Re: [c-nsp] Data VLAN/Voice VLAN
What platform/IOS are you running?? I think the older 3500xl PoE switch had to be in trunk mode to accomplish the dot1(p)(q) header info so trust the EF marking of the packet would work due to CDP improvements and working without actually having a it in trunk mode. Think newer platforms and IOS, CDP does the magic of the headers of the aux vlan (which is the voice vlan) if im not mitaken. And u can just use voice vlan and access mode and it works. So no need to trunk on newer gear. But Pete's correct, u have the switchport mode in access. And u might have to trunk depending on ur setup. Also having it tagging native is useless in access mode. HTH, Clue On Fri, Aug 28, 2009 at 6:52 PM, Bill Blackford bblackf...@nwresd.k12.or.us wrote: If you are using 3560's, this has been my experience as well. If you are unfortunate enough to be using 3550XL's, then the whole game is different. The 3550XL way: interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport trunk native vlan 68 switchport mode trunk switchport voice vlan 66 switchport priority extend cos 0 spanning-tree portfast The data vlan has to be indicated as native. Again, this has been my experience. -b -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto: cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Rathlev Sent: Friday, August 28, 2009 3:44 PM To: Yuri Bank Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Data VLAN/Voice VLAN On Fri, 2009-08-28 at 15:20 -0700, Yuri Bank wrote: interface FastEthernet0/4 description phone switchport access vlan 77 switchport trunk native vlan 55 switchport mode access switchport voice vlan 66 In this configuration, data is placed on vlan 55? From what I've read on other forums and such is that the data would be on the configured access vlan ( 77 ). Unfortunately I do not have an iphone to test this. Could anyone give me some clarity? Untagged traffic on the port would be VLAN 77, since this is what you configured at access VLAN and since the port is in forced access mode. A compatible device (i.e. one the presents itself as a phone via CDP) would activate the voice VLAN and thus allow tagged incoming traffic on VLAN 66. This requires the switch (and port) to have CDP enabled by the way. The trunk configuration is ignored when you issue switchport mode access. If you only need a stand-alone phone you can just use a simple access port in the voice VLAN. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Migrate 6500 to 7600
Hi Pete, Im about to undego this same process with 7203bXL, and i'd like to know what roles ur 7606's play?? (BGP, PE, IPv6, 6pe, etc) What has been your most stable non-bgp bugged image that you use??? On Sat, Aug 29, 2009 at 1:50 PM, Mateusz Blaszczyk blah...@gmail.comwrote: With SXF this has never been a problem, only with SRB/SXH and newer. Yes, I forgot about the SXF can be run on both platforms. Then one thing less to worry about. Any surprises with MAC changes, ifindex changes? I recall a discussion here that chassis switchover resulted in the main (for a lack of better word) MAC being changed. Thanks! Best Regards, -mat -- Mateusz Blaszczyk pgp-key 0x64643FCE -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqZeG4ACgkQP+rXbWRkP84blgCfcKiDu//RSXmG6SV5pj6y2NQD fF8AnRzAcX+4SK4aVAns7B2XjY0MxYlL =dK2k -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF fast convergence on Sup32/SXI
Ive had a few customers on a small scale routers perfectly, I believe the dead time in Cisco default is 4 times the hello. I have all of them set of 3 sec Hello packets and a 30 second heal time and zero route instabitliey. But I have zero experience with the sup32/6509 kit. This has been done on 2600/2800 3700/3800 routers with no issues. Clue On Sat, Aug 29, 2009 at 9:45 AM, Gert Doering g...@greenie.muc.de wrote: Hi, for a new project, I have been tasked to build a network that does IGP fast convergence as fast as possible!!! (with 5 exclamation marks). Due to other reasons (... of course this needs to be FAST and cost NOTHING...), the routers will be 6504+Sup32s, planned IOS is SXH3a or SXI2. BFD won't be possible, as routing will be done on SVIs (thanks, Cisco) [*maybe* I can do this on port-channel dot1q subinterfaces, but I'm not yet sure how this will work out - can MUX-UNI be used to mix routed subinterfaces and switched VLANs? I've only used it to mix MPLS subfs and switched VLANs]. Now I'm looking for experience and recommendations about tweaking OSPF - how far have you (successfully) reduced OSPF hello timers? Any other success or horror stories about IGP fast convergence on Sup32? ... and yes, I'm aware that I won't be able to do sub-500ms on this platform. I'm not aiming for this :-) - something like 3s would be perfect, 10s would make $them grumble, but eventually accept it... gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Migrate 6500 to 7600
On Sat, Aug 29, 2009 at 07:50:22PM +0100, Mateusz Blaszczyk wrote: With SXF this has never been a problem, only with SRB/SXH and newer. Yes, I forgot about the SXF can be run on both platforms. Then one thing less to worry about. not so happy anymore. done some reading and it seems 7606S was supported first by SR train: http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRrn.html#wp4344593 I wonder if that will boot under SX (12.2(18)SXE6a). -mat -- Mateusz Blaszczyk pgp-key 0x64643FCE signature.asc Description: Digital signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 in general was Re: Large networks
Mohacsi Janos wrote: I disagree. Not worst than DHCP. By the way how do you distribute parameters for local links? DHCP fake offers are better filterable I think. With v6 we now use mostly static IP addressing. Still working for DHCP over v6. -- Grzegorz Janoszka ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Migrate 6500 to 7600
Hi, On Sun, Aug 30, 2009 at 05:25:25PM +0100, Mateusz Blaszczyk wrote: done some reading and it seems 7606S was supported first by SR train: 7606S definitely does NOT boot under SXH. Been there, done that, returned the chassis. (We told them we want to run modular. They said oh, why bother getting a 7606, get the newer all-shiny-and-dancy 7606S...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpcfjXNpLjal.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Wierd memory issue with SXI/SXI1 on 6500 w/ SUP720-3BXL
Every six weeks or so I am running out of memory on a 6509 w/ dual SUP720-3BXL with mostly 6700-series line cards. I have 21 other nodes with this exact same configuration, some even running SXI or SXI1 that do not have this issue, which first led me to believe that the issue might be hardware related. During our last maintenance window to alleviate the memory issue, I forced the standby SUP to become the active SUP. The memory issue persisted, leading me back to thinking it is a software issue. I did not have this issue with SXH* on this same device, but SXH is *SO* buggy, rolling back is not an option. This leads me to believe that it is most likely a software issue. The router is heavily used with 250+ BGP sessions, OSPF, MPLS, v4/v6, etc, but I don't think it should be consuming and not releasing 4 mbytes of memory each day. Has anyone else seen this? Anyone know a workaround? I'm upgrading to SXI2 tomight in hopes that it resolves my issue. -- Chris Phillips ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Migrate 6500 to 7600
On Sun, Aug 30, 2009 at 05:25:25PM +0100, Mateusz Blaszczyk wrote: On Sat, Aug 29, 2009 at 07:50:22PM +0100, Mateusz Blaszczyk wrote: With SXF this has never been a problem, only with SRB/SXH and newer. Yes, I forgot about the SXF can be run on both platforms. Then one thing less to worry about. not so happy anymore. done some reading and it seems 7606S was supported first by SR train: http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRrn.html#wp4344593 I wonder if that will boot under SX (12.2(18)SXE6a). Hi Mat, When we switched over the 6509s to a 7609-S chassis, it booted and ran fine under SXF15a. After verifying the functionality, we moved to SRC2. Hopefully this is of some help, Rob -- Rob Shakir r...@eng.gxn.net Network Development EngineerGX Networks/Vialtus Solutions ddi: +44208 587 6077mob: +44797 155 4098 pgp: 0xc07e6deb nic-hdl: RJS-RIPE This email is subject to: http//www.vialtus.com/disclaimer.html ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd memory issue with SXI/SXI1 on 6500 w/ SUP720-3BXL
SXI2 will give you another malloc bug :) CSCtb27643cat6000 Medium buffers leak on SP leading to crash Here is a workaround suggested by Cisco: One workaround is to disable the diag test 'TestEARLInternalTables' on all the DFC/PFC modules. However, this workaround will only stop further memory leak. To recover from the already leaked memory on the SP, the sup has to be reload (in case of single-sup) or a 'switchover' done (in case of dual-supervisor). Command line: - - - - - - - - - - - - - - - - - - - - - r31(config)#no diagnostic monitor module all test TestEARLInternalTables -Azher Chris Phillips wrote: Every six weeks or so I am running out of memory on a 6509 w/ dual SUP720-3BXL with mostly 6700-series line cards. I have 21 other nodes with this exact same configuration, some even running SXI or SXI1 that do not have this issue, which first led me to believe that the issue might be hardware related. During our last maintenance window to alleviate the memory issue, I forced the standby SUP to become the active SUP. The memory issue persisted, leading me back to thinking it is a software issue. I did not have this issue with SXH* on this same device, but SXH is *SO* buggy, rolling back is not an option. This leads me to believe that it is most likely a software issue. The router is heavily used with 250+ BGP sessions, OSPF, MPLS, v4/v6, etc, but I don't think it should be consuming and not releasing 4 mbytes of memory each day. Has anyone else seen this? Anyone know a workaround? I'm upgrading to SXI2 tomight in hopes that it resolves my issue. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd memory issue with SXI/SXI1 on 6500 w/ SUP720-3BXL
Hi, it's a bit hard to comment on this, as it is lacking the most important bit - *which process* is losing the memory? (show proc mem sort, run every few days, compare the output). On Sun, Aug 30, 2009 at 10:11:10AM -0700, Chris Phillips wrote: I did not have this issue with SXH* on this same device, but SXH is *SO* buggy, rolling back is not an option. This leads me to believe that it is most likely a software issue. The router is heavily used with 250+ BGP sessions, OSPF, MPLS, v4/v6, etc, but I don't think it should be consuming and not releasing 4 mbytes of memory each day. Has anyone else seen this? Anyone know a workaround? My guess would be you have SXI and a high number of inactive/shutdown BGP sessions. SXI is leaking memory in this configuration. It seems to queue BGP updates for the inactive neighbors, and never release them (obviously, since they are never sent...). Fixed in SXI2. There are voices that SXI2 also has mem leak issues, but we haven't seen those yet. (NB: SXH3a is quite good for us as well - no mem leaks, no crashes, no ghost bugs.) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp0Zf6b1JS2F.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Monitor 3560
Hi, On Thu, Aug 27, 2009 at 03:30:03PM +0300, almog ohayon wrote: Hello Everyone,i wondered if anyone knows how to monitor 3560 interface vlan traffic ? take the 3560 and beat your cisco sales rep with it. This still won't give you per-vlan counters, but vent off some of the frustration that these (and the 3750) cause. And no, there is no way - the hardware is lacking the capability to count vlan traffic. (Which has been answered on this list about *one week* ago...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpoyKeGxXHh9.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Monitor 3560
Hi, On Thu, Aug 27, 2009 at 01:08:32PM -0400, Randy McAnally wrote: It does however, count traffic routed between VLANs. No. Well - *if* it does, you have a BIG problem, because that would mean CPU switched traffic. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpwPvkAjICBA.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Help with Cisco ASA w/CSC-SSM and WCCP Configuration..
I figured I would post here and see if anyone has set this up before, and come across a decent solution for the issue I am currently trying to work through. First off I have a Cisco ASA-5510 with the CSC-SSM-10 module installed in it. The ASA is running the most current 8.2.1 code, and the CSC is running the most current 6.3.1172.0 code from Cisco's site. I do have all this up and running at this time, and it works. I also have a Cisco Content Engine-590 that I have had online here for a while (with only a T1, saving re-grabbing large image content on sites is a plus). I also have the most current ACNS software 5.5.13 loaded on the 590 as well, and it's configured to work with the ASA using WCCPv2. OK, so now the issue. It is all working, but apparently WCCP and the ASA requests are handled before the CSC module, so any and all web requests being processed by the CSC-SSM-10 module all look as though they are coming from a single IP address (the IP of the CE590). In some ways, I guess one could say that was great as you will sure never have to worry about running past the 50 user limit of the default CSC license, as it only sees stuff from a single IP. Of course like all things there is a catch, and for me this is the issue I have. I want to use the Content Filtering function of the CSC-SSM, and limit people based on either the internal IP address, or I see I can also use the NT Active Directory info. In fact I even tried to use the AD plugin, but as it sees the IP of the CE590, again it won't find any logged in users. So due to this, I can't enforce content restrictions on certain users, as everything appears as a single User/IP. So the million dollar question is, has anyone setup and used the ASA w/CSC module along with a Content Engine (web cache) in transparent mode via WCCP, and been able to make the CSC module see the individual IP's/Users inside?? I tried tweaking a couple items in the CE590 but that only resulted in things breaking, so put it all back. If anyone has any ideas on how to accomplish this, or any material on doing this, it would be most appreciated.. --- Howard Leadmon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF fast convergence on Sup32/SXI
You can try OSPF fast hello's but the general consensus is to not use them purely because there is no pseudo preemption for it(unlike bfd) so if you have a busy router, or even a router with bursty busyness aka snmp polling you can draw false positives into your fast hello's. Having said that something like 2 sec hello with 6 sec dead timer has worked well for me before, you could try cutting that down to 1 and 3 respectively, it's probably just a matter of test and tweak and see what works for you. If you can work a solution that incorporates BFD you will be better off in the long run(as your router certainly won't get less busy as time goes on) if the ultimate goal is fast convergence with 5 exclamation marks :) Ben On Sun, Aug 30, 2009 at 12:45 AM, Gert Doering g...@greenie.muc.de wrote: Hi, for a new project, I have been tasked to build a network that does IGP fast convergence as fast as possible!!! (with 5 exclamation marks). Due to other reasons (... of course this needs to be FAST and cost NOTHING...), the routers will be 6504+Sup32s, planned IOS is SXH3a or SXI2. BFD won't be possible, as routing will be done on SVIs (thanks, Cisco) [*maybe* I can do this on port-channel dot1q subinterfaces, but I'm not yet sure how this will work out - can MUX-UNI be used to mix routed subinterfaces and switched VLANs? I've only used it to mix MPLS subfs and switched VLANs]. Now I'm looking for experience and recommendations about tweaking OSPF - how far have you (successfully) reduced OSPF hello timers? Any other success or horror stories about IGP fast convergence on Sup32? ... and yes, I'm aware that I won't be able to do sub-500ms on this platform. I'm not aiming for this :-) - something like 3s would be perfect, 10s would make $them grumble, but eventually accept it... gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ http://www.muc.de/%7Egert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd memory issue with SXI/SXI1 on 6500 w/ SUP720-3BXL [SOLVED]
A show memory allocating-process totals is very telling. llocator PC Summary for: Processor Displayed first 2048 Allocator PCs only PC Total Count Name 0x4035A6C8 2951861724420 BGP battr chun 0x40809510 45688268 695 CEF: fib BGP is definitely the culprit. It has consumed almost 250 million more bytes than the next closest process. Yikes! Looking at a healthy router, this process is just under the 100 million byte mark. I received an off-list reply that contained the workaround. I had four BGP sessions in an admin down state and one that was trying to connect. I removed all five of these sessions from my configuration and the difference was dramatic. Here's the path/bestpath before the removal of the configuration: 1640389/55395 BGP path/bestpath attribute entries using 262462240 bytes of memory Here it is after: 463745/55388 BGP path/bestpath attribute entries using 74199200 bytes of memory That's a staggering difference. However, while the memory has been released back into the BGP memory pool, it does not show up in the free memory pool. We're still at 90% usage, so I will have to proceed with our scheduled maintenance tonight. I had planned on moving to SXI2 tonight, but it sounds like that has some memory issues as well. Think I might just stay put for now, since I now know the workaround for this issue. Thank you everyone for your replies and assistance. It was of great help! Cheers! e ninja wrote: Grab multiple captures of sh proc mem to identify the process holding and not releasing (i.e. leaking) memory. When memory is heavily depleted, grab a *show memory allocating-process totals* and feel free to unicast. Any MALLOC failures? -Eninja On Sun, Aug 30, 2009 at 10:11 AM, Chris Phillips cphill...@wbsconnect.com mailto:cphill...@wbsconnect.com wrote: Every six weeks or so I am running out of memory on a 6509 w/ dual SUP720-3BXL with mostly 6700-series line cards. I have 21 other nodes with this exact same configuration, some even running SXI or SXI1 that do not have this issue, which first led me to believe that the issue might be hardware related. During our last maintenance window to alleviate the memory issue, I forced the standby SUP to become the active SUP. The memory issue persisted, leading me back to thinking it is a software issue. I did not have this issue with SXH* on this same device, but SXH is *SO* buggy, rolling back is not an option. This leads me to believe that it is most likely a software issue. The router is heavily used with 250+ BGP sessions, OSPF, MPLS, v4/v6, etc, but I don't think it should be consuming and not releasing 4 mbytes of memory each day. Has anyone else seen this? Anyone know a workaround? I'm upgrading to SXI2 tomight in hopes that it resolves my issue. -- Chris Phillips ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Chris Phillips ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/