[c-nsp] elam packet capture
Hello Can anyone please guide me to understand how to find out physical interface to DEST_INDEX mapping. I did a elam capture to trave a IP packet going to a CSS VIP. RBUS data: SEQ_NUM [5] = 0x17 CCC [3] = b100 [L3_RW] CAP1 [1] = 0 CAP2 [1] = 0 QOS [3] = 0 EGRESS [1] = 0 DT [1] = 0 [IP] TL [1] = 0 [B32] FLOOD[1] = 0 *DEST_INDEX [19] = 0x2E* VLAN [12] = 250 RBH [3] = b010 RDT [1] = 0 GENERIC [1] = 0 EXTRA_CICLE [1] = 0 FABRIC_PRIO [1] = 0 L2 [1] = 0 FCS1 [8] = 0x1 IP_TOS_VALID [1] = 1 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] elam packet capture
Thilak, Try running this command: Router-sp#test mcast ltl index ef index 0xEF contain ports 4/48 (in your case change ef with 2e) Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Thilak T Sent: Wednesday, December 24, 2008 10:06 To: cisco-nsp@puck.nether.net Subject: [c-nsp] elam packet capture Hello Can anyone please guide me to understand how to find out physical interface to DEST_INDEX mapping. I did a elam capture to trave a IP packet going to a CSS VIP. RBUS data: SEQ_NUM [5] = 0x17 CCC [3] = b100 [L3_RW] CAP1 [1] = 0 CAP2 [1] = 0 QOS [3] = 0 EGRESS [1] = 0 DT [1] = 0 [IP] TL [1] = 0 [B32] FLOOD[1] = 0 *DEST_INDEX [19] = 0x2E* VLAN [12] = 250 RBH [3] = b010 RDT [1] = 0 GENERIC [1] = 0 EXTRA_CICLE [1] = 0 FABRIC_PRIO [1] = 0 L2 [1] = 0 FCS1 [8] = 0x1 IP_TOS_VALID [1] = 1 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Lab Tool
http://www.sins.com.au/nmis/ El mar, 23-12-2008 a las 23:07 +0530, Aman Chugh escribió: Hello List, I am looking for a tool for consolidating all my devices in my lab in differrent racks and which should act like a database of all my devices with infomation about the IOS code and software running on these devices, plus the ability to telnet to the device from a webpage. Please let me know some tools either free or $ which can be used for this purpose. TIA Aman ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6500 and VSS
Looking for some real world input here so coming to the pro's. Anyone using 6500's with VSS implemented? Looking for people's feedback who are using it in production. I had heard awhile back that there are issues with support for ISSU, is this still the case? Just looking for some pro's and con's. Thanks in advance, Nick Griffin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 and VSS
Issu should be supported in the SXI release, but haven't verified that yet in real life (no other release yet to upgrade to) About production experience: no real show-stoppers so far (besides the upgrade/downtime one, which issu should solve), just remember that mpls isn't supported (yet?) Best regards, Thomas Dupas On 24-dec-08, at 18:02, Nick Griffin nick.jon.grif...@gmail.com wrote: Looking for some real world input here so coming to the pro's. Anyone using 6500's with VSS implemented? Looking for people's feedback who are using it in production. I had heard awhile back that there are issues with support for ISSU, is this still the case? Just looking for some pro's and con's. Thanks in advance, Nick Griffin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] elam packet capture
Thanks for the quick reply. I am running 12.2(18)SXF10a , test mcast ltl index doesn't seem to work.However in this case I could find the interface number since I know where the was CSS connected. Can you guide me find the index number someotherway.? Here is what I did to find out. bbr00m1#*show tcam interface gigabitEthernet 1/47 qos type1 arp detail* * Global Defaults not shared -- T - V(Value) M(Mask) R(Result) A - ARP Packet R - RARP Packet X - XTAG -- *Interface: 46 * label: 511 lookup_type: 1 # *DEST_INDEX [19] = 0x2E* is *Interface: 46 * protocol: ARP packet-type: 3 +-+-+--+-++---+ |T|Index|AR|X| Dest Node | Source Node | +-+-+--+-++---+ V 36839 -- 0 0 0 - M 36845 -- 0 0 0 - R rslt: 0 - On Wed, Dec 24, 2008 at 12:52 AM, Arie Vayner (avayner) avay...@cisco.comwrote: Thilak, Try running this command: Router-sp#test mcast ltl index ef index 0xEF contain ports 4/48 (in your case change ef with 2e) Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Thilak T Sent: Wednesday, December 24, 2008 10:06 To: cisco-nsp@puck.nether.net Subject: [c-nsp] elam packet capture Hello Can anyone please guide me to understand how to find out physical interface to DEST_INDEX mapping. I did a elam capture to trave a IP packet going to a CSS VIP. RBUS data: SEQ_NUM [5] = 0x17 CCC [3] = b100 [L3_RW] CAP1 [1] = 0 CAP2 [1] = 0 QOS [3] = 0 EGRESS [1] = 0 DT [1] = 0 [IP] TL [1] = 0 [B32] FLOOD[1] = 0 *DEST_INDEX [19] = 0x2E* VLAN [12] = 250 RBH [3] = b010 RDT [1] = 0 GENERIC [1] = 0 EXTRA_CICLE [1] = 0 FABRIC_PRIO [1] = 0 L2 [1] = 0 FCS1 [8] = 0x1 IP_TOS_VALID [1] = 1 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS Label question
Hi All MPLS Lable Untag removes all labels from MPLS packets and sent it as native IP packet my question is packets with untag label will be sent over IP interface not MPLS interface and FIB lookup occur prefixes with this tag ? best regards --Ibrahim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 32 bit ASN
On Thu, Dec 18, 2008 at 11:55:01AM +0100, Marcus.Gerdon wrote: Hi @All, what information I got regarding AS32 is somewhat worrysome: 12.0(32)S12 Q4/2008 for 72 GSR 12.0(32)S12 is out as of yesterday with support for 4-byte AS on GRP and PRP http://www.cisco.com/en/US/docs/ios/12_0s/release/ntes/120SNEWF.html#wp3521658 I loaded it on a test router yesterday -- I immediately ran into the issue discussed last week on NANOG: http://markmail.org/message/3ofvjyggayfxezna -- Brandon Ewing(nicot...@warningg.com) pgpFPx02JXeH5.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASA question
Hi How can I empty the cache in ASA? I transfer the ip from one server to other server, but the ASA is still only reconizing in the old server Thank you Send instant messages to your online friends http://uk.messenger.yahoo.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA question
adrian kok wrote: Hi How can I empty the cache in ASA? Do you mean ARP cache? Have you tried clear arp? -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IPSec L2L tunnel - traffic from IVRF to other VRFs
I've read the doc at http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_vrf _aware_ipsec_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027 175 and ignoring the restriction about mapping VRF to VRF traffic have tried (unsuccessfully) to circumvent this restriction. Is it at all possible to terminate an IPSec L2L tunnel in VRF A and then have traffic exit that VRF A to reach resources located in VRF B or possibly the global routing table? I see the security implications naturally of allowing traffic from remote sites to leak across VRFs but if it's not possible then is there some way of providing a central service type of resource to a bunch of different sites (assume each site goes into a different VRF) which connect to that resource via IPSec tunnels? [Site A]---IPSec tunnel over Internet---[Hub Router--VRF A--] | [VRF B] | (Central Service) Vijay Ramcharan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPSec L2L tunnel - traffic from IVRF to other VRFs
Give each VRF a rd, and do an import/export of that rd. Configure BGP, don't even need to use it as your routing protocol. Each VRF should automagically have the address family configured. Now under the ip vrf configuration import the other VRF's rd. Now you have reachability at one location. Another solution is to create a static route and point it at the physical interface of the other VRF. You'll need to do this in both directions. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Ramcharan, Vijay A Sent: Wednesday, December 24, 2008 3:41 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] IPSec L2L tunnel - traffic from IVRF to other VRFs I've read the doc at http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_vr f _aware_ipsec_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp102 7 175 and ignoring the restriction about mapping VRF to VRF traffic have tried (unsuccessfully) to circumvent this restriction. Is it at all possible to terminate an IPSec L2L tunnel in VRF A and then have traffic exit that VRF A to reach resources located in VRF B or possibly the global routing table? I see the security implications naturally of allowing traffic from remote sites to leak across VRFs but if it's not possible then is there some way of providing a central service type of resource to a bunch of different sites (assume each site goes into a different VRF) which connect to that resource via IPSec tunnels? [Site A]---IPSec tunnel over Internet---[Hub Router--VRF A--] | [VRF B] | (Central Service) Vijay Ramcharan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Small IAD - Voip to PRI
I'm looking for a small box, pref Cisco, that will take 23 channels of VOIP and hand it off as a PRI suitable for use in a Norstar/Meridian phone system. [transparent SIP gateway basically -- pass through caller id/name/etc] I believe a ISR 1841 can do it, but I'm not 100%. Anyone been here/done that? thanks, LA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Small IAD - Voip to PRI
L'argent wrote: I'm looking for a small box, pref Cisco, that will take 23 channels of VOIP and hand it off as a PRI suitable for use in a Norstar/Meridian phone system. [transparent SIP gateway basically -- pass through caller id/name/etc] I believe a ISR 1841 can do it, but I'm not 100%. Anyone been here/done that? Not Cisco, but the Adtran TA904 will do that just fine, assuming SIP signaling on the VoIP side. If you need SCCP for interoperability with Cisco, you'll need Cisco gear. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Small IAD - Voip to PRI
IAD-2431-2T1E1... Has 2xFE 2xT1 can do all sorts of stuff.. Works great for this... -- Tim On 12/24/08, L'argent larg...@ai.net wrote: I'm looking for a small box, pref Cisco, that will take 23 channels of VOIP and hand it off as a PRI suitable for use in a Norstar/Meridian phone system. [transparent SIP gateway basically -- pass through caller id/name/etc] I believe a ISR 1841 can do it, but I'm not 100%. Anyone been here/done that? thanks, LA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Sent from my mobile device ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Small IAD - Voip to PRI
1841 doesn't do voice. (It has no DSP's) 28xx surely will do the trick, and also 2600XM with NM-HDV2-1T1/E1. Martin On Wednesday, 24 December, 2008 22:17 L'argent wrote: I'm looking for a small box, pref Cisco, that will take 23 channels of VOIP and hand it off as a PRI suitable for use in a Norstar/Meridian phone system. [transparent SIP gateway basically -- pass through caller id/name/etc] I believe a ISR 1841 can do it, but I'm not 100%. Anyone been here/done that? thanks, LA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPSec L2L tunnel - traffic from IVRF to other VRFs
If security is an issue, put any old router in that will do VRFs and configure it with IOS FW or ACLs... You can put an IOS FW on a stick with VLAN's going to it... Or put an actual firewall in place... From: Ramcharan, Vijay A vijay.ramcha...@verizonbusiness.com To: cisco-nsp@puck.nether.net Sent: Wednesday, December 24, 2008 2:40:53 PM Subject: [c-nsp] IPSec L2L tunnel - traffic from IVRF to other VRFs I've read the doc at http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_vrf _aware_ipsec_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027 175 and ignoring the restriction about mapping VRF to VRF traffic have tried (unsuccessfully) to circumvent this restriction. Is it at all possible to terminate an IPSec L2L tunnel in VRF A and then have traffic exit that VRF A to reach resources located in VRF B or possibly the global routing table? I see the security implications naturally of allowing traffic from remote sites to leak across VRFs but if it's not possible then is there some way of providing a central service type of resource to a bunch of different sites (assume each site goes into a different VRF) which connect to that resource via IPSec tunnels? [Site A]---IPSec tunnel over Internet---[Hub Router--VRF A--] | [VRF B] | (Central Service) Vijay Ramcharan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] elam packet capture
Thanks for the quick reply. I am running 12.2(18)SXF10a , test mcast ltl index doesn't seem to work.However in this case I could find the interface number since I know where the was CSS connected. Can you guide me find the index number someotherway.? Take care to note that the test mcast ltl index-command is performed while attached to the supervisor. (The same place you do the elam packet captures). Router-sp#test mcast ltl index ef index 0xEF contain ports 4/48 /Stig ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Small IAD - Voip to PRI
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/voiceden sity.pdf On Wednesday, 24 December, 2008 22:17 L'argent wrote: I'm looking for a small box, pref Cisco, that will take 23 channels of VOIP and hand it off as a PRI suitable for use in a Norstar/Meridian phone system. [transparent SIP gateway basically -- pass through caller id/name/etc] I believe a ISR 1841 can do it, but I'm not 100%. Anyone been here/done that? thanks, LA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/