Re: [c-nsp] Regain CLI access with snmp sets?
Hi, snmpset -v 2c -c community target host OLD-CISCO-SYS-MIB::netConfigSet.tftp-server s config-file And tftp-server is dotted decimal. And config-file is a path relative to you TFTP root. Example: snmpset -v 2c -c private 192.0.2.10 OLD-CISCO-SYS-MIB::netConfigSet.192.0.2.50 s new-config.text yes, have happily used this method to update the configuration of remote switches alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] nexus material and coloured CWDM 10G SFP+
Recently we started using CWDM coloured 10G SFP+ interfaces (smartoptics) on our campus network (in 4900M with OneX convertors). This works just fine although Cisco probably will tell us that is not supported... I'm wondering if someone already did the same thing on nexus 5xxx switches, especially 5010 and 5548. We are planning to build a new backbone between different datacenters based on nexus material (5010 in 2 remote datacenters, 5548 in the central datacenter). We could use the transponders of our CWDM vendor and use local SR SFP+ interfaces but these transponders cost about 3x times more than coloured SFP+ interfaces (and these don't com cheap). Using coloured SFP+ interfaces moves control/monitoring of the fiber losses to the end device but we can live with that. Second question : can you read out fiber losses on a nexus ? (cfr show int transc in IOS) Greetings, Wim Holemans Netwerkdienst Universiteit Antwerpen Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] etherchannel load-balancing WS-X6708 issue
Hi, I'm trying to establish 40 Gbps redundant cirle using a pair of 6500 and 7600 boxes equipped with X6708 cards as shown below - _ _ || Te1/2 --||/// | core | Te1/1 --| edge-2 |// | 7600-1 | Te1/5 -Po1--||/ |_ __| Te1/6 --|| 3 4 7 8 | | | | | Po3 | | | | | | | | | __2_1_5_6__ _ | | Te2/3 --|| | core | Te2/4 --| edge-1 |\ | 6500-1 | Te2/7 -Po1--||\\ |_| Te2/8 --||\\\ There is one WS-X6708 in each core box which should be dedicated to this 'circle'. (Besides it there are of course other 670x for custs). I believe I have quite good knowledge of 6708 DFC architecture and it's limitations (16 Gbps for pairs of ports, 20 Gbps for each two pairs). Primary box is 6500-1 (several hunderd Vlans and SVI's) and under standard circumstances Po1 is the only path utilized, but even if I freak out, I am not able to push more than aproximately 25 Gbps from 6500 over Po3 to edge-2. My initial guess was bad port assignment and therefore not utilized local switching.. The pairs which can utilize the local-switching (so 16*4..64 Gbps) should be following 2-3, 1-4, 5-7, 6-8 The major problem which I can not beat (and maybe it's a dead end for me) is the system how IOS decides which ports will be assigned to 0-7 ID's used in etherchannel load balancing algorithm. As I observed, it absolutely depends on a sequence of adding/removing ports from/to an etherchannel. Let's say I have created 40Gbps Po3 on 6500 and IOS made following divison - Te2/2 would be used for traffic with RBH 0x0, 0x5 Te2/1 would be used for traffic with RBH 0x3, 0x7 Te2/5 would be used for traffic with RBH 0x6, 0x2 Te2/5 would be used for traffic with RBH 0x4, 0x1 ! BUT ! Po1 on 7600-1 has absolutely different traffic pattern computed! Te1/2 would be used for traffic with RBH 0x7, 0x2 Te1/1 would be used for traffic with RBH 0x6, 0x1 Te1/5 would be used for traffic with RBH 0x3, 0x4 Te1/5 would be used for traffic with RBH 0x0, 0x5 And everytime I shut/unshut some bundled port, this changes :-). As soon as I don't have the same values on both boxes, local switching is not used.. I hope I expressed the least bit comprehensibly.. Any thoughts are really appreciated! Regards, Jiri Prochazka ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Regain CLI access with snmp sets?
Anybody would have a working recipe for routers, specialy 7200? I've been trying the ones posted at Cisco (specially the one where you need several commands) but the final activate command gets an error response... Enviado via iPhone Em 08/09/2011, às 18:44, Mike mike-cisconspl...@tiedyenetworks.com escreveu: Hello, I am sure this can be done and am calling on my fellows to help light the way! I have a cisco 2970 switch newly installed in a remote, inaccessible location that presently lacks OOB serial access. Due to a config error, I cannot telnet into the unit due to missing config elements: Escape character is '^]'. Password required, but none set Connection closed by foreign host. I do have, however, a writable snmp community string. So I am wondering if it would be possible to update the running config using snmp in order to give me telnet access to this unit? It would beat a trip back out there and would serve my cisco education well too. So how about it, any takers? Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PVLAN Promiscuous Trunk on 6500
Hi, can anybody confirm if PVLAN Promiscuous Trunk Port is supported on the 6500 platform? I know it is supported on the 4500, and that it is NOT supported on the 3750, but I had the impression it was supported on the 6500, but it does not accept the command switchport mode private-vlan trunk promiscuous. Also, if it does not support, would I be able to use Private Host instead? Regards, Persio ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] nexus material and coloured CWDM 10G SFP+
holemans -- via 'sh int ex/y trans det' one can scrape the dom information from the pluggable, assuming the pluggable supports dom. regards, q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Sep 9, 2011, at 2:24, Holemans Wim wim.holem...@ua.ac.be wrote: Recently we started using CWDM coloured 10G SFP+ interfaces (smartoptics) on our campus network (in 4900M with OneX convertors). This works just fine although Cisco probably will tell us that is not supported... I'm wondering if someone already did the same thing on nexus 5xxx switches, especially 5010 and 5548. We are planning to build a new backbone between different datacenters based on nexus material (5010 in 2 remote datacenters, 5548 in the central datacenter). We could use the transponders of our CWDM vendor and use local SR SFP+ interfaces but these transponders cost about 3x times more than coloured SFP+ interfaces (and these don't com cheap). Using coloured SFP+ interfaces moves control/monitoring of the fiber losses to the end device but we can live with that. Second question : can you read out fiber losses on a nexus ? (cfr show int transc in IOS) Greetings, Wim Holemans Netwerkdienst Universiteit Antwerpen Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PVLAN Promiscuous Trunk on 6500
AFAIK this was only on CatOS for 6500 so not much useful right now. The private host feature applies vlan tag to the ingress traffic of the access port (not trunk), the private trunk does ingress traffic tag swap of multiple vlans coming in via trunk. So, if you have lot of free ports you might be able to cable-loop 2 ports per each vlan and use private host feature to swap the tags. Not saying I would do this -pavel On Fri, Sep 9, 2011 at 3:10 PM, Persio Pucci per...@gmail.com wrote: Hi, can anybody confirm if PVLAN Promiscuous Trunk Port is supported on the 6500 platform? I know it is supported on the 4500, and that it is NOT supported on the 3750, but I had the impression it was supported on the 6500, but it does not accept the command switchport mode private-vlan trunk promiscuous. Also, if it does not support, would I be able to use Private Host instead? Regards, Persio ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Regain CLI access with snmp sets?
If you don't mind a little bit of perl work. I use a script based on the Cisco::CopyConfig perl module to TFTP config snippets up to a cisco router or switch. This is the method I use when I SNMP access but not SSH/Telnet. http://search.cpan.org/~eug/Cisco-CopyConfig/CopyConfig.pm Thank You Daniel Bielawa Network Engineer Liberty University Network Services (434)592-7987 LIBERTY UNIVERSITY 40 Years of Training Champions for Christ: 1971-2011 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Persio Pucci Sent: Friday, September 09, 2011 8:54 AM To: Mike Cc: Cisco-nsp Subject: Re: [c-nsp] Regain CLI access with snmp sets? Anybody would have a working recipe for routers, specialy 7200? I've been trying the ones posted at Cisco (specially the one where you need several commands) but the final activate command gets an error response... Enviado via iPhone ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
Hi, On Fri, Sep 09, 2011 at 01:31:06AM -0400, Jay Nakamura wrote: I have been wondering lately, what advantages do ASA have over ISR as a firewall on the low end? As just one stand alone firewall, what features are there for ASA that distinguishes itself? Often, I rather have an ISR over an ASA so I have more flexibility in a budget environment. It has FIREWALL!! painted on the front cover, and will not do dynamic routing. And the NAT is much more interesting, and the way fixup helpers damage perfectly reasonable communications... Mmmh. This certainly doesn't read as if I like PIXen. Wonder why. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpDJksVEilsz.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
Gert, I understand where this comes from, but the ASA is a bit more modern then the PIXen. 1) It now does dynamic routing (RIP, OSPF, EIGRP) 2) Nat (as of 8.3+) is now normal 3) The inspect feature still has issues but is necessary for many protocols and is implemented very similar on the ZBFW in ios. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Gert Doering Sent: Friday, September 09, 2011 11:05 AM To: Jay Nakamura Cc: cisco-nsp Subject: Re: [c-nsp] ASA vs ISR ZBFW Hi, On Fri, Sep 09, 2011 at 01:31:06AM -0400, Jay Nakamura wrote: I have been wondering lately, what advantages do ASA have over ISR as a firewall on the low end? As just one stand alone firewall, what features are there for ASA that distinguishes itself? Often, I rather have an ISR over an ASA so I have more flexibility in a budget environment. It has FIREWALL!! painted on the front cover, and will not do dynamic routing. And the NAT is much more interesting, and the way fixup helpers damage perfectly reasonable communications... Mmmh. This certainly doesn't read as if I like PIXen. Wonder why. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu- muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
Hi, On Fri, Sep 09, 2011 at 11:17:39AM -0400, Matthew Huff wrote: I understand where this comes from, but the ASA is a bit more modern then the PIXen. 1) It now does dynamic routing (RIP, OSPF, EIGRP) ... but still no BGP, which is undoubtly *the* routing protocol that you want to use if you don't trust your neighbours (due to much better filtering support) - and firewall environment is usually all about not trusting. 2) Nat (as of 8.3+) is now normal Hooray :-) (Can you do firewalling without NAT these days without configuring external-to-internal permits as please do NAT from X to X?) 3) The inspect feature still has issues but is necessary for many protocols and is implemented very similar on the ZBFW in ios. Just last week I had a customer call due to weird issues with passive FTP is not working right... but indeed that might have been an older firmware release. OTOH, I never said the PIX/ASAs are *bad*... there's much worse evil on the market :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpEnO2NF5AtW.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
... but still no BGP, which is undoubtly *the* routing protocol that you want to use if you don't trust your neighbours (due to much better filtering support) - and firewall environment is usually all about not trusting. I prefer to keep my BGP routing and firewall on separate boxes especially since full routes take quite a bit of CPU and memory. But I can see why it would be nice to keep it on the same box. (Can you do firewalling without NAT these days without configuring external-to-internal permits as please do NAT from X to X?) Yes, a simple acl works now Just last week I had a customer call due to weird issues with passive FTP is not working right... but indeed that might have been an older firmware release. Hmm, would it happen to have including a NetBSD or OpenBSD box? There have been some issues with some of the new FTP verbs (especially EPSV). Some ftp clients use the new EPSV verb without failing back correctly to PASV even over ipv4 connections (RFC2428). I've run into this a few times especially with older cisco load balancers. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: Gert Doering [mailto:g...@greenie.muc.de] Sent: Friday, September 09, 2011 11:24 AM To: Matthew Huff Cc: 'Gert Doering'; 'Jay Nakamura'; 'cisco-nsp' Subject: Re: [c-nsp] ASA vs ISR ZBFW Hi, On Fri, Sep 09, 2011 at 11:17:39AM -0400, Matthew Huff wrote: I understand where this comes from, but the ASA is a bit more modern then the PIXen. 1) It now does dynamic routing (RIP, OSPF, EIGRP) ... but still no BGP, which is undoubtly *the* routing protocol that you want to use if you don't trust your neighbours (due to much better filtering support) - and firewall environment is usually all about not trusting. 2) Nat (as of 8.3+) is now normal Hooray :-) (Can you do firewalling without NAT these days without configuring external-to-internal permits as please do NAT from X to X?) 3) The inspect feature still has issues but is necessary for many protocols and is implemented very similar on the ZBFW in ios. Just last week I had a customer call due to weird issues with passive FTP is not working right... but indeed that might have been an older firmware release. OTOH, I never said the PIX/ASAs are *bad*... there's much worse evil on the market :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu- muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
On Fri, Sep 09, 2011 at 05:23:59PM +0200, Gert Doering wrote: 1) It now does dynamic routing (RIP, OSPF, EIGRP) ... but still no BGP, which is undoubtly *the* routing protocol that you want to use if you don't trust your neighbours (due to much better filtering support) - and firewall environment is usually all about not trusting. This exact limitation is why everytime I deploy firewalls these days there tends to be some form of L3 switch on either side just so I have something to run BGP on and just do eBGP multihop across the ASA. Colin -- Colin Whittaker +353 (0)86 8211 965 http://colin.netech.ie co...@netech.ie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
Hi, On Fri, Sep 09, 2011 at 11:33:37AM -0400, Matthew Huff wrote: Just last week I had a customer call due to weird issues with passive FTP is not working right... but indeed that might have been an older firmware release. Hmm, would it happen to have including a NetBSD or OpenBSD box? There have been some issues with some of the new FTP verbs (especially EPSV). Some ftp clients use the new EPSV verb without failing back correctly to PASV even over ipv4 connections (RFC2428). I've run into this a few times especially with older cisco load balancers. Most likely it was one of those pesky clients using a FTP command that has been standardized about 13 years ago... (And when client and server supports it, how should the client know that there is a middleware device in between that fails to follow 13-year-old RFCs, and might cause breakage, and it might be necessary to fall back to old-style commands? It's not like there was any indication of the problem, the PIX just failed to properly open the data port...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpywn0G9D685.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
On 09/09/2011 16:51, Colin Whittaker wrote: This exact limitation is why everytime I deploy firewalls these days there tends to be some form of L3 switch on either side just so I have something to run BGP on and just do eBGP multihop across the ASA. i'm tending to run a local ospf instance on the fw-router link and then redistributing from ospf-bgp on the next-hop router. Really it would be much better to have fw support for bgp, but the ASA is such an enterprise box that they don't understand why there might be an advantage to using anything other than eigrp. sigh. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sup7 port availability
No, I'm pretty sure you only get the use of 2 of those ports on each with redundant sup7's I don¹t have docs to reference as I'm remembering this from a recent product walkthrough with Cisco On 9/9/11 8:38 AM, Edward Beheler ebehe...@tippecanoe.in.gov wrote: I have a 4510R+E chassis with a sup7, which has 4 SFP+ ports. If I add another sup7 for redundancy, can I use the 4 SFP+ ports on it, and have 8 nonredundant SFP+ ports? I've found documentation that you can do that with a sup 6-E, but the document doesn't have an update for the sup7. http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/prod_whi te_paper0900aecd806ed38a.html Ed Beheler Network Administrator, CCNA Tippecanoe County MITS 765-423-9762 / x4705 www.tippecanoe.in.govhttp://www.tippecanoe.in.gov ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router performance PDF
ASR numbers would be interesting too. Mack -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Josh Farrelly Sent: Thursday, September 08, 2011 9:29 PM To: Jay Nakamura; cisco-nsp Subject: Re: [c-nsp] Router performance PDF There is an ISR G2 overview here, though I'm not sure if it's any help to you? http://www.anticisco.ru/pubs/ISR_G2_Perfomance.pdf -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jay Nakamura Sent: Friday, 9 September 2011 8:29 a.m. To: cisco-nsp Subject: [c-nsp] Router performance PDF The last update to the Cisco router performance PDF seems to be November 2009. Has Cisco released any new sheet since then? There are couple routers missing and it's always a nice guide to compare performance. I can't seem to find anything useful. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Basic IOS questions
Hi, I have some questions that came up while working with Cisco 7600/6500 boxes first weeks. Maybe you guys have some hints for me. order of sh log: Is there a way to show the latest entries first instead of scrolling down to the end ? ssh timeouts: I would like to disable the console timeout for ssh sessions. I.e. the sessions should only be closed if the ssh tcp-connection has a timeout. I tried a few commands that sounded like timeout but none worked. OSPF IPv6 documentation: several documentation tells me to use router ospfv3 to setup OSPF for IPv6 but it is not available in the cli. I could setup OSPF with ipv6 router ospf at least similar to the v4 version. Did that replace router ospfv3 or why can I not enter it ? OSPFv6 costs: How can I see the costs of an OSPF v6 route ? sh ip route shows an entry forward metric but sh ipv6 route shows nothing similar. Software used: 6500: 12.2(33)SXJ 7600: 15.1(2)S kind regards Rolf Hanßen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Basic IOS questions
Show log: If you are trying to get the current day logs you can use sh log | inc Sep 9 (notice the two spaces since there is no zero and day is two digits) Ssh timeouts: The command you are looking for is exec-timeout this has to be applied to the individual vty lines. Osfp ipv6: Yes they replaced router ospfv3 with ipv6 router ospf OSPF metric: Example 1: Show ipv6 route | inc ^O O 2001:::::/64 [110/49] The admin distance is 110 and metric is 49 Example 2: sh ipv6 route 2001:::::/64 Routing entry for 2001:::::/64 Known via ospf , distance 110, metric 49, type intra area Same admin distance and metric Unless there are changes in those code revisions that effect the show ipv6 route they should be the same. Mack -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rolf Hanßen Sent: Friday, September 09, 2011 3:51 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Basic IOS questions Hi, I have some questions that came up while working with Cisco 7600/6500 boxes first weeks. Maybe you guys have some hints for me. order of sh log: Is there a way to show the latest entries first instead of scrolling down to the end ? ssh timeouts: I would like to disable the console timeout for ssh sessions. I.e. the sessions should only be closed if the ssh tcp-connection has a timeout. I tried a few commands that sounded like timeout but none worked. OSPF IPv6 documentation: several documentation tells me to use router ospfv3 to setup OSPF for IPv6 but it is not available in the cli. I could setup OSPF with ipv6 router ospf at least similar to the v4 version. Did that replace router ospfv3 or why can I not enter it ? OSPFv6 costs: How can I see the costs of an OSPF v6 route ? sh ip route shows an entry forward metric but sh ipv6 route shows nothing similar. Software used: 6500: 12.2(33)SXJ 7600: 15.1(2)S kind regards Rolf Hanßen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Best IOS train for GSR128xx/PRP-2
Howdy, I know the age of this router almost makes this an off-topic post =) I was wondering which version the few remaining folks that are running these beasts have found to be stable? Last I heard for straight IOS 12.0(33)S (latest number) was the best, are you guys finding this still to be true? thanks, -Drew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Regain CLI access with snmp sets?
On 9/9/11, Persio Pucci per...@gmail.com wrote: Anybody would have a working recipe for routers, specialy 7200? I've been trying the ones posted at Cisco (specially the one where you need several commands) but the final activate command gets an error response... echo processing $DEV echo delete row 3 $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyEntryRowStatus.3 i 6 echo create row 3 wait $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyEntryRowStatus.3 i 5 $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyProtocol.3 i 1 # use tftp $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopySourceFileType.3 i 1 # 1=networkFile 3=startupConfig 4=runningConfig $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyDestFileType.3 i 4 # 1=networkFile 3=startupConfig 4=runningConfig $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyServerAddress.3 a $TFTPHOST $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyFileName.3 s $FILE $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyNotificationOnCompletion.3 i 1 # 1: true 2: false $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyEntryRowStatus.3 i 1 # make it active echo Done! Regards, Lee Em 08/09/2011, às 18:44, Mike mike-cisconspl...@tiedyenetworks.com escreveu: Hello, I am sure this can be done and am calling on my fellows to help light the way! I have a cisco 2970 switch newly installed in a remote, inaccessible location that presently lacks OOB serial access. Due to a config error, I cannot telnet into the unit due to missing config elements: Escape character is '^]'. Password required, but none set Connection closed by foreign host. I do have, however, a writable snmp community string. So I am wondering if it would be possible to update the running config using snmp in order to give me telnet access to this unit? It would beat a trip back out there and would serve my cisco education well too. So how about it, any takers? Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA vs ISR ZBFW
On Saturday, September 10, 2011 01:16:31 AM Nick Hilliard wrote: i'm tending to run a local ospf instance on the fw-router link and then redistributing from ospf-bgp on the next-hop router. Really it would be much better to have fw support for bgp, but the ASA is such an enterprise box that they don't understand why there might be an advantage to using anything other than eigrp. sigh. Fodder for the ASR1000 BU. The box certainly has the tech. to be a decent-enough firewall, and is obviously a router by all accounts. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/