Re: [c-nsp] How to show ADSL customers two different GW!
Hi David, I have staticdynamic pool's in MySQL database, so, i have no pool configured on cisco... Customers get random ip from free ips from sql. I'm use radreply for static and radippool for dynamic ips. Ips - in SQL, VRF - on Cisco, i`m not sure how to configure this ips to VRF :( Regards, On 17/09/2010 06:36, Sheremet Roman ro...@kharkov.org.ua wrote: Hi David, I think your config will be very helpful for me, big thanks for this, but i look your config and seems i see one more problem in my case.. Look, i have no VRF setuped now... just thinking, i have no problem to send attribute to static customers, i just add to rad_reply table needed attribute and then add VRF on the cisco... But how i should do same with DYNAMIC ip pool? I don't know which IP gustomer get in next connect, so i don't know which VRF should be used for this customer. You use a dynamic ip pool, you can even re-use the same pool amongst multiple vrfs , see http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/se c_per_vrf_aaa.html Also, you show me VRF which export/import from BGP AS as i see, how i can set ips for VRF which should be matched i dont want export/import from BGP... I have no neighbors for this. Ok, there is no need to have the bgp portion of this configuration in such case Dave. Regards, Heath Jones wrote: Yes, you need to assign from radius, but have the vrf's existing on the cisco (it must know to map vrf 10 to vlan 10 on the interface to the core router). The cisco documentation is here, there are some examples down the bottom. http://www.ciscosystems.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftvrf aaa.html It's been a long time since I have done any of this, otherwise I would give you a snippet of a working config.. Hope this helps though! f...@realm1Auth-Type:= Local, User-Password == bar Service-Type = Framed-User, Framed-IP-Address = 192.168.243.2, Framed-Netmask = 255.255.255.255, Framed-Protocol = PPP, Cisco-AVPair = lcp:interface-config=ip vrf forwarding VPNA\nip unnumbered loop0, f...@realm2Auth-Type:= Local, User-Password == bar Service-Type = Framed-User, Framed-IP-Address = 192.168.244.2, Framed-Netmask = 255.255.255.255, Framed-Protocol = PPP, Cisco-AVPair = lcp:interface-config=ip vrf forwarding VPNB\nip unnumbered loop0, ip vrf VPNA description VPNA rd 1:1 vpn id 1:1 route-target both 1:1 ! ip vrf VPNB description VPNB rd 1:2 vpn id 1:2 route-target both 1:2 ! router bgp 1 ! address-family ipv4 vrf VPNA redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf VPNB redistribute connected redistribute static no auto-summary no synchronization exit-address-family end ! interface GigabitEthernet1/0.100 desc VPNA uplink encapsulation dot1q 100 ip address 10.0.0.1 255.255.255.252 ! interface GigabitEthernet1/0.200 desc VPNB uplink encapsulation dot1q 200 ip address 172.16.10.1 255.255.255.252 ! ip route VPNA 0.0.0.0 0.0.0.0 10.0.0.2 ip route VPNB 0.0.0.0 0.0.0.0 172.16.10.2 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- С уважением, Sheremet mailto:ro...@kharkov.org.ua ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How to show ADSL customers two different GW!
Well, are you not running a routing protocol such that these per-user statics are injected correctly? On 19/09/2010 09:18, Sheremet Roman ro...@kharkov.org.ua wrote: Hi David, I have staticdynamic pool's in MySQL database, so, i have no pool configured on cisco... Customers get random ip from free ips from sql. I'm use radreply for static and radippool for dynamic ips. Ips - in SQL, VRF - on Cisco, i`m not sure how to configure this ips to VRF :( Regards, On 17/09/2010 06:36, Sheremet Roman ro...@kharkov.org.ua wrote: Hi David, I think your config will be very helpful for me, big thanks for this, but i look your config and seems i see one more problem in my case.. Look, i have no VRF setuped now... just thinking, i have no problem to send attribute to static customers, i just add to rad_reply table needed attribute and then add VRF on the cisco... But how i should do same with DYNAMIC ip pool? I don't know which IP gustomer get in next connect, so i don't know which VRF should be used for this customer. You use a dynamic ip pool, you can even re-use the same pool amongst multiple vrfs , see http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/se c_per_vrf_aaa.html Also, you show me VRF which export/import from BGP AS as i see, how i can set ips for VRF which should be matched i dont want export/import from BGP... I have no neighbors for this. Ok, there is no need to have the bgp portion of this configuration in such case Dave. Regards, Heath Jones wrote: Yes, you need to assign from radius, but have the vrf's existing on the cisco (it must know to map vrf 10 to vlan 10 on the interface to the core router). The cisco documentation is here, there are some examples down the bottom. http://www.ciscosystems.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftv rf aaa.html It's been a long time since I have done any of this, otherwise I would give you a snippet of a working config.. Hope this helps though! f...@realm1Auth-Type:= Local, User-Password == bar Service-Type = Framed-User, Framed-IP-Address = 192.168.243.2, Framed-Netmask = 255.255.255.255, Framed-Protocol = PPP, Cisco-AVPair = lcp:interface-config=ip vrf forwarding VPNA\nip unnumbered loop0, f...@realm2Auth-Type:= Local, User-Password == bar Service-Type = Framed-User, Framed-IP-Address = 192.168.244.2, Framed-Netmask = 255.255.255.255, Framed-Protocol = PPP, Cisco-AVPair = lcp:interface-config=ip vrf forwarding VPNB\nip unnumbered loop0, ip vrf VPNA description VPNA rd 1:1 vpn id 1:1 route-target both 1:1 ! ip vrf VPNB description VPNB rd 1:2 vpn id 1:2 route-target both 1:2 ! router bgp 1 ! address-family ipv4 vrf VPNA redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf VPNB redistribute connected redistribute static no auto-summary no synchronization exit-address-family end ! interface GigabitEthernet1/0.100 desc VPNA uplink encapsulation dot1q 100 ip address 10.0.0.1 255.255.255.252 ! interface GigabitEthernet1/0.200 desc VPNB uplink encapsulation dot1q 200 ip address 172.16.10.1 255.255.255.252 ! ip route VPNA 0.0.0.0 0.0.0.0 10.0.0.2 ip route VPNB 0.0.0.0 0.0.0.0 172.16.10.2 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- David Freedman Group Network Engineering david.freed...@uk.clara.net Tel +44 (0) 20 7685 8000 Claranet Group 21 Southampton Row London - WC1B 5HA - UK http://www.claranet.com Company Registration: 3152737 - Place of registration: England All the information contained within this electronic message from Claranet Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] n5k caches usernames logged in
I noticed that when a remote user logs into a n5k and then logs out, the show user-account command still displays the user credentials. Waiting for some time or clearing manually the user from config mode (?), fixes the above. Is there a timer for such cached entries that can be changed? Is it possible to disable this caching? -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] n5k caches usernames logged in
What version of nxos? I noticed that when a remote user logs into a n5k and then logs out, the show user-account command still displays the user credentials. Waiting for some time or clearing manually the user from config mode (?), fixes the above. Is there a timer for such cached entries that can be changed? Is it possible to disable this caching? -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] n5k caches usernames logged in
Tassos, - It also holds onto a lot of logs, and configuration commands, even long after one has cleared them. - Configuration mode and enable mode share a common command buffer, so in config mode hitting up arrow gets you conf t and show whatever along with previous config commands, and in enable mode hitting up arrow still gets you config bits from the previous configuration attempt. - The terminal is pretty rough, it defaults to color-xterm and it seems to be hard coded in terms of how it responds to control sequences. I've not spent much time on in, but it redraws the screen funny, and sometimes you need to move your terminal scroll buffer tab up and down or issue a redraw to get the correct output. Can I suggest termcap or terminfo please? - The command syntax changes from release to release, even more so than IOS. There's a laundry list of other things, but this is what comes to mind before my coffee, Janet On Sun, Sep 19, 2010 at 7:12 AM, Tassos Chatzithomaoglou ach...@forthnet.gr wrote: I noticed that when a remote user logs into a n5k and then logs out, the show user-account command still displays the user credentials. Waiting for some time or clearing manually the user from config mode (?), fixes the above. Is there a timer for such cached entries that can be changed? Is it possible to disable this caching? -- Tassos ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] n5k caches usernames logged in
4.2(1)N2(1) -- Tassos Chris Evans wrote on 19/09/2010 15:21: What version of nxos? I noticed that when a remote user logs into a n5k and then logs out, the show user-account command still displays the user credentials. Waiting for some time or clearing manually the user from config mode (?), fixes the above. Is there a timer for such cached entries that can be changed? Is it possible to disable this caching? -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] n5k caches usernames logged in
Thanks. We are working with ECATS to test 4.2(4) for our 7ks and 4.2(1)n1 for the 5ks. I will bring this up with them. On Sep 19, 2010 9:38 AM, Tassos Chatzithomaoglou ach...@forthnet.gr wrote: 4.2(1)N2(1) -- Tassos Chris Evans wrote on 19/09/2010 15:21: What version of nxos? I noticed that when a remote user logs into a n5k and then logs ou... cisco-nsp mailing list cisco-nsp@puck.nether.net mailto: cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/piperm... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net h... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] AToM/EoMPLS LDP on Sup2/MSFC2/PFC2
I'm looking to potentially use a Sup2 based 6500 as a AToM/EoMPLS PE/LER with customers terminating on various X6248, X6348, X6516 and X6408A ports. Possible? In a perfect world, port based and VLAN based (the implication being that interworking support would need to be there too), in either case, the far end of the VC would be to a NPE-G1 flavored PE/LER of some sort. Google has shown me configuration example of a Sup2 doing SVI based EoMPLS, but that confuses the heck out of me because I know that, for example, in Sup720 land, you can't do SVI based unless you have an ES card or a SIP. If this is true and it does actually work, would this just be the difference between the Sup2 doing it in software vs. the Sup720/ES|SIP doing it in hardware? Hoping some people here have some practical experience one way or the other. Thanks in advance. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM/EoMPLS LDP on Sup2/MSFC2/PFC2
Jason, It has been a few years since I have seen SUP2, but I hope I remember the details... Sup2 does not support any MPLS based services natively, and the only way to get MPLS to work on SUP2 is to use an OSM module to terminate the services on (not just core facing - the whole thing). With SUP720 you can do native MPLS (without any special line cards) for L3 VPN and port/sub-if based L2VPN (not SVI). For SVI based, as well as EVC based MPLS services you need ES/ES+ modules. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jason Lixfeld Sent: Sunday, September 19, 2010 17:26 To: cisco-nsp@puck.nether.net Subject: [c-nsp] AToM/EoMPLS LDP on Sup2/MSFC2/PFC2 I'm looking to potentially use a Sup2 based 6500 as a AToM/EoMPLS PE/LER with customers terminating on various X6248, X6348, X6516 and X6408A ports. Possible? In a perfect world, port based and VLAN based (the implication being that interworking support would need to be there too), in either case, the far end of the VC would be to a NPE-G1 flavored PE/LER of some sort. Google has shown me configuration example of a Sup2 doing SVI based EoMPLS, but that confuses the heck out of me because I know that, for example, in Sup720 land, you can't do SVI based unless you have an ES card or a SIP. If this is true and it does actually work, would this just be the difference between the Sup2 doing it in software vs. the Sup720/ES|SIP doing it in hardware? Hoping some people here have some practical experience one way or the other. Thanks in advance. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] n5k caches usernames logged in
4.2.6 is recommended for vPC deployments. Has some of the new features that were included in 5.0 release. Sent from my iPhone On Sep 19, 2010, at 10:32 AM, Chris Evans chrisccnpsp...@gmail.com wrote: Thanks. We are working with ECATS to test 4.2(4) for our 7ks and 4.2(1)n1 for the 5ks. I will bring this up with them. On Sep 19, 2010 9:38 AM, Tassos Chatzithomaoglou ach...@forthnet.gr wrote: 4.2(1)N2(1) -- Tassos Chris Evans wrote on 19/09/2010 15:21: What version of nxos? I noticed that when a remote user logs into a n5k and then logs ou... cisco-nsp mailing list cisco-nsp@puck.nether.net mailto: cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/piperm... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net h... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unexplainable packet loss
On Sun, Sep 19, 2010 at 2:36 AM, ML m...@kenweb.org wrote: On 9/18/2010 6:28 AM, Heath Jones wrote: Hi Firstly, when you say packet loss, what are you referring to? Is it just the icmp traffic, or are customers reporting faults with non icmp traffic or...? Is the 'internet gateway' the 7609 pictured on the diagram? Its pretty unlikely, but worth checking that there are no duplicate mac addresses on the network. A duplicate (of 7609 on mdf side) could cause these symptoms. You could swap out the RAD with your own device for testing.. I don't think that standard icmp tests will identify the problem though. If what the engineer said is true, then you really need to be pushing some traffic down to see it. (load related issue) 'Another engineer tells me that when our customers traffic is removed from the picture the packet loss goes away' The first thing though - what is the packet loss? The customer is reporting a problem. They have an outside IT service that monitors a firewall/VPN solution for them. We never went into detail about what kind of packetloss they are seeing since the problem appears to be on our side/our upstream. Yes the 'internet gateway' is the 7609. The 7609 is the device with the L3 interface we use as a default route. ICMP packetloss anywhere from 1-5% when a set of 1000 pings are sent from MDF to 7609 L3 interface. What happens when they stop pinging your 7609 and start pinging their own device (on the other side) of the link? It can easily happen that somebody else is pinging the 7609 too, resoluting in some CPU MLS rate-limiter (show mls rate-limit, show mls rate-limit usage) kicking into action, dropping your ICMP reply packets. -pavel ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] n5k caches usernames logged in
A lot of the bugs found in our Cisco ECATS testing aren't going to be fixed in 4.2(6) so we are skipping that release. There are no big show stoppers with 4.2(4) so we are pushing forward with that. 4.2(8) is our next maintenance release. Once on that code we will be there a while until 5.2 comes out. On Sun, Sep 19, 2010 at 2:48 PM, Ryan Hughes rshug...@gmail.com wrote: 4.2.6 is recommended for vPC deployments. Has some of the new features that were included in 5.0 release. Sent from my iPhone On Sep 19, 2010, at 10:32 AM, Chris Evans chrisccnpsp...@gmail.com wrote: Thanks. We are working with ECATS to test 4.2(4) for our 7ks and 4.2(1)n1 for the 5ks. I will bring this up with them. On Sep 19, 2010 9:38 AM, Tassos Chatzithomaoglou ach...@forthnet.gr wrote: 4.2(1)N2(1) -- Tassos Chris Evans wrote on 19/09/2010 15:21: What version of nxos? I noticed that when a remote user logs into a n5k and then logs ou... cisco-nsp mailing list cisco-nsp@puck.nether.net mailto: cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/piperm... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net h... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] netflow tools
Hello, Anyone know of any netflow collector tools that can filter the data based on ASN? The majority tools I have tried filter based on IP address, IP group, domain name etc. Looking for something that can show me x amount of traffic from asn124 and so on etc -- --sharlon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] netflow tools
flowscan by Dave Plonka can do this. -- Regards, Ge Moua Network Design Engineer University of Minnesota | OIT - NTS 2218 University Ave SE Minneapolis, MN 55414-3029 Email: moua0...@umn.edu | Office: 612.626.2779 -- On 9/19/10 6:01 PM, Sharlon R. Carty wrote: Hello, Anyone know of any netflow collector tools that can filter the data based on ASN? The majority tools I have tried filter based on IP address, IP group, domain name etc. Looking for something that can show me x amount of traffic from asn124 and so on etc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] netflow tools
flow-tools does this, though I would suspect others do as well, since the data is in the 'full' export if you're doing BGP (check to see if you're getting the AS information to begin with.) Check out: http://code.google.com/p/flow-tools Also check out FlowViewer, the companion web front-end (it will allow you to do quick AS filtering, including short-term graphs, and RRDtool based long-term graphs): http://ensight.eos.nasa.gov/FlowViewer Joe | | From: | | --| |Sharlon R. Carty m...@sharloncarty.net | --| | | To:| | --| |cisco-nsp@puck.nether.net | --| | | Date: | | --| |09/19/2010 07:10 PM | --| | | Subject: | | --| |[c-nsp] netflow tools | --| Hello, Anyone know of any netflow collector tools that can filter the data based on ASN? The majority tools I have tried filter based on IP address, IP group, domain name etc. Looking for something that can show me x amount of traffic from asn124 and so on etc -- --sharlon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Peering with new client for vrf's
Hi, Thanks for the reply Well, if this is a customer of your's and security is of a concern, you just want to provision multiple (sub)-interfaces, one per VRF you want to send over. More scalable Inter-AS options (RFC 4364, chapter 10b and 10c) assume a level of trust between the parties, so I'm not sure this is a deployment I would consider with a customer. Our usual implementation is subint per-vrf to client, but this particular client is wanting to scale upwards of 1000 vrf's...so bgp peering seemed a better option? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] n5k caches usernames logged in
On 19/09/2010, at 10:12 PM, Tassos Chatzithomaoglou wrote: I noticed that when a remote user logs into a n5k and then logs out, the show user-account command still displays the user credentials. Waiting for some time or clearing manually the user from config mode (?), fixes the above. Is there a timer for such cached entries that can be changed? Is it possible to disable this caching? i'm not sure why you feel this to be an issue? if the user is provided from AAA then the AAA server will still be consulted for the authentication/authorization/roles etc. On 19/09/2010, at 10:56 PM, Janet Plato wrote: - It also holds onto a lot of logs, and configuration commands, even long after one has cleared them. this is a benefit of a platform with lots of RAM and storage. - Configuration mode and enable mode share a common command buffer, so in config mode hitting up arrow gets you conf t and show whatever along with previous config commands, and in enable mode hitting up arrow still gets you config bits from the previous configuration attempt. while this is different from IOS, i'm not sure why i see this as a problem? those 'show' commands can be used in config-mode without any do command, so they are just as relevant. - The terminal is pretty rough, it defaults to color-xterm and it seems to be hard coded in terms of how it responds to control sequences. I've not spent much time on in, but it redraws the screen funny, and sometimes you need to move your terminal scroll buffer tab up and down or issue a redraw to get the correct output. Can I suggest termcap or terminfo please? the terminal will negotiate to whatever your telnet/ssh client provides. if its pretty rough and defaults to color-xterm then thats a function of what your client is providing. from ssh via Mac/OSX i get a default of vt100. - The command syntax changes from release to release, even more so than IOS. i'm not sure i agree with this part. there is little that 'changes' in the CLI release to release. we stick by the same rules as IOS, as in thou shalt not change defaults once set. cheers, lincoln. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] netflow tools
Havent used it, but Stager looks like it can do that. http://software.uninett.no/stager/wiki/USERDOC#SelectingReport Oliver -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Sharlon R. Carty Sent: Monday, 20 September 2010 9:02 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] netflow tools Hello, Anyone know of any netflow collector tools that can filter the data based on ASN? The majority tools I have tried filter based on IP address, IP group, domain name etc. Looking for something that can show me x amount of traffic from asn124 and so on etc -- --sharlon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM/EoMPLS LDP on Sup2/MSFC2/PFC2
Just to recap, as I think I wrote it not clear enough... For L3VPN you can do port/subif/SVI with SUP720 and no additional HW. For L2VPN (p2p) you can do port/subif (aka EoMPLS) with SUP720 and no additional HW. For L2VPN on SVI (p2p) and VPLS we need ES modules. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Arie Vayner (avayner) Sent: Sunday, September 19, 2010 18:33 To: Jason Lixfeld; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM/EoMPLS LDP on Sup2/MSFC2/PFC2 Jason, It has been a few years since I have seen SUP2, but I hope I remember the details... Sup2 does not support any MPLS based services natively, and the only way to get MPLS to work on SUP2 is to use an OSM module to terminate the services on (not just core facing - the whole thing). With SUP720 you can do native MPLS (without any special line cards) for L3 VPN and port/sub-if based L2VPN (not SVI). For SVI based, as well as EVC based MPLS services you need ES/ES+ modules. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jason Lixfeld Sent: Sunday, September 19, 2010 17:26 To: cisco-nsp@puck.nether.net Subject: [c-nsp] AToM/EoMPLS LDP on Sup2/MSFC2/PFC2 I'm looking to potentially use a Sup2 based 6500 as a AToM/EoMPLS PE/LER with customers terminating on various X6248, X6348, X6516 and X6408A ports. Possible? In a perfect world, port based and VLAN based (the implication being that interworking support would need to be there too), in either case, the far end of the VC would be to a NPE-G1 flavored PE/LER of some sort. Google has shown me configuration example of a Sup2 doing SVI based EoMPLS, but that confuses the heck out of me because I know that, for example, in Sup720 land, you can't do SVI based unless you have an ES card or a SIP. If this is true and it does actually work, would this just be the difference between the Sup2 doing it in software vs. the Sup720/ES|SIP doing it in hardware? Hoping some people here have some practical experience one way or the other. Thanks in advance. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/