Re: [c-nsp] MPLS VPN with lot of PPP interfaces and central firewall (Half Duplex VRF / HDVRF)
Am 19.02.2010 10:13, Gerald Krause schrieb: I hope the rest of my Half Duplex VRF will work now as this initial problem seems to be solved. I'am still unable to separate the branches (LANs) on the LNS/PE. I would expect, that any certain LAN1 from CPE1 isn't allowed to access a LAN2 behind a CPE2 directly through the LNS/PE but this isn't the case. Maybe I have a wrong understanding how I should configure the two Down/UP-VRFs correctly and/or how the export/import works in such a case. Any suggestions would be appreciate. Interesting.. Your config looks ok. I don't have a lab setup ready, but can you inject a (bogus or valid) default from a remote PE into the VRFTEST-UP so you actually provide any routing for the branches? i.e. hostname hub-PE ! ip vrf VRFTEST-HUB rd x:y route-target export 101:0 route-target import 102:2 ! int lo123 ip vrf forwarding VRFTEST-HUB ip address 1.1.1.1 255.255.255.255 ! router bgp .. address-family ipv4 vrf VRFTEST-HUB default-information originate redistribute static redistribute connected ! ip route vrf 0.0.0.0 0.0.0.0 Null0 oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, sorry for comming back to this topic and old email, but this one seems to be the problem. When i disable ip very unicast, the problem vanishes away :( The 6500 is actually running on SXF, but not latest: i'm running SXF15a on it, i know that SXF16 is already there but when i last checked cisco, it states when trying to download 16 that there is a more recent version which fixes $things available - but i didn't found anything newer than 16 for download...?! Two remaining questions for me: is there an easy way to get something similar like verify unicast rx for the pvlan? i guess it won't change the ip networks often, so some accesslist or so would work, too (but i would only use it, if it doesn't impact the 6500 much, so software accesslist would be not what i want...) second: i'm running sxf due to the possibility of fast failover to another sup. the other two images do not provide the fast failover feature, but i read on the list, that you can do a manual failover for upgrades etc. with only a short (say 60-90 sec) downtime, which would, for me, be okay... anything else i'm missing? could another image fix the ip unicast verify problem? Thanks again for all suggestions + time you spend with me, helped a lot :) Regards, Sven Matt Buford schrieb: On Tue, Jan 26, 2010 at 7:06 AM, Sven 'Darkman' Michels s...@darkman.de mailto:s...@darkman.de wrote: Now the problem: ping from 6509: c6509#ping ip xx.xx.xx.13 repeat 5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to xx.xx.xx.13, timeout is 2 seconds: ..!.! Your basic PVLAN configuration looks good. Try disabling ARP inspection, DHCP snooping, and ip verify unicast. Enabling extra features often break things, so I think it is best for you to test with the simplest config. If that doesn't do it, try upgrading code to at least SXF. You could also perhaps try pinging from a host behind the 6500 instead of pinging from the 6500 management interface itself (though you SHOULD be able to ping from the router, and I can on my PVLANs). -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkuDkVEACgkQQoCguWUBzByVlACgpnNUD9Rs3q3H1QLXmp2bnZta R9wAn0jUzbWn+ma/5I+8HbaYDAjDjzy3 =pI1W -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BRAS Redundancy
Thanks for the input but I'm not to worried about which BRAS the client logs into, the one that responds first would be fine. What I really need to know is how to assign static IPs to clients if they log into either BRAS when both BRASs have a different network range on their loopbacks. Although this feature would give more granularity, maybe cisco will add this feature to the 7300 in a later release. Anthony coredump wrote: You can try use PADO Delay attributes but that features IMHO is only available is the 12.2(33)SB terrain in Cisco 10k routers. http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_pppoe_sss.html /Rizal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS VPN with lot of PPP interfaces and central firewall (Half Duplex VRF / HDVRF)
Am 23.02.2010 09:02, Oliver Boehmer (oboehmer) schrieb: Am 19.02.2010 10:13, Gerald Krause schrieb: I hope the rest of my Half Duplex VRF will work now as this initial problem seems to be solved. I'am still unable to separate the branches (LANs) on the LNS/PE. I would expect, that any certain LAN1 from CPE1 isn't allowed to access a LAN2 behind a CPE2 directly through the LNS/PE but this isn't the case. Maybe I have a wrong understanding how I should configure the two Down/UP-VRFs correctly and/or how the export/import works in such a case. Any suggestions would be appreciate. Interesting.. Your config looks ok. I don't have a lab setup ready, but can you inject a (bogus or valid) default from a remote PE into the VRFTEST-UP so you actually provide any routing for the branches? i.e. hostname hub-PE ! ip vrf VRFTEST-HUB rd x:y route-target export 101:0 route-target import 102:2 ! int lo123 ip vrf forwarding VRFTEST-HUB ip address 1.1.1.1 255.255.255.255 ! router bgp .. address-family ipv4 vrf VRFTEST-HUB default-information originate redistribute static redistribute connected ! ip route vrf 0.0.0.0 0.0.0.0 Null0 Hello Oli, thx for your support again. I have configured the HUB/PE as suggested: ! interface Loopback102 ip vrf forwarding VRFTEST-HUB ip address 10.99.17.253 255.255.255.255 ! ip route vrf VRFTEST-HUB 0.0.0.0 0.0.0.0 Null0 ! The export/import looks good: LNS#sh ip route vrf VRFTEST-DOWN 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks U10.98.1.0/24 [1/0] via 10.99.17.1 U10.98.2.0/24 [1/0] via 10.99.17.2 C10.99.17.1/32 is directly connected, Virtual-Access2.123 C10.99.17.2/32 is directly connected, Virtual-Access2.121 LNS#sh ip route vrf VRFTEST-UP B*0.0.0.0/0 [200/0] via x.x.x.x 00:10:25 10.0.0.0/32 is subnetted, 2 subnets B10.99.17.253 [200/0] via x.x.x.x, 00:10:25 C10.99.17.254 is directly connected, Loopback102 HUB#sh ip route vrf VRFTEST-HUB S*0.0.0.0/0 is directly connected, Null0 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks B10.98.1.0/24 [200/0] via 212.79.49.200, 00:13:07 B10.98.2.0/24 [200/0] via 212.79.49.200, 00:13:07 C10.99.17.253/32 is directly connected, Loopback102 I see that a traceroute from CPE1 to CPE2 now take the path over the HUB and then back to the LNS as expected: cpe1-vrftest#traceroute Target IP address: 10.98.2.1 Source address: 10.98.1.1 Tracing the route to 10.98.2.1 1 10.99.17.254 72 msec 60 msec 64 msec (Loopback102 LNS) 2 10.99.17.253 68 msec 64 msec 64 msec (Loopback102 HUB) 3 10.99.17.254 72 msec 72 msec 64 msec (Loopback102 LNS) 4 10.99.17.2 152 msec * 148 msec(CPE2) cpe1-vrftest# When I remove the def-route on the HUB, I'am still able to reach CPE2 from CPE1 directly over the LNS: cpe1-vrftest#traceroute Target IP address: 10.98.2.1 Source address: 10.98.1.1 Tracing the route to 10.98.2.1 1 10.99.17.254 68 msec 60 msec 64 msec (Loopback102 LNS) 2 10.99.17.2 152 msec * 148 msec(CPE2) So I *can* re-direct the traffic from CPE to CPE through the HUB but in the case the HUB fails, the CPEs are directly connected again through the LNS/SPOKE PE. Is that the expected behaviour? Or is there still some thing I'am missing (RPF is enabled on the Vi's)? -- Gerald ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
Correct me if i'm wrong but I believe you can achieve this with sup32 also (i think you need pfc3, which the sup32 has), which is much cheaper than the 720. Jon -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Jon Lewis Sent: 22 February 2010 21:00 To: Seth Mattinen Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] what is it with 3550s? On Mon, 22 Feb 2010, Seth Mattinen wrote: Exactly. Correct me if I'm wrong, but as far as I know the only way to get that functionality back is a 6500, and that's a *huge* step. Not just any 6500. If you want similar (to the 3550) ability to police at arbitrary rates via service-policy in both directions, you need a Sup720. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BRAS Redundancy
I'm using LAM (Local Area Mobility) for a similar scenario. You may want to have a look at it. It's pretty damn simple to setup; just 3 commands) -- Tassos Anthony McGarry wrote on 23/02/2010 12:38: Thanks for the input but I'm not to worried about which BRAS the client logs into, the one that responds first would be fine. What I really need to know is how to assign static IPs to clients if they log into either BRAS when both BRASs have a different network range on their loopbacks. Although this feature would give more granularity, maybe cisco will add this feature to the 7300 in a later release. Anthony coredump wrote: You can try use PADO Delay attributes but that features IMHO is only available is the 12.2(33)SB terrain in Cisco 10k routers. http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_pppoe_sss.html /Rizal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BRAS Redundancy
Arie,
Seems straight forward. Would there be an issue with the default gateway
assignment from the DHCP server.
BRAS-A
Loopback 0
x.x.96.1/21
BRAS-A DHCP scope
x.x.96.20 - x.x.103.254
options router x.x.96.1
BRAS-B
Loopback 0
x.x.104.1/21
BRAS-B DHCP scope
x.x.104.20 - x.x.111.254
options router x.x.104.1
So if a client logs into BRAS-A and is assigned a static IP from the
DHCP scope x.x.96.54 with a default gateway of x.x.96.1 there is no problems
If the same client logs into BRAS-B and is assigned the same static IP
x.x.96.54 with a default gateway of x.x.96.1 how would the client route
out of his subnet.
client --- BRAS-B
-- BRAS-A
x.x.96.54 --- x.x.104.1 - x.x.1.1 -- iBGP -- x.x.1.2
--- x.x.96.1 ---
I am not even sure that what I want to do is possible because the DHCP
server will see the giaddr in the dhcp request from BRAS-B as x.x.104.1
and will try assign an address from the the BRAS-B scope and my static
assignment is from the BRAS-A scope.
I use username to assign static address on the DHCP server
host custid_xx { option dhcp-client-identifier
\x...@xxx.xxx; fixed-address x.x.96.54; }
Maybe I need to revisit how I assign IP to customers. Would you have any
recommendations.
Thanks
Anthony
Arie Vayner (avayner) wrote:
Anthony,
Usually for static IP assignments you would have to redistribute the
connected/static (static for routes) prefixes into the routing protocol
(I would recommend BGP) so that you advertise them as /32. No magic...
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Anthony McGarry
Sent: Monday, February 22, 2010 13:50
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] BRAS Redundancy
Hi,
I was hoping someone can help me with the following issue.
I currently have a 7301 acting as my BRAS running on 12.2(33)SRD3. I use
the ISG feature to terminate PPPoE sessions on QinQ subinterfaces.
The virtual templates associated with the bba groups use ip unnumbered
loopback 0.
The IP on loopback 0 is x.x.96.1/21
DHCP is configured for client IP address assignment using DHCP pools as
relay agents to a central DHCP server.
ip dhcp pool DHCP
relay source x.x.96.0 255.255.248.0
class DHCP
relay target x.x.111.5
I would now like to install a second 7301 for load balancing/redundancy.
I currently trunk the QinQ vlans to the existing 7301 so I just do the
same for the second 7301.
On the second 7301 I assign a new /21 network for DHCP assignment.
This works fine for dynamic IP assignment.
My problem is that we have multiple customers with static IP address
assignment from the DHCP server.
How can I assign the same IP address to a certain client session if they
login to either BRAS when each BRAS has a unique network associated with
the loopback 0 interface.
I was thinking mobile IP but I have not tested in the lab and not sure
if it is a supported solution.
Anthony
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
On Tuesday 23 February 2010 04:59:38 am Jon Lewis wrote: Not just any 6500. If you want similar (to the 3550) ability to police at arbitrary rates via service-policy in both directions, you need a Sup720. That's why for pure Layer 2 Ethernet switching, I'm happy with both the Cisco 3560G and Juniper EX3200/4200 platforms. But if I want to turn those into the Layer 3 switches that the world has since become, something tells me I'd want the Juniper most times. It's biggest issue now is the code (lots of catching up to do). While the hardware isn't as great as what you get in the routing platforms (obviously), it works much more like a router for a switch (oh my, did I just say that?) when you need it for basic IPv4/IPv6 routing/forwarding. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
On Tuesday 23 February 2010 04:07:17 am Jon Lewis wrote: And that's the issue. Normally, progress means newer gear supports the features of older gear plus new features. In this case, egress policing took a large step backwards. As did SVI support for BFD on the 6500 on later code, but let me not wake Gert and others :-). Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
On Feb 22, 2010, at 17:14, Tom Lanyon t...@netspot.com.au wrote: On 23/02/2010, at 7:41 AM, Jeff Kell wrote: On 2/22/2010 3:45 PM, Seth Mattinen wrote: Exactly. Correct me if I'm wrong, but as far as I know the only way to get that functionality back is a 6500, and that's a *huge* step. Umm, 4500 Sup-IV appears to support input/output (or at least doesn't bitch at the configs in a quick test...). Does that mean a 4948/4900M could possibly support it too? Tom The 4948 does support input and output service policies. -- Devon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 4948 power supply OID?
I need to detect with Nagios if one of the dual power supplies in a Cisco 4948 top-of-rack switch has gone bad or has lost power. Does anyone have an SNMP OID suggestion? Thanks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multicast on transit LAN
On 2/18/2010 5:29 AM, Marco Regini wrote: Hi, i did some progress on this topic, with the help of ip igmp helper address. At L3 my network lab is like this, the vlan/network between 3560 and 3750 is the vlan 100. Customers_cpe--Cisco3560-| Customers_cpe--Cisco3560-| Customers_cpe--Cisco3560-| -|---Cisco3750---Core Customers_cpe--Cisco3560-| Al L1 is simply a daisy-chain on the gigabit interface with a trunk that carry only the vlan100. Well, IGMP snooping, CGMP, RGMP do not limit the multicast packet on the vlan 100, I do not know why. Perhaps this is because all apparatus are routing and switching the vlan 100: on cisco doc I see dedicated L2 only switch connecting customers cpe and provider router. But this is only an ipotesis, I need to capture some traffic to understand. The workaround I have found is to put on the customer interface ip igmp helper address 151.1.1.1, in this way the multicast join/leave of the customers cpe are forwarded by the 3560 to the Cisco3750. This has 2 nice effect: 1) IGMP snooping start working on Vlan100. 2) show ip igmp groups on the 4006 show me multicast group registration on all the 3560. Questions: Why a need igmp helper address hack? Is anyone of you using igmp helper address in a production environment? If I understand you correctly you have two pim speakers which communicate over VLAN100. When two PIM neighbors traverse an L2 VLAN IGMP snooping has no effect. Your L2 switch gear cannot tell where multicast streams are supposed to go therefor every group gets flooded to all ports that have PIM speakers attached. PIM snooping is what you are looking for. I don't if that feature exists on your platforms. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BRAS Redundancy
Anthony,
I have never really seen static IP assignments in this environments
using DHCP... Usually you would use a PPP (PPPoE?) session which would
be terminated on a specific BRAS, and then provisioned with the fixed IP
information coming from RADIUS.
If your environment is small (will not grow beyond this scale) then
maybe you could use a DHCP pool on each router, setting the gateway
locally, while providing the actual address from the DHCP server.
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Anthony McGarry
Sent: Tuesday, February 23, 2010 13:07
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BRAS Redundancy
Arie,
Seems straight forward. Would there be an issue with the default gateway
assignment from the DHCP server.
BRAS-A
Loopback 0
x.x.96.1/21
BRAS-A DHCP scope
x.x.96.20 - x.x.103.254
options router x.x.96.1
BRAS-B
Loopback 0
x.x.104.1/21
BRAS-B DHCP scope
x.x.104.20 - x.x.111.254
options router x.x.104.1
So if a client logs into BRAS-A and is assigned a static IP from the
DHCP scope x.x.96.54 with a default gateway of x.x.96.1 there is no
problems
If the same client logs into BRAS-B and is assigned the same static IP
x.x.96.54 with a default gateway of x.x.96.1 how would the client route
out of his subnet.
client --- BRAS-B
-- BRAS-A
x.x.96.54 --- x.x.104.1 - x.x.1.1 -- iBGP -- x.x.1.2
--- x.x.96.1 ---
I am not even sure that what I want to do is possible because the DHCP
server will see the giaddr in the dhcp request from BRAS-B as x.x.104.1
and will try assign an address from the the BRAS-B scope and my static
assignment is from the BRAS-A scope.
I use username to assign static address on the DHCP server
host custid_xx { option dhcp-client-identifier
\x...@xxx.xxx; fixed-address x.x.96.54; }
Maybe I need to revisit how I assign IP to customers. Would you have any
recommendations.
Thanks
Anthony
Arie Vayner (avayner) wrote:
Anthony,
Usually for static IP assignments you would have to redistribute the
connected/static (static for routes) prefixes into the routing
protocol
(I would recommend BGP) so that you advertise them as /32. No magic...
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Anthony
McGarry
Sent: Monday, February 22, 2010 13:50
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] BRAS Redundancy
Hi,
I was hoping someone can help me with the following issue.
I currently have a 7301 acting as my BRAS running on 12.2(33)SRD3. I
use
the ISG feature to terminate PPPoE sessions on QinQ subinterfaces.
The virtual templates associated with the bba groups use ip unnumbered
loopback 0.
The IP on loopback 0 is x.x.96.1/21
DHCP is configured for client IP address assignment using DHCP pools
as
relay agents to a central DHCP server.
ip dhcp pool DHCP
relay source x.x.96.0 255.255.248.0
class DHCP
relay target x.x.111.5
I would now like to install a second 7301 for load
balancing/redundancy.
I currently trunk the QinQ vlans to the existing 7301 so I just do the
same for the second 7301.
On the second 7301 I assign a new /21 network for DHCP assignment.
This works fine for dynamic IP assignment.
My problem is that we have multiple customers with static IP address
assignment from the DHCP server.
How can I assign the same IP address to a certain client session if
they
login to either BRAS when each BRAS has a unique network associated
with
the loopback 0 interface.
I was thinking mobile IP but I have not tested in the lab and not sure
if it is a supported solution.
Anthony
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS VPN with lot of PPP interfaces and central firewall (Half Duplex VRF / HDVRF)
Hello Oli, thx for your support again. I have configured the HUB/PE as suggested: [..] I see that a traceroute from CPE1 to CPE2 now take the path over the HUB and then back to the LNS as expected: [...] When I remove the def-route on the HUB, I'am still able to reach CPE2 from CPE1 directly over the LNS: cpe1-vrftest#traceroute Target IP address: 10.98.2.1 Source address: 10.98.1.1 Tracing the route to 10.98.2.1 1 10.99.17.254 68 msec 60 msec 64 msec (Loopback102 LNS) 2 10.99.17.2 152 msec * 148 msec(CPE2) So I *can* re-direct the traffic from CPE to CPE through the HUB but in the case the HUB fails, the CPEs are directly connected again through the LNS/SPOKE PE. Is that the expected behaviour? Or is there still some thing I'am missing (RPF is enabled on the Vi's)? That's strange.. Can you open a TAC case to get this looked at? I just tried this with regular serial interfaces, and I don't see the issue, i.e. without a default route, the CEs don't see each other. Can you remove urpf and try again? oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
On Tue, Feb 23, 2010 at 06:35:11AM -0500, Devon True wrote: The 4948 does support input and output service policies. -- Devon But does not support IPv6 in hardware, IIRC. Something to keep in mind. -- Brandon Ewing(nicot...@warningg.com) pgpJb41SAkfog.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
On 2010-02-23 11:28, Jon Duggan wrote: Correct me if i'm wrong but I believe you can achieve this with sup32 also (i think you need pfc3, which the sup32 has), which is much cheaper than the 720. Exactly. Policing (and QoS in general) is a function of a PFC. -- Everything will be okay in the end. | Łukasz Bromirski If it's not okay, it's not the end. | http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?
On Tue, Feb 23, 2010 at 2:26 AM, Sven 'Darkman' Michels s...@darkman.dewrote: sorry for comming back to this topic and old email, but this one seems to be the problem. When i disable ip very unicast, the problem vanishes away :( Have you confirmed that the problem happens to packets going through the switch? What you pasted before was pings originating from the switch. In general, I wouldn't assume that the behavior of pings to/from the switch are the same as packets through the switch. They take a very different path through the switch. For example, put one host on a non-pvlan SVI, and then put another host on your pvlan SVI. Do you get the same packetloss problem? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4948 power supply OID?
You might be able to do this with RANCID if you modify the script to add the show power detail command or something similar. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Pauly Sent: Tuesday, February 23, 2010 8:23 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco 4948 power supply OID? I need to detect with Nagios if one of the dual power supplies in a Cisco 4948 top-of-rack switch has gone bad or has lost power. Does anyone have an SNMP OID suggestion? Thanks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4948 power supply OID?
Hi Peter, I need to detect with Nagios if one of the dual power supplies in a Cisco 4948 top-of-rack switch has gone bad or has lost power. Does anyone have an SNMP OID suggestion? Thanks. Try CISCO-ENVMON-MIB::ciscoEnvMonSupplyState, numeric OID is 1.3.6.1.4.1.9.9.13.1.5.1.3, works with cat4k/cat6k/(cat3k). CISCO-ENVMON-MIB::ciscoEnvMonSupplyStatusDescr.1 = Power Supply 1, WS-CAC-6000W CISCO-ENVMON-MIB::ciscoEnvMonSupplyStatusDescr.2 = Power Supply 2, WS-CAC-6000W CISCO-ENVMON-MIB::ciscoEnvMonSupplyState.1 = normal(1) CISCO-ENVMON-MIB::ciscoEnvMonSupplyState.2 = normal(1) CISCO-ENVMON-MIB::ciscoEnvMonSupplySource.1 = internalRedundant(5) CISCO-ENVMON-MIB::ciscoEnvMonSupplySource.2 = internalRedundant(5) Klaus -- Klaus Kastens NetUSE AG Dr.-Hell-Str. 6, D-24107 Kiel,Germany Fon: +49 431 2390 400 (07:00 UTC - 17:00 UTC) Fax: +49 431 2390 499 Vorstand: Andreas Seeger (Vorsitz), Dr. Roland Kaltefleiter, Dr. Joerg Posewang Aufsichtsrat: Detlev Huebner (Vorsitz) Sitz der AG: Kiel, HRB 5358 USt.ID: DE156073942 Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte Informationen. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. The information contained in this message is confidential or protected by law. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Getting serial number for 3640s
I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. Thanks! Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
On 23/02/2010 19:27, Steven Pfister wrote: I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. show inventory? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
Is that supported by 3640? We may have old versions of IOS... it doesn't seem to be recognized by any of the ones I've tried. Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us Nick Hilliard n...@inex.ie 2/23/2010 2:57 PM On 23/02/2010 19:27, Steven Pfister wrote: I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. show inventory? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 SVI Question
Hi Paul, All virtual interfaces have bandwidth that has nothing to do with real number of bytes per second that can flow through the link, For example: - all VSI interfaces have by default bandwidth of: MTU 1500 bytes, BW 100 Kbit, DLY 10 usec,, even tough the real interfaces behind are 10/half One way to explain this is that 10 years ago, in the time of hybrid Catalysts, the switching part of Catalyst (SP) was autonomous and consisted of real interfaces, and the routing MSFC part (RP) consisted of only SVIs. - all tunnel interface have default bandwidth of 8000kb, which is tricky way of saying to the routing protocol to not to prefer the route over the tunnel and use it only as last resort Also, all serial interface have default bandwidth of 1024kb, eventough they might be fractional T1's or anything else. -pavel skovajsa On Tue, Feb 23, 2010 at 2:30 AM, Paul Stewart p...@paulstewart.org wrote: Thanks Tim whew! ;) Actually, I was misreading the bandwidth statement itself - missed a zero earlier so thought you could only set it to 1 Gig, now I realized you can set it up to 10GE. Updated it to 2Gig and everything good now.. Much appreciated, Paul -Original Message- From: Tim Stevenson [mailto:tstev...@cisco.com] Sent: February-22-10 8:12 PM To: Paul Stewart; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6500 SVI Question Hi Paul, The bandwidth does not affect the throughput etc and doesn't take into account the underlying L2 interfaces bandwidth. It strictly for use by the routing protocols to determine metrics (and can be modified using the bandwidth interface command). Also you can change the reference b/w using ospf auto-cost reference-bandwidth under the router ospf process. Hope that helps, Tim At 04:56 PM 2/22/2010, Paul Stewart mumbled: Hi there... Typically when we require higher bandwidth, we upgrade the interface to something larger ... recently though we were faced with having to do 2XGE on a LAG until our new 10GE ports arrive. The SVI interface shows a bandwidth of 1 Gig even though there are two physical GigE interfaces connected to it will there be any issues doing more than a Gig on this SVI interface? This is the first time amazingly that I've run across this ;) The card where the two GigE's come into is a 6148A-GE-TX and the ports are at opposite ends of the physical card... Thanks, appreciate it as always... Paul ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsphttps://puck.nether.net /mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/http://puck.nether.net/piperma il/cisco-nsp/ Tim Stevenson, tstev...@cisco.com Routing Switching CCIE #5561 Technical Marketing Engineer, Cisco Nexus 7000 Cisco - http://www.cisco.com IP Phone: 408-526-6759 The contents of this message may be *Cisco Confidential* and are intended for the specified recipients only. ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
Hello, We had a similar problem with our 7200 series. According to TAC some Cisco products do not report the serial number. That was the case with us, and the only way to verify was to physically go to the box and check. Given the age of the 3600 series routers, I would guess the same limitation applies to your case. Thank You Daniel Bielawa Network Engineer Liberty University Network Services Email: dwbiel...@liberty.edu Phone: 434-592-7987 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steven Pfister Sent: Tuesday, February 23, 2010 3:02 PM To: Nick Hilliard; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Getting serial number for 3640s Is that supported by 3640? We may have old versions of IOS... it doesn't seem to be recognized by any of the ones I've tried. Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us Nick Hilliard n...@inex.ie 2/23/2010 2:57 PM On 23/02/2010 19:27, Steven Pfister wrote: I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. show inventory? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4948 power supply OID?
Thanks for everyone's help. Here's what I've ended up with and it
seems to work fine. Posted here for future reference:
define service{
use generic-service
host_name cisco4948
service_description PS1
check_command check_snmp!-C snmppassword -o
.1.3.6.1.4.1.9.9.91.1.1.1.1.4.9 -r 1
}
define service{
use generic-service
host_name cisco4948
service_description PS2
check_command check_snmp!-C snmppassword -o
.1.3.6.1.4.1.9.9.91.1.1.1.1.4.12 -r 1
}
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
It is supported with 12.3 for sure .. On Tue, Feb 23, 2010 at 3:01 PM, Steven Pfister spfis...@dps.k12.oh.uswrote: Is that supported by 3640? We may have old versions of IOS... it doesn't seem to be recognized by any of the ones I've tried. Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us Nick Hilliard n...@inex.ie 2/23/2010 2:57 PM On 23/02/2010 19:27, Steven Pfister wrote: I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. show inventory? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
show c3600 will give you the serial of the mainboard itself, perhaps that is what you need Kind regards, Sibbi From: Steven Pfister spfis...@dps.k12.oh.us Date: Tue, 23 Feb 2010 15:01:39 -0500 To: Nick Hilliard n...@inex.ie, cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Getting serial number for 3640s Is that supported by 3640? We may have old versions of IOS... it doesn't seem to be recognized by any of the ones I've tried. Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us Nick Hilliard n...@inex.ie 2/23/2010 2:57 PM On 23/02/2010 19:27, Steven Pfister wrote: I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. show inventory? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-X6748-SFP input errors
On Fri, Feb 5, 2010 at 10:38 AM, Tim Durack tdur...@gmail.com wrote: Cisco 6509, SUP720, 12.2(33)SXI3, WS-X6748-SFP, port shows: sh int g1/9 | i error 3915 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 output errors, 0 collisions, 0 interface resets The other side is clean. What do input errors alone indicate? (Have tested/replaced fiber/SFPs, without success.) Looks like this is actually being caused by some ERSPAN traffic from a (non-cisco) downstream switch. My guess is the frames are maximum size, leaving no room for the FCS. I don't have an easy way of proving this, aside from the fact that problem is controlled by enabling/disabling the ERSPAN. -- Tim: ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mvrf leaking
On Mon, Aug 10, 2009 at 3:14 PM, Rodney Dunn rod...@cisco.com wrote: I don't *think* so. I think to get traffic from the VRF's you need MVPN Extranet support: http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/extvpnsb.html Anybody used this in anger? I've got multicast between vrfs working in the lab, but it isn't configured as I expected. 6500, Sup720, 12.2(33)SXI3, PE-PE, CE directly connect interface on PE. So far I need ip pim sparse-dense mode configured on the CE facing vlan int, and sparse-dense mode on a loopback in the vrf. Multicast then works between vrfs on the same PE. Sparse mode does not work, even with various rp/bsr configs. Confused. -- Tim: Sent from New York, NY, United States ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BRAS Redundancy
Arie,
I am going to set up the lab and do some testing with radius providing
the IP and redistributing connected routes.
I might also have a look at providing a L2 link between the BRASs or
mobile IP.
Thanks
Anthony
Arie Vayner (avayner) wrote:
Anthony,
I have never really seen static IP assignments in this environments
using DHCP... Usually you would use a PPP (PPPoE?) session which would
be terminated on a specific BRAS, and then provisioned with the fixed IP
information coming from RADIUS.
If your environment is small (will not grow beyond this scale) then
maybe you could use a DHCP pool on each router, setting the gateway
locally, while providing the actual address from the DHCP server.
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Anthony McGarry
Sent: Tuesday, February 23, 2010 13:07
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BRAS Redundancy
Arie,
Seems straight forward. Would there be an issue with the default gateway
assignment from the DHCP server.
BRAS-A
Loopback 0
x.x.96.1/21
BRAS-A DHCP scope
x.x.96.20 - x.x.103.254
options router x.x.96.1
BRAS-B
Loopback 0
x.x.104.1/21
BRAS-B DHCP scope
x.x.104.20 - x.x.111.254
options router x.x.104.1
So if a client logs into BRAS-A and is assigned a static IP from the
DHCP scope x.x.96.54 with a default gateway of x.x.96.1 there is no
problems
If the same client logs into BRAS-B and is assigned the same static IP
x.x.96.54 with a default gateway of x.x.96.1 how would the client route
out of his subnet.
client --- BRAS-B
-- BRAS-A
x.x.96.54 --- x.x.104.1 - x.x.1.1 -- iBGP -- x.x.1.2
--- x.x.96.1 ---
I am not even sure that what I want to do is possible because the DHCP
server will see the giaddr in the dhcp request from BRAS-B as x.x.104.1
and will try assign an address from the the BRAS-B scope and my static
assignment is from the BRAS-A scope.
I use username to assign static address on the DHCP server
host custid_xx { option dhcp-client-identifier
\x...@xxx.xxx; fixed-address x.x.96.54; }
Maybe I need to revisit how I assign IP to customers. Would you have any
recommendations.
Thanks
Anthony
Arie Vayner (avayner) wrote:
Anthony,
Usually for static IP assignments you would have to redistribute the
connected/static (static for routes) prefixes into the routing
protocol
(I would recommend BGP) so that you advertise them as /32. No magic...
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Anthony
McGarry
Sent: Monday, February 22, 2010 13:50
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] BRAS Redundancy
Hi,
I was hoping someone can help me with the following issue.
I currently have a 7301 acting as my BRAS running on 12.2(33)SRD3. I
use
the ISG feature to terminate PPPoE sessions on QinQ subinterfaces.
The virtual templates associated with the bba groups use ip unnumbered
loopback 0.
The IP on loopback 0 is x.x.96.1/21
DHCP is configured for client IP address assignment using DHCP pools
as
relay agents to a central DHCP server.
ip dhcp pool DHCP
relay source x.x.96.0 255.255.248.0
class DHCP
relay target x.x.111.5
I would now like to install a second 7301 for load
balancing/redundancy.
I currently trunk the QinQ vlans to the existing 7301 so I just do the
same for the second 7301.
On the second 7301 I assign a new /21 network for DHCP assignment.
This works fine for dynamic IP assignment.
My problem is that we have multiple customers with static IP address
assignment from the DHCP server.
How can I assign the same IP address to a certain client session if
they
login to either BRAS when each BRAS has a unique network associated
with
the loopback 0 interface.
I was thinking mobile IP but I have not tested in the lab and not sure
if it is a supported solution.
Anthony
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
Hi, On Tue, Feb 23, 2010 at 06:23:26PM +0800, Mark Tinka wrote: As did SVI support for BFD on the 6500 on later code, but let me not wake Gert and others :-). Ho humm, I was visiting Cisco Munich today, but I didn't even get to *that* point. When I started ranting to the AM present about the 20 different operating systems on Cisco devices today, and the 6500/7600 BU mess, he was already entering brainwash mode (you have to understand how a big company works! there are good reasons to this! this is the best path for Cisco and our customers!). I have no idea how to get that point (BFD is good! make it happen! on SVI!) across to the relevant people... *sigh* gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpxf1VqKnkSw.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BRAS Redundancy
Sounds like an option, Ill set it up in the lab and do some testing. Thanks Tassos Chatzithomaoglou wrote: I'm using LAM (Local Area Mobility) for a similar scenario. You may want to have a look at it. It's pretty damn simple to setup; just 3 commands) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
While not exactly the same, we've got a 3660 running old IOS that supports the command 'show c3600' which will display the chassis serial number. -Dan -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Bielawa, Daniel W. (NS) Sent: Tuesday, February 23, 2010 2:14 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Getting serial number for 3640s Hello, We had a similar problem with our 7200 series. According to TAC some Cisco products do not report the serial number. That was the case with us, and the only way to verify was to physically go to the box and check. Given the age of the 3600 series routers, I would guess the same limitation applies to your case. Thank You Daniel Bielawa Network Engineer Liberty University Network Services Email: dwbiel...@liberty.edu Phone: 434-592-7987 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steven Pfister Sent: Tuesday, February 23, 2010 3:02 PM To: Nick Hilliard; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Getting serial number for 3640s Is that supported by 3640? We may have old versions of IOS... it doesn't seem to be recognized by any of the ones I've tried. Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us Nick Hilliard n...@inex.ie 2/23/2010 2:57 PM On 23/02/2010 19:27, Steven Pfister wrote: I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. show inventory? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This message may contain confidential and privileged information. This e-mail and any files transmitted with it are intended solely for the use of the individual(s) to which they are addressed. Inappropriate disclosure, copying, distribution, or reuse of this information is prohibited. If you have received this message in error, please contact the sender via reply e-mail immediately and delete the message from your system. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS VPN with lot of PPP interfaces and central firewall (Half Duplex VRF / HDVRF)
Am 23.02.2010 16:47, Oliver Boehmer (oboehmer) schrieb: Hello Oli, thx for your support again. I have configured the HUB/PE as suggested: [..] I see that a traceroute from CPE1 to CPE2 now take the path over the HUB and then back to the LNS as expected: [...] When I remove the def-route on the HUB, I'am still able to reach CPE2 from CPE1 directly over the LNS: cpe1-vrftest#traceroute Target IP address: 10.98.2.1 Source address: 10.98.1.1 Tracing the route to 10.98.2.1 1 10.99.17.254 68 msec 60 msec 64 msec (Loopback102 LNS) 2 10.99.17.2 152 msec * 148 msec(CPE2) So I *can* re-direct the traffic from CPE to CPE through the HUB but in the case the HUB fails, the CPEs are directly connected again through the LNS/SPOKE PE. Is that the expected behaviour? Or is there still some thing I'am missing (RPF is enabled on the Vi's)? That's strange.. Can you open a TAC case to get this looked at? Ok, I will do so if I can't get ahead soon. I just tried this with regular serial interfaces, and I don't see the issue, i.e. without a default route, the CEs don't see each other. I assume even without any MP-BGP between the SPOKE and HUB PEs, it should be possible to isolate two interfaces on the SPOKE/PE with the Half Duplex VRF feature enabled. I'am right here? So how looks your SPOKE/PE test setup regarding the VRF configuration (VRF definition, interfaces and static routes for that VRF)? That would be interesting for me. Maybe I can build a similar setup with some unused FastEth's in my LNS/SPOKE/PE. Can you remove urpf and try again? I've tried that, looks like uRPF has no influence. I get the same resluts with and without. Thx a lot so far! -- Gerald ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
On Tue, 23 Feb 2010 22:41:18 +0100, you wrote: I have no idea how to get that point (BFD is good! make it happen! on SVI!) across to the relevant people... *sigh* The SP people do get it, and I'm sure it's now (again) roadmapped for the 7600, where it's relevant. Whether it'll ever show up on a campus switch (6500) may be another story. -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
On Tue, 23 Feb 2010 14:25:13 -0600, you wrote: While not exactly the same, we've got a 3660 running old IOS that supports the command 'show c3600' which will display the chassis serial number. Something also worth trying is 'sh diag', which works on all the old gear, and gives a chassis serial number for some of it. I don't know if it works on a 3600, but it does work on the 3725 that I at home. -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Getting serial number for 3640s
Hello, We had a similar problem with our 7200 series. According to TAC some Cisco products do not report the serial number. That was the case with us, and the only way to verify was to physically go to the box and check. Given the age of the 3600 series routers, I would guess the same limitation applies to your case. Thank You Daniel Bielawa Network Engineer Liberty University Network Services Email: dwbiel...@liberty.edu Phone: 434-592-7987 I've going over a customer's inventory, and I'm having some trouble with serial numbers. How do you get the serial number for a 3640 router? I usually look for the processor board ID in 'sho ver', but that's not matching what's listed in the inventory. I don't believe there is a way to pull chassis serial from the command line on the older router models (2600, 3600, 7200). You can pull the mainboard serial, but this does not match the sticker on the outside of the chassis. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ES20 throughput in the weeds?
We've got an 7600-ES20-GE3CXL HW 1.2 FW 12.2(33r)SRB SW 12.2(33)SRC4 in a 7609/Sup720 3BXL chassis. We ran some performance tests for a customer, and we were quite appalled by the results. We're using Exfo test sets to run RFC2544 patterns between two ports. We're using 7 frame sizes; 64, 128, 256, 512, 1024, 1280, 1518. When we look at the throughput results, we see this: Frame Size TX-to-RX - Layer 1-2-3 (Mbps) 64 449.197861 128 538.181818 256 560.97561 512 974.358974 1024956.043956 12801000 1518994.825356 Now if we do that same test on another card, say a WS-X6724-SFP, we get very different results: Frame Size TX-to-RX - Layer 1-2-3 (Mbps) 64 1000 128 1000 256 1000 512 1000 10241000 12801000 15181000 I've tried the same test on a Juniper EX4200, and an ME3400E-12CS and all the results are identical to the WS-X6724-SFP. The ES20 seems to be the anomaly here. I know that processing smaller packets is generally much more taxing than processing large packets, so I didn't really expect to see line rate on any of the tests that were run, but considering the 6724 reported what seem to be line rate results vs. the ES20, I can't help but to wonder whether I've got a bad card or something. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
Hi, On Wed, Feb 24, 2010 at 12:42:17AM +0100, Asbjorn Hojmark - Lists wrote: On Tue, 23 Feb 2010 22:41:18 +0100, you wrote: I have no idea how to get that point (BFD is good! make it happen! on SVI!) across to the relevant people... *sigh* The SP people do get it, and I'm sure it's now (again) roadmapped for the 7600, where it's relevant. Whether it'll ever show up on a campus switch (6500) may be another story. Now that you mention it. I did not rant over the BU split for at least two months, did I? The decision for which (mid-to-high end platforms) a certain feature is relevant is something I find highly interesting. As if enterprise customers don't want high availability. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpaGp7pReygK.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is it with 3550s?
On Wed, 24 Feb 2010 08:29:54 +0100, you wrote: The SP people do get it, and I'm sure it's now (again) roadmapped for the 7600, where it's relevant. Whether it'll ever show up on a campus switch (6500) may be another story. Now that you mention it. I did not rant over the BU split for at least two months, did I? No I don't think so, but the bait worked very well ;-) -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
