Re: [c-nsp] SFC DOWN
Hi, On Sat, Aug 01, 2009 at 08:12:05PM -0700, e ninja wrote: PS. Contributors to this list should strive to post reusable knowledge to www.mysolvr.com so that it is properly documented, organized and easily searchable for posterity. Contributors to this list should just post to this list. Archives are available in many places, google will find the answers, and it's not necessary to go to a separate web site (which is likely to profit from it in some way) to get answers to questions posted *here*. The value of this list is not post links to web sites. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpNxRtgvhnkO.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Upgrading IOS core on a 3750 Stack
The subject line says it all. I have some questions regarding how the upgrade works. 1. Do I only upgrade the master? 2. If not, how do I upgrade the other switches in the stack? 3. Should everything be running the same exact code(base vs. ipservices)? snip Switch Ports Model SW Version SW Image -- - - -- -- *1 52 WS-C3750-48P 12.2(25)SEE1C3750-IPSERVICESK9-M 2 52 WS-C3750-48P 12.2(25)SEE1C3750-IPBASEK9-M 3 52 WS-C3750-48P 12.2(25)SEE1C3750-IPBASEK9-M 4 52 WS-C3750-48P 12.2(25)SEE1C3750-IPSERVICESK9-M /snip Thank you -b -- Bill Blackford Senior Network Engineer NWRESD my /home away from home ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading IOS core on a 3750 Stack
On Sun, 2009-08-02 at 06:18 -0700, Bill Blackford wrote: The subject line says it all. I have some questions regarding how the upgrade works. 1. Do I only upgrade the master? Technically no, but the master might be able to auto-upgrade the members. 2. If not, how do I upgrade the other switches in the stack? You can upload software to flash1:, flash2: etc. and set the boot variables with boot system switch 2 flash:/asdf.bin. Remember that each switch sees the flash as just flash: when booting, so set the boot variable accordingly. 3. Should everything be running the same exact code(base vs. ipservices)? snip Switch Ports Model SW Version SW Image -- - - -- -- *1 52 WS-C3750-48P 12.2(25)SEE1C3750-IPSERVICESK9-M 2 52 WS-C3750-48P 12.2(25)SEE1C3750-IPBASEK9-M 3 52 WS-C3750-48P 12.2(25)SEE1C3750-IPBASEK9-M 4 52 WS-C3750-48P 12.2(25)SEE1C3750-IPSERVICESK9-M /snip I actually thought potential members with another feature set than the master wouldn't become active, but if that's part of a show version it seems they can. I would recommend running the same feature set on all switches. I don't know how different feature sets handle a master failover, but only problems come to mind when looking at it. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SFC DOWN
Gert, So if we apply your thought process, there is no value in capturing and organizing re-usable intellectual capital? I guess you must think Wikipedia is useless and we should just trawl through the web and layers of email threads to find simple answers to questions that have already been answered? The value of any list is to share knowledge. If there are free tools out there like mysolvr (a user-generated knowledge-base), that also allows us to go the extra mile of documenting and organizing re-usable know-how for the benefit of others, it is worth the effort. We have to work smarter, not harder. Eninja On Sun, Aug 2, 2009 at 1:45 AM, Gert Doering g...@greenie.muc.de wrote: Hi, On Sat, Aug 01, 2009 at 08:12:05PM -0700, e ninja wrote: PS. Contributors to this list should strive to post reusable knowledge to www.mysolvr.com so that it is properly documented, organized and easily searchable for posterity. Contributors to this list should just post to this list. Archives are available in many places, google will find the answers, and it's not necessary to go to a separate web site (which is likely to profit from it in some way) to get answers to questions posted *here*. The value of this list is not post links to web sites. gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ http://www.muc.de/%7Egert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SFC DOWN
Hi, On Sun, Aug 02, 2009 at 06:51:07AM -0700, e ninja wrote: We have to work smarter, not harder. That's why hey, please go *there* to read my answer to your question is the wrong approach. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpi5k5ZMDyfw.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading IOS core on a 3750 Stack
Here's the documentation from Cisco including CLI commands to do the upgrade. http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00804799d7.shtml -Jeremiah From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Rathlev [pe...@rathlev.dk] Sent: Sunday, August 02, 2009 9:47 AM To: Bill Blackford Cc: cisco-nsp mailing list Subject: Re: [c-nsp] Upgrading IOS core on a 3750 Stack On Sun, 2009-08-02 at 06:18 -0700, Bill Blackford wrote: The subject line says it all. I have some questions regarding how the upgrade works. 1. Do I only upgrade the master? Technically no, but the master might be able to auto-upgrade the members. 2. If not, how do I upgrade the other switches in the stack? You can upload software to flash1:, flash2: etc. and set the boot variables with boot system switch 2 flash:/asdf.bin. Remember that each switch sees the flash as just flash: when booting, so set the boot variable accordingly. 3. Should everything be running the same exact code(base vs. ipservices)? snip Switch Ports Model SW Version SW Image -- - - -- -- *1 52 WS-C3750-48P 12.2(25)SEE1C3750-IPSERVICESK9-M 2 52 WS-C3750-48P 12.2(25)SEE1C3750-IPBASEK9-M 3 52 WS-C3750-48P 12.2(25)SEE1C3750-IPBASEK9-M 4 52 WS-C3750-48P 12.2(25)SEE1C3750-IPSERVICESK9-M /snip I actually thought potential members with another feature set than the master wouldn't become active, but if that's part of a show version it seems they can. I would recommend running the same feature set on all switches. I don't know how different feature sets handle a master failover, but only problems come to mind when looking at it. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can't pick up ip address--cisco 1200 ap
Ok, here is what I have for DHCP sewrvice: ip dhcp pool r-office network 192.168.12.0 255.255.255.0 subnet prefix-length 24 default-router 192.168.12.1 lease infinite what did I do wrong? --- On Sun, 2/8/09, snort bsd snort...@yahoo.com.au wrote: From: snort bsd snort...@yahoo.com.au Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: cisco-nsp cisco-nsp@puck.nether.net, Graham Wooden gra...@g-rock.net Received: Sunday, 2 August, 2009, 11:08 AM Thanks for reply. No, we have no VLAN aware switch connecting to it yet. We want to use it to replace the linksys wireless router we are using. The idea is that some of mobile user connecting to VLAN 10 via wireless and some of mobile users connecting to VLAN 20. Users on both VLANs could get to internet but access different resources internally (with VLAN aware switches). One problem a time...:) _Dave --- On Sun, 2/8/09, Graham Wooden gra...@g-rock.net wrote: From: Graham Wooden gra...@g-rock.net Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: snort bsd snort...@yahoo.com.au, cisco-nsp cisco-nsp@puck.nether.net Received: Sunday, 2 August, 2009, 10:22 AM Hi there, Your switch port that the AP is connected to - is it in trunk mode? Like switchport trunk encap dot1q ? On 8/1/09 4:52 PM, snort bsd snort...@yahoo.com.au wrote: Hi: all: I got ciscoAP 1200 configured and can connect it via wireless without problems. But the system connecting to the AP can't pick up any IP address. dot11 ssid lab vlan 20 vlan 20 max-associations 10 authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps ! dot11 ssid test vlan 10 vlan 10 max-associations 10 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps what else I didn't do right? Thanks __ __ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SFC DOWN
Gert Doering wrote: Contributors to this list should just post to this list. Archives are available in many places, google will find the answers, and it's not necessary to go to a separate web site (which is likely to profit from it in some way) to get answers to questions posted *here*. The value of this list is not post links to web sites. Agreed 100%. FYI, Mysolvr is the same Pingsta outfit that scraped addresses from this list and spammed them repeatedly a while back. http://www.google.com/search?q=pingsta+spam -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can't pick up ip address--cisco 1200 ap
You got this on the router and what is the AP connected to ? U need to have an interface, gateway, default router commands so that the vlan 20 can connect to the router, if you want them to connect to different vlans internally you may need to look at this type of setup Ie interface Vlan12 description Wireless Vlan no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly bridge-group 12 bridge-group 12 spanning-disabled interface BVI12 description Bridge to Internal Network ip address 192.168.12.1 255.255.255.0 ip nat inside ip virtual-reassembly bridge 12 protocol ieee bridge 12 route ip -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of snort bsd Sent: Sunday, August 02, 2009 8:53 AM To: cisco-nsp; Graham Wooden Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap Ok, here is what I have for DHCP sewrvice: ip dhcp pool r-office network 192.168.12.0 255.255.255.0 subnet prefix-length 24 default-router 192.168.12.1 lease infinite what did I do wrong? --- On Sun, 2/8/09, snort bsd snort...@yahoo.com.au wrote: From: snort bsd snort...@yahoo.com.au Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: cisco-nsp cisco-nsp@puck.nether.net, Graham Wooden gra...@g-rock.net Received: Sunday, 2 August, 2009, 11:08 AM Thanks for reply. No, we have no VLAN aware switch connecting to it yet. We want to use it to replace the linksys wireless router we are using. The idea is that some of mobile user connecting to VLAN 10 via wireless and some of mobile users connecting to VLAN 20. Users on both VLANs could get to internet but access different resources internally (with VLAN aware switches). One problem a time...:) _Dave --- On Sun, 2/8/09, Graham Wooden gra...@g-rock.net wrote: From: Graham Wooden gra...@g-rock.net Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: snort bsd snort...@yahoo.com.au, cisco-nsp cisco-nsp@puck.nether.net Received: Sunday, 2 August, 2009, 10:22 AM Hi there, Your switch port that the AP is connected to - is it in trunk mode? Like switchport trunk encap dot1q ? On 8/1/09 4:52 PM, snort bsd snort...@yahoo.com.au wrote: Hi: all: I got ciscoAP 1200 configured and can connect it via wireless without problems. But the system connecting to the AP can't pick up any IP address. dot11 ssid lab vlan 20 vlan 20 max-associations 10 authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps ! dot11 ssid test vlan 10 vlan 10 max-associations 10 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps what else I didn't do right? Thanks __ __ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SFC DOWN
That 'spam' was the result of a Pingsta mailserver bug. What exactly has that got to do with working smarter? Eninja On Aug 2, 2009, at 6:10 PM, Jay Hennigan j...@west.net wrote: Gert Doering wrote: Contributors to this list should just post to this list. Archives are available in many places, google will find the answers, and it's not necessary to go to a separate web site (which is likely to profit from it in some way) to get answers to questions posted *here*. The value of this list is not post links to web sites. Agreed 100%. FYI, Mysolvr is the same Pingsta outfit that scraped addresses from this list and spammed them repeatedly a while back. http://www.google.com/search?q=pingsta+spam -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CSC CARD info
Hi, Thanks , but my querry still remains unanswered - If we use 2 CSC and 3 SFC When I do OIR of slot 17 CSC ( when MASTER - defaul ) we get 3 ping drops for transit traffic through the router. When I do OIR of slot 16 CSC ( when MASTER ) we get lot of ping drops for transit traffic through the router and neighbourships break. Regards J.Daniels On Sat, Aug 1, 2009 at 3:39 PM, Eninja eni...@gmail.com wrote: OIR'ing the primary CSC (slot 17 by default) will _always_ result in traffic loss because the CSC clocks and schedules all fabric traffic. Remember to shutdown the primary CSC using hw-module shut command, wait at least 1 min before OIR'ing and failing over from primary to secondary CSC. Eninja On Aug 1, 2009, at 9:06 AM, jack daniels jckdaniel...@gmail.com wrote: Hi all, what is significance of slot no of CSC. If we use 2 CSC and 3 SFC When I do OIR of slot 17 CSC ( when MASTER ) we get 3 ping drops for transit traffic through the router. When I do OIR of slot 16 CSC ( when MASTER ) we get lot of ping drops for transit traffic through the router and neighbourships break. Regards Jack.Daniels ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SFC DOWN
Eninja wrote: That 'spam' was the result of a Pingsta mailserver bug. What exactly has that got to do with working smarter? It means that many of us will not find any credibility in Pingsta or anything related to it. We are not a short-sighted shiny web 2.0 audience that forgets quickly. ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can't pick up ip address--cisco 1200 ap
Well, without a VLAN aware switch you are dumping tagged VLAN traffic into an interface that won't do anything with it, and in turn won't pass you traffic to your sub interfaces on your AP. So to move forward, you really need to have the AP plugged into a VLAN aware switch, with the port setup for dot1q and allowing these two vlans. Then set up some other ports on the switch to handle the untagged traffic for these two vlans and put your DHCP server(s) on it. Or if you running your DHCP server on a router, you can sub interface out the router and make that switchport dot1q as well. Make sense? Again, without the proper handling of the traffic leaving the AP, traffic won't go in properlly as well. HTH, -graham From: snort bsd snort...@yahoo.com.au Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: cisco-nsp cisco-nsp@puck.nether.net, Graham Wooden gra...@g-rock.net Received: Sunday, 2 August, 2009, 11:08 AM Thanks for reply. No, we have no VLAN aware switch connecting to it yet. We want to use it to replace the linksys wireless router we are using. The idea is that some of mobile user connecting to VLAN 10 via wireless and some of mobile users connecting to VLAN 20. Users on both VLANs could get to internet but access different resources internally (with VLAN aware switches). One problem a time...:) _Dave --- On Sun, 2/8/09, Graham Wooden gra...@g-rock.net wrote: From: Graham Wooden gra...@g-rock.net Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: snort bsd snort...@yahoo.com.au, cisco-nsp cisco-nsp@puck.nether.net Received: Sunday, 2 August, 2009, 10:22 AM Hi there, Your switch port that the AP is connected to - is it in trunk mode? Like switchport trunk encap dot1q ? On 8/1/09 4:52 PM, snort bsd snort...@yahoo.com.au wrote: Hi: all: I got ciscoAP 1200 configured and can connect it via wireless without problems. But the system connecting to the AP can't pick up any IP address. dot11 ssid lab vlan 20 vlan 20 max-associations 10 authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps ! dot11 ssid test vlan 10 vlan 10 max-associations 10 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps what else I didn't do right? Thanks _ _ __ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _ ___ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ __ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mailing list vs. web site (WAS: Re: SFC DOWN)
John Osmon wrote: Let me preafce my words with the thought that I find the most of the new wikis, forums, and whatnots are poor substitutes for searchable text archives. Agreed. However, I learned most of my foundation material from Usenet in the late 80s and early 90s, so I might be biased... Ditto. On Sun, Aug 02, 2009 at 06:51:07AM -0700, e ninja wrote: Gert, So if we apply your thought process, there is no value in capturing and organizing re-usable intellectual capital? I guess you must think Wikipedia is useless and we should just trawl through the web and layers of email threads to find simple answers to questions that have already been answered? You're putting words in Gert's mouth suggesting he derides the valuable (free) services available. I've never met Gert, but would buy him a beer if I found we were in the same room. Gert and others have helped me (and others) countless times without need of any of the tools you espouse -- so there is already value present without need for more work... Agreed, and I'd buy him two. Issues brought to this list should be discussed on this list and hopefully resolved on this list. A Go over there for the answer response fragments discussion and actually tends to make future searches for the same information less likely to succeed as information on the web changes, links break, etc. A response of Go over there for the answer from someone with a vested interest in Over there is nothing more than an advertisement for Over there. Back to the main point: There is value -- but who has to exert energy, and who reaps the benefits? Those looking for the information have to exert the energy, those trying to commercialize it reap the benefits. The value of any list is to share knowledge. If there are free tools out there like mysolvr (a user-generated knowledge-base), that also allows us to go the extra mile of documenting and organizing re-usable know-how for the benefit of others, it is worth the effort. Yes, there is likely value in organizing the info. However, is the marginal value greater than the marginal cost? I'm of the opinion that most of the people reading this list and the archives believe that it works well as it is. Agreed. We have to work smarter, not harder. Absolutely! However, I think that you've got a hard hill in front of you trying to change the behavior of people using this list. And the smart way to work is to avoid fragmenting the information. The hard way is to fragment it among diffuse sites. The ethical way is to resist hijacking threads to promote one's own website. A smarter approach might be to start moving the data to your preferred site on your own. Perhaps even building automated tools to do so. If your idea catches on, you could very well end up with a reputation and following like Jared and/or Gert. Until that occurs, I have doubts that the wealth of info on cisco-nsp will be transferred to another medium... He doesn't want to move the information to his site on his own. He wants us to do it for him. This began over a year ago with scraping cisco-nsp for email addresses and spamming them with invitations. It went mostly under-the-radar until his spambot went nuts and flooded its victims with multiple invitations at once. Faded under the radar again and now he's back hawking the sister site. (With that said, I'd be happy to be proven wrong -- more knowledge is better! I don't, however, think that I'd get enough out of the process to spend my time doing any of the prep work...) Agreed. And it fragments the information. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CSC CARD info
Jack, Assuming the right procedures were followed for OIR, send the following captures when 17 16 are primary CSC to aid further assessment; 1. sh controller fia (from the RP and from an attach session to each of the LCs) 2. show controllers psar 3. sh fabric 4. sh log Eninja On Sun, Aug 2, 2009 at 10:34 AM, jack daniels jckdaniel...@gmail.comwrote: Hi, Thanks , but my querry still remains unanswered - If we use 2 CSC and 3 SFC When I do OIR of slot 17 CSC ( when MASTER - defaul ) we get 3 ping drops for transit traffic through the router. When I do OIR of slot 16 CSC ( when MASTER ) we get lot of ping drops for transit traffic through the router and neighbourships break. Regards J.Daniels On Sat, Aug 1, 2009 at 3:39 PM, Eninja eni...@gmail.com wrote: OIR'ing the primary CSC (slot 17 by default) will _always_ result in traffic loss because the CSC clocks and schedules all fabric traffic. Remember to shutdown the primary CSC using hw-module shut command, wait at least 1 min before OIR'ing and failing over from primary to secondary CSC. Eninja On Aug 1, 2009, at 9:06 AM, jack daniels jckdaniel...@gmail.com wrote: Hi all, what is significance of slot no of CSC. If we use 2 CSC and 3 SFC When I do OIR of slot 17 CSC ( when MASTER ) we get 3 ping drops for transit traffic through the router. When I do OIR of slot 16 CSC ( when MASTER ) we get lot of ping drops for transit traffic through the router and neighbourships break. Regards Jack.Daniels ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can't pick up ip address--cisco 1200 ap
Thanks for help! Here is what I have: internet - AP - VLAN aware switch - firewall - internal networks | | | wireless PCs (VLAN 10 or VLAN 20) I have DHCP service configured on the AP, which means those wireless PCs should get their IP addresses from the DHCP server on the AP (I don't have separated DHCP server on the internal network). what I am trying to figure out how I can tie the right pool of DHCP IP addresses to the right interface. Right now the authenticated PCs could not get IP address at all. here is my config relating to the diagram: ip dhcp pool vlan20 network 192.168.12.0 255.255.255.0 subnet prefix-length 24 default-router 192.168.12.1 lease infinite ! ip dhcp pool vlan10 network 192.168.13.0 255.255.255.0 subnet prefix-length 24 default-router 192.16.13.1 lease infinite ... dot11 vlan-name ming vlan 20 dot11 vlan-name rest vlan 10 ! dot11 ssid lab vlan 20 vlan 20 max-associations 10 authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 whatever ! information-element ssidl wps ! dot11 ssid test vlan 10 vlan 10 max-associations 10 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 7 whatever ! information-element ssidl wps ... interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 10 mode ciphers aes-ccm tkip ! encryption vlan 20 mode ciphers aes-ccm tkip ! ssid lab vlan 20 ! ssid test vlan 10 ! mbssid speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.10 encapsulation dot1Q 10 native no ip redirects no ip route-cache bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding bridge-group 10 spanning-disabled ! interface Dot11Radio0.20 encapsulation dot1Q 20 no ip redirects no ip route-cache bridge-group 20 bridge-group 20 subscriber-loop-control bridge-group 20 port-protected bridge-group 20 block-unknown-source no bridge-group 20 source-learning no bridge-group 20 unicast-flooding bridge-group 20 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.10 encapsulation dot1Q 10 ip address 192.168.13.10 255.255.255.0 no ip redirects no ip route-cache ! interface FastEthernet0.20 encapsulation dot1Q 20 ip address 192.168.12.10 255.255.255.0 no ip redirects no ip route-cache ! --- On Mon, 3/8/09, Graham Wooden gra...@g-rock.net wrote: From: Graham Wooden gra...@g-rock.net Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: snort bsd snort...@yahoo.com.au, cisco-nsp cisco-nsp@puck.nether.net Received: Monday, 3 August, 2009, 6:17 AM Well, without a VLAN aware switch you are dumping tagged VLAN traffic into an interface that won't do anything with it, and in turn won't pass you traffic to your sub interfaces on your AP. So to move forward, you really need to have the AP plugged into a VLAN aware switch, with the port setup for dot1q and allowing these two vlans. Then set up some other ports on the switch to handle the untagged traffic for these two vlans and put your DHCP server(s) on it. Or if you running your DHCP server on a router, you can sub interface out the router and make that switchport dot1q as well. Make sense? Again, without the proper handling of the traffic leaving the AP, traffic won't go in properlly as well. HTH, -graham From: snort bsd snort...@yahoo.com.au Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: cisco-nsp cisco-nsp@puck.nether.net, Graham Wooden gra...@g-rock.net Received: Sunday, 2 August, 2009, 11:08 AM Thanks for reply. No, we have no VLAN aware switch connecting to it yet. We want to use it to replace the linksys wireless router we are using. The idea is that some of mobile user connecting to VLAN 10 via wireless and some of mobile users connecting to VLAN 20. Users on both VLANs could get to internet but access different resources internally (with VLAN aware switches). One problem a time...:) _Dave --- On Sun, 2/8/09, Graham Wooden gra...@g-rock.net wrote: From: Graham Wooden gra...@g-rock.net Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap To: snort bsd snort...@yahoo.com.au, cisco-nsp cisco-nsp@puck.nether.net Received: Sunday, 2 August, 2009, 10:22 AM Hi there, Your switch port that the AP is connected to - is it in trunk mode? Like switchport trunk encap dot1q ? On 8/1/09 4:52 PM, snort bsd snort...@yahoo.com.au wrote: Hi: all: I got ciscoAP 1200
Re: [c-nsp] SFC DOWN
Has the original question of this thread been answered? Sent from my handheld On Aug 2, 2009, at 1:12 PM, Jay Hennigan j...@west.net wrote: Gert Doering wrote: Contributors to this list should just post to this list. Archives are available in many places, google will find the answers, and it's not necessary to go to a separate web site (which is likely to profit from it in some way) to get answers to questions posted *here*. The value of this list is not post links to web sites. Agreed 100%. FYI, Mysolvr is the same Pingsta outfit that scraped addresses from this list and spammed them repeatedly a while back. http://www.google.com/search?q=pingsta+spam -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Humor: Cisco announces end of BGP
Anyone can write an informational rfc. See apr 1 as an example. One can easily write up what they do, or survey responses. You can then follow the feedback from your request. Jared Mauch On Jul 30, 2009, at 10:31 AM, TJ trej...@gmail.com wrote: -Original Message- From: sth...@nethelp.no [mailto:sth...@nethelp.no] Subject: Re: [c-nsp] Humor: Cisco announces end of BGP My feeling is based on two things: I don't like the idea of vendors/providers ignoring an RFC just because. And note the RFC in question leaves no wiggle room here. Please cite chapter and verse. As long as you use static IPv6 addresses, /126 is fine. No, a /126 address does *not* have to be based on a 64 bit interface ID. Sure ... RFC4291 2.5.1 For all unicast addresses, except those that start with the binary value 000, Interface IDs are required to be 64 bits long and to be constructed in Modified EUI-64 format. 2.5.4 All Global Unicast addresses other than those that start with binary 000 have a 64-bit interface ID field (i.e., n + m = 64), formatted as described in Section 2.5.1. Global Unicast addresses that start with binary 000 have no such constraint on the size or structure of the interface ID field. That would seem pretty clear cut to me, rather explicitly calling for 64bit IIDs in all unicast cases (excluding the starts with 000 block). Additionally, 3177 implies the same: 3. - /64 when it is known that one and only one subnet is needed by design. Again - I am not saying /126s (or others!) don't work. And most implementations let you assign arbitrary values for prefix length. I am not saying /126s or similar options are (evil|bad), or even functionally problematic. In fact, RFC3627 explicitly mentions /126s as less bad than /127s ... but prefers /112s over /126s, and prefers /64s over all of the above. All I am saying that I prefer the spec(s) be updated based on real world preferences/implementations, and that this proposed change get reviewed as thoroughly as the original spec(s) did to ensure nothing breaks. I fully realize that the real world doesn't always agree with the IETF, but in something this low down and yet relatively easy to codify I fail to see why it hasn't been done, unless there is a reason not to? (If you don't mind wiggle room in specs, or implementers reinterpreting the specs, that is (cough) fine.) In closing, I would turn the question around - can you cite chapter and verse where it says you are allowed to do this? Hopefully including an assessment of the potential unintended consequences (Note: If it exists, Great! ... sorry I missed it!) /TJ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can't pick up ip address--cisco 1200 ap
Yes that sole fastethernet interface is in trunk mode and allowing both tag 10 and 20. But I don't use any separated DHCP server for those wirless users. They will get IP addresses from the DHCP service activated on the AP. So I don't need the command ip helper address in this configuration. --- On Sun, 2/8/09, Ryan West rw...@zyedge.com wrote: From: Ryan West rw...@zyedge.com Subject: RE: [c-nsp] Can't pick up ip address--cisco 1200 ap To: snort bsd snort...@yahoo.com.au, cisco-nsp cisco-nsp@puck.nether.net Received: Sunday, 2 August, 2009, 10:25 AM Are you trunking that interface and allowing both vlan 10 and 20? Do you have a DHCP server in both subnets or an ip-helper address? -ryan -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of snort bsd Sent: Saturday, August 01, 2009 5:53 PM To: cisco-nsp Subject: [c-nsp] Can't pick up ip address--cisco 1200 ap Hi: all: I got ciscoAP 1200 configured and can connect it via wireless without problems. But the system connecting to the AP can't pick up any IP address. dot11 ssid lab vlan 20 vlan 20 max-associations 10 authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps ! dot11 ssid test vlan 10 vlan 10 max-associations 10 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 7 whatever key information-element ssidl wps what else I didn't do right? Thanks Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how: http://au.mobile.yahoo.com/mail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mailing list vs. web site (WAS: Re: SFC DOWN)
Jay, Not sure what you continue to refer to here about ***scraping cisco-nsp for email addresses*** but to minimize your exposure, you may want to refrain from making unsubstantiated allegations against corporate entities without facts. All that was suggested is simple, if folks have extra bandwidth, they should clearly and concisely document best practices in a format that is easily searchable and reusable for posterity. Whether that is mysolvr.com, CCO, juniper.net, private blogs or impulse.net, it really doesn't matter. Suggesting that someone taking the time to research and respond to a complex 2-day old GSR 12000 ASIC problem that no one else on the list had responded to - is doing so for an ulterior motive is highly unprofessional. You need to remove emotions from your list conversations and focus on the only reason why everybody is here - to *voluntarily* help others solve their technical problems. Remember, a list is only as good as the quality of the answers people get from it. eom on this matter. eninja On Sun, Aug 2, 2009 at 2:23 PM, Jay Hennigan j...@west.net wrote: John Osmon wrote: Let me preafce my words with the thought that I find the most of the new wikis, forums, and whatnots are poor substitutes for searchable text archives. Agreed. However, I learned most of my foundation material from Usenet in the late 80s and early 90s, so I might be biased... Ditto. On Sun, Aug 02, 2009 at 06:51:07AM -0700, e ninja wrote: Gert, So if we apply your thought process, there is no value in capturing and organizing re-usable intellectual capital? I guess you must think Wikipedia is useless and we should just trawl through the web and layers of email threads to find simple answers to questions that have already been answered? You're putting words in Gert's mouth suggesting he derides the valuable (free) services available. I've never met Gert, but would buy him a beer if I found we were in the same room. Gert and others have helped me (and others) countless times without need of any of the tools you espouse -- so there is already value present without need for more work... Agreed, and I'd buy him two. Issues brought to this list should be discussed on this list and hopefully resolved on this list. A Go over there for the answer response fragments discussion and actually tends to make future searches for the same information less likely to succeed as information on the web changes, links break, etc. A response of Go over there for the answer from someone with a vested interest in Over there is nothing more than an advertisement for Over there. Back to the main point: There is value -- but who has to exert energy, and who reaps the benefits? Those looking for the information have to exert the energy, those trying to commercialize it reap the benefits. The value of any list is to share knowledge. If there are free tools out there like mysolvr (a user-generated knowledge-base), that also allows us to go the extra mile of documenting and organizing re-usable know-how for the benefit of others, it is worth the effort. Yes, there is likely value in organizing the info. However, is the marginal value greater than the marginal cost? I'm of the opinion that most of the people reading this list and the archives believe that it works well as it is. Agreed. We have to work smarter, not harder. Absolutely! However, I think that you've got a hard hill in front of you trying to change the behavior of people using this list. And the smart way to work is to avoid fragmenting the information. The hard way is to fragment it among diffuse sites. The ethical way is to resist hijacking threads to promote one's own website. A smarter approach might be to start moving the data to your preferred site on your own. Perhaps even building automated tools to do so. If your idea catches on, you could very well end up with a reputation and following like Jared and/or Gert. Until that occurs, I have doubts that the wealth of info on cisco-nsp will be transferred to another medium... He doesn't want to move the information to his site on his own. He wants us to do it for him. This began over a year ago with scraping cisco-nsp for email addresses and spamming them with invitations. It went mostly under-the-radar until his spambot went nuts and flooded its victims with multiple invitations at once. Faded under the radar again and now he's back hawking the sister site. (With that said, I'd be happy to be proven wrong -- more knowledge is better! I don't, however, think that I'd get enough out of the process to spend my time doing any of the prep work...) Agreed. And it fragments the information. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: [c-nsp] BGP Multipath and unequal IGP metrics
Hi Hate to bump my own post but does anyone have any thoughts on the below? Thanks David ... On 28/07/2009, at 10:11 AM, David Hughes wrote: Hi I have a situation that looks like a problem in the making. In a subset of our network there's a pair of well connected datacentres (eg dual 10GE paths etc). One of our upstreams will shortly be presenting a transit path at both of these 2 locations. No problems I think to myself - we'll just multi-path from our core and load share over both paths. Problem. Seeing as the 2 border routers in question are at different locations, the core routers see different IGP metrics to the nexthop of the BGP table entry. As a result they are excluded from use with BGP multipath and I'm left with the core routers at each DC only using the paths to the border router at the local site. I don't want to mess around with tweaking the OSPF metrics as I'm sure that's just a disaster waiting to happen for some poor network engineer in a year or two. I thought I'd found a nice clean solution with Cisco's multipath unequal-cost feature but for some reason I can't even start to understand you can only use it in a VRF, not in the default table. So the only solution I can see is to reconfigure the core devices and move all interfaces and routing processes into a VRF so that I can effectively get this feature on our entire table. What am I missing here? Surely I'm not Robinson Crusoe - someone must have done this before. Platform is Cat6k / Sup720. Thanks David ... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Multipath and unequal IGP metrics
I would consider using a layered-session approach. The first layer would be used only to provide the path to the BGP loopback, both to your core routers and to your transit providers, and would be used to equalize the metric of the alternate paths. A likely scenario would consist of 4 BGP sessions among your own routers and 2 or 4 sessions to your transit provider, but might be more; it would require BGP support, but no 1 milion routes support. The second layer would use the first one to exchange provider announcements, both yours to transit and full routes from the transit providers. Disclaimer: haven't tested this exact scenario, ended up having full-route capable routers on all hops. Rubens On Mon, Jul 27, 2009 at 9:11 PM, David Hughesda...@hughes.com.au wrote: Hi I have a situation that looks like a problem in the making. In a subset of our network there's a pair of well connected datacentres (eg dual 10GE paths etc). One of our upstreams will shortly be presenting a transit path at both of these 2 locations. No problems I think to myself - we'll just multi-path from our core and load share over both paths. Problem. Seeing as the 2 border routers in question are at different locations, the core routers see different IGP metrics to the nexthop of the BGP table entry. As a result they are excluded from use with BGP multipath and I'm left with the core routers at each DC only using the paths to the border router at the local site. I don't want to mess around with tweaking the OSPF metrics as I'm sure that's just a disaster waiting to happen for some poor network engineer in a year or two. I thought I'd found a nice clean solution with Cisco's multipath unequal-cost feature but for some reason I can't even start to understand you can only use it in a VRF, not in the default table. So the only solution I can see is to reconfigure the core devices and move all interfaces and routing processes into a VRF so that I can effectively get this feature on our entire table. What am I missing here? Surely I'm not Robinson Crusoe - someone must have done this before. Platform is Cat6k / Sup720. Thanks David ... ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/