Re: [c-nsp] IOS XR ACL match host routes
Naah alright that's just me being stupid :) I should have listened to my common sense saying using acl for this function sounds stupid and I should have tried prefix-list. I shouldn't have trusted the router when it came up with: (config-isis-af)#spf prefix-priority high ? WORD Access-list name tag Specify a tag to indicate priority Thanks Mikael adam -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Wednesday, December 05, 2012 7:46 AM To: Adam Vitkovsky Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IOS XR ACL match host routes On Tue, 4 Dec 2012, Adam Vitkovsky wrote: I have tried the ussual: permit ipv4 10.0.0.0 0.255.255.255 host 255.255.255.255 -to match for the host and mask portion -like we all did before there where prefix lists But it doesn't work ipv4 prefix-list name 10 permit 10.0.0.0/0 eq 32 -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ip unnumbered
On Dec 5, 2012, at 3:57 AM, zaid wrote: hi I can't access the internet when config ip unnumbered on the subinterface, any idea this is my config interface Loopback1 ip address x.x.x.x 255.255.255.255 Is that really the subnet you're using? If so, what IP are you giving the device on vlan 44? interface GigabitEthernet1/13.15 encapsulation dot1Q 44 ip unnumbered Loopback1 If you keep this the same and give the loopback a mask that allows for more than one IP, it should work as long as you add a route pointing to the interface. This is very similar to the old dsl termination configs actually. An example based on something we have setup and working: in loopback 1 ip address 10.1.1.1 255.255.255.0 in gi1/0.102 encaps dot1q 102 ip unnumbered loop 1 ip route 10.1.1.2 255.255.255.255 gi1/0.102 The device off that vlan would have an IP of 10.1.1.2/24, gateway of 10.1.1.1. Here's some info: http://blog.ioshints.info/2010/02/unnumbered-ethernet-vlan-interfaces.html http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtunvlan.html Charles ip ospf 1 area * ping the internet with loopback 1 as as source working * my pc is the same ip of loopback 1 HZ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IPv6 QOS Remarking Issue
Hi Folks, Below is my IPv6 configurations about MQC: ipv6 access-list FTPV6 permit tcp any any eq ftp class-map match-all FTPV6 match access-group name FTPV6 policy-map test class FTPV6 set dscp cs7 interface TenGigabitEthernet9/1 ip address 2.2.2.254 255.255.255.0 load-interval 30 ipv6 address 2002::254/64 service-policy input test STC-7609--STC Sending the traffic from STC port 1/1 to ten9/1 in 7609 ES+ 20G line card, receiving traffic in STC port 1/2 through interface ten 9/1 in 7609 ES-20G line card. Traffic sent from STC is TCP traffic. Now the issue is IPv6 traffic cannot match through checking command show policy-map inter ten 9/1, even the class-default also don't have. Do i miss any configurations, or miss understanding anything? Will appreciate for any inputs. Thanks and regards, Hu Xu ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA5510 in transparent with multiple subnets
Hi Lee, You can configure multiple bridge-group to accomodate additional network in ASA 5500. please refer to http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_complete_transparent.html#wp1321196 regards, Rano From: Ge Moua moua0...@umn.edu To: cisco-nsp@puck.nether.net Sent: Saturday, 1 December 2012, 23:24 Subject: Re: [c-nsp] ASA5510 in transparent with multiple subnets You should be able to do transparent mode, multiple interfaces. -- Regards, Ge Moua moua0...@umn.edu Univ of Minn Alumnus -- On 11/30/12 5:33 PM, Lee Starnes wrote: Hello everyone, I was looking through documentation for the ASA5510 as we have a client who is running one in transparent mode. They need to add an additional IP block to their network and from what I am able to gather, it looks like you can not add a second /28 to their network configuration. Am I reading this correctly? Thanks, -Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] async HWIC to female rj45?
On (2012-11-30 13:13 +0100), Gert Doering wrote: What we did was: get octopus, intern, crimp equipment, put octopus cable on patch panel. The cisco octopusses are quite expensive. Is there 3rd party vendor for 4xassync smart serial and to the 8xoctopus HWIC side connectors, so we could build directly cisco console wired RJ45 to the other end (want to avoid adapters. I want to connect straight cat5) -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IP cef load
hi all I can't get fair load balanced over parallel equal path even if I use mls ip cef load-sharing full simple to include L4 on 7606 / 720 3cxl any helpful info plz ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP cef load
How many links? load sharing is done in hardware and it can't do perfectly equal load sharing for links of a power of 2. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IP SLA issue
Hi All, I have a very simple configuration I am having problem with. track 2 rtr 1 reachability ! ip sla 1 icmp-echo 10.1.18.49 source-ip 10.0.254.30 timeout 500 frequency 3 ip sla schedule 1 life forever start-time now ! ip route 0.0.0.0 0.0.0.0 10.0.254.25 50 track 2 ip route 0.0.0.0 0.0.0.0 10.0.254.17 80 ! Sometimes even if i can ping 10.1.18.49 with the source ip of 10.0.254.30 successfully but that track says its down. what could be the reason. Switch is Cisco WS-C3550-24. Regards, *Ali Sumsam CCIE* *Network Engineer - Level 3* eintellego Pty Ltd a...@eintellego.net ; www.eintellego.net Phone: 1300 753 383 ; Fax: (+612) 8572 9954 Cell +61 (0)410 603 531 facebook.com/eintellego PO Box 7726, Baulkham Hills, NSW 1755 Australia The Experts Who The Experts Call Juniper - Cisco – Brocade - IBM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP SLA issue
On 12/5/12 9:10 PM, Ali Sumsam wrote: Hi All, I have a very simple configuration I am having problem with. track 2 rtr 1 reachability ! ip sla 1 icmp-echo 10.1.18.49 source-ip 10.0.254.30 timeout 500 frequency 3 ip sla schedule 1 life forever start-time now ! ip route 0.0.0.0 0.0.0.0 10.0.254.25 50 track 2 ip route 0.0.0.0 0.0.0.0 10.0.254.17 80 ! Sometimes even if i can ping 10.1.18.49 with the source ip of 10.0.254.30 successfully but that track says its down. what could be the reason. A single missed ping or high CPU causing latency 500 ms could be two reasons. Try: track 2 rtr 1 reachability delay down 10 up 60 This will require three consecutive missed pings (at frequency 3) to flag the primary route down, about 10 seconds, and require it to be up for 60 seconds before declaring it good. For serial links and the like this will prevent nuisance flapping while ensuring that a marginal link stays down. Tweak as needed for relatively rapid detection of a down link and ensuring stability before cutting back. If you want failover within three or four seconds, increase frequency to 1 and change delay down to 3 or 4, for example. show track 2 and show ip sla statistics 1 detail may give more info on what is going on in your particular case. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/