Re: [c-nsp] setting source address for icmp messages
Most recent IOS (last 2-3 years) support for sure the option to put everything on the fly on one line, for example: ping 1.1.1.1 source loopback0 repeat 1000 size 512 timeout 2 validate df-bit etc, etc... A command followed by a question mark is always helpful, a lot of commands can be extended on a single command line Ziv -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mike Sent: Friday, February 06, 2009 6:08 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] setting source address for icmp messages Hello, I'm trying to learn how to get my 7204vxr to not send icmp messages with the source ip of interface the message is being sent out. I have a public ip on my loopback and thought this was what ios preferred if it exists? I have some other interfaces which have 10.x.x.x addresses and icmp messages like host unreachable and such are sourced from this which is undesirable due to inbound filtering at many sites at their gateways for rfc1918 and other bogon addresses. Am I being silly to want this or is there something I can do to get my way here? Tks. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] setting source address for icmp messages
No. I am trying to ensure that if the router ever emits icmp messages like 'destination host unreachable', 'icmp frag needed' and the like, that I'm using a public routed ip and not some random flavor of the week ip related to whatever interface the router thinks is closer to the problem. Ziv Leyes wrote: Most recent IOS (last 2-3 years) support for sure the option to put everything on the fly on one line, for example: ping 1.1.1.1 source loopback0 repeat 1000 size 512 timeout 2 validate df-bit etc, etc... A command followed by a question mark is always helpful, a lot of commands can be extended on a single command line Ziv -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mike Sent: Friday, February 06, 2009 6:08 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] setting source address for icmp messages Hello, I'm trying to learn how to get my 7204vxr to not send icmp messages with the source ip of interface the message is being sent out. I have a public ip on my loopback and thought this was what ios preferred if it exists? I have some other interfaces which have 10.x.x.x addresses and icmp messages like host unreachable and such are sourced from this which is undesirable due to inbound filtering at many sites at their gateways for rfc1918 and other bogon addresses. Am I being silly to want this or is there something I can do to get my way here? Tks. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WS-6500-SFM insertion into production box, much of an impact?
Howdy, I'm looking for some info on the insertion of a SFM into a live 6500(Sup2 obviously), can't seem to find any info on Cisco as to the consequences this may have to traffic flowing through the Bus at the time(ie dropped packet rates), and I want to know if the modules go from using Bus only backplane to crossbar as soon as the module initiates or whether a reload would actually be required for this. Cheers Ben ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] vlan needs help
Hi I try to configure vlan in switch 4948 eg: port1 and port2 unchange port3-port15 vlan2 port16 to port24 vlan3 When I try to connect this 4948 switch (eg: port 4) to another upstream switch, machines eg: 192.168.0.100 in upstream switch can't ping to machine eg: 192.168.0.222 in port3 or port15 of 4948 I check the light in those ports connected are flashing. I also setup ip in int vlan2 as 192.168.0.30 as same network but it still won't work Do I need to setup anything to make it work? Thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6500-SFM insertion into production box, much of an impact?
Yea it is hot-swappable. You must install the Switch Fabric Module in either slot 5 or slot 6 of the Catalyst 6506 switch. For redundancy, you can install a standby Switch Fabric Module. The module first installed functions as the primary module. When you install two Switch Fabric Modules at the same time, the module in slot 5 acts as the primary module, and the module in slot 6 acts as the backup. If you reset the module in slot 5, the module in slot 6 becomes the primary module. Regards, Masood Blog: http://weblogs.com.pk/jahil/ -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ben Steele Sent: Monday, February 09, 2009 4:57 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WS-6500-SFM insertion into production box, much of an impact? Howdy, I'm looking for some info on the insertion of a SFM into a live 6500(Sup2 obviously), can't seem to find any info on Cisco as to the consequences this may have to traffic flowing through the Bus at the time(ie dropped packet rates), and I want to know if the modules go from using Bus only backplane to crossbar as soon as the module initiates or whether a reload would actually be required for this. Cheers Ben ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6500-SFM insertion into production box, much of an impact?
Thank you for cut and pasting the information from Cisco that i've already read :) Seriously though, that doesn't answer my question. On Mon, Feb 9, 2009 at 10:49 AM, Masood Ahmad Shah mas...@nexlinx.net.pkwrote: Yea it is hot-swappable. You must install the Switch Fabric Module in either slot 5 or slot 6 of the Catalyst 6506 switch. For redundancy, you can install a standby Switch Fabric Module. The module first installed functions as the primary module. When you install two Switch Fabric Modules at the same time, the module in slot 5 acts as the primary module, and the module in slot 6 acts as the backup. If you reset the module in slot 5, the module in slot 6 becomes the primary module. Regards, Masood Blog: http://weblogs.com.pk/jahil/ -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ben Steele Sent: Monday, February 09, 2009 4:57 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WS-6500-SFM insertion into production box, much of an impact? Howdy, I'm looking for some info on the insertion of a SFM into a live 6500(Sup2 obviously), can't seem to find any info on Cisco as to the consequences this may have to traffic flowing through the Bus at the time(ie dropped packet rates), and I want to know if the modules go from using Bus only backplane to crossbar as soon as the module initiates or whether a reload would actually be required for this. Cheers Ben ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6500-SFM insertion into production box, much of an impact?
Remember that full SFM usage requires all modules to be fabric-enabled. If there are any line cards that aren't fabric enabled, all traffic will still go thru the bus, doesn't matter if it is an OIR or from power-up. Your question is if this OIR stands for Online Insertion and Removal or for Online Insertion and Reboot... although I don't know the answer, what I saw over the years is that even if it doesn't require a reboot, you will want to do one, because any issues will have after that will make you wonder whether if it's due to OIR or not, so you will end up rebooting anyway. So, reboot while you have a planned window to do so, not when you are under pressure. Rubens On Sun, Feb 8, 2009 at 9:56 PM, Ben Steele illcrit...@gmail.com wrote: Howdy, I'm looking for some info on the insertion of a SFM into a live 6500(Sup2 obviously), can't seem to find any info on Cisco as to the consequences this may have to traffic flowing through the Bus at the time(ie dropped packet rates), and I want to know if the modules go from using Bus only backplane to crossbar as soon as the module initiates or whether a reload would actually be required for this. Cheers Ben ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6500-SFM insertion into production box, much of an impact?
Thanks Rubens, i'm aware of the line card requirements to operate in full compact mode, my question i'm really interested in is during the insertion of the module is there any dropped packets while the cards move from a Bus switching mode to compact switching. On Mon, Feb 9, 2009 at 12:06 PM, Rubens Kuhl rube...@gmail.com wrote: Remember that full SFM usage requires all modules to be fabric-enabled. If there are any line cards that aren't fabric enabled, all traffic will still go thru the bus, doesn't matter if it is an OIR or from power-up. Your question is if this OIR stands for Online Insertion and Removal or for Online Insertion and Reboot... although I don't know the answer, what I saw over the years is that even if it doesn't require a reboot, you will want to do one, because any issues will have after that will make you wonder whether if it's due to OIR or not, so you will end up rebooting anyway. So, reboot while you have a planned window to do so, not when you are under pressure. Rubens On Sun, Feb 8, 2009 at 9:56 PM, Ben Steele illcrit...@gmail.com wrote: Howdy, I'm looking for some info on the insertion of a SFM into a live 6500(Sup2 obviously), can't seem to find any info on Cisco as to the consequences this may have to traffic flowing through the Bus at the time(ie dropped packet rates), and I want to know if the modules go from using Bus only backplane to crossbar as soon as the module initiates or whether a reload would actually be required for this. Cheers Ben ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vlan needs help
On Monday 09 February 2009 08:08:23 am Deric Kwok wrote: When I try to connect this 4948 switch (eg: port 4) to another upstream switch, machines eg: 192.168.0.100 in upstream switch can't ping to machine eg: 192.168.0.222 in port3 or port15 of 4948 Is the connection between both switches configured as an 802.1Q trunk? If so, make sure you're allowing all VLAN ID's across this trunk (to check that things are working first, then filter if necessary). Is the VLAN ID between both switches for this subnet the same? Do you have the VLAN ID's configured in the VLAN database of either switch (I think later code does this automatically when a VLAN ID is assigned to a port, but I can't be sure how universal this is)? Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6500-SFM insertion into production box, much of an impact?
On Mon, Feb 9, 2009 at 3:25 AM, Ben Steele illcrit...@gmail.com wrote: Thanks Rubens, i'm aware of the line card requirements to operate in full compact mode, my question i'm really interested in is during the insertion of the module is there any dropped packets while the cards move from a Bus switching mode to compact switching. It's been a while so my mind may be playing tricks on me, but as I recall the box hiccups a bit while it does its backplane sync magic and then continues on its merry way. Depending on timing and your traffic patterns this event may or may not rate as noticeable to your users. Note that I can't swear that my recollection reflects inserting a new SFM into a box currently in bus mode (as opposed to swapping out an existing SFM), so YMMV. I'll echo the recommendation to schedule downtime and reload the box just to be sure. -link ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] setting source address for icmp messages
Mike wrote on Monday, February 09, 2009 00:28: No. I am trying to ensure that if the router ever emits icmp messages like 'destination host unreachable', 'icmp frag needed' and the like, that I'm using a public routed ip and not some random flavor of the week ip related to whatever interface the router thinks is closer to the problem. I don't think this can be done.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] learned routes disappear
Paul, looks like you're preferring the route from the upstream over your customer's advertisement (for whatever reason), so it is expected that Router B is not advertising the path received from your customer/Router A. You are correct: The PfxRcd counter in show ip bgp sum only shows the best paths, you need to look at show ip bgp neighbor x.x.x.x (or show ip bgp neighbor x.x.x.x routes) to see all paths.. oli Paul A wrote on Sunday, February 08, 2009 00:50: Hi Michael, it seems as I look more and more into this, mind you I'm no bgp expert, I think what is happening might be normal iBGP behavior. Heres how the network is setup. Router A (customer) which connects to router B (my router) . Router B is connection to router C (my 2nd router) over iBGP. My BGP customer advertises 5 routes. The router directly connected to my customer's bgp router (Router A) shows all 5 routes when I do a (sh ip bgp sum). Router C (my 2nd router iBGP) only shows these 5 router when I type show ip bgp sum for about a 1:15 to 1:30 minutes then the routes disappear from State/PfxRcd. When I do a show ip bgp on router B for one of the received routes from router A (cust router) it's says: Paths: (2 available, best #1, table Default-IP-Routing-Table) Multipath: iBGP Not advertised to any peer The second best route being from my customer (router A) and the 1st best route being from Router C (my second iBGP router) Now on Router C, where I'm confused when I do show ip bgp for the same route I see. Paths: (2 available, best #1, table Default-IP-Routing-Table) Advertised to update-groups: 1 Both routes being from my two up streams on that router. My confusion is when I do a show ip bgp sum router B's neighbor address I see 5 routes under State/PfxRcd then after a minute or two they disappear. Is this normal ibgp behavior? Are the router listed under State/PfxRcd only routes that are inserted in the routing table? From: Michael K. Smith - Adhost [mailto:mksm...@adhost.com] Sent: Friday, February 06, 2009 3:47 PM To: Paul A Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] learned routes disappear Hello Paul: Paul A wrote: Hi, I'm having a bgp issue I can't figure out and hoping someone has ran into this. I have two routers, router A and router B doing bgp. Router A is advertising 5 routes to router B, when the session 1st comes up, router B has 5 routes received from router A. After 1:15 min the learned routes on router B disappear. How are the routes getting into BGP? Are the coming in via tie-down routes in the IGP somewhere? Could it be that you have an IGP failure of some sort such that the routes are being withdrawn legitimately? Regards, Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6500-SFM insertion into production box, much of an impact?
Hi, On Mon, Feb 09, 2009 at 10:26:42AM +1030, Ben Steele wrote: I'm looking for some info on the insertion of a SFM into a live 6500(Sup2 obviously), can't seem to find any info on Cisco as to the consequences this may have to traffic flowing through the Bus at the time(ie dropped packet rates), and I want to know if the modules go from using Bus only backplane to crossbar as soon as the module initiates or whether a reload would actually be required for this. I've never done this, so I can speak from personal experience. Judging from the overwall way the box decides how to do switching (if there is a 3A DFC in the system, all 3B PFCs fall back to 3A mode, and you need a reload to get it back to 3B), my guess would be you can insert it just fine, but it won't be used for switching unless you reload. So I'd schedule a maintenance window with downtime. I'm looking forward to hear about your experiences, though :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpZVa40tFoKV.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
