Re: [c-nsp] IOS, IOS-XR and RANCID
:- Simon == Simon Muyal mu...@renater.fr writes: Hello all, We have a network composed by Cisco equipment running IOS and IOS-XR. We run RANCID to manage/backup our configurations. Is anybody has experience on this software with both versions (IOS and IOS-XR)? We have difficulties to integrate both versions simultaneously in the same RANCID process (problem of user and admin mode execution) if you refer to rancid not being able to look at full show diag because it requires admin mode, you can apply the following patch, the trick being that you can use admin mode commands by using run and calling the real executable (in this case run show_diag admin). The rest of the patch quenches some constantly changing disk size output. --- rancid-original 2006-06-06 14:23:42.0 +0200 +++ rancid 2008-06-20 08:47:09.0 +0200 @@ -665,6 +665,8 @@ return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; + s/\d+ bytes total \(\d+ bytes free\)/ CRS harddisks sizes skipped / if ($type =~ /CRS/ and $cmd =~ /(harddisk|bootflash|disk0)/); + s/.*(uptime|temp)_cont/! CRS constantly changing $1_cont skipped / if ($type =~ /CRS/ and $cmd =~ /(harddisk|bootflash|disk0)/); # the pager can not be disabled per-session on the PIX if (/^(-+ More -+)/) { my($len) = length($1); @@ -1610,7 +1612,7 @@ if (defined($ENV{'NOCOMMSTR'})) { my($ip) = $1; my($line) = snmp-server host $ip; - my(@tokens) = split(' ', $'); + my(@tokens) = split(' ', $'); #' (This comment fixes emacs fontification) my($token); while ($token = shift(@tokens)) { if ($token eq 'version') { @@ -1753,7 +1755,7 @@ {'show controllers' = 'ShowContAll'}, {'show controllers cbus'= 'ShowContCbus'}, {'show diagbus' = 'ShowDiagbus'}, - {'admin show diag' = 'ShowDiag'}, + {'run show_diag admin' = 'ShowDiag'}, {'show diag'= 'ShowDiag'}, {'show module' = 'ShowModule'}, # cat 6500-ios {'show spe version' = 'ShowSpeVersion'}, -- --- Pierfrancesco Caci | Network System Administrator - INOC-DBA: 6762*PFC p.c...@seabone.net | Telecom Italia Sparkle - http://etabeta.noc.seabone.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS, IOS-XR and RANCID
Hi. We have a network composed by Cisco equipment running IOS and IOS-XR. We run RANCID to manage/backup our configurations. Is anybody has experience on this software with both versions (IOS and IOS-XR)? We have difficulties to integrate both versions simultaneously in the same RANCID process (problem of user and admin mode execution) Instead of trying to fix the existing IOS module, I created a new one specific for IOS XR. The patch is avaliable through the RANCID mailinglist, see: http://www.shrubbery.net/pipermail/rancid-discuss/2009-November/004385.html Features in this module are: * Auto-enabled is default on XR devices (no more tweaking of the .clogin file) * Time-stamps are disabled before extracting data (times-stamps are default on since 3.8) * Commands are run both from user and admin modes -- Pelle ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Experiences with STM-16 to GE multiplexers/converters?
Hi all, Does somebody has experiences with STM-16 to GE multiplexers/converters? We have several links from a fiber distributor which expects STM-16 framing (there are some active WDMs etc.). At the moment we have an SDH overlay and SDH components at each POP. They divide the STM-16 to at least one time STM-4 (and the router handles the STM-4). We want to get rid of the SDH components, and use GE at the router side. Therefore, we want to split the STM-16 (2.5GBit/s) in 2x or 4x GE lines (yes, 4x is oversubscribed, but for backup links ok). We have found, for example, this SDH multiplexer: http://www.pandacomdirekt.com/de/produkte/netztopologie/sdh/speed-dualmux-sfp-25.html Does somebody has experiences and/or other verdors? Thanks in anticipation, Tim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?
Hi, Glad it helped. by suboptimal I meant the fact it is possible (simply by sending to ..) to flood the traffic from one isolated access switch port through distribution layer, into the rest of the switching fabric infra simply due to the fact that all uplink/downlink ports are switchport mode trunks. Obviously the traffic does not get into the end-user ports, but still the trunk are utilized - hence the functionality is little different then the expected pseudowire functionality. One would expect to have some kind of feature configured on the distribution layer that would not forward the traffic to the rest of the switching fabric, just to the uplink port into the core layer - this is probably what the private-vlan trunk is trying to do. -pavel skovajsa On Wed, Jan 13, 2010 at 8:41 PM, Sven 'Darkman' Michels s...@darkman.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Pavel, first of all, thanks for your fast response! Pavel Skovajsa schrieb: If I understood you correctly you can get around these limitations by using the PVLAN feature on the end-user ports only and not on the internal switch-to-switch links. On those links you can use normal trunk ports and spread the PVLAN to your 6509 and terminate it on L3 VLAN int. Ah, okay, i thought i need the private-vlan trunk mode, and when i enabled it, it just crashed my port channel (as in removed the port from it, which was not what i wanted..). On your distribution (6509) you configure: interface Vlan10 ip sticky-arp ignore --- this is important as PVLAN VLAN interface gets sticky arp by default (for some unknown reason) no ip proxy-arp private-vlan mapping 100 and normal trunk port towards the switch fabric: interface GigabitEthernet6/1 switchport mode trunk Ah okay, then i'll try that one, i just limited the vlans a bit, of course ;) Yes this is probably suboptimal to what you would like to accoplish however the end effect is that the end-user ports cannot communicate with each other - which is probably what you want. Why is that suboptimal? From what you described and what i unterstood, it works like i want: having a etherchannel to my core and protected ports on my edge. If the SVI is reachable from my edge, and other hosts are not, than i have what i want. But maybe i missed something...? Another alternative is the private-vlan trunk feature which is described over here http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/pvlans.html#wp1166138 - the trouble is that AFAIK currently it works only on C4500. That was what i thought i need, its available on the 3560 but it killed the etherchannel... and pvlan documentation says you cannot enable pvlans on an etherchannel, which is right as if you enable any of the pvlan commands on a etherchannel port, it gets removed from the etherchannel... but it seems that normal trunks just work for that - great ;) So, from what i know now, it should work like i want... just need to test if it works with more than one switches etc. but at the moment it think it will do so far. Thanks again for your help :) Regards, Sven -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktOIc8ACgkQQoCguWUBzBz48ACgjX54FYRh9fpzRmobTElDvXvv 8S8An1fyaboYKoWPuZErysZ6c9OH5Kyi =O52n -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Pavel, Pavel Skovajsa schrieb: by suboptimal I meant the fact it is possible (simply by sending to ..) to flood the traffic from one isolated access switch port through distribution layer, into the rest of the switching fabric infra simply due to the fact that all uplink/downlink ports are switchport mode trunks. Obviously the traffic does not get into the end-user ports, but still the trunk are utilized - hence the functionality is little different then the expected pseudowire functionality. Ah, okay. But that i try to limit with other features (things like limited broadcast for a port etc.) so this should not be a big deal, should it? The main goal is to prevent local attacks from one server to another, like having a compromised host sniffing the rest after flooding the mac table, or do some arp spoofing... or what so ever ;) This should be still the case, even with the trunks, right? Regards, Sven -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktPGNQACgkQQoCguWUBzBwD/ACeNDAYcSG91XlsE9cCRnW7ZQK1 2GkAnitdSGedsjhj+u+lBkTEKznPULqe =/mF3 -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP to OSPF redistribution
On Wed, Jan 13, 2010 at 04:25:04PM -0500, null zeroroute wrote: Very good suggestion, however the provider is not sending the internet routing table, only our own internal network's routes. Or are you suggesting some providers make mistakes and send full internet tables to a private VRF customer? What he's saying is that any time you redistribute BGP into $IGP, you are playing with fire. The likelihood of a mistake may be low but the cost of a mistake is high. One thing you'll definitely want to use is the 'redistribute maximum-prefix' command: router ospf $PID redistribute maximum-prefix $LIMIT This should help limit the damage if there's a redistribution accident. --Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DS3 over STM1
Hello Ian: -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Gert Doering Sent: Wednesday, January 13, 2010 1:19 AM To: Ian Henderson Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] DS3 over STM1 Hi, On Tue, Jan 12, 2010 at 11:15:10PM +0800, Ian Henderson wrote: The new carrier has provisioned a 45Mbit clear channel service with a DS3 at the remote site, and a channelised STM1 at the head office. I can't seem to find a combination of router/card/mux to make this work. I'd ask the carrier to deliver clear channel DS3 on both ends. After all, that's what you ordered (give us a DS3!), no? gert -- I'm not sure what platform you have, but there are channelized STM-1 cards for the 7200, 7500 and the 1000 series routers. You should be able to peel off a single DS-3 on the STM-1 and get the right framing and signaling to carry it through to your other location. Google channelized stm-1 cisco Regards, Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco UCS
Our local sales team has really been bombarding us with material on Cisco's UCS (Unified Compute System) as of late, and I was wondering who on this list has begun deployment of UCS. If you have decided to deploy, how has your experience been? Also, I'd like to hear how you were able to convince your server folks to switch from HP/Dell/IBM/etc., to a Cisco based hardware platform. Thanks, -- Eric Cables ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DS3 over STM1
Hi, On Thu, Jan 14, 2010 at 09:16:06AM -0800, Michael K. Smith - Adhost wrote: I'm not sure what platform you have, but there are channelized STM-1 cards for the 7200, 7500 and the 1000 series routers. You should be able to peel off a single DS-3 on the STM-1 and get the right framing and signaling to carry it through to your other location. Google channelized stm-1 cisco If I understood the original poster correctly, none of them did STM-1 and DS3 - it's either all the way down to E1 or E3. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpHdPzIoeYpB.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco frame-relay termination without a frame switch -update
Just putting this out there in case it helps someone. This example shows a 7200 with two connected routers. I also got fram-relay termination working with a 6500 but that platform does not seems to support the command needed to create frame-relay PVC's the frame-relay route command. Another thing I found for some reason on the 7200 I had to disable frame-relay inverse arp with the frame-relay map command for it to work. On the 6500 this was not an issue. I also noticed on the 7200 that on some interfaces for whatever reason, int ser5/0:1 I needed to have the frame-relay map statement for 1.1.1.1 to be able to ping it. This again was not an issue on the 6500. Also remember you will need frame-relay switching command in global config mode for the router to be turned into a frame-switch. Hope this helps someone. Thanks, Paul 7200: config - c7200-p-mz.122-17a.bin interface Serial5/0:1 ip address 1.1.1.1 255.255.255.252 encapsulation frame-relay IETF frame-relay map ip 1.1.1.1 500 frame-relay map ip 1.1.1.2 500 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 40 interface Serial5/1:1 40 ! interface Serial5/0:1.30 point-to-point ip address 1.1.1.9 255.255.255.252 frame-relay interface-dlci 30 ! interface Serial5/1:1 ip address 1.1.1.5 255.255.255.252 encapsulation frame-relay IETF frame-relay map ip 1.1.1.5 500 frame-relay map ip 1.1.1.6 500 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 40 interface Serial5/0:1 40 site A: interface Serial0 ip address 1.1.1.2 255.255.255.252 encapsulation frame-relay IETF frame-relay interface-dlci 500 frame-relay lmi-type ansi ! interface Serial0.30 point-to-point ip address 1.1.1.10 255.255.255.252 frame-relay interface-dlci 30 ! interface Serial0.40 point-to-point ip address 1.1.1.13 255.255.255.252 frame-relay interface-dlci 40 IETF ! Site B: interface Serial0 ip address 1.1.1.6 255.255.255.252 encapsulation frame-relay IETF frame-relay interface-dlci 500 frame-relay lmi-type ansi ! interface Serial0.40 point-to-point description PRIVATE PVC back to 1st t1. ip address 1.1.1.14 255.255.255.252 frame-relay interface-dlci 40 IETF From: P.A [mailto:ra...@meganet.net] Sent: Wednesday, January 06, 2010 2:41 PM To: 'cisco-nsp@puck.nether.net' Subject: cisco frame-relay termination without a frame switch Hi, we have a frame-relay switch that is no longer working. we have 28 t1s on a channelized T3. I was wondering if anyone knows how and if it's possible to terminate frame lines on a cisco, either a 7200 or 6500 without a frame switch. I followed the example here, http://www.ciscopress.com/articles/article.asp?p=170741 http://www.ciscopress.com/articles/article.asp?p=170741seqNum=7 amp;seqNum=7 but this will not work for me as it assumes you have 2 different frame-relay circuits on two different t1 ports. I'm using a PA MC T# canrd and I also tried creating sub interfaces off the t1 channel, but when I use the frame-relay route command I gives me an error that both DLCIs are on the same interface L. All I'm trying to do is terminate a frame-relay on a cisco without a frame-relay switch. if this possible could someone give me an example or point me in that direction. thanks! paul ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF on ASA with large routing tables
We're considering running OSPF on handful of core ASA 5580 but our routing table is somewhat large (roughly 10,000 routes). Does anyone have any experience running OSPF on an ASA platform with a large number of routes on a production network. Did you run into any limitations or issues. We don't plan on running mutiple context and will not have a large number of peers/neighbors just a large routing table. Thanks, Greg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF on ASA with large routing tables
We run a 5540 with about 8500 routes with no real problems. I do plan on doing some filtering just to minimize the size of its table for efficiency. FYI - ASA in multicontext doesn't support dynamic routing protocols. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Greg Clark Sent: Thursday, January 14, 2010 7:47 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] OSPF on ASA with large routing tables We're considering running OSPF on handful of core ASA 5580 but our routing table is somewhat large (roughly 10,000 routes). Does anyone have any experience running OSPF on an ASA platform with a large number of routes on a production network. Did you run into any limitations or issues. We don't plan on running mutiple context and will not have a large number of peers/neighbors just a large routing table. Thanks, Greg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ *** NOTICE--The attached communication contains privileged and confidential information. If you are not the intended recipient, DO NOT read, copy, or disseminate this communication. Non-intended recipients are hereby placed on notice that any unauthorized disclosure, duplication, distribution, or taking of any action in reliance on the contents of these materials is expressly prohibited. If you have received this communication in error, please delete this information in its entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. Also, please immediately notify the sender via e-mail that you have received this communication in error. *** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RIB failure : Higher admin distance
Hi all, We have two routers at site A and one at site B, both routers at site A have an uplink each to a transit provider. There are two Layer 3 core switches below the two routers. The router at site B has an uplink to another transit provider and there is also a private link between the routers at site A and B. We run OSPF between all the routers/switches, also over the private link between site A and B and use redistribute static subnets There is iBGP running between the routers/switches and an iBGP session runs over a GRE tunnel between site A and B so that if the private link breaks, the traffic will go out over the transit providers and they will still talk to each other, etc (same AS in path) There is an issue: We have a /20 that is announced from site A and we split this up into 3 longer prefixes (/21, /22 and /24). We want to use the /24 for site B and announce the /21 and /23 from site A. However, when we remove the aggregate /20 route at site A and put a static in for the /24, it is not announced to our transit providers at site B due to rib failure. (Site A Router)#sh ip bgp rib-failure NetworkNext Hop RIB-failure RIB-NH Matches X.X.X.X/20 (Layer 3 Core Switch) Higher admin distance n/a etc etc (there is a list of all of our static routes here) (Site A Router)#show ip bgp (Slash /24 in question) BGP routing table entry for (Slash /24 in question)/24, version 4317116 Paths: (1 available, best #1, table default, not advertised to EBGP peer, RIB-failure(17)) Not advertised to any peer (65003) (Site B Router Tunnel IP) (metric 1002) from (Site A Router IP) (X.X.X.X) Origin IGP, metric 0, localpref 100, valid, confed-internal, best Community: ASN:200 no-export (Site A Router)#show ip route (Slash /24 in question) Routing entry for (Slash /24 in question)/24 Known via ospf 100, distance 110, metric 20, type extern 2, forward metric 2 Last update from (Site A Router Private Link Interface) on GigabitEthernet0/1.8, 5w5d ago Routing Descriptor Blocks: * (Site A Router Private Link Interface), from (Site B Router), 5w5d ago, via GigabitEthernet0/1.8 Route metric is 20, traffic share count is 1 The rib failure condition seems to be persistent. Any ideas how to overcome this issue? Thanks. Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF Campus Design : Excessive SPF Runs
Hello, We currently have Layer 3 Routed Access configured at all of our Metro Campus locations. There are a few obvious deviations from the best practice design guides. The current setup is: Core --Datacenter Distribution -- | (fiber connect) | -- Building Distribution -- Access (backbone) (ABR) (ASBR) (OSPF enabled access switch) The Cisco best practice is: Core --Distribution --Access (backbone) (ABR) (OSPF enabled access switch) We are running NSSA with no-summary and the range command on the Datacenter Distribution routers. Each floor has 2 access switches (w/ OSPF running) which each have a link back to the Building Distribution router. Vlans on each box on each floor are mutually exclusive. Symptoms: Lots of SPF re-calculations, NTP failing from Datacenter Distro - Building Distro, and users reporting loss of their shared drives. router-a#sh ip ospf stat Area 0.0.0.0: SPF algorithm executed 7865 times Area 192.8.208.0: SPF algorithm executed 386 times Area 192.70.0.0: SPF algorithm executed 563 times Area 192.100.0.0: SPF algorithm executed 93076 times Questions: Should we be advertising (passively or non-passively) L3 Vlans into OSPF? Should we be doing Totally NSSA's instead of NSSA's? If not is there a way to get the DR in NSSA to advertise a single route back as default route? Should we be sending each campus distribution router directly to the Core so that its the 3 hops? Do you suggest tuning the OSPF dead interval to achieve subsecond convergence? Any help advise is greatly appreciated! Regards, //LeBlanc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RIB failure : Higher admin distance
..sorry for the top posting.. Hi Andy, You wouldn't happen to have an interface on router A on with an addr. in that range would you? *connected* eq ad of 0. A longer prefix match will not work in this case when it comes to installing routes in the bgp routing table. Regards ./Randy --- On Thu, 1/14/10, Andy Ashley li...@nexus6.co.za wrote: From: Andy Ashley li...@nexus6.co.za Subject: [c-nsp] RIB failure : Higher admin distance To: cisco-nsp@puck.nether.net Date: Thursday, January 14, 2010, 6:32 PM Hi all, We have two routers at site A and one at site B, both routers at site A have an uplink each to a transit provider. There are two Layer 3 core switches below the two routers. The router at site B has an uplink to another transit provider and there is also a private link between the routers at site A and B. We run OSPF between all the routers/switches, also over the private link between site A and B and use redistribute static subnets There is iBGP running between the routers/switches and an iBGP session runs over a GRE tunnel between site A and B so that if the private link breaks, the traffic will go out over the transit providers and they will still talk to each other, etc (same AS in path) There is an issue: We have a /20 that is announced from site A and we split this up into 3 longer prefixes (/21, /22 and /24). We want to use the /24 for site B and announce the /21 and /23 from site A. However, when we remove the aggregate /20 route at site A and put a static in for the /24, it is not announced to our transit providers at site B due to rib failure. (Site A Router)#sh ip bgp rib-failure Network Next Hop RIB-failure RIB-NH Matches X.X.X.X/20 (Layer 3 Core Switch) Higher admin distance n/a etc etc (there is a list of all of our static routes here) (Site A Router)#show ip bgp (Slash /24 in question) BGP routing table entry for (Slash /24 in question)/24, version 4317116 Paths: (1 available, best #1, table default, not advertised to EBGP peer, RIB-failure(17)) Not advertised to any peer (65003) (Site B Router Tunnel IP) (metric 1002) from (Site A Router IP) (X.X.X.X) Origin IGP, metric 0, localpref 100, valid, confed-internal, best Community: ASN:200 no-export (Site A Router)#show ip route (Slash /24 in question) Routing entry for (Slash /24 in question)/24 Known via ospf 100, distance 110, metric 20, type extern 2, forward metric 2 Last update from (Site A Router Private Link Interface) on GigabitEthernet0/1.8, 5w5d ago Routing Descriptor Blocks: * (Site A Router Private Link Interface), from (Site B Router), 5w5d ago, via GigabitEthernet0/1.8 Route metric is 20, traffic share count is 1 The rib failure condition seems to be persistent. Any ideas how to overcome this issue? Thanks. Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ASA and Update Cisco VPN Client
Hi Thanks for this information. Anyone have more detail ? anyone have use this function ? Thanks Stephane 2010/1/13 Marcelo Zilio ziliomarc...@gmail.com I just see in my ASA 8.2 under Configuration Remote Access VPN Network (Client) Access IPsec Connection Profiles (Advancede IPSec) an option Client Software Update. I remember see this in older versions too. I never used it, but I think this is you are looking for. On Wed, Jan 13, 2010 at 9:14 AM, Phibee Network Operation Center n...@phibee.net wrote: Hi anyone know if it's possible : When a user connect to my Cisco ASA in VPN IPSec, the ASA see the version of the IPSec Client Software, i thinks. If this software are too old, the asa can sent a update automatiquely ? Thanks Jerome ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/