Re: [c-nsp] Cat 6500 (IOS) dhcp Client
On 20 May 2009, at 01:46, Dan Benson wrote: As strange as this sounds, I have a need to be assigned an address on a Cat6500 Running IOS via dhcp (to a vlan or a dedicated port). On most routers running IOS the command syntax is, ip address dhcp as just about anyone knows but on the sups running IOS (tested sup1a- ge/MSFC1, sup2 and sup720s) I have not found a way to be assigned an address. I can only assume this is because no one in their right mind would ever do this on this platform but my install is requiring such. Before I try a flexwan with a PA-FE in it has anyone out there had this issue and if so would you be so kind to pass along a solution if there is one. Thanks in advance for the time and help. //db Hi Not so strange. This works for us on 6500/7600 sup32 sup720 rsp720 from SXF to SRC ip dhcp pool POP-DHCP network 1.2.3.224 255.255.255.248 domain-name a.net dns-server 1.2.3.4 default-router 1.2.3.225 lease 0 2 interface GigabitEthernetx/x description Engineer laptop access ip address 1.2.3.225 255.255.255.248 HTH -- Steve Lalonde RTFM Chief Technical Officer Entanet International Ltd http://www.enta.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat 6500 (IOS) dhcp Client
Hi, On 20 May 2009, at 01:46, Dan Benson wrote: As strange as this sounds, I have a need to be assigned an address on a Cat6500 Running IOS via dhcp (to a vlan or a dedicated port). On Wed, May 20, 2009 at 4:39 PM, Steve Lalonde st...@enta.net wrote: Not so strange. You've got a DHCP server. Dan needs a DHCP client. cheers, Dale ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat 6500 (IOS) dhcp Client
On 20 May 2009, at 07:52, Dale Shaw wrote: Hi, On 20 May 2009, at 01:46, Dan Benson wrote: As strange as this sounds, I have a need to be assigned an address on a Cat6500 Running IOS via dhcp (to a vlan or a dedicated port). On Wed, May 20, 2009 at 4:39 PM, Steve Lalonde st...@enta.net wrote: Not so strange. You've got a DHCP server. Dan needs a DHCP client. cheers, Dale Doh! Thats what happens when you reply to emails while half asleep Steve ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP, backdoor and route-map
In short, my question is has the following command any special effect in BGP config compared to similar line without the route-map part? network N.N.N.N mask M.M.M.M route-map foo backdoor So, is the route-map statement just ignored silently? The IOS is question is 12.2(18)SXF15. Longer story leading to my question: I have got a very ugly setup: there are Quagga boxes advertising certaing /32 IPV4 prefixes via eBGP to few 6500s that redistribute routes to OSPF. The 6500 don't speak iBGP with each other - the only BGP is the eBGP to Quagga. I want to use BGP because in some cases I don't have control over the Quagga boxes. Also I don't want to begin setting up iBGP only for this case. The whole point of this concept is to provide anycast service address for DNS, RADIUS etc. I don't want to achieve load balancing just availability. In general this setup works. The /32s are advertised. In all but one of the 6500s the network is defined as backdoor network in BGP config so that the same route learned via OSPF will override the one learned via BGP. One of the servers is the preferred one and its prefix advertisement is therefore not declared as backdoor. Now, if I want to provide the server admins, who are also administering the Quagga, a way to change dynamically the preferred server without any change to Cisco config, can this be done with the current setup? I hoped it could be done by selectively acivating the backdoor with route-maps. I tried applying route-map to network N.N.N.N mask M.M.M.M backdoor statement. It appeared in config but it seemed to have no effect. I tried even to apply a route-map that would block everything but still the prefix was declared as backdoor. Cheers, -- - Matti - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TCP Reset
On Wed, 2009-05-20 at 10:15 +0530, Hitesh Vinzoda wrote: I m facing a problem from some clients behaving suspiciously when they telnet to squid proxy. ( 10.4.188.180) After TCP Syn request by client the server is responding with RST. Wireshark logs from client is attached. Comments are invited for this case. And the server is really listening on that port? I assume http-alt is 8080/tcp, and Squid normally listens on 3128/tcp. What does a wireshark dump on the server tell you? The only thing that comes to mind apart from the port-issue would be that Cisco PIX/ASA/FWSM firewalls will actually reject an ACL denied connection from inside (higher security level) with a TCP RST. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TCP Reset
What Cisco devices are in the path? We had to configure an ACL on a 7200 denying inbound TCP RSTs, because of a bug where there there 7200 (if it was doing PAT) was erroneously sending the RST to the wrong connection. Long story short, NAT session #1 would properly terminate on the 7200, but the server would think the port was still open. The server would timeout and send a RST four minutes later. Within that four minute window the 7200 would reuse the same source port for a NAT session #2. When the server's four minute timer went off for the first session, and the RST was sent... the 7200 would send the RST to the client in the second session, thus erroneously terminating a valid TCP session. There is a bug ID for this somewhere Hitesh Vinzoda wrote: Dear All, I m facing a problem from some clients behaving suspiciously when they telnet to squid proxy. ( 10.4.188.180) After TCP Syn request by client the server is responding with RST. Wireshark logs from client is attached. Comments are invited for this case. Thanks in advance Ronnie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.339 / Virus Database: 270.12.35/2123 - Release Date: 05/19/09 17:59:00 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 'Simple' BGP multi homing
Hi Chris, Yes, in general, what you propose sounds feasible ... Thanks, Adam - Original Message - From: ChrisSerafin ch...@chrisserafin.com To: cisco-nsp@puck.nether.net Sent: Tuesday, May 19, 2009 2:00 PM Subject: [c-nsp] 'Simple' BGP multi homing I have 2 ISPs connecting at my data center at the moment, both with simple basic static routes, and I would like to multi-home them to provide redundancy in the event one goes down. I have created a simple diagram here: http://chrisserafin.com/WAN-BGP.jpg I have a few assumptions, so let me know if I'm on the correct page: * I will need to get both routers setup for BGP peering to their ISPs * I will need to request/buy a new IP block and AS from ARIN that both routers will advertise I'm hoping I can 'lab this up' if both routers have spare (gig/fa)ethernet ports...sound possible? Thanks --chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limits of STP/RSTP/REP?
Wondering, what's the sensible limits of STP, RSTP, REP or any other spanning tree/ring protocol available on Cisco switches like 29, 35, 37 or ME3400 series? I was told by a customer whom we try to sell some Cisco gear that beyond anything like 4 or 5 switches in a ring, recognition/recovery times of the ring would quickly go well beyond 10s on failure of a link ... This may be only marginally relevant to your question, but here goes: We have Extreme EAPS rings of up to 11 switches. Recovery times are well under 1 second. REP is similar to EAPS in several ways. I would expect Cisco to be able to tell you about reasonable size of REP rings and expected recovery times. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Bandwidth displayed on Tunnel interfaces
Hi all, I've got a few protocol 41 tunnels configured on a few different routers, all for IPv6 only. Some of the tunnels are used for BGP peering with transit providers, and the rest join my PoPs together. If I understand the Cisco documentation correctly, the BW is used exclusively for link metric/cost, but it also shows up in my MRTG graphs and skews the percentage results. Since these tunnels operate on top of the same underlying connection type as the IPv4 infrastructure, I'd like to set the bandwidth manually to the same setting as the interface type the tunnel is connected over (or better yet, set it globally for all tunnel interfaces). AFAICT, doing this won't have any operational impact other than what it would normally have on an IGP (which is fine, because all IGP is over direct Ethernet), and fixing my graphing/statistical applications. Can I get some feedback on whether my thinking is correct? Tunnel bandwidth should be 100Mb: pe2-fibre#sh int tun5 Tunnel5 is up, line protocol is up Hardware is Tunnel Description: IPv6 BGP Tunnel to he.net MTU 1514 bytes, BW 9 Kbit, DLY 50 usec, reliability 255/255, txload 18/255, rxload 163/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 208.70.111.131, destination 216.218.229.118 Tunnel protocol/transport IPv6/IP Tunnel TTL 255 Fast tunneling enabled Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps) Steve smime.p7s Description: S/MIME Cryptographic Signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bandwidth displayed on Tunnel interfaces
Steve Bertrand wrote: Hi all, I've got a few protocol 41 tunnels configured on a few different routers, all for IPv6 only. Some of the tunnels are used for BGP peering with transit providers, and the rest join my PoPs together. If I understand the Cisco documentation correctly, the BW is used exclusively for link metric/cost, but it also shows up in my MRTG graphs and skews the percentage results. Since these tunnels operate on top of the same underlying connection type as the IPv4 infrastructure, I'd like to set the bandwidth manually to the same setting as the interface type the tunnel is connected over (or better yet, set it globally for all tunnel interfaces). AFAICT, doing this won't have any operational impact other than what it would normally have on an IGP (which is fine, because all IGP is over direct Ethernet), and fixing my graphing/statistical applications. Can I get some feedback on whether my thinking is correct? Tunnel bandwidth should be 100Mb: pe2-fibre#sh int tun5 Tunnel5 is up, line protocol is up Hardware is Tunnel Description: IPv6 BGP Tunnel to he.net MTU 1514 bytes, BW 9 Kbit, DLY 50 usec, reliability 255/255, txload 18/255, rxload 163/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 208.70.111.131, destination 216.218.229.118 Tunnel protocol/transport IPv6/IP Tunnel TTL 255 Fast tunneling enabled Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps) Correct. conf t int tu5 bandwidth 10 ^Z wr -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limits of STP/RSTP/REP?
On Wed, May 20, 2009 at 10:27:31PM +0200, Garry wrote: Question mainly is: Can Cisco gear handle a setup where there might be a ring made of - say - 20-30 switches, each of which having two interfaces each in the ring (in and out, so to speak) ... while at the moment I don't expect that customer to set up more than 4-6 switches to begin with, locations are there that will require that number of switches over time ... (sort of a MAN scenario) Definitely not more than 20 in a ring. As far as I know, IOS limits the value of max-hops to 20. This means you can't have a BPDU traverse more than 20 hops without being thrown away. If one pair of switches in the ring experienced a total cut, your network would have a diameter of 20, end to end. JUNOS lets you set that value to 255, but I doubt that STP-like protocols ever scale that well. I don't know anything about the various vendor-specific link redundancy features - my guess is you'll have to go there. -- Ross Vandegrift r...@kallisti.us If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher. --Woody Guthrie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limits of STP/RSTP/REP?
On Wed, May 20, 2009 at 07:34:05PM -0400, ross wrote: Definitely not more than 20 in a ring. As far as I know, IOS limits the value of max-hops to 20. Nope, I'm wrong about this. According to my lab 6500s, MSTP on IOS will let you go all the way to 255 as well. -- Ross Vandegrift r...@kallisti.us If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher. --Woody Guthrie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OT: 871W config
I've got an off-topic plea. I'm trying to configure a simple little 871W as a CE that I need to deploy next week. The wifi on this thing is kicking my ass. 881Ws are completely different than their 871W ancestors. 881Ws have a logically separate internal AP that you basically session into. The 871W's radio is integrated into the router's config itself. I can't for the life of me get wifi sub-ints to bridge onto the SVIs that I'm using on the wired side (3x VLANs: data, voice, and guest). I found a config guide online that showed SVIs configured with nothing but the bridge-group commands, BVIs corresponding to those bridge-groups where all the L3 config now resides, and then normal Dot11Radio sub-ints with matching bridge-groups. However doing this and putting the bridge-group commands on the SVIs breaks the wired connectivity (and doesn't make wifi work anyway). Does anyone have a working config for a 871W that they wouldn't mind sharing off-list? This should be a trivially minor config and for some reason it's thoroughly stumping me. Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: 871W config
Does anyone have a working config for a 871W that they wouldn't mind sharing off-list? This should be a trivially minor config and for some reason it's thoroughly stumping me. http://www.oneunified.net/blog/Cisco/Cisco871Wireless.article Done with the CLI. In addition 12.4(15)T8 works. 12.4(20) doesn't do wireless well. -- Scanned for viruses and dangerous content at http://www.oneunified.net and is believed to be clean. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ebgp load balancing using maxiumu-paths TCAM impact on Sup720-3BXL?
Setup is as follows; 2 edge routers, each with a BGP session receiving full routes to the same provider router. The provider is load balancing inbound traffic to our AS nicely, 50/50 between the edge routers.. I would also like to load balance the outbound traffic.. I've considered adding 'maximum-paths 2' to install the two equal paths, but an concerned about FIB TCAM impacts. Will adding this command cause each equal cost route to take one additional TCAM entry, i.e. full routing table x 2 524k TCAM limit = EPIC meltdown? Current FIB TCAM: L3 Forwarding Resources FIB TCAM usage: TotalUsed %Used 72 bits (IPv4, MPLS, EoM) 524288 285506 54% 144 bits (IP mcast, IPv6) 262144 5 1% Peter Kranz http://www.UnwiredLtd.com www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- mailto:pkr...@unwiredltd.com pkr...@unwiredltd.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/