job. Thanks in advance, Szabolcs Horvath ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] special routing (vrf?) with Cisco 3825
Hi there, Here are two different solutions to this (there may be more): 1) Request four different VPN's from the SP and terminate in four different VRF's on the central CE-router. Forward in four different VLANS/interfaces towards the firewall, which have to have four different interfaces to accept these. This way there will be absolute separation all the way up to the firewall. 2) Run policy-based routing (PBR) on the central CE-router and forward all incoming packets from the MPLS-VPN directly to the firewall. Ordinary routing-decisions should only occur on traffic coming *from* the firewall and into the MPLS-VPN. Be aware of any limitations concerning PIX/ASA/FWSM's in this configuration. The default ASA (adaptive security algorithm)-config doesn't allow routing packets out the same interface they arrived. Best regards, Stig Meireles Johansen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Horváth Szabolcs Sent: 31. juli 2008 11:36 To: cisco-nsp@puck.nether.net Subject: [c-nsp] special routing (vrf?) with Cisco 3825 Hello, We'd like to set up a special routing between remote sites. The network looks like the following: Site #1 LANSite #2 LAN Site #3 LAN || | Site #1Site #2 Site #3 CE router CE router CE router || | || | /---\ | | | Service Provider's MPLS backbone | | | \---/ | | Central Site CE router | Firewall | Central LAN We have 4 sites over an IP VPN. All traffic is routed through the central CE router (the network is configured to hub spoke mode). Direct traffic between sites is not allowed, only through the central CE router. In addition, we have to pass the traffic through the Firewall which is going to or coming from the Site #3. 1. So the route from site #1 to site #3 should look like: Site #1 LAN --- Site #1 CE router --- SP network --- Central CE router --- Firewall --- Central CE router --- SP network --- Site #3 CE router --- Site #3 LAN 2. The route from site #3 to site #2 should look like: Site #3 LAN --- Site #3 CE router --- SP network --- Central CE router --- Firewall --- Central CE router --- SP network --- Site #2 CE router --- Site #2 LAN The Central CE router is Cisco 3825. Is this idea can be achieved with current Cisco technologies? If yes, how does this technology called? I've read about VRF, it might help, but I'm not sure. Could you please point out the main steps to configure this? I have a few years Cisco experience, mostly with lan, but I have never ever used complex routing stuffs like this. I just need a minimal info to start and I'll try to implement. In the first step, I'm just curious if this can be done or you know better solution to do this job. Thanks in advance, Szabolcs Horvath ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PIX not port forwarding
Hi, Having problem with a Cisco PIX 613. I am allowing traffic from a specific Public IP address to pass on two ports only I then forward this traffic to a LAN IP address So. From the internet. access-list internet permit tcp any host xx.xxx.xx.xxx range 5040 5041 To the LAN static (inside,outside) tcp xx.xxx.xx.xxx 5040 192.168.127.4 5040 netmask 255.255.255.255 0 0 static (inside,outside) tcp xx.xxx.xx.xxx 5041 192.168.127.4 5041 netmask 255.255.255.255 0 0 I should then be able to telnet to the LAN address on each of the two ports Internal telnet works fine as does using a simple cheap Firewall/Router I have used this method on the PIX in plenty of other examples like SMTP, PPTP and they can all be reached via telnet I can see I am getting hits on the internet access-list Can anyone throw some light on this for me please? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] interpretation of sysTrafficPeakTime
That's what i though too. But then it should be increasing as time passes by...which it doesn't ;) -- Tassos [EMAIL PROTECTED] wrote on 31/7/2008 12:39 πμ: The value represents the amount of time that has passed since the highest recorded peak. I don't know if this value rolls over or not. I don't think it does. Tassos Chatzithomaoglou [EMAIL PROTECTED] wrote: Arie, Actually i was using sh platform hardware capacity fabric to see it through the cli. Still, my main concern is... should i stick to my 1st explanation or the 2nd one? -- Tassos Arie Vayner (avayner) wrote on 29/7/2008 11:22 μμ: Tasso, Your analysis makes sense. It seems that this OID is basically what you can see with this command: Router#show catalyst6000 traffic-meter traffic meter = 1% Never cleared peak = 1%reached at 20:14:17 UTC Tue Jul 29 2008 Arie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tassos Chatzithomaoglou Sent: Tuesday, July 29, 2008 20:22 PM To: cisco-nsp Subject: [c-nsp] interpretation of sysTrafficPeakTime According to the cisco-stack-mib: sysTrafficPeakTime OBJECT-TYPE SYNTAXTimeTicks MAX-ACCESSread-only STATUScurrent DESCRIPTION The time (in hundredths of a second) since the peak traffic meter value occurred. ::= { systemGrp 20 } Can someone please interpret the above description? I'm thinking of 2 different values here: 1) current time (present) === peak time (past) : the value should increase as time passes by (*) 2) power-on/reset time (past) === peak time (past) : the value should stay constant as time passes by (*) If i was to interpret it, i would probably choose the 1st one, but according to my sample snmp outputs on some 6500s/7600s the 2nd seems to be the correct one. (*) having only one peak traffic time -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 ACE/FWSM Modules??????????
Can someone clarify the PAGP problem ? I had a discussion with someone of Cisco for a new design in one of our datarooms and we had chosen a VSS solution with dual 3750E stacks and 20Gig uplinks in each rack to the VSS chassis for max redundantie. According to our Cisco contact, this was a working solution. If however it is impossible to make channels between a 3750E cluster and both switches in a VSS, the complete design has to be redone... Wim Holemans Network Services University of Antwerp -Original Message- From: Mike Louis [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2008 6:19 PM To: Teller, Robert; Tony Varriale; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] 6509 ACE/FWSM Modules?? Last time I checked the 3750 did not support the pagp extensions for vss. You would get an stp loop if you tried. Has this support changed? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] LDP Graceful restart
Does the graceful restart feature for LDP works in a single route processor configuration? (similar to Routing protocols?) Regards, Monika ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Netflow / 3560 platform
Hi, On Thu, Jul 31, 2008 at 09:10:31AM -0400, David Curran wrote: I would add that the 6500/7600 can do netflow but not well. I think the true limitation is that these platforms are switches, not routers. So as previous responses have stated, things are done in hardware, not software. Platforms without route processors would be hard pressed to due the necessary work to properly log and export flows. At least that's the excuse we get when we run into netflow issues on the 7600 platform... Well, dunno about yours, but our 7600s seem to have route processors, (*and* switch processors even) :-) But indeed, hardware based netflow is prone to have *different* limitations, when compared to a software based architecture. The latter usually dies when the load goes up too much... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgpVHSNsXGc6n.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Netflow / 3560 platform
I would add that the 6500/7600 can do netflow but not well. I think the true limitation is that these platforms are switches, not routers. So as previous responses have stated, things are done in hardware, not software. Platforms without route processors would be hard pressed to due the necessary work to properly log and export flows. At least that's the excuse we get when we run into netflow issues on the 7600 platform... From: Gert Doering [EMAIL PROTECTED] Date: Thu, 31 Jul 2008 02:40:19 -0400 To: Brian Spade [EMAIL PROTECTED] Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Netflow / 3560 platform Hi, On Wed, Jul 30, 2008 at 07:00:22PM -0700, Brian Spade wrote: Hi, adding back cisco-nsp On Wed, Jul 30, 2008 at 6:54 PM, Buhrmaster, Gary [EMAIL PROTECTED]wrote: Can anyone explain why Cisco fails to support Netflow on the 3560 Catalyst switches? They did not build the hardware to support it. One of the many feature/cost choices made on that platform during the design. These routers are software based -- Cisco 800, 1800, 2800, and 3800 -- and support Netflow. That's the point: they are software based. You can do everything on SW based platforms. The 3560 is hardware based, and it's fairly simple hardware, as opposed to a 6500/7600, which has more complex (and more expensive!) hardware. So the 3560 hardware just cannot do it, because implementing it would have made the box much more expensive. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] This email and any attachments (Message) may contain legally privileged and/or confidential information. If you are not the addressee, or if this Message has been addressed to you in error, you are not authorized to read, copy, or distribute it, and we ask that you please delete it (including all copies) and notify the sender by return email. Delivery of this Message to any person other than the intended recipient(s) shall not be deemed a waiver of confidentiality and/or a privilege. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Netflow / 3560 platform
Touche. I was speaking of the smaller catalyst platforms. However I'm not sure its fair to real routers to call the Supervisors route processors. That's like calling a Yugo a race car. Sure, you COULD race it... From: Gert Doering [EMAIL PROTECTED] Date: Thu, 31 Jul 2008 15:33:48 +0200 To: David Curran [EMAIL PROTECTED] Cc: Gert Doering [EMAIL PROTECTED], cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Netflow / 3560 platform Hi, On Thu, Jul 31, 2008 at 09:10:31AM -0400, David Curran wrote: I would add that the 6500/7600 can do netflow but not well. I think the true limitation is that these platforms are switches, not routers. So as previous responses have stated, things are done in hardware, not software. Platforms without route processors would be hard pressed to due the necessary work to properly log and export flows. At least that's the excuse we get when we run into netflow issues on the 7600 platform... Well, dunno about yours, but our 7600s seem to have route processors, (*and* switch processors even) :-) But indeed, hardware based netflow is prone to have *different* limitations, when compared to a software based architecture. The latter usually dies when the load goes up too much... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] This email and any attachments (Message) may contain legally privileged and/or confidential information. If you are not the addressee, or if this Message has been addressed to you in error, you are not authorized to read, copy, or distribute it, and we ask that you please delete it (including all copies) and notify the sender by return email. Delivery of this Message to any person other than the intended recipient(s) shall not be deemed a waiver of confidentiality and/or a privilege. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Netflow / 3560 platform
Hi, On Thu, Jul 31, 2008 at 10:07:56AM -0400, David Curran wrote: Touche. I was speaking of the smaller catalyst platforms. However I'm not sure its fair to real routers to call the Supervisors route processors. That's like calling a Yugo a race car. Sure, you COULD race it... Given that real routers sometimes don't even use the route processors for netflow export (but do that on the line card CPU), I'm not convinced that real route processors would make netflow export much easier :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgpDqioA9ZddM.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 ACE/FWSM Modules??????????
FWSM is supported with 12.2(33)SXI I think you meant to write: 'FWSM *will be* supported in SXI'. Yes, SXI should ship sometime soon and will add new hardware support. It will also add tons of new features and likely a lot of new bugs. Whether one is willing to be one of the first to use it in production in a data center... well YMMV. And it's not here today. -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Anomaly Guard
hello Guys, I have Anomaly Guard Box Anomaly Guard Detector module on 6500 Catalyst Switch I want to put the GiGa Ethernet port which placed in the Detector module in the same Vlan of the Guard Box Port on the Switch. Thanks for help Ibrahim Alsharif ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can an AS5350 route ISDN calls to ISDN?
Hi, Cool! So I just match the incoming calls from a specific ISDN interface and send them out through another. Are there any caveats I should know? I can't match specific dialled or dialling numbers, currently there's over 2000 DID's in use on these lines. No other caveats. You don't have to match incoming calls on a peer based on an expression for incoming called-number ... - you can just create a peer that has an affinity to a voice port, although it won't work to bind it to a trunk-group (that only works for outgoing). But otherwise, no other things readily come to mind. I'm trying to test this by sending calsl from a specific number from a specific voice port, but it's not working. We currently have a catch all voip dialpeer for all other calls that come into this gateway that is matched whatever I try. So, the basic setup is that I have a dialpeer that matches the incoming call: dial-peer voice 20 pots description inbound from isdn, should go to isdn directly destination-pattern some_number translate-outgoing called 100 port 3/3:D dial-peer voice 12 pots trunkgroup my_trunkgroup description *** To Trunk *** translation-profile outgoing outgoing_profile destination-pattern 310 forward-digits all dial-peer voice 100 voip description *** catchall *** destination-pattern . voice-class codec 100 session protocol sipv2 session target ipv4:something voice translation-rule 100 rule 1 /^31\(.\)/ /31031\1/ Incoming calls from the ISDN line all start with 31. I want to send calls from isdn port 3/3 (currently only for a single test number, but that is temporary) out on the isdn lines in trunkgroup my_trunkgroup using dialpeer 12. I tried this by doing some digit manupulation, but IIRC that is done only after the outgoign dialpeer is matched, not during dialpeer matching. How do I add 310 as a prefix to the calls from port 3/3 so that dialpeer 100 does not match and calls go to dialpeer 12 (or something functionally similar)? Thanks! -- Andreas Sikkema ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 ACE/FWSM Modules??????????
Should work fine (though, admittedly, I haven't deployed this config). The purpose of PAgP+ is to provide dual-active detection should the VSL between your VSS pair fail. If your devices don't support PAgP+, you need to configure a dedicated link to perform this detection instead. See http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/prod_white_paper0900aecd806ee2ed_ps2797_Products_White_Paper.html Holemans Wim wrote: Can someone clarify the PAGP problem ? I had a discussion with someone of Cisco for a new design in one of our datarooms and we had chosen a VSS solution with dual 3750E stacks and 20Gig uplinks in each rack to the VSS chassis for max redundantie. According to our Cisco contact, this was a working solution. If however it is impossible to make channels between a 3750E cluster and both switches in a VSS, the complete design has to be redone... Wim Holemans Network Services University of Antwerp -Original Message- From: Mike Louis [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2008 6:19 PM To: Teller, Robert; Tony Varriale; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] 6509 ACE/FWSM Modules?? Last time I checked the 3750 did not support the pagp extensions for vss. You would get an stp loop if you tried. Has this support changed? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] XR OS-SHMWIN-2-ERROR_ENCOUNTERED
How much memory is installed in slot0 LC? Looks like you might not have enough. Can you send a show diag Rich On 31/07/2008, at 8:19 PM, Nic Tjirkalli wrote: Howdy ho, Have a CISCO GSR 12416/PRP running XR 3.6.1 and it has started continually whining about :- LC/0/0/CPU0:Jul 31 10:15:47.970 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:15:50.337 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:17.989 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:19.372 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:48.014 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:49.269 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical CCO says log a tac case, but was wondering if anybody had some ideas of what this error is and how to go about fixing it thanx - Mind Like A Steel Trap - Rusty And Illegal In 37 States. Nic Tjirkalli Verizon Business South Africa Network Strategy Team Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. Company Information:http:// www.verizonbusiness.com/za/contact/legal/ This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Problem Resetting of Cisco Firewall CSC SSM Password
Hi Team, I have been trying to reset the password to a Cisco content security and control module on an ASA appliance. I get the following error when I enter the password reset commands. ## FAVBLESS(config)# hw-module module 1 password-reset Reset the password on module in slot 1? [confirm] *The SSM application version does not support password reset Failed to reset the password on the module in slot 1 * # I should be glad if you can help me resolve this problem or suggest another technique for resetting the password to the CSC SSM. Regards, Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] XR OS-SHMWIN-2-ERROR_ENCOUNTERED
Howdy ho, How much memory is installed in slot0 LC? Looks like you might not have enough. yip looks like the issue Can you send a show diag poor card only has 512Meg route memory SLOT 0 (RP/LC 0): Cisco 12000 4-Port ISE ATM Over SONET OC3/STM-1 Single Mode/IR SC-SC connector MAIN: type 129, 800-24341-04 rev G0 dev 0 HW config: 0x00SW key: 00-00-00 PCA: 73-7852-07 rev E0 ver 4 HW version 1.0 S/N SAD1220039U MBUS: Embedded Agent Test hist: 0x00RMA#: 00-00-00RMA hist: 0x00 DIAG: Test count: 0xTest results: 0x FRU: Linecard/Module: 4OC3/ATM-IR-SC Route Memory: MEM-LC-512= Packet Memory: MEM-LC1-PKT-512= L3 Engine: 3 - ISE OC48 (2.5 Gbps) MBUS Agent Software version 2.56 (RAM) (ROM version is 2.23) Using CAN Bus A ROM Monitor version 1.8 Fabric Downloader version used 8.0 (ROM version is 5.5) Primary clock is CSC1 Board State is IOS-XR RUN Insertion time: Fri Jul 4 10:15:08 2008 (3w6d ago) DRAM size: 536870912 bytes FrFab SDRAM size: 268435456 bytes ToFab SDRAM size: 268435456 bytes 0 crashes since restart/fault forgive and from :- from :- http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.4/general/release/notes/reln_342.html The minimum memory requirements for Cisco XR 12000 Series Routers running Cisco IOS XR Software Release 3.4.2 are: .1-GB line card route memory on all Engine 3 line cards so this looks like the issue thanx for your response and help - much appreciated later Rich On 31/07/2008, at 8:19 PM, Nic Tjirkalli wrote: Howdy ho, Have a CISCO GSR 12416/PRP running XR 3.6.1 and it has started continually whining about :- LC/0/0/CPU0:Jul 31 10:15:47.970 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:15:50.337 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:17.989 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:19.372 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:48.014 : fib_mgr[146]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical LC/0/0/CPU0:Jul 31 10:16:49.269 : l2fib[180]: %OS-SHMWIN-2-ERROR_ENCOUNTERED : SHMWIN: Error encountered: shmwin state is critical CCO says log a tac case, but was wondering if anybody had some ideas of what this error is and how to go about fixing it thanx - Mind Like A Steel Trap - Rusty And Illegal In 37 States. Nic Tjirkalli Verizon Business South Africa Network Strategy Team Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. Company Information:http:// www.verizonbusiness.com/za/contact/legal/ This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ - Reality is merely an illusion, albeit a very persistent one. Nic Tjirkalli Verizon Business South Africa Network Strategy Team Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. Company Information:http:// www.verizonbusiness.com/za/contact/legal/ This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/