Re: [c-nsp] DFC-3C vs DFC-3CXL
Marlon Duksa wrote: Ok. Thanks. This is what I wanted to know. I was aware of the difference in scaling numbers and the ability to allocate space for mpls labels, IPv4 routes...What I was confused about was the price difference (List Price) - which is up to $US 60K (for ES+40) cards between the two versions (non-XL and XL). It's very odd that such a big discrepancy in price is coming from the size of the TCAM.Thanks, It's a marketing thing. If you need a full internet routing table (which the non-XL PFC/DFC can no longer hold) you must be a provider and willing to pay provider prices, right? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] %VRF: does not exist
Hi, Im trying to setup IP SLA IpIcmpEcho monitor inside a VRF, onto a C3560 running 12.2(35)SE5. However, Im facing an error msg stating my vrf doesn't exist : Switch#show ip vrf Internet Name Default RD Interfaces Internet 1:1 Gi0/28 Vl335 Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#rtr 2 Switch(config-rtr-echo)#vrf Internet ? LINEcr Switch(config-rtr-echo)#vrf Internet %VRF: Internet does not exist Switch(config-rtr-echo)# any clue ?! Jerome Covini ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] %VRF: does not exist
You made my day, thanks Selon Gert Doering g...@greenie.muc.de: Hi, On Tue, Jan 27, 2009 at 10:23:01AM +0100, jcov...@free.fr wrote: Switch(config-rtr-echo)#vrf Internet %VRF: Internet does not exist Switch(config-rtr-echo)# From the error message this looks like you typed Internetblank here - and quite some parts of the IOS parser are sensitive to trailing blanks. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF SNMP MIB with multiple ospf router processes
Hi folks We have a 7600 router that speaks OSPF. We use a bunch of SNMP polling under the SNMP MIB (1.3.6.1.2.1.14), to look at the OSPF neighbor table. We'd like our router sitting as an ABR, so we're looking at creating a new OSPF router process to sit in the second area. The trouble is, when we create a new router, our SNMP alerting system queries start to return the second processes' neighbor table. This kicks up an alert and generally isn't what we want! Does anyone know a way to work around this and specify which OSPF process should be exposed via SNMP? Thanks Phil ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PIX 6.3.3 Failover Problem
I have a pair of 525 PIX's running 6.3.3 (old I know, downtime preventing upgarde/hardware swap out) that just decided to start throwing failover errors. I saw this in the logs from the time of the failure: Jan 23 15:39:33 elm-pix-1 Jan 23 2009 15:39:33: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:34 elm-pix-1 Jan 23 2009 15:39:34: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:34 elm-pix-1 Jan 23 2009 15:39:34: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:35 elm-pix-1 Jan 23 2009 15:39:35: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:49 elm-pix-2 Jan 23 2009 15:39:49: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 23 15:39:49 elm-pix-1 Jan 23 2009 15:39:49: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 23 15:41:30 elm-pix-1 Jan 23 2009 15:41:30: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:41:44 elm-pix-2 Jan 23 2009 15:41:44: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 23 15:41:44 elm-pix-1 Jan 23 2009 15:41:44: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 23 18:26:34 elm-pix-2 Jan 23 2009 18:26:34: %PIX-1-105005: (Secondary) Lost Failover communications with mate on interface 1 Jan 23 18:26:34 elm-pix-2 Jan 23 2009 18:26:34: %PIX-1-105008: (Secondary) Testing Interface 1 Jan 23 18:26:45 elm-pix-1 Jan 23 2009 18:26:45: %PIX-1-103005: (Primary) Other firewall reporting failure. Then after getting to the unit and unplugging and reconnecting the failover cable, I saw this: Jan 27 07:25:36 elm-pix-1 Jan 27 2009 07:25:36: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 27 07:25:50 elm-pix-2 Jan 27 2009 07:25:50: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 27 07:25:50 elm-pix-1 Jan 27 2009 07:25:50: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 27 09:20:47 elm-pix-2 Jan 27 2009 09:20:47: %PIX-1-101004: (Secondary) Failover cable not connected (other unit) Jan 27 09:20:51 elm-pix-1 Jan 27 2009 09:20:51: %PIX-1-101003: (Secondary) Failover cable not connected (this unit) *Jan 27 09:21:17 elm-pix-2 Jan 27 2009 09:21:17: %PIX-1-101001: (Secondary) Failover cable OK. Jan 27 09:21:21 elm-pix-1 Jan 27 2009 09:21:21: %PIX-1-101001: (Primary) Failover cable OK.* Jan 27 09:21:37 elm-pix-1 Jan 27 2009 09:21:37: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 27 09:21:51 elm-pix-2 Jan 27 2009 09:21:51: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 27 09:21:51 elm-pix-1 Jan 27 2009 09:21:51: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 27 09:23:37 elm-pix-1 Jan 27 2009 09:23:37: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 27 09:23:51 elm-pix-2 Jan 27 2009 09:23:51: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 27 09:23:51 elm-pix-1 Jan 27 2009 09:23:51: %PIX-1-709004: (Primary) End Configuration Replication (ACT) So I can then do a wr standby on the primary BUT I DO NOT see the 'starting to sync', and I get this from the 'sh failover'..failover config below as well: ELM-PIX525-1(config)# sh fail Failover On Cable status: Normal Reconnect timeout 0:00:00 Poll frequency 15 seconds failover replication http Last Failover at: 09:14:49 CST Fri Mar 28 2008 This host: Primary - Active Active time: 26707815 (sec) Interface outside (65.166.254.2): Normal Interface inside (10.200.1.249): Normal Interface EDMZ1 (172.30.1.1): Normal Interface EDMZ2 (0.0.0.0): Link Down (Shutdown) Interface MGT (10.200.1.125): Link Down (Waiting) Interface intf5 (172.27.0.1): Normal Other host: Secondary - Standby (Failed) Active time: 0 (sec) Interface outside (65.166.254.3): Normal Interface inside (10.200.1.250): Normal Interface EDMZ1 (172.30.1.3): Normal Interface EDMZ2 (172.31.1.3): Link Down (Shutdown) Interface MGT (10.200.1.126): Link Down (Waiting) Interface intf5 (172.27.0.2): Normal failover failover timeout 0:00:00 failover poll 15 failover replication http failover ip address outside xx.xx.254.3 failover ip address inside 10.200.1.250 failover ip address EDMZ1 172.30.1.3 failover ip address EDMZ2 172.31.1.3 failover ip address MGT 10.200.1.126 failover ip address intf5 172.27.0.2 failover link intf5 Thanks for any help Chris Serafin ch...@chrisserafin.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] routed port on 6500?
Hi, I have a 6500 which still runs CatOS for switching and IOS for routing, is it possible make standard switch ports into routed ports in this current setup? (just like a 3750 for example) Thanks and regards, Kev ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] routed port on 6500?
On Tue, 2009-01-27 at 15:49 +, Kevin Edmunds wrote: I have a 6500 which still runs CatOS for switching and IOS for routing, is it possible make standard switch ports into routed ports in this current setup? (just like a 3750 for example) AFAIK: No. When running native IOS the system actually reserves an internal VLAN (show vlan internal usage) for routed ports. When using hybrid you'd probably have to reserve some VLAN for this, make the physical port an access port in this VLAN and then configure the SVI on the MSFC. The CatOS CLI wouldn't stop you from using this VLAN on another port, e.g. an open trunk, so it's not completely the same. But I think it would work in the same way inside the box. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] routed port on 6500?
Peter Rathlev a écrit : On Tue, 2009-01-27 at 15:49 +, Kevin Edmunds wrote: I have a 6500 which still runs CatOS for switching and IOS for routing, is it possible make standard switch ports into routed ports in this current setup? (just like a 3750 for example) AFAIK: No. When running native IOS the system actually reserves an internal VLAN (show vlan internal usage) for routed ports. When using hybrid you'd probably have to reserve some VLAN for this, make the physical port an access port in this VLAN and then configure the SVI on the MSFC. The CatOS CLI wouldn't stop you from using this VLAN on another port, e.g. an open trunk, so it's not completely the same. But I think it would work in the same way inside the box. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Also you'd better make sure you don't send any BPDU off that port, in order to truly emulate a routed port. Depending on what you're connecting too, thought. Jerome Covini ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RES: PBR on a VRF interface?
I *think* you will have to wait for the next feature release of 12.4T to get it as it's surely not in 12.2(40) code. Or the code appears in 12.2(33)SRC3. Rodney On Mon, Jan 26, 2009 at 06:50:27PM -0200, Jacson Gimenes Santos wrote: Use set ip vrf XX next-hop x.x.x.x Jacson Gimenes Santos Analista Suporte Sr. Fone: 55 51 35989613 Cisco Certified Network Professional -Mensagem original- De: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] Em nome de Brandon Price Enviada em: segunda-feira, 26 de janeiro de 2009 18:33 Para: cisco-nsp@puck.nether.net Assunto: [c-nsp] PBR on a VRF interface? Just trying to setup a simple next hop PBR on an interface in a VRF and I get the following output: % Policy Based Routing is NOT supported for VRF interfaces % IP-Policy can be used ONLY for marking (set/clear DF bit) on VRF interfaces Is this a version of code problem I'm having? IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(40), RELEASE SOFTWARE (fc1) c7200-is-mz.122-40.bin What gives? Router#show route-map CUSTA2 route-map CUSTA2, permit, sequence 10 Match clauses: ip address (access-lists): 191 Set clauses: ip next-hop 172.16.1.194 Policy routing matches: 0 packets, 0 bytes Router#show access-list 191 Extended IP access list 191 permit ip 10.1.1.0 0.0.0.255 10.28.2.0 0.0.0.255 Router# Router#show run int gi4/0.37 Building configuration... Current configuration : 130 bytes ! interface GigabitEthernet4/0.37 encapsulation dot1Q 37 ip vrf forwarding CUSTA ip address 172.16.1.198 255.255.255.252 end Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface GigabitEthernet4/0.37 Router(config-subif)#ip policy route-map CUSTA2 % Policy Based Routing is NOT supported for VRF interfaces % IP-Policy can be used ONLY for marking (set/clear DF bit) on VRF interfaces Router(config-subif)#end Router# Brandon Price Network Engineer? |? Sterling Communications, Inc. 503.968.8908 x248 | 503.270.5285 fax | www.sterling.net Voice | Internet | Fax | CoLocation Learn more | www.sterling.net/video ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] upgrading stack of 3750E's
(I'm the one who posted the original question). Just tested it again with a second stack of 3750E's ; this gave the same result : Upgrading from 12.2.2(35) to 12.2.(46) and reload of second switch gave a Version Mismatch with left the second switch hanging. Only a reload of the master restored full functionality. After that, I replaced the ip base image with the one with encryption (k9 version), however same versionnumber 12.2(46). This went as described below, second one came back online and became again member of the stack without problem allowing reload of first one. So my conclusion is that the possibility to upgrade a stack without losing full connectivity is different for each upgrade and you can't tell in advance if it will result in a version mismatch or not. Feel free to comment if you have different experiences. Wim Holemans -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Rathlev Sent: maandag 26 januari 2009 19:38 To: Tony Varriale Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] upgrading stack of 3750E's On Mon, 2009-01-26 at 08:45 -0600, Tony Varriale wrote: This is how I normally do it. 1) archive software to first switch /overwrite (from TFTP) without reload. 2) archive software to second switch /overwrite without reload. 3) reload slot 1 4) wait until switch 1 is operational and you are happy 5) reload slot 2 Will this work? Wouldn't Stackwise see the two switches as incompatible? We've started using pairs of 3750E with a CX4 link between them and just plain rapid PVST+. Then we have some guarantees as to how the system functions during upgrades. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QoS with Voice and Video
This isn't specifically Cisco but hopefully is fairly on-topic. What is the best practice (and real world) handling for voice and video queues? I am working on QoS implementation over our enterprise WAN (provider supplied MPLS) and was told that it was ok to combine voice and video in the priority queue, or even put video as priority and give voice a dedicated, but not priority, class. This is counter to everything that I knew/heard, which is that voice is low bandwidth and not bursty, where video is high bandwidth and bursty, so it could starve other queues. My options are: * voice as priority, with video dedicated non-priority * voice and video combined as priority * video as priority, with voice dedicated non-priority Does the queue starvation concern only matter if the priority queue is using near 100% of the circuit? I do have the ability to control the bandwidth used at other points if that helps. I want to avoid creating jitter in either the voice or video classes. Does anyone have any input or references about what the best approach is? Thanks, Josh ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PIX 6.3.3 Failover Problem (Solved)
This resolved the issue: -Use the failover reset command on the primary-active unit to recover the standby from the failed state. http://cisco.com/en/US/docs/security/pix/pix63/command/reference/df.html#wp1029143 -Reload the standby unit if the failover reset does not help. ChrisSerafin wrote: I have a pair of 525 PIX's running 6.3.3 (old I know, downtime preventing upgarde/hardware swap out) that just decided to start throwing failover errors. I saw this in the logs from the time of the failure: Jan 23 15:39:33 elm-pix-1 Jan 23 2009 15:39:33: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:34 elm-pix-1 Jan 23 2009 15:39:34: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:34 elm-pix-1 Jan 23 2009 15:39:34: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:35 elm-pix-1 Jan 23 2009 15:39:35: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:39:49 elm-pix-2 Jan 23 2009 15:39:49: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 23 15:39:49 elm-pix-1 Jan 23 2009 15:39:49: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 23 15:41:30 elm-pix-1 Jan 23 2009 15:41:30: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 23 15:41:44 elm-pix-2 Jan 23 2009 15:41:44: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 23 15:41:44 elm-pix-1 Jan 23 2009 15:41:44: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 23 18:26:34 elm-pix-2 Jan 23 2009 18:26:34: %PIX-1-105005: (Secondary) Lost Failover communications with mate on interface 1 Jan 23 18:26:34 elm-pix-2 Jan 23 2009 18:26:34: %PIX-1-105008: (Secondary) Testing Interface 1 Jan 23 18:26:45 elm-pix-1 Jan 23 2009 18:26:45: %PIX-1-103005: (Primary) Other firewall reporting failure. Then after getting to the unit and unplugging and reconnecting the failover cable, I saw this: Jan 27 07:25:36 elm-pix-1 Jan 27 2009 07:25:36: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 27 07:25:50 elm-pix-2 Jan 27 2009 07:25:50: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 27 07:25:50 elm-pix-1 Jan 27 2009 07:25:50: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 27 09:20:47 elm-pix-2 Jan 27 2009 09:20:47: %PIX-1-101004: (Secondary) Failover cable not connected (other unit) Jan 27 09:20:51 elm-pix-1 Jan 27 2009 09:20:51: %PIX-1-101003: (Secondary) Failover cable not connected (this unit) *Jan 27 09:21:17 elm-pix-2 Jan 27 2009 09:21:17: %PIX-1-101001: (Secondary) Failover cable OK. Jan 27 09:21:21 elm-pix-1 Jan 27 2009 09:21:21: %PIX-1-101001: (Primary) Failover cable OK.* Jan 27 09:21:37 elm-pix-1 Jan 27 2009 09:21:37: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 27 09:21:51 elm-pix-2 Jan 27 2009 09:21:51: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 27 09:21:51 elm-pix-1 Jan 27 2009 09:21:51: %PIX-1-709004: (Primary) End Configuration Replication (ACT) Jan 27 09:23:37 elm-pix-1 Jan 27 2009 09:23:37: %PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. Jan 27 09:23:51 elm-pix-2 Jan 27 2009 09:23:51: %PIX-1-709006: (Secondary) End Configuration Replication (STB) Jan 27 09:23:51 elm-pix-1 Jan 27 2009 09:23:51: %PIX-1-709004: (Primary) End Configuration Replication (ACT) So I can then do a wr standby on the primary BUT I DO NOT see the 'starting to sync', and I get this from the 'sh failover'..failover config below as well: ELM-PIX525-1(config)# sh fail Failover On Cable status: Normal Reconnect timeout 0:00:00 Poll frequency 15 seconds failover replication http Last Failover at: 09:14:49 CST Fri Mar 28 2008 This host: Primary - Active Active time: 26707815 (sec) Interface outside (65.166.254.2): Normal Interface inside (10.200.1.249): Normal Interface EDMZ1 (172.30.1.1): Normal Interface EDMZ2 (0.0.0.0): Link Down (Shutdown) Interface MGT (10.200.1.125): Link Down (Waiting) Interface intf5 (172.27.0.1): Normal Other host: Secondary - Standby (Failed) Active time: 0 (sec) Interface outside (65.166.254.3): Normal Interface inside (10.200.1.250): Normal Interface EDMZ1 (172.30.1.3): Normal Interface EDMZ2 (172.31.1.3): Link Down (Shutdown) Interface MGT (10.200.1.126): Link Down (Waiting) Interface intf5 (172.27.0.2): Normal failover failover timeout 0:00:00 failover poll 15 failover replication http failover ip address outside xx.xx.254.3 failover ip address inside 10.200.1.250 failover ip address EDMZ1 172.30.1.3 failover ip address EDMZ2 172.31.1.3 failover ip address MGT 10.200.1.126 failover ip address intf5
Re: [c-nsp] upgrading stack of 3750E's
Just to clarify...the first switch was upgraded to 46 and reloaded first? I'm confused on your steps for 2 switches and the process... tv - Original Message - From: Holemans Wim wim.holem...@ua.ac.be To: Peter Rathlev pe...@rathlev.dk; Tony Varriale tvarri...@comcast.net Cc: cisco-nsp@puck.nether.net Sent: Tuesday, January 27, 2009 12:38 PM Subject: RE: [c-nsp] upgrading stack of 3750E's (I'm the one who posted the original question). Just tested it again with a second stack of 3750E's ; this gave the same result : Upgrading from 12.2.2(35) to 12.2.(46) and reload of second switch gave a Version Mismatch with left the second switch hanging. Only a reload of the master restored full functionality. After that, I replaced the ip base image with the one with encryption (k9 version), however same versionnumber 12.2(46). This went as described below, second one came back online and became again member of the stack without problem allowing reload of first one. So my conclusion is that the possibility to upgrade a stack without losing full connectivity is different for each upgrade and you can't tell in advance if it will result in a version mismatch or not. Feel free to comment if you have different experiences. Wim Holemans -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Rathlev Sent: maandag 26 januari 2009 19:38 To: Tony Varriale Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] upgrading stack of 3750E's On Mon, 2009-01-26 at 08:45 -0600, Tony Varriale wrote: This is how I normally do it. 1) archive software to first switch /overwrite (from TFTP) without reload. 2) archive software to second switch /overwrite without reload. 3) reload slot 1 4) wait until switch 1 is operational and you are happy 5) reload slot 2 Will this work? Wouldn't Stackwise see the two switches as incompatible? We've started using pairs of 3750E with a CX4 link between them and just plain rapid PVST+. Then we have some guarantees as to how the system functions during upgrades. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Campus Network Design advice
Hi Guys, I'm looking for some advice on redesigning our campus network. We have around 2500 devices on our site which are spread across multiple buildings. At present the network runs on a (legacy) single flat VLAN which has caused us more than our fair share of headaches of late. Basically we are looking at 2 design options : The first option we have considered is to have a router on a stick at our core and trunk VLANS out to distribution switches in each building (and on to workgroup switches etc), leaving all routing to be done at the core. This would allow us to have all VLANS available in each building but I'm not sure if this is still going to be a problematic design (with VLANS extended all over the site). The other option we have been looking at (see attached) is to have L3 switches as all our distribution switches and contain VLANS to a particular building. This seems to be a neater solution to me, but I'm not sure of the best way to connect the distribution switches back to the core. I would also like to connect adjacent distribution switches together for redundancy, so I'm wondering if I should be looking at a heap of /30 links between distribution switches the core (and run OSPF) - or just use a L2 network and let STP manage the links. I havent had much playtime on networks this size so any advice would be greatly appreciated. M. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Campus Network Design advice
On 1/27/09 7:50 PM, Marc Archer m...@archernet.id.au wrote: The other option we have been looking at (see attached) is to have L3 switches as all our distribution switches and contain VLANS to a particular building. This seems to be a neater solution to me Agree 100% I would also like to connect adjacent distribution switches together for redundancy, so I'm wondering if I should be looking at a heap of /30 links between distribution switches the core (and run OSPF) - or just use a L2 network and let STP manage the links. Definitely use /30 'no switchport' routed links from Dist to Core. The Dist to Dist links, on the other hand, can be L2 or L3. If the Dist-Dist link is L3 there is no STP blocking links at the access layer switch and you can use GLBP for load balancing access uplink traffic, however the tradeoff is that a VLAN should be confined to a single access layer switch. Another potential pitfall here is if you are running voice/video and need fast convergence, which would require you to configure sub-second timers for GLBP or HSRP. With sub second GLBP/HSRP timers running on 150+ VLANs this starts to wreak havoc on the Dist switch CPU. If the Dist-Dist link is L2 you have a looped design and STP will do its thing by blocking one of the access switch uplinks on a per VLAN basis. The advantage with this design is that you can have VLANs spread across multiple access layer switches. The disadvantage of course is having an STP topology that blocks links and requires additional troubleshooting. With Catalyst 6500 as the Dist switch there is of course the option to use VSS, which will result in no STP blocking links from the access switch, you can have the same VLAN at any access switch, and fast convergence without sub second timers. Cheers, Brad Hedlund bhedl...@cisco.com http://www.internetworkexpert.org ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange NAT Issue on 7200
Hi there, I'm trying to get NAT working on a Cisco 7204VXR (NPE-G1) but can not see any NAT translations taking place on the router. Running 12.2(31)SB13 on the router. [Internet] - [7200 Router] - [3560G Switch] -- [LAN] Here is the relevant NAT config on the router. It's almost identical to the config we use on another 7200. interface GigabitEthernet0/2 description Connect to 3560G Switch:Gi0/9 no ip address ip flow ingress load-interval 30 media-type rj45 speed 1000 duplex full no negotiation auto no clns route-cache ! interface GigabitEthernet0/2.13 description NAT Outside Interface encapsulation dot1Q 13 ip address 203.x.x.x 255.255.255.0 ip nat outside ip flow ingress ! interface GigabitEthernet0/2.12 description NAT Inside Interface - Office Network encapsulation dot1Q 12 ip address 172.16.70.1 255.255.255.0 secondary ip address 210.15.x.x 255.255.255.240 ip nat inside ip flow ingress no cdp enable ! interface GigabitEthernet0/2.99 description Test encapsulation dot1Q 999 ip address 172.16.72.1 255.255.255.0 ip nat inside ! access-list 5 permit 172.16.70.0 0.0.0.255 access-list 5 permit 172.16.72.0 0.0.0.255 ! ip nat inside source list 5 interface GigabitEthernet0/2.13 overload When I do a ping using the inside interface as the source address, I get no NAT translations taking place. 7200#ping www.google.com source 172.16.70.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 66.249.89.147, timeout is 2 seconds: Packet sent with a source address of 172.16.70.1 . Success rate is 0 percent (0/5) 7200#sh ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/2.13 Inside interfaces: GigabitEthernet0/2.12, GigabitEthernet0/2.99 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 421379 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 3] access-list 5 interface GigabitEthernet0/2.13 refcount 0 7200#sh access-lists 5 Standard IP access list 5 (Compiled) 10 permit 172.16.70.0, wildcard bits 0.0.0.255 20 permit 172.16.72.0, wildcard bits 0.0.0.255 Any ideas? Thanks. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QoS with Voice and Video
Hi. This isn't specifically Cisco but hopefully is fairly on-topic. What is the best practice (and real world) handling for voice and video queues? That depends on the type of video, is it video conferencing (IP/VC) or streaming video (IP/TV)? IP/VC are interactive video, and have more or less the same requirements on latency, jitter and loss as VoIP. IP/TV on the other hand can handle more latency, jitter and loss. I am working on QoS implementation over our enterprise WAN (provider supplied MPLS) and was told that it was ok to combine voice and video in the priority queue, or even put video as priority and give voice a dedicated, but not priority, class. For IPVC that's ok. The recommendation from Cisco AFAIK is to have both VoIP and IP/VC in priotity queues. Does anyone have any input or references about what the best approach is? Here are a Cisco document: Service Provider QoS Overview: http://www.cisco.com/en/US/netsol/ns341/ns396/ns172/ns143/networking_solutions_white_paper09186a00801c796d.shtml -- Pelle ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QoS with Voice and Video
On Wed, 28 Jan 2009, Pelle wrote: That depends on the type of video, is it video conferencing (IP/VC) or streaming video (IP/TV)? IP/VC are interactive video, and have more or less the same requirements on latency, jitter and loss as VoIP. IP/TV on the other hand can handle more latency, jitter and loss. I am of another opinion. I don't believe in putting bursty traffic into LLQ. LLQ should be used for deterministic traffic (ie 20 pps VOIP or equivalent broadcast video with basically fixed pps and bw/s). Some platforms drop packets when it's over the prio limit and to protect from starvation of other classes I recommend putting a policer on the priority class anyway. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/