Re: [c-nsp] ios vs ios-xe: interrface config rate-limit
Hi Mike, You can apply a policy map (which contains a shaper or rate-limiter) in each direction: Cisco-AVPair += ip:sub-qos-policy-in=10Mbps-rate-limit Cisco-AVPair += ip:sub-qos-policy-out=10Mbps-rate-limit policy-map 10Mbps-rate-limit class class-default police 1024 192 384 conform-action transmit exceed-action drop Hope that's useful, Andrew On 10.07.2015 10:21, Mike wrote: Hi, I have an ASR1000 running IOS-XE 3.10.5S configured to terminate PPPoE sessions. It is going to be the upgrade/replacement for a 7201 running 12.2(33)-SRE7. I have discovered that there doesn't seem to be feature pairity between these which prevents some of my account profiles from working properly. Chief among these is that I have rate limiting in my subscriber radius profiles and it looks like this: Cisco-AVPair += lcp:interface-config=rate-limit input 100 18750 37500 conform-action transmit exceed-action drop Cisco-AVPair += lcp:interface-config=rate-limit output 600 1125000 225 conform-action transmit exceed-action drop This establishes a 6mbps download and 1mbps upload speed for that particular user profile, and works like a charm on the 7201. But when I try to establish a PPPoE session on the ASR, under debug, I see that 'rate-limit' is being rejected by the cisco parser and the session doesn't come up because of the errors. So apparently 'rate-limit' isn't a command I can apply to interfaces under IOS-XE. So, question - How do I establish rate limits for PPPoE users under IOS-XE? I haven't seen a good explanation of how it's supposed to work. The cisco documentation talks around the general issue but doesn't actually present a working example and I'm lost. Help! Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vpdn config ?
Hi Oliver, Do you have your AAA configuration in place? aaa authentication ppp default group radius aaa authorization network default group radius You may also need: vpdn tunnel authorization network I think this is required for the router to use the radius-supplied information to set up the outgoing tunnel. Andrew On 20.03.2015 14:11, Olivier CALVANO wrote: Hi thanks for your answer, yes it's a traditionnal LAC/LNS, i receive from my supplier Adsl connection on my router, and i forward it to my final customer (i am wolesaler) i have read your link but on my config, that's don't work. My router receive but don't forward ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco ISR 881
You could be hitting export control limits. The smaller platforms are limited to the throughputs mentioned in your second document in order to meet export control requirements. Only the larger platforms can exceed these amounts with a HSEC license, but unfortunately this license isn't available on the smaller platforms such as the 880 series. Also, you need to half the throughput mentioned in the document, as it lists the aggregate throughput. I.e. 50mbps in both directions = 100mbps (ingress and egress) Have a look at the log of the router when you are performing the test, if you are hitting this limit there should be a log entry indicating this. Cheers, Andrew Jones -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of khagendra dhakal Sent: Wednesday, 30 April 2014 1:51 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] cisco ISR 881 Hi All, I have 2 Cisco 881 router, IOS software C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2) in my lab. I have 1 ra vpn, 2 ipsec vpn and 1 ipsec with gretunnel, eigrp route, and route redistribution NAT and around 100 acl configured on it. and i am trying to simulate maximum internet traffic In Mbps that i can achive with this router ( trying to download file located in host connected to one of the router, assuming i am downloading file from internet),until now i am able to get upto 50Mbps max. I went through cisco white paper and some people view, i am kind of confused. https://supportforums.cisco.com/discussion/11158641/only-30mbs-throughput-cisco881 https://supportforums.cisco.com/sites/default/files/legacy/4/9/0/125094-white_paper_c11_595485.pdf I think i should have download speed upto 100Mbps. really appreciate your prompt help. Regards khagu ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Australia - NBN config on Cisco887
Ideally you'd use a router with an ethernet router port, and then config will depend on how the service is being handled by the wholesaler. It might be as simple as a vlan with an ip address on it, and an access port in that vlan connected to the NBN NTD. Some wholesalers (iSeek, AAPT) require your router to act as a PPPoE client, in which case on an 887 you'd need to put the pppoe-client command on the SVI, rather than the physical port (even though it will accept the config). On 08.04.2014 11:09, Ali Sumsam wrote: Hi All, Any experience of NBN connection on a Cisco 887M, 887VA router? I am looking for a valid configuration. Regards, *Ali Sumsam - *eintellego Networks Pty Ltd Senior Network Engineer a...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)450 609 592 ; skype://sumsam.ali80 facebook.com/eintellegonetworks ; http://twitter.com/networkceoau linkedin.com/in/alisumsam The Experts Who The Experts Call Juniper - Cisco - Cloud ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Update error on Cisco CSC-SSM Module..
Call cisco tac on the phone and ask them to associate your service contract to your cisco.com profile. If you have trouble then ask to escalate to a duty manager, and you should be able to sort it out. Cheers, Andrew Jones -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Howard Leadmon Sent: Monday, 17 February 2014 8:14 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Update error on Cisco CSC-SSM Module.. I have a CSC-SSM-10 module that has been running and kept current with patterns for quite a few years, and in fact has about a year left on the current subscription. About 2 days ago it started emailing me the current error, and even using my google fu I can't seem to find anything on this, so curious is anyone here has run across this issue, and if anyone knows of a fix. Here are the errors I am seeing: AntiVirusPattern : Pattern Update: The download file was unsuccessful for ActiveUpdate was unable to verify security information. The local trusted info database is corrupted. Please contact Trend Micro technical support.. The error code is 62. AntiSpamEngine : Pattern Update: The download file was unsuccessful for ActiveUpdate was unable to verify security information. The local trusted info database is corrupted. Please contact Trend Micro technical support.. The error code is 62. AntiSpamPattern : Pattern Update: The download file was unsuccessful for ActiveUpdate was unable to verify security information. The local trusted info database is corrupted. Please contact Trend Micro technical support.. The error code is 62. So what do I do, write to Cisco TAC, and the response I get is the unit isn't registered to me, which blows my mind as we bought and have been running and buying updates from Cisco now for at least the past 5 years, and now it's not ours, so they won't help. Outside that, I am about ready to toss the sucker in the trash, and buy something from a company that will actually support their stuff if you have a current subscription.. --- Howard Leadmon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AP 2600 series autonomous mode
On 31.05.2013 02:33, Bill Blackford wrote: This may not be the best forum for this question, so my apologies to the list. I am trying to understand the process for converting a new AIR-CAP2602E-E-K9 from LWAPP to stand alone. I have the IOS code renamed as ***.default waiting on a local TFTP host listening on 10.0.0.2. 1. What happens when the mode button is pushed? 2. Assuming the answer to 1. above is the AP will download the IOS code. Will it then restart itself now booting from the IOS image? The documentation I'm finding is not real clear on this part. Thank you for any help, Hi Bill, You need to hold the mode button from boot until the status LED turns red. At that point, yes, it will download and install the IOS from the TFTP server you've set up. Watch the serial console while you do it, it'll help you understand the process better (particularly the exact filename it's looking for). I don't recall whether it reboots by itself after installing the standalone IOS, but I believe it does. Another way of converting the AP to standalone from the console, is to log in as cisco/Cisco, enable, then run 'debug capwap console cli'. At this point you can install the standalone IOS from tftp manually, just like you would an upgrade. Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9k Too Frequent Update on Rancid
On 03.05.2013 03:11, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
We have recently added a new ASR9k into the nerwork. Prior to this
we have other routers running IOS XR namely CRS.
Being IOS XR the config in Rancid are the same for the CRS and also
the ASR9k, however the ASR9k has been chatty reporting changes as
shown below but not the CRS. Is this a common among the ASR9k or our
Rancid config is need some tweaking ? Any experience to rectify this ?
we had a similar thing with our ASAs and an file stored on its disk -
the file keeps
being updated...so RANCID reports a change. we fixed this by adding
another ignore into
the code/script - you'll find the section relavent for you and
similar ignore statements.
Yes, I'd look for this section in xrrancid in the bin directory, and
add some similar sections for the files you're seeing changed.
if ($proc =~ /ASR9K/ /dlbg\.txt/) {
next;
}
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SPA-1X10GE-WL-V2 vs SPA-1X10GE-L-V2
Whilst we are talking about SPA-110GE cards, has anyone got these to work with a multimode sr xfp? Andrew Jones -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Edward Salonia Sent: Friday, 26 April 2013 1:25 AM To: Lee Starnes Cc: cisco-nsp@puck.nether.net; cisco-nsp Subject: Re: [c-nsp] SPA-1X10GE-WL-V2 vs SPA-1X10GE-L-V2 Sure. Future-proofing, when capable, is a good idea. -Original Message- From: Lee Starnes lee.t.star...@gmail.com Date: Wed, 24 Apr 2013 22:53:03 To: e...@edgeoc.net Cc: cisco-nspcisco-nsp-boun...@puck.nether.net; cisco-nsp@puck.nether.netcisco-nsp@puck.nether.net Subject: Re: [c-nsp] SPA-1X10GE-WL-V2 vs SPA-1X10GE-L-V2 Hi Ed, So there should be no issue if they are used for what we do other than they cost more? We may have some SONET applications in the near future, so if I wanted to standardize on one card, this should work both ways? This was my understanding based on what I read, but I don't want to assume that things not clearly stated were there. Our main use being etherchannel stuff. -Lee On Wed, Apr 24, 2013 at 10:21 PM, Edward Salonia e...@edgeoc.net wrote: WL does LANPHY, WANPHY, and SONET/SDH. L does only LANPHY If you are just using this for 10gige LAN interconnect, use the L. If you need WAN/SONET support, get the WL. - Ed -Original Message- From: Lee Starnes lee.t.star...@gmail.com Sender: cisco-nsp cisco-nsp-boun...@puck.nether.netDate: Wed, 24 Apr 2013 16:12:26 To: cisco-nsp@puck.nether.netcisco-nsp@puck.nether.net Subject: [c-nsp] SPA-1X10GE-WL-V2 vs SPA-1X10GE-L-V2 Hello, I was wondering if anyone here has used the SPA-1X10GE-WL-V2 and if so how it differs with the non W version with relation to Ethernet and EtherBundles. We currently use the non W versions for our ethernet uplinks to backbone connections as well as between our switches and routers. In some cases, we do EtherBundles for 20 or 30G links. I was wondering if the W version would have any issues with this or if it's only difference is the ability to do POS. -Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 3850 switches
Interesting... perhaps a new product, replacement for the 3750? Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Blake Pfankuch Sent: Friday, 18 January 2013 6:05 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco 3850 switches So I'm surfing cisco.com for an environment refresh within our infrastructure and looking at access switches. I see the Stack Power Cable in Cisco Commerce workspace now says Catalyst 3750X and 3850 Stack Power Cable 30 CM Spare. So I do some google and I happen to see the 3850 switches in the software downloads on Cisco.com but nothing anywhere else about them... Anyone know anything about these? http://software.cisco.com/download/navigator.html?mdfid=284439900flowid=37763 Thanks, Blake ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mpls ip creating traffic disturbance(s)
Do you do any IP address summarisation in your network? Summarisation breaks forwarding in MPLS networks. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Eric A Louie Sent: Wednesday, 16 January 2013 11:18 AM To: Cisco NSP Subject: [c-nsp] mpls ip creating traffic disturbance(s) We implemented what seemed to be a pretty simple mpls configuration to test a vrf config. It caused widespread havoc across my production network. Has anyone encountered a situation where they've put mpls ip on a link and had it cause problems with web browsing to the Internet, even on traffic that passed through the router that was not going through the mpls ip interfaces? I have a case open with Cisco TAC but was looking for some additional guidance and perhaps some experience around this strange problem. Much appreciated, Eric ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco C887VA PPPoE could cannot connect to LNS
Hi Dol, IIRC you need the pppoe-dialer command on the SVI, not the physical port: interface FastEthernet0 no pppoe-client dial-pool-number 1 ! interface vlan20 no ip address pppoe-client dial-pool-number 1 ! Jonesy On 16.01.2013 14:11, Dol Meun wrote: Dear All, I have installed LNS with local authentication with the configuration below, I have two cisco router one is Cisco 1811 and I am using port fa0 connected to LNS fast0 then the PPPoE session is working fine. But for Cisco C887VA, I am using port Fast 0 on C887 connected to port Fast 1 on LNS but PPPoE is not working. is there any miss configure in my configuration or is there any restrict on Cisco C887 port for PPPoE connection. Note: on Cisco 1811 I use layer 3 port and Router Cisco 887 I use switchport as shown in the configuration. Is there anyone used to met this problem? *##LNS (LAC and LNS in the same router)* aaa new-model ! ! aaa authentication login default local aaa authentication ppp default local ! ! aaa session-id common ! ! dot11 syslog ip source-route ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! vpdn enable vpdn multihop vpdn aaa attribute nas-port vpdn-nas vpdn redirect vpdn logging vpdn logging local vpdn logging user vpdn logging tunnel-drop vpdn history failure table-size 50 vpdn session-limit 1400 vpdn search-order multihop-hostname domain dnis vpdn domain-delimiter @ suffix vpdn domain-delimiter / prefix ! vpdn-group LAC ! vpdn-group LAC-TEST request-dialin protocol l2tp domain eintellego.net domain direct.telstra.net initiate-to ip 192.168.55.2 source-ip 192.168.55.1 local name LAC l2tp tunnel password 0 saba ! ! ! username cisco password 0 cisco interface FastEthernet0 description Link to PPPoE Client no ip address duplex auto speed auto pppoe enable group LAC-TEST ! interface FastEthernet1 description Lik to MB no ip address duplex auto speed 100 pppoe enable group LAC-TEST *##Cisco 1811 (MPC8500) This client is PPPoE can connect PPPoE and it is working fine.* interface FastEthernet0 description Link to PPPoE Client' no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly ip tcp adjust-mss 1452 duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Dialer1 ip address negotiated encapsulation ppp dialer pool 1 no cdp enable ppp authentication pap chap callin ppp chap hostname cisco ppp chap password 0 ciscopass ppp pap sent-username cisco password 0 ciscopass *##Cisco C887VA-W-A-K9( is the router that has problem with PPPoE connected to LNS)* interface FastEthernet0 switchport access vlan 20 no ip address pppoe-client dial-pool-number 1 ! ! interface Dialer1 description Link to DSL CPE ip address negotiated ip mtu 1452 ip nat outside ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname client1 ppp chap password 0 425198 ppp pap sent-username client1 password 0 425198 no cdp enable Thanks in advance. Dol ** *Dol Meun, Network Operations - Level 1 - eintellego Pty Ltd* d...@eintellego.asia ; www.eintellego.asia Cell +855 (0)15256904 ; skype://dolmeun www.linkedin.com/in/dolmeun #54, st. 350, Sangkat Boeung Keng Kang 3, Chamkarmorn,Phnom Penh, Cambodia PO Box 710, Phnom Penh Cambodia -- The Experts Who The Experts Call Juniper - Cisco – Brocade - IBM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000)
Do you mean to see who is logged into the cli? Try who Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Samol Sent: Thursday, 13 December 2012 12:57 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000) Hi All, I believe there is a command that we can use to see the active sessions on cisco WS-C6503-E (R7000), but somehow I can't remember what the command is. Pls let me know if you know this command. Regards, Sam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000)
Ok, so you mean sessions going through the router? You need netflow enabled on the switch, then enable ip flow ingress and ip flow egress on the interface you are interested in, then perform a show ip cache flow It will give you this info, but alot of it uses HEX codes you need to translate... (google is your friend) Andrew Jones Alphawest | Optus Business From: Samol [mailto:molas...@gmail.com] Sent: Thursday, 13 December 2012 1:25 PM To: Andrew Jones Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000) Hi AJ, No, the output of this command shows us the source/Destinaion IP address using UDP or TCP etc. Regards, Sam 2012/12/13 Andrew Jones andrew.jo...@alphawest.com.aumailto:andrew.jo...@alphawest.com.au Do you mean to see who is logged into the cli? Try who Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.netmailto:cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.netmailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Samol Sent: Thursday, 13 December 2012 12:57 PM To: cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000) Hi All, I believe there is a command that we can use to see the active sessions on cisco WS-C6503-E (R7000), but somehow I can't remember what the command is. Pls let me know if you know this command. Regards, Sam ___ cisco-nsp mailing list cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000)
No such thing, as sessions don't terminate on the router, and it doesn't track state of traffic like a firewall might. You need something like netflow to monitor and record the traffic. Netstat works on a windows machine as the sessions are terminated on that server. Andrew Jones Alphawest | Optus Business From: Samol [mailto:molas...@gmail.com] Sent: Thursday, 13 December 2012 1:47 PM To: Andrew Jones Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000) Hi Aj, that command can do without having to enable this. its like the command uses on windows netstat? so that see can see the active sessions which are goung thru router. Regards, Sam On Dec 13, 2012 9:40 AM, Andrew Jones andrew.jo...@alphawest.com.aumailto:andrew.jo...@alphawest.com.au wrote: Ok, so you mean sessions going through the router? You need netflow enabled on the switch, then enable ip flow ingress and ip flow egress on the interface you are interested in, then perform a show ip cache flow It will give you this info, but alot of it uses HEX codes you need to translate... (google is your friend) Andrew Jones Alphawest | Optus Business From: Samol [mailto:molas...@gmail.commailto:molas...@gmail.com] Sent: Thursday, 13 December 2012 1:25 PM To: Andrew Jones Cc: cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000) Hi AJ, No, the output of this command shows us the source/Destinaion IP address using UDP or TCP etc. Regards, Sam 2012/12/13 Andrew Jones andrew.jo...@alphawest.com.aumailto:andrew.jo...@alphawest.com.au Do you mean to see who is logged into the cli? Try who Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.netmailto:cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.netmailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Samol Sent: Thursday, 13 December 2012 12:57 PM To: cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000) Hi All, I believe there is a command that we can use to see the active sessions on cisco WS-C6503-E (R7000), but somehow I can't remember what the command is. Pls let me know if you know this command. Regards, Sam ___ cisco-nsp mailing list cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CA Server vs Key Server (GetVPN)
CA is a certificate authority, and is part of a PKI infrastructure. (signs certificates of hosts to say they are authentic) use of certificates is one option for getvpn authentication method. You could use pre shared key's in place of certificates for authentication if you don't understand PKI. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of henrry huaman Sent: Wednesday, 12 December 2012 4:31 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] CA Server vs Key Server (GetVPN) Hi Guys: Please, Could you help us with the diference between these devices? Currently we are testing GetVPN, but we don´t have CA Server; and we need to know if is necesary CA Server or the Key Server could replace the functionality of this. Thanks. Henry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Making SUP720 cope better under BGP load
Sup720 cpu is around 600mhz if i remember correctly, whilst sup2t is 1.5 ghz dual core, so one would sup2t would handle this much better. Also, sup2t has much better CoPP capability with built in default config templates, ready for you to tune if needed. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Blake Dunlap Sent: Saturday, 8 December 2012 3:40 AM To: Chris Evans Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Making SUP720 cope better under BGP load Honestly I'd do your BGP peering with another platform at the scale you're at. Since you're talking IXP do you really need forwarding plane and control plane to match by letting the 65 do the customer peering? On Fri, Dec 7, 2012 at 10:32 AM, Chris Evans chrisccnpsp...@gmail.comwrote: In the past my company has ran into these issues. We helped it some by doing a hold-queue of 4096 on the interfaces and enabling jumbo frames where possible. It sounds like you're just running into a CPU issue though, which is one reason we moved away from the 6500/7600 platforms for this use case. Very very slow convergence due to slow CPU. On Fri, Dec 7, 2012 at 10:07 AM, Simon Lockhart si...@slimey.org wrote: On Fri Dec 07, 2012 at 09:54:08AM -0500, Randy wrote: Have you considered a CoPP policy to limit the rate of BGP convergence? Not sure if it would help with so many peers but it might lessen the pain on your 3 full tables. No - I'm not doing any CoPP at the moment - but probably should. Are there any cookbooks / cribsheets for using CoPP to rate limit BGP? Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wireless Controllers, SVIs and WCCP
New HA configuration for WLC v7 is good, gives you active / standby controllers, so no need for AP to re-associate to alternate controller. Im told its 1-2 sec failover between controller. Also, you don't need to double up on licensing for your AP, ie 500 ap license plus a HA license is all that is required for 2 controller and 500 ap. 4500 has vss on the roadmap, not sure how far away. For MPLS, your best bet is 6500. Or if you want nexus, try the 7004. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andrew Miehs Sent: Thursday, 15 November 2012 10:18 AM To: Alan Buxey Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Wireless Controllers, SVIs and WCCP On Thu, Nov 15, 2012 at 10:05 AM, Alan Buxey a.l.m.bu...@lboro.ac.ukwrote: With latest code you can run them in hotstandby modeties up licences though. Have you looked at just swapping the 5508s with just a pair of the really big wireless controllers? Ideal WCCP functionality would just be present...might talk to our contacts about that. Have you looked at 4500 instead of 6500? We already have the WLC 5508s with licenses so I won't be able to swap them. I will check out the hotstandby mode though - wasn't aware of it. The main problem I have with the 4500s is redundantly connecting the WLCs. The WLCs only support one LACP (LAG) and there is no VSS support on the 4500s. In addition, it may later be decided to turn the wireless connection into a collapsed PE/CE - so MPLS support would be a bonus. Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Confused about Cisco IOS 12.2SRD removal of features - LNS broken?
The way you have PPPoE configured is deprecated, you should use bba-groups. -Jonesy On 24.10.2012 16:18, Skeeve Stevens wrote: Hey all, I have a LNS running c7200-advipservicesk9-mz.122-33.SRD4.bin. I thought I would see the changes with SRD5,... then SRD8. There is nothing unique in the later versions, but SRD4 is unique with: Gateway Load Balancing Protocol (GLBP) Generic Routing Encapsulation (GRE) Tunnel Keepalive Integrated ISIS Point to Point Adjacency over Broadcast Media IP Multicast Load Splitting across Equal-Cost Paths IP SLAs - LSP Health Monitor with LSP Discovery IPv6 - CNS Agents IPv6 Multicast IPv6 Switching: CEF/dCEF Support IPv6 Switching: CEFv6 Switched Configured IPv6 over IPv4 Tunnels Multi-VRF Support (VRF lite) Multicast Subsecond Convergence OSPF Stub Router Advertisement Secure Shell SSH Version 2 Client Support Secure Shell SSH Version 2 Server Support Source Specific Multicast (SSM) TACACS+ Which to me says that they have been removed from subsequent releases.. Why would they remove some of the above? VRF-Lite support??!? When compared to SRE6, the following is unqiue: ATM LANE Fast Simple Server Redundancy Protocol (LANE Fast SSRP) Disabling LANE Flush Process Flexible NetFlow Inverse Multiplexing over ATM (IMA) IP Multicast Load Splitting across Equal-Cost Paths IP SLAs - LSP Health Monitor with LSP Discovery IPv6 - CNS Agents IPv6 Access Services: AAA Support for Cisco VSA IPv6 Attributes IPv6 Access Services: AAA Support for RFC 3162 IPv6 RADIUS Attributes IPv6 Access Services: PPPoA IPv6 Multicast IPv6 Services: DNS Lookups over an IPv6 Transport IPv6 Switching: CEF/dCEF Support IPv6 Switching: CEFv6 Switched Configured IPv6 over IPv4 Tunnels IPv6 Switching: Provider Edge Router over MPLS (6PE) IPv6: ICMPv6 IPv6: ICMPv6 Redirect IPv6: Neighbor Discovery Duplicate Address Detection L2VPN Pseudowire Switching LANE dCEF LANE Optimum Switching Multi-VRF Support (VRF lite) Multiprotocol over ATM (MPOA) Multiprotocol over ATM for Token Ring (MPOA) QoS over LANE Secure Copy (SCP) Secure Shell SSH Version 2 Client Support Secure Shell SSH Version 2 Server Support SSRP for LANE TACACS+ Throttling of AAA (RADIUS) Records. Token Ring LANE With even more being removed... scp? Tacacs+? More IPv6? SSHv2?!?! While there is a ton of NEW features in SRE6, one thing that seems to have broken is the LNS code... but the features missing don't indicate it... for some reason SRE7 isn't on the software advisor yet. Unless some syntax has changed, the issue right now with SRE7 vs a config from SRD4: SRD4 working config: vpdn-group PPPoE ! Default L2TP VPDN group description Generic PPPoE accept-dialin protocol pppoe virtual-template SRE7 config paste failure: lns02-new(config)#vpdn-group PPPoE lns02-new(config-vpdn)#accept-dialin lns02-new(config-vpdn-acc-in)#protocol ? any Use any protocol l2tp Use L2TP pptp Use PPTP lns02-new(config-vpdn-acc-in)#protocol pppeo ^ % Invalid input detected at '^' marker. syd01bs04-lns02-new(config-vpdn-acc-in)# So unless they've removed pppoe, or moved it to 'any'??? Anyone have any ideas what is going on? * * *Skeeve Stevens, CEO - *eintellego Pty Ltd ske...@eintellego.net ; www.eintellego.net Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/networkceoau ; blog: www.network-ceo.net The Experts Who The Experts Call Juniper - Cisco – IBM - Brocade - Cloud - Check out our Juniper promotion website for Oct/Nov! eintellego.mx Free Apple products during this promotion!!! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Are Nexus and per-interface or FEX MTU settings possible?
Also, why LR optics? Unless you need to distance, SR optics are 1/4 the price. Or if you are patching into the same rack, twinax cables even cheaper. Ive generally placed 5k in a central location near core / aggregation switches, then distributed the 2k over the data hall with multimode fibre. Allowing you to use cheap twinax for uplink and cheap fet-10g over multimode for FEX. Cheers, Alphawest -Original Message- From: Conkel, Joshua [mailto:conk...@wems-llc.com] Sent: Saturday, 22 September 2012 10:47 AM To: Andrew Jones Cc: cisco-nsp@puck.nether.net Subject: RE: Are Nexus and per-interface or FEX MTU settings possible? Actually, I just installed a 10G LR fiber optic module in each of them in order to connect to the 5Ks. I was sure to add the spanning-tree port type edge trunk command on the Nexus so I didn't risk ISSU support. The way I see it, we should be able to keep this working by making sure no hosts go beyond the MTU limit on the smallest switch, since frames don't magically consolidate themselves. :) The iSCSI jumbos have their own switch linked separately in a stack for the jumbo support. Thanks! - Original Message - From:Andrew Jones andrew.jo...@alphawest.com.au To:Conkel, Joshua conk...@wems-llc.com, cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Sent:9/21/2012 8:39 PM Subject:RE: Are Nexus and per-interface or FEX MTU settings possible? Im assuming your 3560 has gigabit ports to connet the 5ks? Then you can do jumbo frames on those interfaces, as per the following from cisco.com http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml#c3 You will need to reboot the switch for this to take effect. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Conkel, Joshua Sent: Thursday, 20 September 2012 12:57 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Are Nexus and per-interface or FEX MTU settings possible? We just bought a bundle of 2x 5548Ps and 20x 2248s in order to converge our data and storage networks in our new datacenter. After carefully reading the configuration limitations document and designing around the limitations for our migration, we pulled the trigger and bought the material. The document that I used as prep work for the actual deployment was Data Center Access Design with Cisco Nexus 5000 Series Switches and 2000 Series Fabric Extenders and Virtual PortChannels. I planned on being able to hook the Nexus up to our distribution switches and standalone iSCSI network for the migration process and to provide L3 services (because of the limitations with using the L3 routing modules) Now on to our issue: The document states that you can configure per-interface MTU size. Our data network distribution switches are 3560s and run the standard MTU size of 1500. Our iSCSI network, on the other hand, use jumbo frames with a MTU of 9000. After trying the steps outlined in the document, I have only been able to set the MTU globally on the Nexus to jumbo or non-jumbo. After contacting TAC, they have initially confirmed that the MTU qos policy can only be applied at the system level, not per interface. So, any ideas other than not converging our networks and buying a standalone 4900 or 3750x series pair for our iSCSI network? Sorry if it's wordy, but this is the content I gave to TAC as well. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Are Nexus and per-interface or FEX MTU settings possible?
Im assuming your 3560 has gigabit ports to connet the 5ks? Then you can do jumbo frames on those interfaces, as per the following from cisco.com http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml#c3 You will need to reboot the switch for this to take effect. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Conkel, Joshua Sent: Thursday, 20 September 2012 12:57 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Are Nexus and per-interface or FEX MTU settings possible? We just bought a bundle of 2x 5548Ps and 20x 2248s in order to converge our data and storage networks in our new datacenter. After carefully reading the configuration limitations document and designing around the limitations for our migration, we pulled the trigger and bought the material. The document that I used as prep work for the actual deployment was Data Center Access Design with Cisco Nexus 5000 Series Switches and 2000 Series Fabric Extenders and Virtual PortChannels. I planned on being able to hook the Nexus up to our distribution switches and standalone iSCSI network for the migration process and to provide L3 services (because of the limitations with using the L3 routing modules) Now on to our issue: The document states that you can configure per-interface MTU size. Our data network distribution switches are 3560s and run the standard MTU size of 1500. Our iSCSI network, on the other hand, use jumbo frames with a MTU of 9000. After trying the steps outlined in the document, I have only been able to set the MTU globally on the Nexus to jumbo or non-jumbo. After contacting TAC, they have initially confirmed that the MTU qos policy can only be applied at the system level, not per interface. So, any ideas other than not converging our networks and buying a standalone 4900 or 3750x series pair for our iSCSI network? Sorry if it's wordy, but this is the content I gave to TAC as well. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Are Nexus and per-interface or FEX MTU settings possible?
PMTUD should take care of the rest... Andrew Jones -Original Message- From: Conkel, Joshua [mailto:conk...@wems-llc.com] Sent: Saturday, 22 September 2012 10:47 AM To: Andrew Jones Cc: cisco-nsp@puck.nether.net Subject: RE: Are Nexus and per-interface or FEX MTU settings possible? Actually, I just installed a 10G LR fiber optic module in each of them in order to connect to the 5Ks. I was sure to add the spanning-tree port type edge trunk command on the Nexus so I didn't risk ISSU support. The way I see it, we should be able to keep this working by making sure no hosts go beyond the MTU limit on the smallest switch, since frames don't magically consolidate themselves. :) The iSCSI jumbos have their own switch linked separately in a stack for the jumbo support. Thanks! - Original Message - From:Andrew Jones andrew.jo...@alphawest.com.au To:Conkel, Joshua conk...@wems-llc.com, cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Sent:9/21/2012 8:39 PM Subject:RE: Are Nexus and per-interface or FEX MTU settings possible? Im assuming your 3560 has gigabit ports to connet the 5ks? Then you can do jumbo frames on those interfaces, as per the following from cisco.com http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml#c3 You will need to reboot the switch for this to take effect. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Conkel, Joshua Sent: Thursday, 20 September 2012 12:57 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Are Nexus and per-interface or FEX MTU settings possible? We just bought a bundle of 2x 5548Ps and 20x 2248s in order to converge our data and storage networks in our new datacenter. After carefully reading the configuration limitations document and designing around the limitations for our migration, we pulled the trigger and bought the material. The document that I used as prep work for the actual deployment was Data Center Access Design with Cisco Nexus 5000 Series Switches and 2000 Series Fabric Extenders and Virtual PortChannels. I planned on being able to hook the Nexus up to our distribution switches and standalone iSCSI network for the migration process and to provide L3 services (because of the limitations with using the L3 routing modules) Now on to our issue: The document states that you can configure per-interface MTU size. Our data network distribution switches are 3560s and run the standard MTU size of 1500. Our iSCSI network, on the other hand, use jumbo frames with a MTU of 9000. After trying the steps outlined in the document, I have only been able to set the MTU globally on the Nexus to jumbo or non-jumbo. After contacting TAC, they have initially confirmed that the MTU qos policy can only be applied at the system level, not per interface. So, any ideas other than not converging our networks and buying a standalone 4900 or 3750x series pair for our iSCSI network? Sorry if it's wordy, but this is the content I gave to TAC as well. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: 2960S
The first release of IOS that supported routing on 2960S was useless. I deployed a stack of 4 2960S with about 4 or 5 vlans performing intervlan routing and a single static default route, and the individual switches would constantly crash and reload. Had to wait nearly 6 months for a new IOS to be released to fix the issue. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Michael Still Sent: Friday, 3 August 2012 2:19 AM To: Scott Voll Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OT: 2960S I had problems with stacking these when they first came out but I think it was either a software issue that's been fixed or an environmental issue where we were freezing the units in a room that was too cold. Otherwise I don't think there's been too many horror stories with 2960S's. I would rather spend a little more and install 4500-E's myself though. On Thu, Aug 2, 2012 at 12:07 PM, Scott Voll svoll.v...@gmail.com wrote: Anyone using the 2960S series switches? Comments good, bad, or otherwise? We are looking at using them to replace our 3560's in the IDF's. Straight layer 2. We will stack them. Currently we are not doing any IPv6 but are planning for in in 2013. TIA Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- [stillwa...@gmail.com ~]$ cat .signature cat: .signature: No such file or directory [stillwa...@gmail.com ~]$ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10G Aggregation 7k vs 4500x
It sounds like running those links as routed links then running OTV over the top for layer 2 would be a better solution for you. Just need to front up the cash for the license. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of chris stand Sent: Wednesday, 18 July 2012 10:41 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 10G Aggregation 7k vs 4500x If you are looking at the 7K family - and I am buying 2 more of them myself make sure that you are not going to want or need to run L2 L3 over the same port channels like you can on every other platform with portchannels. A VPC portchannel can not carry both. You may end up having to have port channels just for connectivity for L2 and separate port channels or just plain P2Ps for routing. This can be an issue if you only have 2 usable links between facilities as I did and did not want to buy EWDM . We unfortunately had to tear down our VPCs and make the connections regular links subject to spanning tree limitations. This can consume a lot of fiber and a lot of ports especially if you are a full-mesh believer. With some level of hindsight ... the VSS pairs we have ( networkers 2011 demo - thanks ) make a better platform for us today. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] single static ip address for customer(s)
I think may I deleted the original post(s) in this thread, but has anyone mentioned LISP. Seems like a perfect use case for it. Cheers, Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Michael Sprouffske Sent: Friday, 22 June 2012 2:59 PM To: Nick Hilliard Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] single static ip address for customer(s) I would agree with Nick about keeping your ip address's at a pop for cleaner route tables. I do in some places advertise /32 instead of the blocks on 2 of my routers. We started to do that for business customers and found that we aren't liking it. It's a pain dealing with the same block on 2 routers. Sent from my iPhone On Jun 21, 2012, at 4:00 PM, Nick Hilliard n...@foobar.org wrote: On 21/06/2012 23:18, Aaron wrote: In other words, they buy a single static ip address out of a class c that is able to be switched and routed in that area of the network where they currently reside..BUT, then they want to move locations and KEEP their existing static ip. this is a contractual problem, not a technical one. Look, if you want to handle this sort of thing with ibgp, there's no reason not to, other than money and the fact that it doesn't scale well. I'm sure there are plenty of router vendors who would be happy to sell you kit capable of handling millions of prefixes. But seriously, if you sell /32s, then put a note into the contract to say that they are limited to specific PoPs and if the customer changes location, the address will change too. Or alternatively, teach your customers about dynamic DNS. Or sell / bundle them a VPS instead. Linux containers are _great_ for this sort of thing. There's really very little reason to have static IP addresses for your home account. [incidentally, Class Cs stopped existing in any meaningful way in ~1993 - 1994. You probably meant a /24.] Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can I use BGP instead of any IGP?
In enterprise WAN environments, you could use BGP as the sole routing protocol, if you treat each individual site as a separate AS (private AS numbers offcourse). Depending on the size / complexity of the campus, you might still need an IGP within the campus. Again you could treat each individual router as a separate AS, forming ebgp peers across links where dynamic peers would ordinarily appear. But just because you can, doesn't mean you should. Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of vijay gore Sent: Tuesday, 29 May 2012 8:19 PM To: mark.ti...@seacom.mu Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Can I use BGP instead of any IGP? thanks Mark, you cleared my doubts On Tue, May 29, 2012 at 3:28 PM, Mark Tinka mark.ti...@seacom.mu wrote: On Tuesday, May 29, 2012 11:53:35 AM vijay gore wrote: do you mean that you can not use BGP instead of IGP, even static route. Thoroughly speaking, you can't use BGP as an IGP in the context of what IGP's are meant to do. adding_complexity But in concept, you can use BGP as an IGP, e.g., carrying customer and interface prefixes in iBGP instead of in the IGP as was normally the case (in order to aid scaling), BGP Label Unicast particularly for Seamless MPLS designs (in order to aid scaling, as well), e.t.c. /adding_complexity But for an IGP, i.e., link state routing protocols, e.t.c., BGP doesn't do that. BGP requires an underlying IGP in order for its sessions to form - this underlying capability can be provided by static routes, connected routes or dynamic IGP's. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] problem with VPC port-channel between Cisco 3550 and pair of Nexus 5020
Hey, This is expected behaviour with nexus 5k running spanning tree bridge assurance connecting to a switch not running bridge assurance (ie catalyst switches) You need to either disable bridge assurance on the 5k, or change the port channel on the 5k to spanning-tree port type normal to disable bridge assurance on that port channel only. Cheers, Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Starbug Sent: Thursday, 24 May 2012 12:15 PM To: Tom Mikelson Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] problem with VPC port-channel between Cisco 3550 and pair of Nexus 5020 Hi Tom, you should take a look at the spanning tree port type on the nexus: switch# configure terminal switch(config)# interface ethernet 1/8 switch(config-if)# spanning-tree port type network On nexus switches, this sets spanning tree to expect a switch on the other end of the link. regards, AK On May 23, 2012, at 10:54 AM, Tom Mikelson tmikel...@gmail.com wrote: Physical links are up, cdp neighbor shows all devices Nexus 5020 pair configured with working VPC link on VLAN 11. Port-channel 64 on both Nexus 5020s show blocked for spanning-tree VLAN 11. * Nexus 5020s * interface port-channel64 description TEST switchport mode trunk switchport trunk allowed vlan 11 speed 1000 vpc 64 interface Ethernet1/8 description TEST switchport mode trunk switchport trunk allowed vlan 11 speed 1000 channel-group 64 mode active * Cisco 3550 * interface Port-channel64 description TEST switchport trunk encapsulation dot1q switchport trunk allowed vlan 11 switchport mode trunk ! interface GigabitEthernet0/1 description TEST_to_5020_A switchport trunk encapsulation dot1q switchport trunk allowed vlan 11 switchport mode trunk channel-group 64 mode active ! interface GigabitEthernet0/2 description TEST_to_5020_B switchport trunk encapsulation dot1q switchport trunk allowed vlan 11 switchport mode trunk channel-group 64 mode active ! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CAB-SFP-50CM 2960S
That is correct, a 10gig interface will report as 10gig. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mal Sent: Monday, 7 May 2012 5:00 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] CAB-SFP-50CM 2960S Anyone successfully using CAB-SFP-50CM between 2960S switches (WS-C2960S-48LPD-L) ? I have a link up between two 10G 2960S SFP+ port interfaces (and can ping across it) but its reporting a 10Gig speed connection via the cab-stack-50 SFP cable.. Switch# sho inventory NAME: 1, DESCR: WS-C2960S-48LPD-L PID: WS-C2960S-48LPD-L , VID: V02 , SN: xx NAME: TenGigabitEthernet1/0/1, DESCR: SFP-10GBase-CX1 PID: CAB-SFP-50CM, VID: V01 , SN: xx Mal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1006 ISSU upgrade fail
Call TAC Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of CiscoNSP_list CiscoNSP_list Sent: Thursday, 3 May 2012 1:39 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ASR1006 ISSU upgrade fail Hi Guys, ASR1006 dual RP/Dual ESP - Followed this guide: http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/issu.html (Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration) Current XE version: asr1000rp1-adventerprisek9.02.01.01.122-33.XNA1 and upgrading to: asr1000rp1-adventerprisek9.03.05.02.S.152-1.S2 I got to step 5 (issu load version rp 1 file stby-bootflash:asr1000rp1-adventerprisek9.03.05.02.S.152-1.S2.bin), but received the following error: *May 2 18:01:50.246: %ASR1000_SPA-3-INVALID_SLOT_NUM: slot= 15, max slot = 14 -Traceback= 1#3c0e9c526e153a8453b1a7f7d5b8cf1f :1000+61C3B8 :1000+61A51C :1000+61A8A0 :1000+25D7028 :1000+2433E5C :1000+2433E98 iosd_unix:C25F000+13F60 iosd_unix:C25F000+11690 pthread:BF56000+5DA0 *May 2 18:01:50.248: %ASR1000_SPA-3-INVALID_SUBSLOT_NUM: subslot= 15, max subslot = 4 -Traceback= 1#3c0e9c526e153a8453b1a7f7d5b8cf1f :1000+61C3B8 :1000+61A51C :1000+61A8A0 :1000+25D7030 :1000+2433E5C :1000+2433E98 iosd_unix:C25F000+13F60 iosd_unix:C25F000+11690 pthread:BF56000+5DA0 And the standby RP just continues to reload (loop), and the above error is printed, then reloads again Any suggestions are greatly appreciated. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 SUP2 rommon
I know this probably isn't the answer youre after, but perhaps its time to
upgrade:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_end-of-life_notice0900aecd80423d31.html
Andrew Jones
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chris Gotstein
Sent: Tuesday, 27 March 2012 3:10 PM
To: Chuck Church
Cc: 'cisco-nsp'
Subject: Re: [c-nsp] 6509 SUP2 rommon
IOS 12.2(18)SXF17a
No changes, in fact it had been up and running for over 300 days since
the last reboot. I could try re-seating the SUPs, maybe swap the 2
around to see if it's a slot issue or problem with the module.
On 3/26/2012 9:47 PM, Chuck Church wrote:
Sounds like a potential chassis issue. IOS version? Any changes recently
or bent pins maybe? Blow dust out, reseat sups, maybe that'll fix it.
Chuck
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chris Gotstein
Sent: Monday, March 26, 2012 6:14 PM
To: cisco-nsp
Subject: [c-nsp] 6509 SUP2 rommon
We had an incident over the weekend in which our 6509 crashed. When i
arrived to see the problem, bith SUP2's were in rommon. I issued a reset on
both, and they came up without any problems. Now i'm seeing the following
errors:
60: Mar 24 13:59:56.902 CDT: %OIR-SP-4-WARN: PRIMARY(2) REPORTED AS NOT
OCCUPIED IN SLOT!! disable_reason: 26(off (Module Removed)),
get_peer_previous_slot: 0, is_occupied fn ptr:0x40497DE8
61: Mar 24 14:07:58.889 CDT: %OIR-SP-4-WARN: PRIMARY(2) REPORTED AS NOT
OCCUPIED IN SLOT!! disable_reason: 26(off (Module Removed)),
get_peer_previous_slot: 0, is_occupied fn ptr:0x40497DE8
Everything is working fine, but I'm concerned about the error messages.
A search on Cisco's site doesn't really explain much. Note, the SUP2's
are in the first 2 slots in the 6509 chassis. Any thoughts?
--
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Chris Gotstein, Network Engineer, U.P. Logon/Computer Connection U.P.
http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 5000 convert between FC and FCoE?
Netapp have a san that can use FCOE as an attachment to the network. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ryan West Sent: Tuesday, 20 March 2012 9:24 AM To: Ray Van Dolson Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 5000 convert between FC and FCoE? Output of FCoE to a server? Currently multihop FCoE is not supported, but connecting to a CNA in that topology is. Sent from handheld On Mar 19, 2012, at 6:01 PM, Ray Van Dolson rvandol...@esri.com wrote: We're looking to run straight FC from an XIV storage rack into a Nexus 5000 and output FCoE via another port on that same 5000. Can anyone advise if this is doable or if we'd need additional hardware to make it happen? Thanks, Ray ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Checking if IOS has security vulnerability
Cisco softwaer advisor tool may be able to do this http://tools.cisco.com/Support/Fusion/FusionHome.do Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of CiscoNSP_list CiscoNSP_list Sent: Tuesday, 7 February 2012 3:40 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Checking if IOS has security vulnerability Hi Guys, Is there an easy way to check if a certain version of IOS has any known security vulnerabilities? http://tools.cisco.com/security/center/publicationListing#~CiscoSecurityAdvisory seems to list the security issues, but is there anywhere to enter an IOS version to see if it is affected by any (known) security issues? Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco DCNM opinions
Hi All, Does anyone use Cisco DCNM for managing a Nexus data centre network? Interested in thoughts and experiences with the tool, ie good points / bad points, best features? how would the workflow look for provisioning a server with a vPC across a pair of 5k2k switches v doing it in the CLI? Cheers. Andrew Jones ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS router options
They are business users, so do not expect the services to be flogged, but I like to over engineer just in case. Being business customers, i would imagine (or if i were the customer i would expect it) that you have contracted SLA's for perfomance including any oversubscription ratios for the services. Thus perhpas required throughput should be considired in contractual obligations rather than real world use patterns. just my 2 cents.. Cheers, Andrew From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] On Behalf Of John Elliot [johnellio...@hotmail.com] Sent: Friday, 13 January 2012 4:27 PM To: td_mi...@yahoo.com; cisco-nsp Subject: Re: [c-nsp] LNS router options Thanks Tony - Always a hard thing to gauge, but initially 100 ADSL2 tails, plus some (~10) 10M eth tails...what that equates to in aggregate traffic is up for debate ;) They are business users, so do not expect the services to be flogged, but I like to over engineer just in case. Ill have a look at the 7301/7201 also - thanks Date: Thu, 12 Jan 2012 20:37:36 -0800 From: td_mi...@yahoo.com Subject: Re: [c-nsp] LNS router options To: johnellio...@hotmail.com; cisco-nsp@puck.nether.net Hi John, The main thing you need to look at is not the number of DSL/PPP sessions but the aggregate traffic (Mbps) through the router. This will drive your decision. Any idea on the amount of traffic you're expecting across your DSL sessions ? If you're looking at 3RU then you'd probably be better sticking with 7200. You could always go with 7201/7301 (both 1RU) if you're short on space and don't need anything more than a few GE ports. regards,Tony. From: John Elliot johnellio...@hotmail.com To: cisco-nsp cisco-nsp@puck.nether.net Sent: Friday, 13 January 2012 2:07 PM Subject: Re: [c-nsp] LNS router options Thanks Hotmail - Ill resend to accommodate the (lack of) formatting.. Have a potential new pop that we are looking to terminate dsl tails(+MPLS,MPBGP, single Inet(full table), and some ethernet tails) - Have some space restrictions(RU) Looking for some real life experience with the following platforms(Or alternatives?) on how many dsl tails they can support: 2851 - Cisco stated performance: 220,00PPS (2RU) 2951 - Cisco stated performance: 580,000PPS (2RU) but assume quite $$? 3845 - Cisco stated performance: 500,00PPS (3RU?) 3925 - Cisco stated performance: 833,000PPS(3RU?) but assume quite $$? (NB would max out the ram on them for the bgp table) Initially we are looking at ~100 dsl tails, with growth to 150 in 6monthsare we better off looking at the old faithful 7200? Cheers ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HP VM ESX fcoe issues with Nexus 5020
We have a nexus 5020 and a HDS san (connected via FC module in 5020) in our lab, and when configuring the storage for the first time, ESX wouldn't discover the storage until after a reboot of host. I cant recall the chipset of CNA's in use though, will need to logon and have a look. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nyman, Eric Sent: Wednesday, 26 October 2011 1:30 AM To: Ryan West; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] HP VM ESX fcoe issues with Nexus 5020 Thanks Ryan, I also ran into the rebooting bug which is actually how we discovered this issue. We are running HP CN1000E adapters which are using Emulex chipsets and the ports are trunked. One this I'm wondering is if spanning tree has anything to do with it? I just looked and the ports are not setup to be edge ports. Are your 5K's in NPV mode? -Original Message- From: Ryan West [mailto:rw...@zyedge.com] Sent: Tuesday, October 25, 2011 9:42 AM To: Nyman, Eric; cisco-nsp@puck.nether.net Subject: RE: HP VM ESX fcoe issues with Nexus 5020 On Tue, Oct 25, 2011 at 08:45:25, Nyman, Eric wrote: Subject: [c-nsp] HP VM ESX fcoe issues with Nexus 5020 All, I'm having an issue with my ESX servers that are connected to our Nexus 5020's using FCOE to connect to our storage MDS9500's. Basically, if for any reason connectivity (either FCOE or Ethernet) is disrupted to the 5K's, the ESX servers will not recover and will require a reboot to reconnect to the storage. Cisco TAC have been looking into it for some time now but they have not been able to provide any information. Cisco's recommendations were to try the 5K's in either NPV or NPIV mode but we get the same result. In another scenario, we also had a Cisco UCS chassis that would not connect to the storage unless a shut/no shut was initiated on the switch port. That seems to be resolved with a driver update but only on the 5K switch that is NOT NPV enabled. Anyone ever had any experiences with ESX servers connecting to storage on the 5K's? I had many issues in the beginning with FCoE coming online as an access port with Emulex cards. Trunking resolved that issue. As far as recovery goes, I was having problems with the 5010 rebooting on an earlier 5.0(2) code and corrupting portions of my voice lab. That's been resolved with 5.0(3)N1(1b), which has been running a little over a month with no incident. During the reload, the hosts were obviously disconnected from storage, but would reconnect when the fabric came back online. These are the versions I've tested: C210 M[12] - QLogic QLE8152 10 Gbps 2 port CAN 5010 w/ N5K-M1008 8x1/2/4G FC Module Hitachi AMS2100 directly attached to N5k-M1008 CIMC/BIOS version from 1.3 to 1.4(1a) currently ESXi 4.1 Initial release to 5.0 Haven't tested with NPV or NPIV though. Thanks, -ryan This email transmission may contain CONFIDENTIAL, PRIVILEGED, and or PROTECTED INFORMATION intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by email, do not disseminate or copy and delete immediately. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2921 Fan noise
Hi I've had the same issues before with other routers. This was a 3845 and at the time we couldn't find any way to reduce the noise, but found that if we installed small cooling fans into the small cabinet they were in, we could reduce the amount of time, (if not eliminate) that the router was on its high speed fan setting. Try looking at a 2911, not sure what your performance requirements are, but it was designed to be 2ru tall so they could fit larger (therefore quieter, due to lower rpm) fans. Thanks, Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Erik Soosalu Sent: Sunday, 23 October 2011 5:44 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 2921 Fan noise Anyone know if there is a way to quiet down the fans in a 2921? I've got one that will be deployed in an office space and I'm going to hear about it if I don't do something. Show environment says that it is a quiet as its going to get, but the fans are really loud still (much louder that the 2821 it is replacing) SYSTEM FAN STATUS = Fan 1 OK, Low speed setting Fan 2 OK, Low speed setting Fan 3 OK, Low speed setting Fan 4 OK, Low speed setting SYSTEM TEMPERATURE STATUS = Intake Left temperature: 25 Celsius, Normal Intake Right temperature: 27 Celsius, Normal Exhaust Left temperature: 32 Celsius, Normal Exhaust Right temperature: 32 Celsius, Normal CPU temperature: 54 Celsius, Normal Power Supply Unit temperature: 26 Celsius, Normal Thanks, Erik ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Funny problem w/ SFP link on Nexus 5548
From the cisco nx-os 5.0(3) n2 (1) release notes: Auto-Negotiation Disable Beginning with Cisco NX-OS Release 5.0(3)N2(1), you can disable auto-negotiation on a switch port. This feature allows you to connect devices that do not support auto-negotiation (for example, certain DWDM multiplexers) to a Cisco Nexus 5000 Series switch. http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] On Behalf Of John Gill [johg...@cisco.com] Sent: Friday, 23 September 2011 3:07 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Funny problem w/ SFP link on Nexus 5548 Good point, Pete - 5.0(2) does not support 1G SFP, but the behavior is tricky. The port will link up, but we cannot pass traffic above 256B. We did not have the proper message to block 1G configuration, so it was hard to know this isn't supported. Garry, no negotiate auto would be a good test, so after the upgrade please let me know. There are more transceiver outputs we can gather if this doesn't help. Regards, John Gill cisco On 9/22/11 7:47 AM, Pete Templin wrote: -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Garry Sent: Wednesday, September 21, 2011 3:43 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Funny problem w/ SFP link on Nexus 5548 I'm currently at a customer who got a 5548 with 2248 FEX and several 2960S connected to the 5548, everything working fine. Anyway, in order to migrate from the old switch infrastructure, we tried to interconnect them to the 5548, which is where my problem started - the link just won't go up on the NX ... Silly question I'm sure, but are you running NXOS code that supports 1G operation? 1G support wasn't in initial code releases, first support came around April of this year I think. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ZBFW and DHCP
obvious question, but is DHCP passed in the service policy? ie : ip access-list extended al-dhcp remark Permit DHCP Clients to be allocated an address by the router permit udp any any eq bootpc permit udp any any eq bootps class-map type inspect match-all cm-dhcp match access-group name al-dhcp policy-map type inspect pm-dhcp class type inspect cm-dhcp pass zone-pair security zp-untrusted-self source zo-untrusted destination self service-policy type inspect pm-dhcp you may need to reverse the acl so that it allows DHCP both ways, as this is to allow the router to serve DHCP. ie permit udp any eq bootpc any Cheers, Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll Sent: Wednesday, 14 September 2011 12:11 AM To: Hughes, Scott GRE-MG Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ZBFW and DHCP I have Zones for both inside self and outside self Scott On Mon, Sep 12, 2011 at 1:38 PM, Hughes, Scott GRE-MG shug...@grenergy.comwrote: Did you setup any zone-pairs involving the 'self' zone? If you don't use self zones, no additional configuration should be necessary for DHCP packets. On Sep 12, 2011, at 9:43 AM, Scott Voll svoll.v...@gmail.com wrote: So I'm setting up a GRE IPSEC tunnel as my backup link with a 2821. I have also setup ZBFW on the outside interface. So far so good. BUT now the outside interface will not get a DHCP address from the ISP. How do I allow the Router to get a DHCP address? Did I miss something on the ZBFW config? Or can this not be done? TIA Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ NOTICE TO RECIPIENT: The information contained in this message from Great River Energy and any attachments are confidential and intended only for the named recipient(s). If you have received this message in error, you are prohibited from copying, distributing or using the information. Please contact the sender immediately by return email and delete the original message. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mls qos trust dscp on 7600 port-channel breaks IS-IS?
perhaps you should open a TAC case? Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Gillis Sent: Wednesday, 31 August 2011 4:58 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] mls qos trust dscp on 7600 port-channel breaks IS-IS? Still looking for input on this issue. It's still a problem, and I can't figure out why trusting DSCP on a port-channel would break my IGP. On 08/12/2011 09:52 AM, Jared Gillis wrote: Does anyone have any thoughts on this at all? Known Cisco bug? I really doubt it's the service-policy, as the policy is running on the Port-Channel right now with no problem. IS-IS only stops working across the interface when I add the mls qos trust dscp command to it. I have the exact same queueing and trust config on other physical (non port-channel) ports on the same chassis with no issue. On 08/10/2011 12:55 PM, Jared Gillis wrote: My service policy only sets internal queueing values based on source/dest IP or input DSCP. policy-map SONIC-DEFAULT-QOS class SONIC-PRIORITY-QUEUE set dscp cs6 class SONIC-EXPEDITED-QUEUE set dscp cs4 class CUSTOMER-EXPEDITED-QUEUE set dscp cs2 class DEFAULT-QUEUE set dscp default I also have no COPP or other control-plane config enabled. On 08/10/2011 12:00 PM, Dmitry Valdov wrote: But.. ISIS uses CLNS, not IP. I'm confused :-) On Wed, 10 Aug 2011, Blake Dunlap wrote: You're leaving out what your service policy looks like, which is where my hunch says the problem lies. On Wed, Aug 10, 2011 at 13:28, Jared Gillis jared.a.gil...@gmail.comwrote: Hi all, I just ran into an unusual problem when deploying some QoS onto a 7606 in my network. I was configuring all ports to trust DSCP input, and after applying the command to all the physical ports, I went to apply it to my the port-channels. Shortly after I did, IS-IS went down (timeout) on the L3 links across those port-channels. IS-IS came back when I removed the trust DSCP command. I've done some searching around and can't find any reference to this feature/bug/wtf anywhere. Does anyone have any knowledge about why this would happen? Here's my PO config: interface Port-channel1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 200 switchport mode trunk mtu 9216 load-interval 30 service-policy input SONIC-DEFAULT-QOS And the command I entered was mls qos trust dscp. Thanks -Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Input errors on GRE tunnel interface
Make sure you have the following command on the WAN interfaces: crypto ipsec fragmentation before-encryption This ensures you only fragment the packet once, instead of twice, ie without it the router fragments the packet to fit into the interface mtu, then encrypts it, which then may require further fragmentation due to the new overheads. Cheers, Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Randy Sent: Monday, 29 August 2011 8:07 AM To: cisco-nsp@puck.nether.net; Ranjith R Subject: Re: [c-nsp] Input errors on GRE tunnel interface The only thing that is obvious is that you haven't accounted for the ipsec and gre overheads correctly - ie, the need to clear df-bit. There isn't any such thing as an ideal-mtu. The idea is to make sure that the the mtu of original packet(payload+tcp header+ip header) + ipsec-overhead+gre overhead does not exceed the mtu of the physical interface(not counting the link-layer header). GRE encap will add 24 bytes by default (20 byte ip header + 4 byte gre header. enable checksumming will add 4 bytes to above(2byte for checksum and 2 bytes offset) add tunnel-keys and that is 4 more bytes. top it off with sequencing and voila: 4 more bytes. IPSEC: assuming esp-des/3des and md5/sha auth: 4 byte SPI+4 byte seq#+8byte IV + pad(variable: 0-7bytes)+12 bytes(auth) assuming esp-aes and md5/sha auth: 4 bytes SPI+ 4 byte seq# + 16 byte IV + pad(variable:0-15bytes) + 12 byte(auth) The pad-bytes are required to ensure the pad-length(1 byte)+next-header(1 byte are right aligned to the 2 byte boundary. Pad-bytes are also required to ensure what-is-being-encrypted(payload+pad-length+next-header) is an even multiple of 8(des/3/des) or 16(aes) As you can probably tell by now; your ideal-mtu and mss depend on your configuration. Overhead for NAT, tcp-options not-included. Enough about overheads. WRT throughput - is your encryption/decryption happening in hardware(AIM-SSL-VPN as an example..on your 2821) or is it software based. Perhaps if you post your configs, you will get useful pointers from the list. ./Randy --- On Sun, 8/28/11, Ranjith R ranjithrn...@gmail.com wrote: From: Ranjith R ranjithrn...@gmail.com Subject: Re: [c-nsp] Input errors on GRE tunnel interface To: cisco-nsp@puck.nether.net Date: Sunday, August 28, 2011, 8:55 AM Hi All , Could you please provide inputs on this . Thanks, Ranjith On Sat, Aug 27, 2011 at 11:04 PM, Ranjith R ranjithrn...@gmail.com wrote: Hi All , As part of a Failover scenario we have the below setup. R1 ( VPN router ) - R2 -GRE tunnel - R3 ( internet router ) --- Internet GRE tunnel is built over a WAN link which supports only 1500 Bytes . We observe high input drops on the physical interface of R2 and hight input queue drops on the tunnel interfaces of R2 and R3 routers . On R3 PBR is in place for clearing the DF bit for all packets hitting the physical interface of GRE tunnel without which we face connectivity issues for endusers who make use of IPSEC VPN for connecting to client. R1 - cisco 2821 and R3 - Cisco 2911 . There is also high CPU usage on R2 which i beleive is due to the fragmentation / re-assembling happening .What should be the ideal IP MTU and MSS value which could cause minimal fragmenation with the current scenario ? Also if we acheive a higher MTU support on the WAN link can we acheive a better performance and lower CPU usage ? Kindly share your thoughts on why the input queue errors are increasing on the tunnel interface . Thanks, Ranjith ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Feeding low bandwitdth Ethernet WAN links with Cisco6500
A low-end ISR router would be best for this task. something like a 1941 perhaps. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Arie Vayner (avayner) Sent: Monday, 29 August 2011 4:45 AM To: Gert Doering; Cisco NSP List Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Feeding low bandwitdth Ethernet WAN links with Cisco6500 Just to complement Gert's answer, what you could do, assuming the Cataylst 6500 is already there, and doing other stuff, is to get a cheaper external device (switch or router) to perform the egress shaping/HQOS function. I have recommended a few times to use switches such as ME3400 or more recently ME3600 for such a task. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Gert Doering Sent: Sunday, August 28, 2011 21:08 To: Cisco NSP List Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Feeding low bandwitdth Ethernet WAN links with Cisco6500 Hi, On Sun, Aug 28, 2011 at 02:09:08PM +0200, Cisco NSP List wrote: I am thinking about the best practice to feed some low bandwitdh 4 Mb/s Ethernet over SDH links from a Cisco 6500/Sup720 with SXI IOS. The carrier equipment has 100Base-TX ports, does no noticable queuing/shaping and aggressively drops everything over 4096 kb/s. Get a different carrier? Seriously, to make this work properly, you want egress shaping on the ethernet links (and possibly QoS inside, but the shaping itself is important in itself to avoid losses for short bursts), and the Sup720 can't do shaping... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR SSH
Its all to do with encryption export restrictions. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Ryce Sent: Friday, 26 August 2011 11:50 PM To: Oliver Boehmer (oboehmer) Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IOS XR SSH It makes me die inside that a router of the asr calibre cant have management access encrypted with ssh without a different software version :( Nick -Original Message- From: Oliver Boehmer (oboehmer) [mailto:oboeh...@cisco.com] Sent: 26 August 2011 12:51 To: Nick Ryce; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] IOS XR SSH Do you need the k9 version of IOS XR in order to set up the ssh server for secure connections into it? I cant see any command references to enable the ssh server in the basic 4.1.0 version. yes, you need the crypto image (k9), the command you're looking for is ssh server [v2] to enable a ssh server (default is off/no server listening to tcp/22).. oli -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Any offers or quotation of service are subject to formal specification. Errors and omissions excepted. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Lumison. Finally, the recipient should check this email and any attachments for the presence of viruses. Lumison accept no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR opinions..
I wanted to use the software supervisor redundancy one some ASR1002's I deployed recently, but couldn't due to the use of PKI certificate authentication for IPsec. probably a good thing I couldn't do it now... Cheers, Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark Tinka Sent: Sunday, 21 August 2011 3:40 PM To: cisco-nsp@puck.nether.net Cc: ja...@puck.nether.net Subject: Re: [c-nsp] ASR opinions.. On Sunday, August 21, 2011 08:28:22 AM John Elliot wrote: Hi, Looking at the 1002's We like the ASR1002's, but while we haven't used them in a broadband aggregation role, we find the RP1 very slow, particularly when saving configurations and such. But then again, the ASR1002's RP is a fixed unit inside the chassis and can't be upgraded. I'd also suggest not enabling the software redundancy for IOS. This essentially uses up all available memory and will eventually cause the router to crash and reboot. Since we buy the ASR1002's and operate them in physically redundant chassis' doing the same thing, we can do without the software redundancy. I expect the ASR1004's to have the same problem, which is why we never buy them and either go for the ASR1002 or ASR1006 or higher. The ASR1006 and above will offer hardware-based control plane redundancy. Hope this helps. Cheers, Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LLQ QoS Question
I would configure a shaper to the allocated WAN service bandwidth as a parent policy then have your cbwfq-llq policy as a child to that. (applied outbound towards the service provider) Depending on the service offered by the SP, they usually police traffic to the subscribed speed meaning packet drops. It is better to shape it on your end and use tools such as WRED for congestion avoidance. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeff Cartier Sent: Friday, 12 August 2011 10:51 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] LLQ QoS Question Hi All, Just a quick question to the group. We are about to deploy a few of our routers 'back to back' with the MPLS service providers routers. We will be doing all the markings on our routers and the SP router will be honouring the markings and ensuring QoS toward the MPLS. Since we will be connecting to the SP CPE router at GigE I wasn't planning on configuring any QoS policy-maps facing the SP router My thought was any CBWFQ and LLQ would be done at the SP CPE router as that is point where we will be going from a high speed to low speed link (ie. T1). Even though I'm not doing CBWFQ, would I still need to configure a policy-map with LLQ for voice/video traffic? My understanding has always been QoS isn't applicable on links without congestion. But I also know how LLQ operates...so I'm just unsure of best practice here. Any insights would be appreciated jc __ DISCLAIMER: This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this e-mail. This message has been scanned for the presence of computer viruses, Spam, and Explicit Content. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Supported number HWIC-2FE cards in 2811
supported means that if you called TAC to log an issue with this setup, they would not allow the case to proceed until one of the cards was removed to bring the router to a supported configuration. Many features are like this, for instance BGP on a 3750 a while back was unsupported, but could be configured. (this may or may not still be the case) Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Seth Mattinen Sent: Thursday, 4 August 2011 8:28 AM To: 'Cisco-nsp' Subject: [c-nsp] Supported number HWIC-2FE cards in 2811 I recently picked up some HWIC-2FE and 1FE cards. For fun I stuck two HWIC-2FE cards and one HWIC-1FE card into a lab 2811. To my surprise, it started up indicating 7 Ethernet interfaces and properly identified all interfaces in the config. According to Cisco* the maximum supported HWIC-2FE cards for the 2811 is one; I installed two. So what then does supported mean? In the past for unsupported WIC/HWIC cards I expected router will complain about an invalid hardware config, but in this case all the HWIC ports were recognized. ~Seth * http://www.cisco.com/en/US/docs/routers/access/interfaces/ic/hardware/installation/guide/fe_hwic.html ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Alphawest Disclaimer If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact Alphawest immediately by returning the email to postmas...@alphawest.com.au and destroy the original. This email is confidential and may contain privileged client information. Alphawest has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. Alphawest collects, uses and stores information regarding its customers from time to time in accordance with its privacy policy located on www.alphawest.com.au. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 3110g blade switch consle to as2511-rj
The usb console on new cisco routers is simply a rs232-usb convertor built into the router. so when you connect the usb cable to your pc, it see's it as a usb to rs232 convertor device. (after installing cisco driver) I would assume it's the same in this switch, so I would imagine it would be difficult to do what you are proposing (access the console via a console server) until someone releases a USB based console server, this may not be possible. Andrew Jones Alphawest -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Erik Nelson Sent: Tuesday, 2 August 2011 10:15 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] cisco 3110g blade switch consle to as2511-rj Any suggestions on how to connect from the USB console port on the Cisco 3110G Blade Switch to the RJ45 ports on a 2511RJ being used as a console server? I thought I understood which adapters I have did tx/rx swaps, but nothing works. The included USB to DB-9 serial cable works fine to a PC, so I know the port works. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Alphawest Disclaimer If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact Alphawest immediately by returning the email to postmas...@alphawest.com.au and destroy the original. This email is confidential and may contain privileged client information. Alphawest has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. Alphawest collects, uses and stores information regarding its customers from time to time in accordance with its privacy policy located on www.alphawest.com.au. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] just installed a Huawei...
but then you spend 4 x the time configuring and maintaining your network false economy? Andrew Jones -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rogelio Sent: Tuesday, 26 July 2011 2:51 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] just installed a Huawei... Not sure if it's any interest of this group, but I just installed a Huawei CX600 router this last week. It's like Cisco quality (garbage!) for the price that Cisco should be (low!). The commands are very similar (e.g. switchport - portswitch, no shut - undo shut, etc), and you configure it almost identical to what you'd expect on a Cisco. The worst part about the Huawei is probably the documentation. It's scattered all over the place, so if you want something simple (like telnet access), it's in a completely different PDF than if you want, say, VLAN configuration commands. Finding it all is a huge scavenger hunt. But hey...for like a 1/4 of the price or whatever (so I've heard), I'd say it's worth it. :b -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Alphawest Disclaimer If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact Alphawest immediately by returning the email to postmas...@alphawest.com.au and destroy the original. This email is confidential and may contain privileged client information. Alphawest has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. Alphawest collects, uses and stores information regarding its customers from time to time in accordance with its privacy policy located on www.alphawest.com.au. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] sup2 VRRP/HSRP limits
Thanks Mack, Does anyone have an information on how many interfaces running HSRP could be configured on a sup2 before the load would become unworkable? Thanks, Andrew On Tue, 8 Mar 2011 10:53:07 -0800, Mack McBride mack.mcbr...@viawest.com wrote: Different code trains have different limits on HSRP sessions. This is in addition to what may be imposed for different Supervisor engines. If you have too many for the supervisor load they will become unstable. Mack McBride Network Architect -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andrew Jones Sent: Monday, March 07, 2011 5:48 PM To: Cisco NSP Subject: [c-nsp] sup2 VRRP/HSRP limits Hi All, What is the maximum number of VRRP groups which can be configured on a 6500/sup2? I've found that the limit for HSRP seems to be 256. Do these limits increase on the SUP720-3BXL? I'm trying to use a pair of 6500s as the default gateway for a couple of thousand VLANs, and am looking at options for redundancy. Thanks, Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] sup2 VRRP/HSRP limits
Hi All, What is the maximum number of VRRP groups which can be configured on a 6500/sup2? I've found that the limit for HSRP seems to be 256. Do these limits increase on the SUP720-3BXL? I'm trying to use a pair of 6500s as the default gateway for a couple of thousand VLANs, and am looking at options for redundancy. Thanks, Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] sup2 VRRP/HSRP limits
On Tue, 8 Mar 2011 01:49:17 -0500, Chris Cook crc...@gmail.com wrote: On Mar 8, 2011, at 1:33 AM, Sascha Pollok wrote: I can't remember the exact limit for VRRP or HSRP (keep in mind you can only use one of those on a 6500 at a time - no mixing). However, just use the same group number on all of the SVIs and you'll be fine. You can also mix group numbers of course. Most important information is that you can reuse them across SVIs without any hassle (that I know of). This isn't true; I have production devices that have VRRP and HSRP running at the same time (different interfaces of course). Reusing VRRP/HSRP group numbers has not been a problem for us; HSRPv2 of course allows you to have a group number per SVI if you wish. Thanks guys, that's really helpful. Do you have any information on how many subinterfaces the 6500/SUP2 will support? I found another thread on this mailing list where someone was saying that you can't re-use VLAN IDs, even when using subints. Eg. If I have Gi2/1.300 with encapsulation dot1Q 300, I can't have Gi2/2 with encapsulation dot1Q 300. Is that right? Thanks, Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Which IOS to use on 7206VXR npe-g1?
Hi All, We got some advice here a while back to use the 12.2SB train on our 7200 LNS which is terminating l2tp tunnels from our LACs which are doing PPPoE as we were having instability issues with 12.4T3 advanced IP services. I have downloaded 12.2SB service provider edition, but it doesn't have any of the VPDN commands. Can someone please recommend what 12.2SB version will contain the necessary vpdn functionality. I have trawled through the cisco website but haven't had much luck, so any pointers would be appreciated. Thanks, Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
