Re: [c-nsp] Smartnet pricing?
Garry wrote: Richey wrote: is buggy for whatever it is they are trying to do. They contacted their rep and the rep said Cisco wants them to pay for the last 5 years of smartnet plus however many going forward in order to get the image. They were quoted over $25k just to upgrade an image. The part that sounds fishy is being forced to pay for 5 years of smartnet. Does this sound right? Apart from the fact that I've had several occasions where there weren't any complaints about getting SMARTnet for older gear (and the serial was sent in when ordering, so $C knew it was older and off of SN for a while) - If what you're after is the IOS update, and you're being quotet for the time in between, why not go software-only SMARTnet? It even contains config/TAC support (if ever required), full access to the download area, and it's something like half of the regular SNT ... plus, there's no logical reason to require a re-cert, as your hardware itself isn't covered ... Is this really available? I was asking a SmartNet rep about this once and was led to believe this isn't an option. Maybe it wasn't then and is now? Maybe they were pulling my leg? Steve -- -- Steven Saner ssa...@pantheranet.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Help with understanding AS5400
Hey All, I'm new to all this voice stuff... We've just installed a AS5400 and plugged the PRI's in but I'm not seeing the interfaces below show up in the config. Eg: interface Serial6/0:15 interface Serial6/1:15 interface Serial6/2:15 interface Serial6/3:15 The Carrier is seeing alarms on their end so it could be that the PRI's aren't properly activated yet. But regardless of this, am I suppose to see those serial interfaces present in the config irrespective of whether the PRIs are up or not? When I try to manually add in the interface, it's not recognized. as1-ks(config)#interface serial 6/0:15? % Unrecognized command Some more details about the AS... as1-ks#sh ver Cisco IOS Software, 5400 Software (C5400-IS-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Sun 19-Nov-06 00:33 by prod_rel_team ROM: System Bootstrap, Version 12.1(2r)XD1, RELEASE SOFTWARE (fc1) BOOTLDR: 5400 Software (C5400-BOOT-M), Version 12.1(5)T5, RELEASE SOFTWARE (fc1) as1-ks-mel uptime is 40 minutes System returned to ROM by reload at 15:53:14 AEST Tue Sep 29 2009 System restarted at 15:54:03 AEST Tue Sep 29 2009 System image file is flash:c5400-is-mz.124-11.T.bin Cisco AS5400 (R7K) processor (revision T) with 262144K/65536K bytes of memory. Processor board ID JAB042904CY R7000 CPU at 250MHz, Implementation 39, Rev 1.0, 256KB L2, 2048KB L3 Cache Last reset from IOS reload Manufacture Cookie Info: EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x31, Board Hardware Version 3.27, Item Number 800-5171-01, Board Revision B0, Serial Number JAB042904CY, PLD/ISP Version 2.2, Manufacture Date 11-Jul-2000. Processor 0x14, MAC Address 0001.42b3.5b7e Backplane HW Revision 1.0, Flash Type 5V 2 FastEthernet interfaces 10 Serial interfaces 216 terminal lines 16 Channelized E1/PRI ports 512K bytes of NVRAM. 32768K bytes of processor board System flash (Read/Write) 8192K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102 as1-ks#sh controllers e1 6/2 E1 6/2 is down. Applique type is Channelized E1 - balanced Far End Block Errors Detected Receiver has loss of signal. alarm-trigger is not set Version info of slot 6: HW: 768, PLD Rev: 1 Framer Version: 0x8 Thanks. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Pile on the 6509 noob
On Tuesday 29 September 2009 12:07:58 am Geoffrey Pendery wrote: If OC3 or bigger, 7206VXR's have worked great for us. Doubt there's anything larger than an OC-3 supported on the 7200-VXR these days. IIRC, the OC-12 was discontinued a while back. But then again, Gig-E can be considered a WAN technology these days too :-). Pretty much all of these options will be cheaper, more robust, and better supported than FlexWAN,... There's the SIP carrier cards now that probably offer better support than the FlexWAN, but have the price tag to prove it :-). Cheers, Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
Re Steven, ssa...@pantheranet.com (Steven Saner) wrote: for the time in between, why not go software-only SMARTnet? It even contains config/TAC support (if ever required), full access to the download area, and it's something like half of the regular SNT ... plus, there's no logical reason to require a re-cert, as your hardware itself isn't covered ... Is this really available? I was asking a SmartNet rep about this once and was led to believe this isn't an option. Maybe it wasn't then and is now? Maybe they were pulling my leg? As usual, with our last Cisco order I though asking can't hurt and did. This is the first time our distributor offered us such a thing and at a very good price (even if you have to buy three contracts for a smallish ASR1002). So yes, it seems to exist. Elmar. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] So when is IPv6 failover coming to the ASA?
On Mon, Sep 28, 2009 at 01:02:26PM -0500, Brandon Ewing wrote: 8.2 introduces dual-service-object-group mode -- meaning you can define a service group WITHOUT the protocol specifiction at the end, and define protocls on a per-service basis: object-group service TEST service-object tcp-udp eq domain service-object tcp eq www service-object icmp echo And this feature is present in 8.0.x already, just not documented and not helped via '?' on the command line. asdm already uses it. Ciao Joerg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Help with understanding AS5400
You need to tell the E1 controller it's to be used as a PRI and what timeslots ie: contr e1 6/0 pri-group timeslots 1-31 This will create serial interface 6/0:15 and allow you to configure ISDN parameters. Don't forget to set your framing on the controller either. Macca On Tue, Sep 29, 2009 at 4:45 PM, Andy Saykao andy.say...@staff.netspace.net.au wrote: Hey All, I'm new to all this voice stuff... We've just installed a AS5400 and plugged the PRI's in but I'm not seeing the interfaces below show up in the config. Eg: interface Serial6/0:15 interface Serial6/1:15 interface Serial6/2:15 interface Serial6/3:15 The Carrier is seeing alarms on their end so it could be that the PRI's aren't properly activated yet. But regardless of this, am I suppose to see those serial interfaces present in the config irrespective of whether the PRIs are up or not? When I try to manually add in the interface, it's not recognized. as1-ks(config)#interface serial 6/0:15? % Unrecognized command Some more details about the AS... as1-ks#sh ver Cisco IOS Software, 5400 Software (C5400-IS-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Sun 19-Nov-06 00:33 by prod_rel_team ROM: System Bootstrap, Version 12.1(2r)XD1, RELEASE SOFTWARE (fc1) BOOTLDR: 5400 Software (C5400-BOOT-M), Version 12.1(5)T5, RELEASE SOFTWARE (fc1) as1-ks-mel uptime is 40 minutes System returned to ROM by reload at 15:53:14 AEST Tue Sep 29 2009 System restarted at 15:54:03 AEST Tue Sep 29 2009 System image file is flash:c5400-is-mz.124-11.T.bin Cisco AS5400 (R7K) processor (revision T) with 262144K/65536K bytes of memory. Processor board ID JAB042904CY R7000 CPU at 250MHz, Implementation 39, Rev 1.0, 256KB L2, 2048KB L3 Cache Last reset from IOS reload Manufacture Cookie Info: EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x31, Board Hardware Version 3.27, Item Number 800-5171-01, Board Revision B0, Serial Number JAB042904CY, PLD/ISP Version 2.2, Manufacture Date 11-Jul-2000. Processor 0x14, MAC Address 0001.42b3.5b7e Backplane HW Revision 1.0, Flash Type 5V 2 FastEthernet interfaces 10 Serial interfaces 216 terminal lines 16 Channelized E1/PRI ports 512K bytes of NVRAM. 32768K bytes of processor board System flash (Read/Write) 8192K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102 as1-ks#sh controllers e1 6/2 E1 6/2 is down. Applique type is Channelized E1 - balanced Far End Block Errors Detected Receiver has loss of signal. alarm-trigger is not set Version info of slot 6: HW: 768, PLD Rev: 1 Framer Version: 0x8 Thanks. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Maybe Off.topic... VoIP wholesale carriers or just for south america
Hi, This an off-topic issue, sorry about it. I would like to know if you know some VoIP wholesale carriers or just for south america. Something like flowroute.com Thanks in advance and sorry by this email again. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
On Tue, Sep 29, 2009 at 12:56:26AM -0500, Steven Saner wrote: Is this really available? I was asking a SmartNet rep about this once and was led to believe this isn't an option. Maybe it wasn't then and is now? Maybe they were pulling my leg? It does exist, CON-SW-..., but not listed in the GPL. When poking your sales rep enough, they admit. :) For pricing, see SP-SW-..., it's all the same as CON- (at least for all products I checked, being various Catalyst and ASR1K parts). In fact, the SP-SW- contract line brought me to CON-SW- when we asked for SP-SW- offer and got told that SP- ain't sold in Europe, but there is equivalent CON-SW- too... :) Best regards, Daniel ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Bell Canada - Old Bogon?
Hey guys, Could someone from Bell Canada who can deal with an old Bogon issue please contact me off list. It is re: 180.x.x.x ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists ske...@eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there? Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Any reference to costs, fee quotations, contractual transactions and variations to contract terms is subject to separate confirmation in writing signed by an authorised representative of eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we cannot guarantee that attachments are! virus-free or compatible with your systems and do not accept any liability in respect of viruses or computer problems experienced. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
Steven Saner wrote: Is this really available? I was asking a SmartNet rep about this once and was led to believe this isn't an option. Maybe it wasn't then and is now? Maybe they were pulling my leg? 'SASU' - Software Application Support plus Upgrades But last time I priced it up I got the same price for that as 8x5xNBD hardware support, which was disappointing. OP could go to a third party for support rather than Cisco, which should reduce the cost yet still allow legitimate access to newer IOS. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bell Canada - Old Bogon?
Why did I send this to cisco-nsp and not NANOG? Doh... sorry all. -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists ske...@eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there? -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Skeeve Stevens Sent: Tuesday, 29 September 2009 7:29 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Bell Canada - Old Bogon? Hey guys, Could someone from Bell Canada who can deal with an old Bogon issue please contact me off list. It is re: 180.x.x.x ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists ske...@eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there? Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Any reference to costs, fee quotations, contractual transactions and variations to contract terms is subject to separate confirmation in writing signed by an authorised representative of eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we cannot guarantee that attachments are! virus-free or compatible with your systems and do not accept any liability in respect of viruses or computer problems experienced. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipv6 traffic layer2-switched netflow data export on c65k
On 05/07/2009 16:51, Nick Hilliard wrote: Is there anyone out there who has managed to get layer2 netflow data export working for l2 switched ipv6 traffic on a c65k? I've been beating my head against a wall trying to get it to work and just can't seem to. hmmm, known limitation, it appears: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/nde.html#wp1171043 which reads: •The following IPv4 Netflow and NDE options are not available for IPv6 flows: [CSCek55571] •Aggregation support (ip flow-aggregation cache command) •Export of Layer 2 switched IPv6 flows •Netflow and NDE sampling •NDE filter support While this documentation is for SR, the same limitation apparently applies to SX. An internal documentation bug has been raised to get the limitations put into the SX train documentation, which doesn't currently note the problem: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/nde.html Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] cisco 7206 VXR router
Dear group, Please help me to identify 8 port Fast Ethernet Card for Cisco 7206 VXR Router and how much Bandwidth points it will be occupy, Cisco 7206 VXR (NPE-G1) 6 Slots VXR Regards J.Daniels ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Is there an 8 port FE card? There is an 8 port 10BT card but I don't know that there is an 8 port FE card... This may help. http://www.cisco.com/en/US/docs/routers/7200/configuration/7200_port_adapter_config_guidelines/3875In.html On Tue, Sep 29, 2009 at 7:46 AM, jack daniels jckdaniel...@gmail.com wrote: Dear group, Please help me to identify 8 port Fast Ethernet Card for Cisco 7206 VXR Router and how much Bandwidth points it will be occupy, Cisco 7206 VXR (NPE-G1) 6 Slots VXR Regards J.Daniels ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Here's the document you need: Cisco 7200 Bandwidth Points http://www.cisco.com/en/US/products/hw/routers/ps341/prod_presentation_list.html To add 8 FastEthernet Ports, you will need 4 * PA-2FE-TX. The NPE-G1 has 3 built-in GE interfaces. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of jack daniels Sent: terça-feira, 29 de Setembro de 2009 12:46 To: cisco-nsp@puck.nether.net Subject: [c-nsp] cisco 7206 VXR router Dear group, Please help me to identify 8 port Fast Ethernet Card for Cisco 7206 VXR Router and how much Bandwidth points it will be occupy, Cisco 7206 VXR (NPE-G1) 6 Slots VXR Regards J.Daniels ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Available port adaptors http://www.cisco.com/en/US/products/hw/modules/ps2033/ps2546/index.html Bandwidth points. http://www.cisco.com/en/US/docs/routers/7200/configuration/7200_port_adapter_config_guidelines/3875In.html#wp1053970 - Original Message - From: jack daniels jckdaniel...@gmail.com To: cisco-nsp@puck.nether.net Sent: Tuesday, September 29, 2009 12:46 PM Subject: [c-nsp] cisco 7206 VXR router Dear group, Please help me to identify 8 port Fast Ethernet Card for Cisco 7206 VXR Router and how much Bandwidth points it will be occupy, Cisco 7206 VXR (NPE-G1) 6 Slots VXR Regards J.Daniels ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ NOD32 4466 (20090929) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
I don't think any PA's exist with 8 FastE ports, only 8 Ethernet -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of jack daniels Sent: mardi 29 septembre 2009 13:46 To: cisco-nsp@puck.nether.net Subject: [c-nsp] cisco 7206 VXR router Dear group, Please help me to identify 8 port Fast Ethernet Card for Cisco 7206 VXR Router and how much Bandwidth points it will be occupy, Cisco 7206 VXR (NPE-G1) 6 Slots VXR Regards J.Daniels ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Another bughunt, this time VRF PBR
I can only now laugh at 12.4(24)T1 , *Sep 29 14:05:08.219: VT[Vi3]:Applying config commands on process VTEMPLATE Background Mgr (187) *Sep 29 14:05:08.219: VT[Vi3]:ip vrf receive TEST *Sep 29 14:05:08.219: VT[Vi3]:no ip redirects *Sep 29 14:05:08.219: VT[Vi3]:no ip unreachables *Sep 29 14:05:08.223: VT[Vi3]:ip policy route-map TEST *Sep 29 14:05:08.223: VT[Vi3]:no logging event link-status *Sep 29 14:05:08.223: VT[Vi3]:no snmp trap link-status *Sep 29 14:05:08.223: VT[Vi3]:end *Sep 29 14:05:08.235: VT:Messages from (un)cloning Vi3: % Need to enable Policy Based Routing on the interface first completely ignoring the order I specified in radius (pbr first, vrf receive second). So that is three distinct bugs now, all in the latest releases. Shame. Dave. David Freedman wrote: Hah, SRD2a is even odder, refuses to even install the per-user vrf static! This has however enabled me to home in on CSCsu33006 which sounds more likely, but it claims to be fixed in SRC4 and SRD which is annoying. Dave. David Freedman wrote: Have just tried with another live box running SRD (the original SRD) - exactly the same story. Does anybody know if this is supported or not? I'm not seeing any documentation which suggests it is not. David. David Freedman wrote: Yes, I woul absolutely love to, believe me :) Need to make sure nobody steps in at this point and claims that this is unsupported, if it is then am happy to move it to SR and away from 12.4(T) completely. David Freedman Group Network Engineering Claranet Limited http://www.clara.net -Original Message- From: Justin Shore [mailto:jus...@justinshore.com] Sent: Mon 9/28/2009 04:06 To: David Freedman Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Another bughunt, this time VRF PBR David Freedman wrote: wonder if anybody has come across this before, in 12.4(15)T, configuring a virtual-access per-user such: I hate to suggest the obvious but since there are so many bugs in 12.4(15)T have you considered bumping that to the latest minor rev? I think they're up to T7 or T8 now (must have been some bug list). Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Hi, Please help me to identify 8 port Fast Ethernet Card for Cisco 7206 VXR Router and how much Bandwidth points it will be occupy, Cisco 7206 VXR (NPE-G1) 6 Slots VXR There is no 8-port Fast-Ethernet-Card for the 7206VXR, probably you mean an 8-port Ethernet-Card (PA-8E) instead? http://www.cisco.com/en/US/docs/routers/7200/configuration/7200_port_adapter_config_guidelines/3875In.html#wp1061974 Bye, Werner -- transnet Internet Services GmbH Werner Detter - Netmaster Lilienstr. 3-5 81669 München http://www.trans.net supp...@trans.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Hi , I'm a bit confused on - Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed.. Regards On Tue, Sep 29, 2009 at 6:03 PM, Howard Jones ho...@thingy.com wrote: On 29/09/2009 13:03, Antonio Soares wrote: Here's the document you need: Cisco 7200 Bandwidth Points http://www.cisco.com/en/US/products/hw/routers/ps341/prod_presentation_list.html To add 8 FastEthernet Ports, you will need 4 * PA-2FE-TX. The NPE-G1 has 3 built-in GE interfaces. Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
On Tue, 29 Sep 2009, jack daniels wrote: I'm a bit confused on - Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed.. A common issue with routers is that they have interfaces the processors can't keep up with. i.e. a 2621 router has two built in 100baseT interfaces. Try routing 100mbit/s of traffic through a 2621, and you'll be disappointed. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
On Tue, Sep 29, 2009 at 13:13, jack daniels jckdaniel...@gmail.com wrote: I'm a bit confused on - Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed.. NPE-G1 can't really pass more that 300-400 Mb/s of traffic without experiencing serious CPU load. -- Marko CCIE #18427 (SP) My network blog: http://cisco.markom.info/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
On 29/09/2009 13:03, Antonio Soares wrote: Here's the document you need: Cisco 7200 Bandwidth Points http://www.cisco.com/en/US/products/hw/routers/ps341/prod_presentation_list.html To add 8 FastEthernet Ports, you will need 4 * PA-2FE-TX. The NPE-G1 has 3 built-in GE interfaces. Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Hi Jack, you can't add eight 100Mbit-Interfaces additionally. The NPE-G1 has 3 build-in Gbit-Ports, the 7206VXR chassis is able to handle 6 additional Cards. One 100MBit FE-Card (PA-FE-TX/FX) allocates 200 Bandwith Points, a 2-Port FE-Card (PA-2FE-TX/FX) allocates 400 BW-Points. So, you probably have to buy four PA-2FE-TX/FX-Cards (if you cannot use the build-in Gbit-Ports for your purposes *or* if you can use them buy 5 PA-FE-TX/FX-Cards :-) Bye, Werner jack daniels schrieb: Hi , I'm a bit confused on - Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed.. Regards On Tue, Sep 29, 2009 at 6:03 PM, Howard Jones ho...@thingy.com wrote: On 29/09/2009 13:03, Antonio Soares wrote: Here's the document you need: Cisco 7200 Bandwidth Points http://www.cisco.com/en/US/products/hw/routers/ps341/prod_presentation_list.html To add 8 FastEthernet Ports, you will need 4 * PA-2FE-TX. The NPE-G1 has 3 built-in GE interfaces. Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- transnet Internet Services GmbH Werner Detter - Netmaster Lilienstr. 3-5 81669 München http://www.trans.net supp...@trans.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Hi again, So, you probably have to buy four PA-2FE-TX/FX-Cards (if you cannot use the build-in Gbit-Ports for your purposes *or* if you can use them buy 5 PA-FE-TX/FX-Cards :-) Sorry, little mistake here: with four PA-2FE-Cards you'd exhaust the Bandwith-Points. For each PCI-Bus you can stick in 1xPA2-FE and 1xPA-FE then the maximum for the PCI-Bus is reached (600 BP). Bye, Werner -- transnet Internet Services GmbH Werner Detter - Netmaster Lilienstr. 3-5 81669 München http://www.trans.net supp...@trans.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
Steven Saner wrote: Is this really available? I was asking a SmartNet rep about this once and was led to believe this isn't an option. Maybe it wasn't then and is now? Maybe they were pulling my leg? Sure. For a 7206VXR the part number is SP-SW-7206VXRN. However I don't generally recommend people buy it. The software-only version doesn't come with any sort of hardware replacement. For a wee bit more you can get the RTF SmartNet (SP-RR-7206VXRN). That's Return To Factory 10-day turn around service. That's what you should get if you're implementing a sparing strategy. List on the SP-SW for a 7206VXR is $2688. List on the SP-RR is only $2895. So for a 7.7% increase in costs you can get a hardware replacement option. 8x5xNBD adds another $400 to the cost. 24x7x4 is nearly double the SP-SW option. The only time SP-SW makes sense is if you have an extremely large network and decent sparing strategy, where having a 1% hardware failure rate and eating the cost of the failed router (to replace it with a spare) costs you less than SP-RR coverage on all devices. It's also good if you have a huge inventory of spares for a given model to back you up in case the covered unit shoots craps on you. Personally I've taken my SP down the path of buying RTF coverage for everything that has a backup (hot or cold) and then putting either 8x5xNBD (AR1) or 24x7x4 (AR3) on the devices that I don't have a good backup for. The money saved was put towards buying more spares. The collection of spares also gives me a lab to work in. With those spares I can have a failed device replaced in an hour or two vs a minimum of 4 hours plus however long it takes for TAC to decide that a RMA is needed. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Abnormal CPU usage on a G1 engine
Team, I have a G1 engine in a Cisco 7206VXR and another G1 engine in a 7246VXR that are both showing almost 50% CPU usage on a network that only has 358 cable modems. I have other networks with over 3000 modems that don't create more than 25% CPU usage on their G1 engines. Everytime I check the show proc cpu output, it never shows any system processes consuming more than 5% of the CPU. Is there a process that I could be missing that is overworking both my G1 engines? Why is such a small network that passes 15 Mbps of traffic causing the CPU to work so hard? Any insight will be appreciated. Thanks again. _*7206VXR GW: *_Cisco IOS Software, 7200 Software (C7200-IPBASEK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Fri 10-Oct-08 10:10 by prod_rel_team ROM: System Bootstrap, Version 12.3(4r)T1, RELEASE SOFTWARE (fc1) BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3) Demopolis_GW uptime is 5 weeks, 5 days, 22 hours, 30 minutes System returned to ROM by reload at 15:26:06 UTC Wed Aug 19 2009 System restarted at 10:28:39 CST Wed Aug 19 2009 System image file is disk2:c7200-ipbasek9-mz.124-22.T.bin Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to exp...@cisco.com. Cisco 7206VXR (NPE-G1) processor (revision B) with 983040K/65536K bytes of memory. Processor board ID 21302151 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 6 slot VXR midplane, Version 2.1 Last reset from power-on PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points. Current configuration on bus mb1 has a total of 400 bandwidth points. This configuration is within the PCI bus capacity and is supported. PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points. Current configuration on bus mb2 has a total of 400 bandwidth points. This configuration is within the PCI bus capacity and is supported. Please refer to the following document Cisco 7200 Series Port Adaptor Hardware Configuration Guidelines on Cisco.com http://www.cisco.com for c7200 bandwidth points oversubscription and usage guidelines. 4 FastEthernet interfaces 3 Gigabit Ethernet interfaces 509K bytes of NVRAM. 500472K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes). 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- 08:59:05 AM Tuesday Sep 29 2009 CST 44333633 100 90 80 70 60 50 40 30 20 10 * 0511223344556 05050505050 CPU% per second (last 60 seconds) 3 633344534534373435444333 100 90 80 70 60 50 40 * 30 * 20 * 10 * # * * * 0511223344556 05050505050 CPU% per minute (last 60 minutes) * = maximum CPU% # = average CPU% 232222323322233323232233322332223323 663353984798075496685435438132378015517674758545776636566064498462545242 100 90 80 70 60 50 40 * **** ** * * * * * * *** * * * 30 * * ** * 20 10 051122334455667.. 0505050505050 CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU% - CPU utilization for five seconds: 3%/1%; one minute: 3%; five minutes: 3% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
Re: [c-nsp] Abnormal CPU usage on a G1 engine
One thing I noticed is your T train release - there are MD (think that's the new term) of software releases for the G1 engine. I'd suggest looking at a new IOS to see if that helps. Also, there could be several configuration items that are causing this can you post a sanitized config? Paul -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jimmy Hodges Sent: September 29, 2009 10:33 AM To: cisco-nsp@puck.nether.net Cc: Tim Smith; dbert...@zcorum.com Subject: [c-nsp] Abnormal CPU usage on a G1 engine Team, I have a G1 engine in a Cisco 7206VXR and another G1 engine in a 7246VXR that are both showing almost 50% CPU usage on a network that only has 358 cable modems. I have other networks with over 3000 modems that don't create more than 25% CPU usage on their G1 engines. Everytime I check the show proc cpu output, it never shows any system processes consuming more than 5% of the CPU. Is there a process that I could be missing that is overworking both my G1 engines? Why is such a small network that passes 15 Mbps of traffic causing the CPU to work so hard? Any insight will be appreciated. Thanks again. _*7206VXR GW: *_Cisco IOS Software, 7200 Software (C7200-IPBASEK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Fri 10-Oct-08 10:10 by prod_rel_team ROM: System Bootstrap, Version 12.3(4r)T1, RELEASE SOFTWARE (fc1) BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3) Demopolis_GW uptime is 5 weeks, 5 days, 22 hours, 30 minutes System returned to ROM by reload at 15:26:06 UTC Wed Aug 19 2009 System restarted at 10:28:39 CST Wed Aug 19 2009 System image file is disk2:c7200-ipbasek9-mz.124-22.T.bin Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to exp...@cisco.com. Cisco 7206VXR (NPE-G1) processor (revision B) with 983040K/65536K bytes of memory. Processor board ID 21302151 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 6 slot VXR midplane, Version 2.1 Last reset from power-on PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points. Current configuration on bus mb1 has a total of 400 bandwidth points. This configuration is within the PCI bus capacity and is supported. PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points. Current configuration on bus mb2 has a total of 400 bandwidth points. This configuration is within the PCI bus capacity and is supported. Please refer to the following document Cisco 7200 Series Port Adaptor Hardware Configuration Guidelines on Cisco.com http://www.cisco.com for c7200 bandwidth points oversubscription and usage guidelines. 4 FastEthernet interfaces 3 Gigabit Ethernet interfaces 509K bytes of NVRAM. 500472K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes). 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- 08:59:05 AM Tuesday Sep 29 2009 CST 44333633 100 90 80 70 60 50 40 30 20 10 * 0511223344556 05050505050 CPU% per second (last 60 seconds) 3 633344534534373435444333 100 90 80 70 60 50 40 * 30 * 20 * 10 * # * * * 0511223344556 05050505050 CPU% per minute (last 60 minutes) * = maximum CPU% # = average CPU% 232222323322233323232233322332223323 663353984798075496685435438132378015517674758545776636566064498462545242 100 90 80 70 60 50 40 * **** ** * * * * * * *** * * * 30 * * ** * 20
Re: [c-nsp] cisco 7206 VXR router
Detter Werner wrote: Hi Jack, you can't add eight 100Mbit-Interfaces additionally. The NPE-G1 has 3 build-in Gbit-Ports, the 7206VXR chassis is able to handle 6 additional Cards. One 100MBit FE-Card (PA-FE-TX/FX) allocates 200 Bandwith Points, a 2-Port FE-Card (PA-2FE-TX/FX) allocates 400 BW-Points. So, you probably have to buy four PA-2FE-TX/FX-Cards (if you cannot use the build-in Gbit-Ports for your purposes *or* if you can use them buy 5 PA-FE-TX/FX-Cards :-) I would buy a switch with at least one Gbit port and eight FE ports and trunk to VLANs. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Abnormal CPU usage on a G1 engine
Paul Stewart wrote: One thing I noticed is your T train release - there are MD (think that's the new term) of software releases for the G1 engine. I'd suggest looking at a new IOS to see if that helps. Also, there could be several configuration items that are causing this can you post a sanitized config? Paul -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jimmy Hodges Sent: September 29, 2009 10:33 AM To: cisco-nsp@puck.nether.net Cc: Tim Smith; dbert...@zcorum.com Subject: [c-nsp] Abnormal CPU usage on a G1 engine Team, I have a G1 engine in a Cisco 7206VXR and another G1 engine in a 7246VXR that are both showing almost 50% CPU usage on a network that only has 358 cable modems. I have other networks with over 3000 modems that don't create more than 25% CPU usage on their G1 engines. Everytime I check the show proc cpu output, it never shows any system processes consuming more than 5% of the CPU. Is there a process that I could be missing that is overworking both my G1 engines? Why is such a small network that passes 15 Mbps of traffic causing the CPU to work so hard? Any insight will be appreciated. Thanks again. _*7206VXR GW: *_Cisco IOS Software, 7200 Software (C7200-IPBASEK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Fri 10-Oct-08 10:10 by prod_rel_team ROM: System Bootstrap, Version 12.3(4r)T1, RELEASE SOFTWARE (fc1) BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3) Demopolis_GW uptime is 5 weeks, 5 days, 22 hours, 30 minutes System returned to ROM by reload at 15:26:06 UTC Wed Aug 19 2009 System restarted at 10:28:39 CST Wed Aug 19 2009 System image file is disk2:c7200-ipbasek9-mz.124-22.T.bin Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to exp...@cisco.com. Cisco 7206VXR (NPE-G1) processor (revision B) with 983040K/65536K bytes of memory. Processor board ID 21302151 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 6 slot VXR midplane, Version 2.1 Last reset from power-on PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points. Current configuration on bus mb1 has a total of 400 bandwidth points. This configuration is within the PCI bus capacity and is supported. PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points. Current configuration on bus mb2 has a total of 400 bandwidth points. This configuration is within the PCI bus capacity and is supported. Please refer to the following document Cisco 7200 Series Port Adaptor Hardware Configuration Guidelines on Cisco.com http://www.cisco.com for c7200 bandwidth points oversubscription and usage guidelines. 4 FastEthernet interfaces 3 Gigabit Ethernet interfaces 509K bytes of NVRAM. 500472K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes). 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- 08:59:05 AM Tuesday Sep 29 2009 CST 44333633 100 90 80 70 60 50 40 30 20 10 * 0511223344556 05050505050 CPU% per second (last 60 seconds) 3 633344534534373435444333 100 90 80 70 60 50 40 * 30 * 20 * 10 * # * * * 0511223344556 05050505050 CPU% per minute (last 60 minutes) * = maximum CPU% # = average CPU% 232222323322233323232233322332223323 663353984798075496685435438132378015517674758545776636566064498462545242 100 90 80 70 60 50 40 * **** ** * * * * * * *** * * * 30 * * ** * 20
[c-nsp] Direct traffic from a tunnel to another tunnel
CISCO Pix 506e 6.x Cisco Pix 515 6.x Location A Location B Main Office I have the following MAIN OFFICE* INternet router | Border Switch | | Location A-ASA---Pix 506 Pix 515---Location B-ASA | | LAN-SWITCH(Layer 2 only) | LAN servers/Clients There is a L2L tunnel from the 515 Pix (Main office) to another Pix in Location B. There is another L2L tunnel from Location A to Main Office in the 506e. My question is: how do I route the traffic from 506 Tunnel from Location A to 515 Tunnel tocation B without adding any other device or hardware? What commands/settings would I need to modify in the 506 and the 515 to make this possible? Thanks John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Jon Lewis wrote: On Tue, 29 Sep 2009, jack daniels wrote: I'm a bit confused on - Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed.. A common issue with routers is that they have interfaces the processors can't keep up with. i.e. a 2621 router has two built in 100baseT interfaces. Try routing 100mbit/s of traffic through a 2621, and you'll be disappointed. 2801 and 2811 have 10/100 ports, the 2821 has 1000/100/10 ports. Same principle still applies though. ;) ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
Hi, On Tue, Sep 29, 2009 at 09:29:54AM -0500, Justin Shore wrote: Sure. For a 7206VXR the part number is SP-SW-7206VXRN. However I don't generally recommend people buy it. The software-only version doesn't come with any sort of hardware replacement. For a wee bit more you can get the RTF SmartNet (SP-RR-7206VXRN). That's Return To Factory 10-day How do people get these part numbers? For our smartnet contracts, getting the right numbers for various 6500+sup720 combinations seems to be nearly impossible. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpOJZuAFl9Lw.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
Richey, No it is not right. 1. Anybody that has paid for software, should *never* have to pay for bug fixes. See http://resources.multiven.com/dossier-3 2. Forcing people to pay for a service they haven't used is extortionhttp://en.wikipedia.org/wiki/Extortion- a criminal act - seek legal counsel Bad things will continue to happen until good people take action. See what happened when people protested about the inefficient download tool? It got fixed. Furthermore, there are alternatives to manufacturer network maintenance services - a google search will reveal options. We live in a free world, let's start acting as such. Eninja :) On Mon, Sep 28, 2009 at 1:54 PM, Richey myli...@battleop.com wrote: One of my customers called me today to ask me if this sounds right. I don't much about smartnet but I told him I knew where to ask about this.He said they let their initial smartnet contract expire about 5 years ago because they never used the support and management couldn't justify the cost.Now they need a newer image because the current one they are using is buggy for whatever it is they are trying to do. They contacted their rep and the rep said Cisco wants them to pay for the last 5 years of smartnet plus however many going forward in order to get the image. They were quoted over $25k just to upgrade an image. The part that sounds fishy is being forced to pay for 5 years of smartnet. Does this sound right? Richey ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
:) A common issue with routers is that they have interfaces the processors can't keep up with. i.e. a 2621 router has two built in 100baseT Better worded, a common issue with vendor C is that they have processors that the interfaces can't keep up with. Other vendors including one that starts with a J have fewer issues in this area.;) - Original Message - From: Seth Mattinen se...@rollernet.us To: cisco-nsp@puck.nether.net Sent: Tuesday, September 29, 2009 10:06 AM Subject: Re: [c-nsp] cisco 7206 VXR router Jon Lewis wrote: On Tue, 29 Sep 2009, jack daniels wrote: I'm a bit confused on - Also, don't assume that because you can add 8 100Mbit interfaces, that you can use them at full speed.. A common issue with routers is that they have interfaces the processors can't keep up with. i.e. a 2621 router has two built in 100baseT interfaces. Try routing 100mbit/s of traffic through a 2621, and you'll be disappointed. 2801 and 2811 have 10/100 ports, the 2821 has 1000/100/10 ports. Same principle still applies though. ;) ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Hardware for 'managed firewall'
We want to provide a hosted/managed firewall service for our MPLS customers. Is a pair of ASA's with multiple contexts the best way to do this or would something else work better? I'm not concerned with the customers being able to make changes themselves. Thanks dave -- Dave Weis djw...@internetsolver.com http://www.internetsolver.com/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hardware for 'managed firewall'
I also believe you can do this with Junipers and Checkpoint VSX boxes Dave Weis wrote: We want to provide a hosted/managed firewall service for our MPLS customers. Is a pair of ASA's with multiple contexts the best way to do this or would something else work better? I'm not concerned with the customers being able to make changes themselves. Thanks dave No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.114/2402 - Release Date: 09/29/09 05:54:00 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Scott Granados wrote: Better worded, a common issue with vendor C is that they have processors that the interfaces can't keep up with. Other vendors including one that starts with a J have fewer issues in this area.;) I think you have it bass-ackwards. There are interfaces that the processors can't keep up with. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
Gert Doering wrote: How do people get these part numbers? For our smartnet contracts, getting the right numbers for various 6500+sup720 combinations seems to be nearly impossible. Gert, Two ways that I can think of. The first is from the Global Price List on cisco.com: https://tools.cisco.com/qtc/pricing/MainServlet Or by way of the Dynamic Config Tool when you build a quote: https://apps.cisco.com/qtc/config/jsp/configureHome.jsp I'm assuming that all registered users have access to that information. My CCO has several entitlements added to it so it's possible that other CCOs can't access the same data. Your AM should be able to get the GPL added to your CCO though. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smartnet pricing?
On 29/09/2009 19:20, e ninja wrote: No it is not right. 1. Anybody that has paid for software, should *never* have to pay for bug fixes. See http://resources.multiven.com/dossier-3 That is an interesting wish-list. Have you considered what it would do to the price of software if vendors were made liable? I can't imagine the insurance premiums, and the gratuitous law suits. Worse still, open source would be killed by it. I know that if I were to be held liable, I wouldn't ever release anything or contribute anything to open source software. 2. Forcing people to pay for a service they haven't used is extortionhttp://en.wikipedia.org/wiki/Extortion- a criminal act - seek legal counsel Legal counsel would probably argue that if you left your support subscription lapse and then attempted to renew it several years later, that the reason for doing so was because of some failure outside the manufacturer's control, and that you were pulling a fast one. I'm not a lawyer. Are you? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hardware for 'managed firewall'
Hi, Dave Weis djw...@internetsolver.com wrote: We want to provide a hosted/managed firewall service for our MPLS customers. Is a pair of ASA's with multiple contexts the best way to do this or would something else work better? I'm not concerned with the customers being able to make changes themselves. No experience in actually doing this but I would say no. :) There is no (or it is so small I have missed it) sharing of object data between contexts and so you will find your self spending all your time trying to keep in sync the common parts of each context. Instead you should apply simple RPF (if you do not have them already) rules so that all the IP traffic coming from your custom does come from their own allocated address space (prevent spoofing). After you have done that, each customer can just be a raw IP range on whatever (single instance) firewall platform you wish to purchase making manglement of the whole thing just feel like a regular LAN. Of course things get fun if you add multicast traffic and/or asymmetric routing :) Cheers -- Alexander Clouter .sigmonster says: ahzz_ i figured 17G oughta be enough. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
You're right, I was trying to express that the interfaces were able to out perform / to fast for the processor. I.E. the 2621 example someone listed earlier. - Original Message - From: Jay Hennigan j...@west.net To: cisco-nsp@puck.nether.net Sent: Tuesday, September 29, 2009 12:39 PM Subject: Re: [c-nsp] cisco 7206 VXR router Scott Granados wrote: Better worded, a common issue with vendor C is that they have processors that the interfaces can't keep up with. Other vendors including one that starts with a J have fewer issues in this area.;) I think you have it bass-ackwards. There are interfaces that the processors can't keep up with. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 7206 VXR router
Agreed, but I think he was pointing out the fact that it's not routers that have this problem, it's c-routers :). -Aaron Jay Hennigan wrote: Scott Granados wrote: Better worded, a common issue with vendor C is that they have processors that the interfaces can't keep up with. Other vendors including one that starts with a J have fewer issues in this area.;) I think you have it bass-ackwards. There are interfaces that the processors can't keep up with. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Internal Virus Database is out of date. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.111/2386 - Release Date: 09/21/09 05:51:00 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hardware for 'managed firewall'
On Tue, 29 Sep 2009, Christopher Hunt wrote: As I painfully discovered, the Cisco ASA in Multiple Context mode does not support IPSEC VPN clients nor L2TP3 tunnels ( http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ike.html ), so choose your features carefully. Eventually, we went with individual [sets of] firewalls for each customer. That's a pretty big omission! Any ETA to add that capability? -- Dave Weis djw...@internetsolver.com http://www.internetsolver.com/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Hardware for 'managed firewall'
Dave, As I painfully discovered, the Cisco ASA in Multiple Context mode does not support IPSEC VPN clients nor L2TP3 tunnels ( http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ike.html ), so choose your features carefully. Eventually, we went with individual [sets of] firewalls for each customer. -- Christopher Hunt ReachONE Internet, Inc. (360)456-5640 www.reachone.com -- Message: 5 Date: Tue, 29 Sep 2009 12:49:47 -0500 (CDT) From: Dave Weis djw...@internetsolver.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] Hardware for 'managed firewall' Message-ID: pine.lnx.4.63.0909291238020.8...@charmed.internetsolver.com Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed We want to provide a hosted/managed firewall service for our MPLS customers. Is a pair of ASA's with multiple contexts the best way to do this or would something else work better? I'm not concerned with the customers being able to make changes themselves. Thanks dave -- Dave Weis djw...@internetsolver.com http://www.internetsolver.com/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hardware for 'managed firewall'
Dave Weis wrote: We want to provide a hosted/managed firewall service for our MPLS customers. Is a pair of ASA's with multiple contexts the best way to do this or would something else work better? I'm not concerned with the customers being able to make changes themselves. We do this with a pair of FWSMs in a pair of 7600s. Customers in our data center reside in MPLS/VPNs. The FWSMs upstream in the network are their ticket out of the MPLS/VPN and out to the Internet. Each customer is in their own context. Not too difficult. We could have done this with ASAs but they do not scale as well. If you want to start cheaply then yes you can use ASAs but research their limitations (especially, # of context and throughput vs price). Also be sure that you understand that you can not use VPN on a ASA with multiple contexts. If you need to terminate VPN services (L2L or client) and put them into isolated customer environments on the secured side of the network then you need to look into a router-based platform. So you know, no Cisco firewalls are MPLS-aware; that includes the FWSM. However you don't really need it since you only need to map VLANs to it. The VLANs themselves can be in the necessary VRF, thus making that context partially in that VRF. ie, VLAN 100 is in the privately-addressed customer VRF and is assigned to the context and used as the inside interface. VLAN 200 is publicly-addressed, not in a defined VRF (default VRF or wherever you keep your public Internet at), is assigned to the context and is used as the outside interface. The customer can manage their own context if they want but we don't yet have any that do this. You could let customers bring their own FW if they want by mapping the inside and outside VLANs to switchports in your data center (one on the public side and one in the customer VRF) and letting the users use those. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OT: Router//Switches Hardware inventory
Hello List, Do you know an open source tool for router hardware inventory? I have many Cisco devices with many cards inserted, and manage the inventory via Excel Format is hard... please any suggestion? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: Router//Switches Hardware inventory
Hi, Do you know an open source tool for router hardware inventory? I have many Cisco devices with many cards inserted, and manage the inventory via Excel Format is hard... please any suggestion? RANCID is pretty good at pulling the details out. you can then look through the resulting files for eg serial numbers , part numbers etc. beware - its command line stuff - though you can add a webified system with a web based CVS tool, for example. alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: Router//Switches Hardware inventory
On 29/09/2009 23:23, omar parihuana wrote: Do you know an open source tool for router hardware inventory? I have many Cisco devices with many cards inserted, and manage the inventory via Excel Format is hard... please any suggestion? RANCID (http://www.shrubbery.net/rancid/) will manage version control for your router configurations, but at the top of each configuration file, it will also attempt to do a semi-intelligent internal inventory of the router, down to blade level. The down-side is that the configuration is stored in unstructured text. If you want something which gives structured text, use show inventory on your equipment. The output of this command can be parsed, and if you're running rancid or something similar which allows scripted access to your kit, you can script this to provide structured lists of equipment. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] moving to Zone Based Firewall
I have an 1811 with an old cfg on it. I want to update it to use zone based rules. However the SDM is telling me that the legacy firewall is in place, and I need to remove them. I am a security and routing newbie. Can someone point me in the right direction ? I have attached the relevant parts. I cannot shut the router down or remove it to work on it ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname ! boot-start-marker boot system flash:c181x-advipservicesk9-mz.124-15.T7.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 52000 ! aaa new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! ! aaa session-id common clock timezone PST -8 clock summer-time PST recurring ! crypto pki trustpoint TP-self-signed-1717698609 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1717698609 revocation-check none rsakeypair TP-self-signed-1717698609 ! ! crypto pki certificate chain TP-self-signed-1717698609 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer dot11 syslog no ip source-route ! ! ip cef no ip dhcp use vrf connected ! ! no ip bootp server ip domain name mgvfs.mcleannet ip inspect log drop-pkt ip inspect name SDM_MEDIUM dns ip inspect name SDM_MEDIUM ftp ip inspect name SDM_MEDIUM h323 ip inspect name SDM_MEDIUM icmp ip inspect name SDM_MEDIUM imap reset ip inspect name SDM_MEDIUM pop3 reset ip inspect name SDM_MEDIUM realaudio ip inspect name SDM_MEDIUM esmtp ip inspect name SDM_MEDIUM sqlnet ip inspect name SDM_MEDIUM tftp ip inspect name SDM_MEDIUM tcp ip inspect name SDM_MEDIUM udp ip ips notify SDEE ip ips name sdm_ips_rule ! multilink bundle-name authenticated ! key chain EIGRP_KEY key 1 key-string 7 ! ! ! spanning-tree portfast bpduguard spanning-tree vlan 1 priority 8192 no spanning-tree vlan 1 spanning-tree vlan 2 priority 8192 no spanning-tree vlan 2 spanning-tree vlan 3 priority 8192 no spanning-tree vlan 3 ! ! crypto isakmp policy 2 encr aes authentication pre-share group 2 crypto isakmp key showmethe$ address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 3600 ! ! crypto ipsec transform-set DMVPN esp-aes esp-sha-hmac mode transport ! crypto ipsec profile SDM_Profile1 set transform-set DMVPN ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh version 2 ! class-map match-any AutoQoS-VoIP-Remark match ip dscp ef match ip dscp cs3 match ip dscp af31 class-map match-any AutoQoS-VoIP-Control-UnTrust match access-group name AutoQoS-VoIP-Control class-map match-any AutoQoS-VoIP-RTP-UnTrust match protocol rtp audio match access-group name AutoQoS-VoIP-RTCP match ip dscp ef ! ! policy-map AutoQoS-Policy-UnTrust class AutoQoS-VoIP-RTP-UnTrust priority percent 70 set dscp ef class AutoQoS-VoIP-Control-UnTrust bandwidth percent 5 set dscp af31 class AutoQoS-VoIP-Remark set dscp default class class-default fair-queue ! ! ! ! interface Tunnel0 bandwidth 1000 ip address no ip redirects ip mtu 1400 ip flow ingress ip flow egress ip authentication mode eigrp 50 md5 ip authentication key-chain eigrp 50 EIGRP_KEY ip nhrp authentication DMVPN_NW ip nhrp map ip nhrp map multicast ip nhrp network-id 10 ip nhrp holdtime 360 ip nhrp nhs ip virtual-reassembly ip tcp adjust-mss 1360 ip summary-address eigrp 50 delay 1000 qos pre-classify tunnel source FastEthernet0 tunnel mode gre multipoint tunnel key 10 tunnel protection ipsec profile SDM_Profile1 ! interface Null0 no ip unreachables ! interface FastEthernet0 description $FW_OUTSIDE$ ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip inspect SDM_MEDIUM out ip ips sdm_ips_rule in ip virtual-reassembly ip route-cache flow duplex auto speed auto max-reserved-bandwidth 100 ! interface FastEthernet1 ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 description trunk to switch switchport mode trunk ! interface Vlan1 ip address ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1360 ! interface Vlan2 ip address ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1360 ! interface Vlan3 ip address no ip redirects no ip unreachables no ip proxy-arp ip nat
Re: [c-nsp] Hardware for 'managed firewall'
On 30/09/2009, at 7:08 AM, Dave Weis wrote: On Tue, 29 Sep 2009, Christopher Hunt wrote: As I painfully discovered, the Cisco ASA in Multiple Context mode does not support IPSEC VPN clients nor L2TP3 tunnels That's a pretty big omission! Any ETA to add that capability? Yeah, they've never supported VPN in multi-context mode. Major pain. And if you are a dense hosting provider the 50 context limit (and limited performance) of a 5540 for example doesn't work too well. These issues made us look around again and J-Vendor's boxes are making the ASA's look a bit ordinary. David ... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: Router//Switches Hardware inventory
On Tue, Sep 29, 2009 at 6:50 PM, Nick Hilliard n...@inex.ie wrote: On 29/09/2009 23:23, omar parihuana wrote: Do you know an open source tool for router hardware inventory? I have many Cisco devices with many cards inserted, and manage the inventory via Excel Format is hard... please any suggestion? RANCID (http://www.shrubbery.net/rancid/) will manage version control for your router configurations, but at the top of each configuration file, it will also attempt to do a semi-intelligent internal inventory of the router, down to blade level. The down-side is that the configuration is stored in unstructured text. If you want something which gives structured text, use show inventory on your equipment. The output of this command can be parsed, and if you're running rancid or something similar which allows scripted access to your kit, you can script this to provide structured lists of equipment. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ There's also a 'show inventory raw'...for what it's worth -- Just my $.02, your mileage may vary, batteries not included, etc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: Router//Switches Hardware inventory
Netdisco does a tremendous job of hardware inventory. It discovers new devices via CDP and stores it's data in a database. It knows about blades, wics, and NM modules (with serial numbers for all) http://www.netdisco.org Sent from my iPhone. On Sep 29, 2009, at 5:39 PM, omar parihuana omar.parihu...@gmail.com wrote: Hello List, Do you know an open source tool for router hardware inventory? I have many Cisco devices with many cards inserted, and manage the inventory via Excel Format is hard... please any suggestion? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ NOTICE TO RECIPIENT: The information contained in this message from Great River Energy and any attachments are confidential and intended only for the named recipient(s). If you have received this message in error, you are prohibited from copying, distributing or using the information. Please contact the sender immediately by return email and delete the original message. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hardware for 'managed firewall'
On Wed, 30 Sep 2009, David Hughes wrote: On 30/09/2009, at 7:08 AM, Dave Weis wrote: On Tue, 29 Sep 2009, Christopher Hunt wrote: As I painfully discovered, the Cisco ASA in Multiple Context mode does not support IPSEC VPN clients nor L2TP3 tunnels That's a pretty big omission! Any ETA to add that capability? Yeah, they've never supported VPN in multi-context mode. Major pain. And if you are a dense hosting provider the 50 context limit (and limited performance) of a 5540 for example doesn't work too well. These issues made us look around again and J-Vendor's boxes are making the ASA's look a bit ordinary. I never enjoyed working on the netscreens. I suppose if each virtual firewall customer could get the same awkward web interface for self provisioning it could be made to work. -- Dave Weis djw...@internetsolver.com http://www.internetsolver.com/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hardware for 'managed firewall'
netscreen management (cli/NSM) is one of the worst i've ever encountered as far as the topic at hand - i agree w/ Justin's comments - what i've done in past is FWSM's in the chassis and a pair of asa's for vpn termination On Tue, Sep 29, 2009 at 8:23 PM, Dave Weis djw...@internetsolver.com wrote: On Wed, 30 Sep 2009, David Hughes wrote: On 30/09/2009, at 7:08 AM, Dave Weis wrote: On Tue, 29 Sep 2009, Christopher Hunt wrote: As I painfully discovered, the Cisco ASA in Multiple Context mode does not support IPSEC VPN clients nor L2TP3 tunnels That's a pretty big omission! Any ETA to add that capability? Yeah, they've never supported VPN in multi-context mode. Major pain. And if you are a dense hosting provider the 50 context limit (and limited performance) of a 5540 for example doesn't work too well. These issues made us look around again and J-Vendor's boxes are making the ASA's look a bit ordinary. I never enjoyed working on the netscreens. I suppose if each virtual firewall customer could get the same awkward web interface for self provisioning it could be made to work. -- Dave Weis djw...@internetsolver.com http://www.internetsolver.com/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/