Re: [c-nsp] ISIS set-attached-bit route-map
Interesting, i had seen different behavior before and had this jotted down in my notes. I'll re-verify this if this has to do something with the IOS code i was using. Thanks for correcting me. Swap #19804 On Mon, May 31, 2010 at 7:36 AM, William McCall william.mcc...@gmail.com wrote: All: Solution works like this and was confirmed by OP: Enabling the IS-IS process for CLNS on the interface allowed the propagation of the CLNS route to the neighbor. After this, the attached bit could be set per the route map. So on R5's FR int, all that is necessary is to put clns router isis. As a side note, I tested another poster's theory regarding the setting of the ATT bit when performing multiarea IS-IS and found that the L1 areas do, in fact, receive the ATT bit even when the area with the L2 adjacency and the one with the L1 adjacency is different. Also confirmed that the set-attached-bit feature works under those L1 areas. HTH -- William McCall, CCIE #25044 On Sun, May 30, 2010 at 8:04 AM, selamat pagi keti...@gmail.com wrote: Hi, In my lab setup I have 3 routers connected via IS-IS R4 --(frame-relay) R5 --(ethernet) - R6 On R5 I have to areas, connected, however I only want to originate the default-route to R6 when R4 is reachable. I tried to use a the set-attached-bit route-map with clns filter-set, but I cannot control the default route as desired. Any idea how this can be solved ? thanks, ketimun *R4* router isis 4 net 49..1500.0100.1001.00 log-adjacency-changes *R5* router isis 5 net 49.0004.1500.0100.5005.00 set-attached-bit route-map REAL_L2 log-adjacency-changes ! router isis 55 net 49..1500.0100.5005.00 is-type level-1 route-map REAL_L2 permit 10 match clns address R4 clns filter-set R4 permit 49. -- * This route is not int the clns route table* *R6* router isis 6 net 49.0004.1500.0100.6006.00 is-type level-1 log-adjacency-changes *R5#sh clns route* Codes: C - connected, S - static, d - DecnetIV I - ISO-IGRP, i - IS-IS, e - ES-IS B - BGP, b - eBGP-neighbor C 49. [2/0], Local IS-IS Area C 49.0004 [2/0], Local IS-IS Area C 49..1500.0100.5005.00 [1/0], Local IS-IS NET C 49.0004.1500.0100.5005.00 [1/0], Local IS-IS NET * R5#sh isis data* Area 5: IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R5.00-00 * 0x0034 0x8DB7 1153 1/0/0 R6.00-00 0x0011 0xB008 1000 0/0/0 R6.02-00 0x000F 0x469E 1016 0/0/0 IS-IS Level-2 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R4.00-00 0x0016 0xC0CE 1169 0/0/0 R4.02-00 0x0006 0xBA97 1085 0/0/0 R2.00-00 0x001C 0x6859 693 0/0/0 R5.00-00 * 0x000D 0x3212 1171 0/0/0 R5.03-00 * 0x0003 0x38A4 498 0/0/0 Area 55: IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R5.00-00 * 0x0001 0xD2A3 495 1/0/0 ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TACACS+ for console problem
You want Tacacs+ to work for vty and console sessions or not ? Or you want to use different username and password for console ? Can you paste your tacacs+ + vty and console config with logs if possible. Yeah, thats true, it is login not line. But the problem is same line con 0 password cisco line authentication CONSOLE. Shouldn't it be login authentication CONSOLE ? Hi, i am using TACACS+ for my Network. After configuring the device, if i want to login through the console, it is not taking any password and continuosly showing Con 0 is available. These are my commands used: aaa new-model aaa authentication login default group tacacs+ line aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ if-authenticated aaa authorization commands 15 default group tacacs+ if-authenticated aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ tacacs-server host ip add. tacacs-server key [Key]. After searching in the internet, i got one solution says use the named list as below. aaa authentication login CONSOLE line line con 0 password cisco login authentication CONSOLE. With this configuration, i am able to login the switch, but it is taking the console password instead of line password which is defined in the command. Then, i have tested the command : aaa authentication login CONSOLE none. Which means no authentication required, but it still asking for the password, which is console password. Then i have removed aaa commands from config mode and line console mode. i have used only console password. still it is working, then what is the significance of aaa commands for console. please give your suggestions. thanks in advance. P.Ambedkar. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Regards, Shishir Saud Engineer - Systems-Networks-RD Subisu Cablenet (P.) Ltd. 148 Thirbum Sadak Baluwatar, Kathmandu Nepal T: 00977 1 4429616/17 Ext.: 121 F: 00977 1 4430572 http://www.subisu.net.np (An ISO 9001:2000 Certified Company) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TACACS+ for console problem
On 5/30/10 9:17 PM, ambedkar wrote: After searching in the internet, i got one solution says use the named list as below. aaa authentication login CONSOLE line line con 0 password cisco login authentication CONSOLE. With this configuration, i am able to login the switch, but it is taking the console password instead of line password which is defined in the command. The word line in that command means that it will use the password defined for that line (in this case con 0, which is cisco). You could have a different line password for the VTY if you choose. Then, i have tested the command : aaa authentication login CONSOLE none. Which means no authentication required, but it still asking for the password, which is console password. Try no login on the console line configuration if you want this behavior. Then i have removed aaa commands from config mode and line console mode. i have used only console password. still it is working, then what is the significance of aaa commands for console. The significance is the same as for vty lines. If physical access to the device and its console port is secure, many people will use local (username and password) or line (password only) authentication for the console so that they can configure and/or troubleshoot the box locally if the TACACS server is unreachable or misbehaving. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7200 G1/G2 QoS/NBAR performance
Hi All, I was googling around on Friday, looking for some performance numbers. The question is how much traffic can a NPE-G1/G2 pass while doing QoS. I'm doing the standard internet transit mix of packet sizes. I tried tagging 600Mb worth of traffic on a G1, and that brought the routers to it's knees with 100% CPU. Given that all QoS in a 7200 is done in software, are there any ballpark numbers used to calculate how much throughput you can get using QoS on these NPEs? Thanks -- Nick Celebic ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7200 G1/G2 QoS/NBAR performance
On Monday 31 May 2010 10:23:46 pm Nick Celebic wrote: I was googling around on Friday, looking for some performance numbers. The question is how much traffic can a NPE-G1/G2 pass while doing QoS. I'm doing the standard internet transit mix of packet sizes. I tried tagging 600Mb worth of traffic on a G1, and that brought the routers to it's knees with 100% CPU. Given that all QoS in a 7200 is done in software, are there any ballpark numbers used to calculate how much throughput you can get using QoS on these NPEs? Not sure how funky your QoS configurations are, but we're seeing around 65% on an NPE-G2 running at 500Mbps with MQC doing inbound/outbound policing, DSCP and EXP remarking and classification. 600Mbps of traffic on an NPE-G1 is already as much as the box can probably do. Adding MQC to forwarded traffic could have some adverse effects, like what you're seeing. We don't do NBAR, so I can't offer any feedback there. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7200 G1/G2 QoS/NBAR performance
Depends what you mean by doing QOS? Have you looked at the Router Performance Portable Product Sheet? http://www.google.co.uk/url?sa=tsource=webct=rescd=1ved=0CBcQFjAAur l=http%3A%2F%2Fwww.cisco.com%2Fweb%2Fpartners%2Fdownloads%2F765%2Ftools% 2Fquickreference%2Frouterperformance.pdfei=KdEDTJj0LM6M4gbLhtnLDgusg=A FQjCNEbZ13eVCy9seOrR7CpkMb2YvxMfQsig2=S1hnHS75fiyCIxm4-kEwMA (wtf have google done with urls?) http://www.cisco.com/web/partners/downloads/765/tools/quickreference/rou terperformance.pdf With a following wind :- 7200-NPE-G1 1,018,000 PPS 521.22 Mbps 7200-NPE-G2 2,000,000 PPS 1,024.00 Mbps So give or take a G1 ~500M, G2 1G bps Ian -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Nick Celebic Sent: 31 May 2010 15:24 To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7200 G1/G2 QoS/NBAR performance Hi All, I was googling around on Friday, looking for some performance numbers. The question is how much traffic can a NPE-G1/G2 pass while doing QoS. I'm doing the standard internet transit mix of packet sizes. I tried tagging 600Mb worth of traffic on a G1, and that brought the routers to it's knees with 100% CPU. Given that all QoS in a 7200 is done in software, are there any ballpark numbers used to calculate how much throughput you can get using QoS on these NPEs? Thanks -- Nick Celebic ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ Atos Origin and Atos Consulting are trading names used by the Atos Origin group. The following trading entities are registered in England and Wales: Atos Origin IT Services UK Limited (registered number 01245534) and Atos Consulting Limited (registered number 04312380). The registered office for each is at 4 Triton Square, Regents Place, London, NW1 3HG.The VAT No. for each is: GB232327983 This e-mail and the documents attached are confidential and intended solely for the addressee, and may contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. Atos Origin therefore can accept no liability for any errors or their content. Although Atos Origin endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with Atos Origin by email. ___ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7200-G2 MTU issues
Check out: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_seb/configuration/guide/swtunnel.html System MTU section The maximum system MTU for Fast Ethernet switches is 1546 bytes. Kris Amy wrote: Hi All, I have a 7200-G2 which has one of it's gig-e ports going into a Fe port on a 3550-24T. I can't see to get bigger than 1528 across to the 3550-24T. When going into one of the gbic ports I can see 1546. Any ideas? Cheers, Kris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/