Re: [c-nsp] Cisco 3750G backplane throughput
platform-block > > Should be one ASIC per 24 ports, so a TS should have 1 asic for the normal > ports and one for the SFP's. > On a my 48portTS, the SFP's are shared across the two normal ASIC's (48 > copper ports) > > I just removed my lab 3560g-24TS so I can't be 100 percent sure on the > ASIC distribution. I think it had 1 asic for the 24 copper and one for the > sfp's. > > How is your LAG traffic distribution? You need many different flows to > get much out of a LAG. > It is harder to get bandwidth out of the LAG than be outputted dropped by > the ASIC, what I mean is one port in the LAG may hit line rate before the > others are even using 50 percent of bandwidth. > > *1 52WS-C2960X-48LPS-L 15.2(2)E6 > sh platform pm platform-block > interface gid gpn lpn asic > -- > Gi1/0/1 1 1 1 0 > Gi1/0/2 2 2 2 0 > Gi1/0/3 3 3 3 0 > Gi1/0/4 4 4 4 0 > Gi1/0/5 5 5 5 0 > Gi1/0/6 6 6 6 0 > Gi1/0/7 7 7 7 0 > Gi1/0/8 8 8 8 0 > Gi1/0/9 9 9 9 0 > Gi1/0/10 10 10 10 0 > Gi1/0/11 11 11 11 0 > Gi1/0/12 12 12 12 0 > Gi1/0/13 13 13 13 0 > Gi1/0/14 14 14 14 0 > Gi1/0/15 15 15 15 0 > Gi1/0/16 16 16 16 0 > Gi1/0/17 17 17 17 0 > Gi1/0/18 18 18 18 0 > Gi1/0/19 19 19 19 0 > Gi1/0/20 20 20 20 0 > Gi1/0/21 21 21 21 0 > Gi1/0/22 22 22 22 0 > Gi1/0/23 23 23 23 0 > Gi1/0/24 24 24 24 0 > Gi1/0/25 25 25 25 1 > Gi1/0/26 26 26 26 1 > Gi1/0/27 27 27 27 1 > Gi1/0/28 28 28 28 1 > Gi1/0/29 29 29 29 1 > Gi1/0/30 30 30 30 1 > Gi1/0/31 31 31 31 1 > Gi1/0/32 32 32 32 1 > Gi1/0/33 33 33 33 1 > Gi1/0/34 34 34 34 1 > Gi1/0/35 35 35 35 1 > Gi1/0/36 36 36 36 1 > Gi1/0/37 37 37 37 1 > Gi1/0/38 38 38 38 1 > Gi1/0/39 39 39 39 1 > Gi1/0/40 40 40 40 1 > Gi1/0/41 41 41 41 1 > Gi1/0/42 42 42 42 1 > Gi1/0/43 43 43 43 1 > Gi1/0/44 44 44 44 1 > Gi1/0/45 45 464 45 1 > Gi1/0/46 46 465 46 1 > Gi1/0/47 47 457 47 1 > Gi1/0/48 48 456 48 1 > Gi1/0/49 49 49 49 0 > Gi1/0/50 50 50 50 0 > Gi1/0/51 51 51 51 1 > Gi1/0/52 52 52 52 1 > > -Original Message- > From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of > Bryan Holloway > Sent: Thursday, December 14, 2017 7:55 PM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] Cisco 3750G backplane throughput > > This message originates from outside of your organisation. > > Hello community, > > I'm curious if someone is in the know or can point me to a document that > describes how the backplane is carved up on a 3750G. I.e., ports per ASIC, > etc., if applicable. I've dug around the Cisco docs to no avail. > > I'm particularly interested to know how the four-port SFP section is > handled on, for example, a WS-C3750G-24TS. Does it have its own ASIC for > all four SFP ports? Or is that also carved up amongst other ports? If one > were to LAG all four SFP ports together, should one expect to be able to > reach a full 4 Gbps (assuming no taxation from other switch ports?) > > We're running into an odd issue where we're unable to achieve more than > 2 Gbps of bandwidth, but I have a hard time believing this is a switch > limitation. > > Any input would be most appreciated, thanks! > > - bryan > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/ > mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/ > mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-6704-10ge borked?
On Wed, Aug 24, 2016 at 9:23 PM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Wed, Aug 24, 2016 at 06:06:16PM +0200, Chris Knipe wrote: > > Module 2 : CEF720 4 port 10-Gigabit Ethernet > > Serial # : SAL1033Y2X6 > > Software : 12.2(33)SXI6 > > Online Diagnostic Result : MAJOR ERROR > > Online Diagnostic Level when Module 2 came up = Minimal > > Looks borked to me.. > First one ever in my history with Cisco :-) Sorry, figured it might have been a IOS / Firmware issue too possibly. No worries - replacement en-route already. -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WS-6704-10ge borked?
Hi, I just slaped a WS-6704-10ge into a 6506... Slot 2, running: Cisco IOS Software, s72033_sp Software (s72033_sp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI6, RELEASE SOFTWARE (fc4) ROM: System Bootstrap, Version 12.2(14r)S5, RELEASE SOFTWARE (fc1) I read that it is advisable to upgrade to 12.2(18r), but only with IOS 12.2(33)SXH or later. Excuse my ignorance but I don't know whether SXH is earlier or later than SXI (I suppose if it's alphabetical it would be newer, and thus require the ROM upgrade?). Should I be upgrading my ROM, or is the card busted? Module 2 : CEF720 4 port 10-Gigabit Ethernet Serial # : SAL1033Y2X6 Software : 12.2(33)SXI6 Online Diagnostic Result : MAJOR ERROR Online Diagnostic Level when Module 2 came up = Minimal Test Results: (. = Pass, F = Fail, U = Unknown) 1 . TestFabricCh0Health : U 2 . TestFabricCh1Health : U 3 . TestTransceiverIntegrity : Port 1 2 3 4 U U U U 4 . TestLoopback : Port 1 2 3 4 F F F F 5 . TestSynchedFabChannel : U 6 . TestL3VlanMet : U 7 . TestIngressSpan : U 8 . TestEgressSpan: U 9 . TestAsicMemory: U 10. TestEobcStressPing: U 11. TestFirmwareDiagStatus: . 12. TestAsicSync : U 13. TestUnusedPortLoopback : Port 1 2 3 4 U U U U 14. TestOBFL : . 15. TestErrorCounterMonitor : U 16. TestPortTxMonitoring : Port 1 2 3 4 U U U U 17. TestLtlFpoeMemoryConsistency : U 18. TestRwEngineOverSubscription : U Is the hardware broken? -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ACE30 Config
Thanks Mike. There's no existing svclc's on the 6500, so vlan-group 10 is unused. I was mainly concerned that the 6500 would stop switching VLAN101 after it's been assigned to the svclc. Just wanted to get confirmation on that before I drop all my traffic accidentally :-) On Tue, Aug 16, 2016 at 2:20 PM, harbor235 <harbor...@gmail.com> wrote: > Config looks good for the 6500 portion of the config as long as the vlans > you have specified for vlan-group 10 are unused? > I also assume you have created the vlans as well? > > Mike > > On Tue, Aug 16, 2016 at 8:07 AM, Chris Knipe <sav...@savage.za.org> wrote: > >> Hi Guys, >> >> Quick question... I'm about to install my first ACE30 into a 6500 >> (SUP720)... Just a quick question about the svclc if I may... >> >> I already have VLAN101 with all my rservers (currently in production, >> being >> fed from a old LB we'll be replacing with the ACE30). >> >> I created a new VLAN102 which will be used for the customer facing leg of >> the ACE... >> >> Config: >> svclc vlan-group 10 101,102 >> svclc module 1 vlan-group 10 >> svclc multiple-vlan-interfaces >> >> Are those commands safe? I'm not sure whether or not the switch will drop >> traffic to VLAN101 which is currently doing some 2Gbps in traffic. >> >> -- >> >> Regards, >> Chris >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> > > -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ACE30 Config
Hi Guys, Quick question... I'm about to install my first ACE30 into a 6500 (SUP720)... Just a quick question about the svclc if I may... I already have VLAN101 with all my rservers (currently in production, being fed from a old LB we'll be replacing with the ACE30). I created a new VLAN102 which will be used for the customer facing leg of the ACE... Config: svclc vlan-group 10 101,102 svclc module 1 vlan-group 10 svclc multiple-vlan-interfaces Are those commands safe? I'm not sure whether or not the switch will drop traffic to VLAN101 which is currently doing some 2Gbps in traffic. -- Regards, Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-X6748-SFP support
Thanks for all the chip in guys :-) Did read quite a bit about them on Cisco - just wanted to make sure / get some real life confirmations. Sup2T/6T may be beneficial (later) for 10G uplinks (which is -E only as far as I read/understand), but shouldn't be required for a while - at least not until traffic levels pick up. So that, with the vpls PE limitation may very well be points to consider yes, and may just throw me to the -E chassis. DDM would be nice, but I think I can live without that for now. -- Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WS-X6748-SFP support
Hi, Quick question... Will a X6748-SFP work on the normal 6506 (not -E) with a SUP720 or similar? I'm not too interested in L3 features, it will mostly be L2 operations on the units. If there will be L3, it will mostly be OSPF distributing connected routes and receiving only a default, so not a lot going on with routing at all - so no need for bigger 720 really, unless 2T or similar is required for the line cards to work. On the 6513 it's only supported in slots 9-13 (from what I've read anyways), but I'm unsure if similar restrictions applies to smaller chassis. If I can use the X6748-SFP on slots 1-6 on the 6513 I would appreciate it if someone can chip in - it will make my life a lot easier. Let's forget about the daughter card complexities and/or any possible contention for now... Thnx, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IP SLB Performance
Hi all, Does anyone have some kind of idea (or reference) to what kind of performance one can expect on a IOS based ip slb (6500/SUP720)? We're currently doing some 3Gbps on a virtual server with 10 real servers, and thinking about moving this to a ip slb, provided it would perform better. Simple TCP based system, no session tracking required or anything fancy. We're simply taking a tcp connection to the virtual server, and (currently) NAT it to a private IP of the real servers. -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6509 Fabric Switch Capacity
020G 32 19 > > > > My questions are is What will happen if we exceed capacity(Egress or > Ingress) in Channel#0 of Slot#2? Will device use Capacity of Channel#1? > > > > Thank you > > Alireza > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6509 Fabric Switch Capacity
On Wed, Jan 13, 2016 at 4:28 PM, Simon Lockhart <si...@slimey.org> wrote: > On Wed Jan 13, 2016 at 04:25:48PM +0200, Chris Knipe wrote: > > Whilst I can understand over subscription (and subsequent drops) on the > > WS-X6708, would the same hold true for the WS-X7604? > > The WS-X6704 has woefully underpowered ASICs on it. It has the dual 20G bus > connections, with two 10G ports on each, so on paper it's not > oversubscribed. > > However, you'll be lucky to get more than about 25Gbps aggregate throughput > through the blade. Ta! Nexus it is then I suppose :-( -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Interface drops
Hi Alan, > > Now, 14482944 of 548164331323 packets is a mere 0.002%... Hence - should > > this be a cause of concern? > > well yes - that amount of drops leads to huge hit in network performance > for eg TCP applications > > https://fasterdata.es.net/network-tuning/tcp-issues-explained/packet-loss/ > > Interesting reading and calculations there :-) Thnx for the link... > > > > #sh int po7 > > Port-channel7 is up, line protocol is up (connected) > > Hardware is EtherChannel, address is 001c.b1e8.9627 (bia > 001c.b1e8.9627) > > Members in this channel: Gi2/0/38 Gi2/0/39 Gi2/0/40 > > 3 members? not a good number for Cisco etherchannel > > > Again, here we have a bit more, sitting at 4.592% > > ouch. > > > whats downstream of these devices? got flow-control? if you have no QoS > the byffer space on the platform should > be enough for that amount of traffic MB/s- but what type of traffic is it > being used by NFS - big packets? have you enabled > jumbo frames on the links? > > Dell R450s (Broadcom NetXtreme II), NFSv4 (TCP) and SQL. No flow control and no Jumbos. I've read some very mixed results in terms of jumbo frames so it's not enabled. The other reason is that it requires an reboot of the entire switch stack (thanks Cisco) to enable, which is something that simple can not be done any time soon. Various NFS / OS tweaks has been tried already, incl. UDP vs. TCP, and NFS3 fs NFS4. Even tested SMB3 just for the hell of it, a SCP is slow too (slow being FAR from 1Gbps, nevermind 3Gbps in the case of multiple TCP connections) > > I did bench the servers, and locally on the servers (without using the > > network), I do get SIGNIFICANTLY better performance (like 10 x > increase)... > > packet loss can cause this massive degradation - see above link > > And this is what I find EXTREMELY annoying. In terms of ICMP, not one single dropped packet. Perhaps I should try with bigger packets - will check that out. -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Interface drops
Hi All, I have a pair of C3750G's that in a stack (WS-C3750G-48TS, 12.2(40)SE, IPBASE). Numerous EtherChannels are configured spanning the two switches. I am seeing output drops, and the counters decrements as well as increments. This leads me to believe that I may be hitting CSCtq86186 What I am not understanding, is that 'show platform port-asic stats drop' doesn't show any drops at all (granted, mls qos is disabled which I think may be a requirement here). The switch cluster SHOULD be doing a fair amount of traffic, but I am not getting a fraction of the traffic that I am expecting however. Is it safe to assume that the output drops are my issue (lack of buffers) and it is time to upgrade, or is there any other reliable method to determine just how much packets are being dropped? I don't think there's a way for me to determine (from the switch at least), exactly how much are being dropped? Just an FYI: # sh int po1 Port-channel1 is up, line protocol is up (connected) Hardware is EtherChannel, address is 0026.52e8.f984 (bia 0026.52e8.f984) Members in this channel: Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi2/0/1 Gi2/0/2 Gi2/0/3 Gi2/0/4 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 14482944 30 second input rate 801422000 bits/sec, 88307 packets/sec 30 second output rate 494159000 bits/sec, 64104 packets/sec 548164331323 packets output, 556661107062424 bytes, 0 underruns Now, 14482944 of 548164331323 packets is a mere 0.002%... Hence - should this be a cause of concern? #sh int po7 Port-channel7 is up, line protocol is up (connected) Hardware is EtherChannel, address is 001c.b1e8.9627 (bia 001c.b1e8.9627) Members in this channel: Gi2/0/38 Gi2/0/39 Gi2/0/40 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 780850784 30 second input rate 155029000 bits/sec, 17659 packets/sec 30 second output rate 204147000 bits/sec, 19389 packets/sec 17002461535 packets output, 23299760423613 bytes, 0 underruns Again, here we have a bit more, sitting at 4.592% I'm trying to establish here IF I do indeed have a networking issue, or whether the issue is elsewhere (such as servers and a lack of IOPS for example). We run NFS over these ports, and frequently get NFS timeouts and what not (latency sub 1ms)... The servers are physically not under a lot of load, except for Disk IO. The network, well, it's idling based on the above stats (baring the output drops). Naturally, if the switch's stats is wrong (which I think it is), we may well be dropping significantly more than what the switch indicates, which would explain the slow throughput / NFS issues. But it's not set in stone, as it could very well also be the disks in the servers which can't cope with the concurrent read/write requests... So yes - let's forget about the fact that it's 3750's. Do I buy new (upgrade) switches, or do I buy new (upgrade) servers? Given bug CSCtq86186 how could I establish which one of the two is the more severe issue? I did bench the servers, and locally on the servers (without using the network), I do get SIGNIFICANTLY better performance (like 10 x increase)... My gut is telling me that I should get better performance with the existing server hardware by upgrading the network, but I don't want to go down that route if it's not pretty much guaranteed to solve my issues. We're talking a lot of money here at the end of the day. Many thanks, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C3750G Stacking
Hi guys, After instructing the DC technicians to swap the stacking cables around, BOTH ports magically came up and everything is working as expected, 32Gbps full ring. I can only assume that even after asking (and them checking) three times, the stacking cables wasn't seated properly on one or more of the ports. Many thanks, Chris. -Original Message- From: Andrew Miehs [mailto:and...@2sheds.de] Sent: Monday, 05 October 2015 17:47 To: Chris Knipe <sav...@savage.za.org> Cc: cisco-nsp <cisco-nsp@puck.nether.net> Subject: Re: [c-nsp] C3750G Stacking May be a faulty cable/ module. You may want to try first with only one cable, and then with the other. Then try different ports with one cable only. Andrew Sent from a mobile device > On 6 Oct 2015, at 02:29, Chris Knipe <sav...@savage.za.org> wrote: > > Hi Guys, > > I currently have a C3750G-48TS-S running and working fine. I am > attempting to add a second C3750-48TS-S as a slave into a stack. > > 1) Both switches confirmed to be identical platforms > 2) Both switches confirmed to be running identical IOS > 3) Stacking cables connected correctly, > 3.1) SW01 port 1 to SW02 port 2 > 3.2) SW01 port 2 to SW02 port 1 > 4) Stacking cables has been double and tripple checked to be connected > correctly, and securely. > > SW01 (the master) > switch 1 provision ws-c3750g-48ts > switch 2 provision ws-c3750g-48ts > > SW01#sh switch detail > Switch/Stack Mac Address : 0026.52e8.f980 > H/W Current > Switch# Role Mac Address Priority Version State > -- > *1 Master 0026.52e8.f980 15 0 Ready > 2 Member .. 0 0 Provisioned > > > > Stack Port Status Neighbors > Switch# Port 1 Port 2 Port 1 Port 2 > > 1 Down Down None None > > > This however, bothers me: > SW01#sh switch stack-ring speed > > Stack Ring Speed: 16G > Stack Ring Configuration: Half > Stack Ring Protocol : StackWise > > > When I boot up SW02, the switch detects that it is switch 2 in the > stack, but it shuts down stacking ports, and becomes master, instead of slave... > > Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version > 12.2(40)SE, RELEASE SOFTWARE (fc3) Copyright (c) 1986-2007 by Cisco > Systems, Inc. > Compiled Fri 24-Aug-07 00:53 by myl > Image text-base: 0x3000, data-base: 0x0138 > > Initializing flashfs... > > flashfs[1]: 450 files, 7 directories > flashfs[1]: 0 orphaned files, 0 orphaned directories > flashfs[1]: Total bytes: 32514048 > flashfs[1]: Bytes used: 10718720 > flashfs[1]: Bytes available: 21795328 > flashfs[1]: flashfs fsck took 2 seconds. > flashfs[1]: Initialization completedone Initializing flashfs. > > POST: CPU MIC register Tests : Begin > POST: CPU MIC register Tests : End, Status Passed > > POST: PortASIC Memory Tests : Begin > POST: PortASIC Memory Tests : End, Status Passed > > POST: CPU MIC interface Loopback Tests : Begin > POST: CPU MIC interface Loopback Tests : End, Status Passed > > POST: PortASIC RingLoopback Tests : Begin > POST: PortASIC RingLoopback Tests : End, Status Passed > > SM: Detected stack cables at PORT2 > > Waiting for Stack Master Election... > SM: Waiting for other switches in stack to boot... > ## > # > SM: All possible switches in stack are booted up > > front_end/ (directory) > extracting front_end/fe_type_1 (34696 bytes) extracting > front_end/fe_type_2 (54584 bytes) extracting > front_end/front_end_ucode_info (86 bytes) extracting ucode_info (76 > bytes) > POST: PortASIC CAM Subsystem Tests : Begin > POST: PortASIC CAM Subsystem Tests : End, Status Passed > > POST: No Cable found on stack port 1 > > POST: PortASIC Stack Port Loopback Tests : Begin > POST: Found Stack port 1 Down > POST: Found Stack port 2 Down > POST: Skipping Stack port External loopback > POST: PortASIC Stack Port Loopback Tests : End, Status Passed > > POST: PortASIC Port Loopback Tests : Begin > POST: PortASIC Port Loopback Tests : End, Status Passed > > Election Complete > Switch 2 booting as Master > Waiting for Port download...Complete > > > This product contains cryptographic features and is subject to United > States and local country laws governing import, export, transfer and > use. Delivery of Cisco cryptographic products does not imply > third-par
[c-nsp] C3750G Stacking
: V04 CLEI Code Number: COM7X10ARA Hardware Board Revision Number : 0x09 Switch Ports Model SW Version SW Image -- - - -- -- *2 52 WS-C3750G-48TS 12.2(40)SE C3750-IPBASEK9-M Failed to generate persistent self-signed certificate. Secure server will use temporary self-signed certificate. Press RETURN to get started! 00:04:41: %STACKMGR-4-SWITCH_ADDED: Switch 2 has been ADDED to the stack 00:04:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down 00:04:45: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan 00:04:48: %SYS-5-CONFIG_I: Configured from memory by console 00:04:48: %STACKMGR-5-SWITCH_READY: Switch 2 is READY 00:04:48: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN 00:04:48: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 2 has changed to state DOWN 00:04:48: %STACKMGR-5-MASTER_READY: Master Switch 2 is READY 00:04:49: %SYS-5-RESTART: System restarted -- Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(40)SE, RELEASE SOFTWARE (fc3) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Fri 24-Aug-07 00:53 by myl 00:04:49: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down Google seems to be full of issues similar to this, but they're not really forth coming with a solution to the issue. Rebooting SW01 (current master), is out of the question. SW02 (the slave) can have anything done to it at this point in time. -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10G gear
On Sat, Jan 17, 2015 at 10:21 AM, Michael Loftis mlof...@wgops.com wrote: Basically, yes, you need DFC to get your target rates. And it's more about pps than bps. CFC in non classic mode is 30Mpps for the whole chassis. If you have any classic cards you'll be stuck at half that (because the packet headers are larger in this mode), 15Mpps. ... I don't think you can get a SUP720 entirely without the PFC...as that's basically the bit that's doing all the CFC decision making. The system will be limited in scale and features to the lowest common denominator between your DFC(s) and PFC. This is all in the FAQ below I'm still confused :-( Sorry. The only other line card in the chassis would be one WS-X6748-GE-TX which is a 48 Port 10/100/1000 card. Yes, the SUP720 comes with MSFC3/PFC3 standard (we will be upgrading memory on the SUP as well as the MFC to 1G, the max supported), and it states it can deliver up to 40Gbps per slot. But from what you've mentioned, we will thus now be limited to 15Mpps which is clearly not going to be enough. The SUP720-3B is perhaps also an option, but if I have to start looking at the 720-3BXL then it's becoming very expensive, yet again. Do I then also understand correctly that in the case of a SUP720-3B I need to purchase a WS-X6708-10G-3C and in the case of a SUP720-3BXL we are talking about a WS-X6708-10G-3CXL (there are no 4-port line card available with a DFC daughter card), or are these special versions with the daughter cards only required to lower the impact of the contention on the 8-port cards? Would the same also hold true then on a SUP720-3B or SUP720-3BXL in the case of a WS-X6704-10GE, or would the bigger (better) SUP have no problem with smashing the 15/30Mpps to pieces and deliver true 10Gbps per port? I'm not after 100% guaranteed 10Gbps per port on the line card, but I most certainly don't want to spend all this money and only get like ~3Gbps per port either. What other options (except Nexus) would there be that can deliver ~8 x 10GE (fiber) and 48 x 1GE at an affordable rate? Nexus is WAY over my budget (and the reason why we're looking at the 6500 instead), and it would seem (to me at least) I am stuck between a rock and a hard place in terms of acquiring a low port density 10G switch at an affordable price. Sorry for all the questions, in my 15 odd years of networking, this is the first time that I will be entering the 10GE arena, so I really want to just make sure that I get the correct kit from the start. These toys aren't cheap :-( -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10G gear
On Sat, Jan 17, 2015 at 11:18 AM, Andrew Miehs and...@2sheds.de wrote: Depends what you are trying to do... Do you need full routing tables? If 100k routes are enough you may want to try and look at some trident 2 based kit like the qfx5100 from juniper. --Andrew Basic layer II switching and a few VLANs... Nothing fancy required at all ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10G gear
On Sat, Jan 17, 2015 at 11:36 AM, Simon Lockhart si...@slimey.org wrote: On Sat Jan 17, 2015 at 10:53:01AM +0200, Chris Knipe wrote: If you're only doing layer 2 switching and no routing, then you shouldn't need to upgrade the RAM - this is used more for route storage (RIB). Thanks for the heads up. So we can shave a few bucks at least :-) The SUP720-3B is perhaps also an option, but if I have to start looking at the 720-3BXL then it's becoming very expensive, yet again. Consider looking at refurb / 2nd-user - either official Cisco refurb or 3rd party. You'll probably be pleasantly surprised by the pricing. We already are ;-) Do I then also understand correctly that in the case of a SUP720-3B I need to purchase a WS-X6708-10G-3C and in the case of a SUP720-3BXL we are talking about a WS-X6708-10G-3CXL (there are no 4-port line card available with a DFC daughter card), or are these special versions with the daughter cards only required to lower the impact of the contention on the 8-port cards? The 6708 is an odd card - it has the DFC 'soldered in', so it's not field replaceable/upgradeable. The difference between 3B and 3BXL is purely the number of layer 3 routes it can hold in the FIB. If you're only doing L2, then this won't give you any benefits. AHA! Again, I didn't know this. And the difference between the SUP720 and the SUP720-3B? Is that significant? The general pricing on the SUP720-3B is still very affordable (IMHO), but once you go to 3BXL the pricing jumps astronomically. For us moving (if needed) from a SUP720 to a SUP720-3B isn't going to be a show stopper. Drastic price drops on the 3B also thus makes sense as the routing tables more than likely got too big for the 3B and everyone upgraded to 3BXL, saturating the market with old 3B cards... Time to read up on the SUP720 vs. SUP720-3B then. You won't get true line rate on all 4 ports on a 6704. They're well known as having performance issues due to underpowered ASICs. We've been seeing about 25-30Gbps of aggregate traffic (general internet traffic, adding in+out on all ports) before they run out of steam. Depends on your total traffic requirements. SUP720 + 6704 + 6748-GE-TX (+ 6724-SFP if I need fibre) is still my work-horse of choice for a Cisco switch offering both 10G and 1G ports. On the used market, these blades are available very cheaply. This is what I really like (and hoped) to hear. Considering we're currently peaking at 1.2Gbps / 1.5Gbps, a ~10X increase in capacity/throughput seems like a winner then. Granted (as I understand it), from a layer III point of view this configuration would be significantly under spec'ed to provide what it is supposed to, but on a layer II level it seems (to me at least) that it would be able to deliver a -significant- upgrade to what we currently can deliver on our infrastructure... The 25-30Gbps you are seeing - is this across one line card, or across the entire chassis? Just trying to get an idea of what two or three 4-Port 10GE cards would do. Thnx Simon, very, very helpful indeed. Thankfully I am not in the carrier industry, but I can just imagine how far my jaw will drop when looking at 40GE or 100GE for that matter yes!!! -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 10G gear
Hi All, I have a 6500 that I want to equip with 10G. I am as confused as I can be in terms of what is / is not supported. I am looking at the WS-X6704-10G cards - http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization /data-center-switching/net_business_benefit0900aecd805348f3.html and I'm mainly after the 4 port cards for a costing point of view, as well as to not have contention across the ports. I will deploy 2 x 4 port cards in the 6500, and traffic will be at ~5Gbps or so per port. Using a standard SUP720 and the default forwarding (CFC) - would this be a workable solution, or would distributed forwarding (DCF3A/DFC3B/DFC3BXL) be *required*? Also for distributed forwarding, would a SUP720-3B(XL) (or higher) be required? I'm not really after features or such, we are taking about a simple layer II switch, with some basic VLANs. Many thanks, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] C7200 and AAA Accounting
Hi Guys, I'm hoping that someone can assist in debugging something rather strange. I have a 7206 (NPE-G1) terminating PPPoEoE sessions. AAA is working fine and Authentication as well as Authorization happens as expected. However, for some reason, the 7200 refuses to send any Accounting information. I'm sure this must be something stupid and small that I am overlooking - hopefully a fresh pair of eyes will spot what I'm failing to see! :-) Version: Cisco IOS Software, 7200 Software (C7200-ADVSECURITYK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2) Relevant configurations: aaa new-model aaa session-mib disconnect aaa group server radius MYRADIUS server x.x.x.43 auth-port 1812 acct-port 1813 ip radius source-interface Loopback0 attribute nas-port format a load-balance method least-outstanding mac-delimiter colon aaa authentication login MYRADIUS group radius local aaa authentication ppp default group MYRADIUS aaa authorization exec MYRADIUS group radius local aaa authorization network default group MYRADIUS aaa accounting send stop-record always aaa accounting delay-start aaa accounting session-duration ntp-adjusted aaa accounting update newinfo periodic 30 aaa accounting network default start-stop group MYRADIUS aaa nas port extended aaa session-id common radius-server attribute 44 extend-with-addr radius-server attribute 6 mandatory radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute nas-port format b radius-server attribute 61 extended radius-server attribute 31 mac format ietf upper-case radius-server host x.x.x.43 auth-port 1812 acct-port 1813 key 7 a radius-server retransmit 2 radius-server timeout 10 radius-server unique-ident 5 radius-server load-balance method least-outstanding debug aaa accounting: 000279: Apr 5 12:12:09.718: AAA/ACCT/CLIENT(001A): recv 10bps xmit 10bps 000280: Apr 5 12:12:09.718: AAA/ACCT/HC(001A): Register PPPoE/5B1C 64 bit counter support not configured 000281: Apr 5 12:12:09.718: AAA/ACCT/HC(001A): Update PPPoE/5B1C 000282: Apr 5 12:12:09.718: AAA/ACCT/HC(001A): no HC PPPoE/5B1C 000283: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): CALL START 000284: Apr 5 12:12:09.718: Getting session id for NET(001A) : db=6AB5C8B8 000285: Apr 5 12:12:09.718: AAA/ACCT(): add node, session 215 000286: Apr 5 12:12:09.718: AAA/ACCT/NET(001A): add, count 1 000287: Apr 5 12:12:09.718: AAA/ACCT/NET(001A): Pick method list 'default' 000288: Apr 5 12:12:09.718: AAA/ACCT/SETMLIST(001A): Handle 0, mlist 6A148168, Name default 000289: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): ATTR REPLACE 000290: Apr 5 12:12:09.718: AAA/ACCT(001A): Accounting response status = FAILURE 000291: Apr 5 12:12:09.718: AAA/ACCT(001A): Send NEWINFO accounting notification to EM successfully 000292: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): ATTR REPLACE 000293: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): ATTR REPLACE 000294: Apr 5 12:12:09.838: Getting session id for NET(001A) : db=6AB5C8B8 000295: Apr 5 12:12:10.842: Getting session id for NET(001A) : db=6AB5C8B8 000296: Apr 5 12:12:10.850: AAA/ACCT/NET(001A): Pick method list 'default' 000297: Apr 5 12:12:10.850: AAA/ACCT/SETMLIST(001A): Handle 0, mlist 6A148168, Name default 000298: Apr 5 12:12:10.850: AAA/ACCT/EVENT/(001A): NET UP 000299: Apr 5 12:12:10.850: AAA/ACCT/CLIENT(001A): recv 10bps xmit 10bps 000300: Apr 5 12:12:10.850: AAA/ACCT/HC(001A): Update PPPoE/5B1C 000301: Apr 5 12:12:10.850: AAA/ACCT/HC(001A): no HC PPPoE/5B1C 000302: Apr 5 12:12:10.862: AAA/ACCT/EVENT/(001A): IPCP_PASS 000303: Apr 5 12:12:10.862: AAA/ACCT/NET(001A): Queueing record is START 000304: Apr 5 12:12:10.862: AAA/ACCT(001A): Accounting method=MYRADIUS (RADIUS) 000305: Apr 5 12:12:10.862: AAA/ACCT/NET(001A): Suppressed record Accounting supressed and not sent. 000306: Apr 5 12:12:10.862: AAA/ACCT(001A): mlist_periodic is not set, interval 0 000307: Apr 5 12:12:10.862: AAA/ACCT(001A): Resetting Periodic timer 600 Many thanks, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C7200 and AAA Accounting
Hi, https://supportforums.cisco.com/discussion/10810196/no-radius-accounting-when-redundancy-inter-device-configured Seems to have solved the issue. Accounting now working. -- Chris. On Sat, Apr 5, 2014 at 2:21 PM, Chris Knipe sav...@savage.za.org wrote: Hi Guys, I'm hoping that someone can assist in debugging something rather strange. I have a 7206 (NPE-G1) terminating PPPoEoE sessions. AAA is working fine and Authentication as well as Authorization happens as expected. However, for some reason, the 7200 refuses to send any Accounting information. I'm sure this must be something stupid and small that I am overlooking - hopefully a fresh pair of eyes will spot what I'm failing to see! :-) Version: Cisco IOS Software, 7200 Software (C7200-ADVSECURITYK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2) Relevant configurations: aaa new-model aaa session-mib disconnect aaa group server radius MYRADIUS server x.x.x.43 auth-port 1812 acct-port 1813 ip radius source-interface Loopback0 attribute nas-port format a load-balance method least-outstanding mac-delimiter colon aaa authentication login MYRADIUS group radius local aaa authentication ppp default group MYRADIUS aaa authorization exec MYRADIUS group radius local aaa authorization network default group MYRADIUS aaa accounting send stop-record always aaa accounting delay-start aaa accounting session-duration ntp-adjusted aaa accounting update newinfo periodic 30 aaa accounting network default start-stop group MYRADIUS aaa nas port extended aaa session-id common radius-server attribute 44 extend-with-addr radius-server attribute 6 mandatory radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute nas-port format b radius-server attribute 61 extended radius-server attribute 31 mac format ietf upper-case radius-server host x.x.x.43 auth-port 1812 acct-port 1813 key 7 a radius-server retransmit 2 radius-server timeout 10 radius-server unique-ident 5 radius-server load-balance method least-outstanding debug aaa accounting: 000279: Apr 5 12:12:09.718: AAA/ACCT/CLIENT(001A): recv 10bps xmit 10bps 000280: Apr 5 12:12:09.718: AAA/ACCT/HC(001A): Register PPPoE/5B1C 64 bit counter support not configured 000281: Apr 5 12:12:09.718: AAA/ACCT/HC(001A): Update PPPoE/5B1C 000282: Apr 5 12:12:09.718: AAA/ACCT/HC(001A): no HC PPPoE/5B1C 000283: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): CALL START 000284: Apr 5 12:12:09.718: Getting session id for NET(001A) : db=6AB5C8B8 000285: Apr 5 12:12:09.718: AAA/ACCT(): add node, session 215 000286: Apr 5 12:12:09.718: AAA/ACCT/NET(001A): add, count 1 000287: Apr 5 12:12:09.718: AAA/ACCT/NET(001A): Pick method list 'default' 000288: Apr 5 12:12:09.718: AAA/ACCT/SETMLIST(001A): Handle 0, mlist 6A148168, Name default 000289: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): ATTR REPLACE 000290: Apr 5 12:12:09.718: AAA/ACCT(001A): Accounting response status = FAILURE 000291: Apr 5 12:12:09.718: AAA/ACCT(001A): Send NEWINFO accounting notification to EM successfully 000292: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): ATTR REPLACE 000293: Apr 5 12:12:09.718: AAA/ACCT/EVENT/(001A): ATTR REPLACE 000294: Apr 5 12:12:09.838: Getting session id for NET(001A) : db=6AB5C8B8 000295: Apr 5 12:12:10.842: Getting session id for NET(001A) : db=6AB5C8B8 000296: Apr 5 12:12:10.850: AAA/ACCT/NET(001A): Pick method list 'default' 000297: Apr 5 12:12:10.850: AAA/ACCT/SETMLIST(001A): Handle 0, mlist 6A148168, Name default 000298: Apr 5 12:12:10.850: AAA/ACCT/EVENT/(001A): NET UP 000299: Apr 5 12:12:10.850: AAA/ACCT/CLIENT(001A): recv 10bps xmit 10bps 000300: Apr 5 12:12:10.850: AAA/ACCT/HC(001A): Update PPPoE/5B1C 000301: Apr 5 12:12:10.850: AAA/ACCT/HC(001A): no HC PPPoE/5B1C 000302: Apr 5 12:12:10.862: AAA/ACCT/EVENT/(001A): IPCP_PASS 000303: Apr 5 12:12:10.862: AAA/ACCT/NET(001A): Queueing record is START 000304: Apr 5 12:12:10.862: AAA/ACCT(001A): Accounting method=MYRADIUS (RADIUS) 000305: Apr 5 12:12:10.862: AAA/ACCT/NET(001A): Suppressed record Accounting supressed and not sent. 000306: Apr 5 12:12:10.862: AAA/ACCT(001A): mlist_periodic is not set, interval 0 000307: Apr 5 12:12:10.862: AAA/ACCT(001A): Resetting Periodic timer 600 Many thanks, Chris. -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ADSL and Capacity Used
Hi All, Been googling for a bit now, but this information is seemingly missing my browser. I know that it's not really important, but for my own curiosity and sanity. What Capacity does Capacity Used refer to on a ADSL WIC when issuing the show atm int xxx command? For example: #sh dsl int atm0/0/0 ATM0/0/0 . Capacity Used: 59% 83% ... DS Channel1 DS Channel0 US Channel1 US Channel0 Speed (kbps): 010239 0 1020 . #sh int atm0/0/0 ATM0/0/0 is up, line protocol is up . 30 second input rate 19000 bits/sec, 8 packets/sec 30 second output rate 15000 bits/sec, 11 packets/sec Clearly the Capacity Used, is not referring to the capacity that *I* have available on my ADSL circuit. I'm wondering just what capacity is this referring too? It's really not important - I'm just curious. Many thanks, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] raspberry pi
NTP servers out in a wireless network ;-) -- Chris On 20 Nov 2013 08:24, Preston Chilcote (pchilcot) pchil...@cisco.com wrote: Hi Everyone, I'm curious: Does anyone use one or more raspberry pis in their network (for networking related stuff)? What kinds of things are they used for? Thanks, Preston Chilcote ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 mounting with cables
I have to replace a faulty fan tray on a *almost* fully populated 6513 (10/100/1000 line cards). That, was fun, I tell you. We ran cables left and right, but all servers was channel bonded (split between left right), so we could remove all cables required and replace the fan tray without any disruption. Took a ton of work though :-( On Mon, Jul 8, 2013 at 3:01 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Interesting kit. Regarding fan unit - have had plenty of blade/sup swaps and failures. .. no fan tray (now I've said that. ..) the only time we had a fan swap was for a wholesale upgrade to e-series so ALL kit got taken out. alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Am I being very stupid or....
Hi All, I can't believe I am doing this, but I am either missing something VERY obvious, or I am in need for some assistance on this one... I have a VLAN configured on a Port-Channel (all other VLAN's on the same Port-Channel is working absolutely fine). #sh run int po1.105 Building configuration... Current configuration : 429 bytes ! interface Port-channel1.105 encapsulation dot1Q 105 ip address 198.18.0.1 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip virtual-reassembly in ip verify unicast reverse-path keepalive 30 end The interface is up/up #sh int po1.105 Port-channel1.105 is up, line protocol is up Hardware is GEChannel, address is 0021.d816.0380 (bia 0021.d816.0380) Description: WBTG-HS01 LAN Internet address is 198.18.0.1/28 MTU 1500 bytes, BW 100 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation 802.1Q Virtual LAN, Vlan ID 105. ARP type: ARPA, ARP Timeout 04:00:00 Keepalive set (30 sec) Last clearing of show interface counters never Yet, from the console on the router ON WHICH the Interface is configured (yes, local router - this is not even a remote ping over a wire): #ping 198.18.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 198.18.0.1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Can someone perhaps shed some light for me as to why this would be occurring? We're looking at a C3825 running IOS 12.5 Thanks for your time - hopefully this is me being an 1d10t -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Am I being very stupid or....
Hi Jan, You learn something new every day :-) Thanks. I guess I was being an idiot after all... On Fri, Jul 5, 2013 at 6:07 PM, Jan Gregor jan.gre...@chronix.org wrote: Hi, the ip verify unicast reverse-path blocks local ping. If you want to allow it, you can user the allow-self-ping option to the command. Best regards, Jan On 07/05/2013 05:53 PM, Chris Knipe wrote: Hi All, I can't believe I am doing this, but I am either missing something VERY obvious, or I am in need for some assistance on this one... I have a VLAN configured on a Port-Channel (all other VLAN's on the same Port-Channel is working absolutely fine). #sh run int po1.105 Building configuration... Current configuration : 429 bytes ! interface Port-channel1.105 encapsulation dot1Q 105 ip address 198.18.0.1 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip virtual-reassembly in ip verify unicast reverse-path keepalive 30 end The interface is up/up #sh int po1.105 Port-channel1.105 is up, line protocol is up Hardware is GEChannel, address is 0021.d816.0380 (bia 0021.d816.0380) Description: WBTG-HS01 LAN Internet address is 198.18.0.1/28 MTU 1500 bytes, BW 100 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation 802.1Q Virtual LAN, Vlan ID 105. ARP type: ARPA, ARP Timeout 04:00:00 Keepalive set (30 sec) Last clearing of show interface counters never Yet, from the console on the router ON WHICH the Interface is configured (yes, local router - this is not even a remote ping over a wire): #ping 198.18.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 198.18.0.1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Can someone perhaps shed some light for me as to why this would be occurring? We're looking at a C3825 running IOS 12.5 Thanks for your time - hopefully this is me being an 1d10t -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] TCP Timer 70% CPU
Hi All, I have a Cisco 3825 with 1GB Ram doing some BGP peering (VERY low traffic, not even 5mbit/s sustained throughput). Memory usage is absolutely fine and sitting at less than 50% utilization, and stable. The Router's CPU is showing an almost linear increases, and the 'TCP Timer' process is currently sitting at over 70% CPU load. Cisco documentation suggests: TCP Timer When the Transmission Control Protocol (TCP) timer process uses a lot of CPU resources, this indicates that there are too many TCP connection endpoints. This can happen in data-link switching (DLSw) environments with many peers, or in other environments where many TCP sessions are simultaneously opened on the router. What does this actually mean? The router does not make any TCP connections (nor does it receive any - except for the odd telnet to VTY). Radius and Syslog is enabled however, but this is sending UDP traffic... What can I look at possibly to determine root cause and fix? -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TCP Timer 70% CPU
Hi, Saw 4 sessions that was down and sh tcp showed thousands of connections in a CLOSEWAIT state to those neighbors. I presume that's my culprit. I shutted the neighbors that was down, but the connections are still in an CLOSEWAIT - looking now to see about resetting them. CPU usage for the process is slowly starting to come down though, presumably the connections are timing out and not being re-created. Many thanks, Chris. On Mon, Aug 13, 2012 at 9:48 AM, Tim Warnock tim...@timoid.org wrote: I have a Cisco 3825 with 1GB Ram doing some BGP peering (VERY low traffic, not even 5mbit/s sustained throughput). Memory usage is absolutely fine and sitting at less than 50% utilization, and stable. The Router's CPU is showing an almost linear increases, and the 'TCP Timer' process is currently sitting at over 70% CPU load. Cisco documentation suggests: TCP Timer What can I look at possibly to determine root cause and fix? Hi Chris, Any chance one of your BGP sessions are down? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6500 10/100 line cards with 802.3af daughter card
Hi All, Can anyone confirm whether an WS-X6348-RJ-45 (48 Port 10/100 line card), with an WS-F6K-48-AF (802.3af POE Injector) together will provide an working PoE system for SNOM telephones? FYI: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_10826.html I am yet to find an working solution (tried some 3750 PoE switches too) that will provide an working PoE implementation for our telephones... I am hoping that someone can confirm for me whether the 802.3af will work or not, considering the cost of these daughter cards. I'd hate to purchase the 20+ cards we require, only to find out afterwords it does not work as we expected. Anyone out there using them with SNOM?? :) -- Regards, Chris Knipe -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] slb ping probe
Hi All, I'm hoping someone will be able to assist. I'm currently exploring my options in terms of using Cisco's SLB as an server load balance instead of what we are currently doing. The SLB itself, is working absolutely flawlessly, and so far, saying that I am impressed is an understatement. I'm having an problem configuring probes however. My configuration on an 6506 (12.1(26)E5) is as follows: ip slb probe PING ping interval 10 faildetect 5 ! ip slb serverfarm FARM-SMTP nat server failaction purge probe PING ! real 198.19.255.51 weight 1 inservice ! real 198.19.255.52 weight 1 inservice ! ip slb vserver VSERV-SMTP virtual 196.x.x.129 tcp smtp serverfarm FARM-SMTP inservice ! On both the real servers, I can see that the ICMP ping request is coming in from the switch, and I can see that both real servers send replies to the switch. However, the probe has been stuck in an TESTING state now for a very long time and doesn't want to go OPERATIONAL. # sh ip slb probe detail PING, ping, address = 0.0.0.0, interval = 10, faildetect = 5 FARM-SMTP, type = server target = 196.43.208.129:25, real = 198.19.255.51:0, virtual = 196.43.208.129:25 TCP state = TESTING, status = 0, operation id = 9 Server NAT outages = 0, failures = 2213, successes = 0, tests = 2218 current = never, cumulative = 00:00:00 target = 196.43.208.129:25, real = 198.19.255.52:0, virtual = 196.43.208.129:25 TCP state = TESTING, status = 0, operation id = 10 Server NAT outages = 0, failures = 2213, successes = 0, tests = 2218 current = never, cumulative = 00:00:00 tcpdump on one of the real servers: 08:25:59.155247 IP 198.19.255.33 198.19.255.51: ICMP echo request, id 1802, seq 2264, length 44 08:25:59.156405 IP 198.19.255.51 198.19.255.33: ICMP echo reply, id 1802, seq 2264, length 44 Am I missing something? -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Problematic Q-in-Q
Hi All, Image for reference sake: http://www.savage.za.org/QinQ.png We are currently working on a large scale overhaul of our production network, mainly consisting of 6500, 3750, and 3825 series Ciscos. Our provider will be providing us with Layer II interconnects between two separate data center locations, as well as provisioning internet services on these Layer II trunks. I'm a bit baffled as to how to piece this together after spending about 3 days trying to figure out the inner workings of QinQ... What we are getting: DC1 Location - Layer II Trunk Interface VLAN100 - Internet Services (Layer III connectivity) VLAN101 - Layer II Interconnect to Site A VLAN102 - Layer II Interconnect to Site B VLAN103 - Layer II Interconnect to DC2 (QinQ required) DC2 Location - Layer II Trunk Interface VLAN103 - Layer II Interconnect to DC1 (QinQ required) Now,up to here everything is fine. I have an trunk port configured in either DC location, and simply allow VLAN100-103 to pass through the trunk to my provider. As for VLAN101-102, it remains easy, I assign an IP on either side and I should, in theory, happily be able to communicate. The problem comes in with the Interconnect between DC01 and DC02. We require to extend our internal VLANs (10-30 in the diagram per example) across the different data centers. This will include cdp, vtp, spanning-tree, etc. From my understanding, QinQ should be able to accommodate this, but I am not sure about the configurations. Most configurations for QinQ that I've seen so far seems to indicate that your private vlans are encapsulated into another vlan associated with an access port - this is where I am running into issues. I need to encapsulate as follows: VLAN10 VLAN20 - VLAN103 - Provider Trunk VLAN30 Is this really as complicated as I am making it sound, or am I just missing something obvious? I am not understanding how VLAN100-103 can be used on the trunk port, whilst only encapsulating VLAN10-30 inside VLAN103, and not inside the entire trunk. As the three VLANs provisioned by the provider are completely different services and goes to completely different locations - it's imperative that the correct vlans are encapsulated into the correct provider vlans. I would -really- appreciate it if someone can perhaps give me a basic rundown of configurations to achieve this, as I am completely lost at this stage. Am I right in presuming: Int gi1/0 switchport mode trunk switchport trunk allowed vlans 100-103 Int gi1/1 switchport mode access switchport access vlan 100 Int gi1/2 switchport mode access switchport access vlan 101 Int gi1/3 switchport mode access switchport access vlan 102 Int gi1/4 switchport mode dot1q-tunnel switchport access vlan 10 Int gi1/5 switchport mode dot1q-tunnel switchport access vlan 20 Int gi1/6 switchport mode dot1q-tunnel switchport access vlan 30 Now what.. How do I get vlans 10-30 to be encapsulated inside vlan103 specifically? Documentation suggests Int gi1/0 (trunk port) to be configured as follows: Int gi1/0 switchport mode trunk switchport trunk allowed vlans 10,30-100-103 But how does this ensure that vlans 10-30 are encapsulated inside vlan 103 only? Many thanks, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Problematic Q-in-Q
Hi, Int gi1/4 switchport mode dot1q-tunnel switchport access vlan 10 This should be switchport access vlan 103 Int gi1/5 switchport mode dot1q-tunnel switchport access vlan 20 This should be switchport access vlan 103 Int gi1/6 switchport mode dot1q-tunnel switchport access vlan 30 This should be switchport access vlan 103 So in otherwords, packets entering ra gi1/4 - 6 should *already* be tagged in their respective vlans? Damn, that means another switch now... :-( Many thanks for clearing things up... -- Regards, Chris Knipe -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Problematic Q-in-Q
On Thu, Nov 10, 2011 at 4:52 PM, Justin Krejci jkre...@usinternet.com wrote: You can fake another switch if your port count needs are low enough by cross connecting two ports on the same switch where one is mode trunk and the other is mode tunnel. We have done this before in a pinch. We labeled the port descriptions as QinQ magic so other people wouldn't mess with them. Then we were able to get a 4948 dedicated for the QinQ part and our 6509 just did the regular trunking and routing again. I'm considering it :-) Just need to see and decide on what the best approach would be... All our magic as you put it, would need to happen on 6509's, but as you said - I'm sure it's doable... At least I have the answer I was looking for in terms of HOW to QinQ, hehe Many thanks guys - really fantastic list this... -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] AS6453 Outages?
Hi Guys, Is anyone aware of any significant international outages - mostly in the US region? Our AS 37312 is unavailable from a handful of networks scattered across the globe, and I am seeing quite a few networks in the US re-routing traffic away from AS6453 onto alternative network carriers. Anything going on ? -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Question about VLAN Trunks
Hi All, I have a good couple of 10/100 ports configured for non-Cisco VoIP and during troubleshooting an issue yesterday, I noticed that our VLAN trunks are not behaving as I expected. All my ports are configured as follows: interface FastEthernet8/5 logging event link-status logging event spanning-tree status logging event bundle-status logging event trunk-status load-interval 30 keepalive 30 mls qos trust cos switchport switchport trunk encapsulation dot1q switchport trunk native vlan 105 switchport trunk allowed vlan 104,105 switchport mode trunk switchport nonegotiate switchport voice vlan 104 power inline never storm-control broadcast level 85.00 no cdp enable spanning-tree bpduguard enable spanning-tree link-type point-to-point When connecting a PC directly to the port and doing some tcpdumps, I see traffic on the trunk port that falls outside of VLAN104 and 105... Shouldn't the switchport allowed vlan only allow vlan 104 and 105 to pass via the port? These are on Cisco 6500's with SUP II and MSFC II, IOS c6sup22-jk2sv-mz.121-26.E6 -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Question about VLAN Trunks
Hi, Output below... cs1.blv0.cpt.za#sh int fa8/5 switchport Name: Fa8/5 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 105 (LAN-WORKSTATIONS) Voice VLAN: 104 (LAN-VOICE) Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: 104,105 Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Nothing seriously wrong that I can see... - Chris. On Wed, Jul 20, 2011 at 2:03 PM, Mackinnon, Ian ian.mackin...@atos.net wrote: What does a show interface fa8/5 switchport show It might be that the switchport mode trunk and switchport voice vlan commands are incompatible Have a look at http://cciepursuit.wordpress.com/2009/01/01/group-study-good-explanation -of-the-voice-vlan/ -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Chris Knipe Sent: 20 July 2011 12:45 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Question about VLAN Trunks Hi All, I have a good couple of 10/100 ports configured for non-Cisco VoIP and during troubleshooting an issue yesterday, I noticed that our VLAN trunks are not behaving as I expected. All my ports are configured as follows: interface FastEthernet8/5 logging event link-status logging event spanning-tree status logging event bundle-status logging event trunk-status load-interval 30 keepalive 30 mls qos trust cos switchport switchport trunk encapsulation dot1q switchport trunk native vlan 105 switchport trunk allowed vlan 104,105 switchport mode trunk switchport nonegotiate switchport voice vlan 104 power inline never storm-control broadcast level 85.00 no cdp enable spanning-tree bpduguard enable spanning-tree link-type point-to-point When connecting a PC directly to the port and doing some tcpdumps, I see traffic on the trunk port that falls outside of VLAN104 and 105... Shouldn't the switchport allowed vlan only allow vlan 104 and 105 to pass via the port? These are on Cisco 6500's with SUP II and MSFC II, IOS c6sup22-jk2sv-mz.121-26.E6 -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ Atos and Atos Consulting are trading names used by the Atos group. The following trading entities are registered in England and Wales: Atos IT Services UK Limited (registered number 01245534), Atos Consulting Limited (registered number 04312380) and Atos IT Solutions and Services Limited (registered number 01203466) The registered office for each is at 4 Triton Square, Regents Place, London, NW1 3HG. The VAT No. for each is: GB232327983 This e-mail and the documents attached are confidential and intended solely for the addressee, and may contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. Atos therefore can accept no liability for any errors or their content. Although Atos endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email. ___ -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] route-map nat predicament
Hi All, A bit of a tough one that I cannot seem to find a solution for. Diagram: - ISP1 PIX --- Cisco 8345 - ISP2 Our PIX is configured with x.x.x.5, whilst the LAN side of the 3847 has x.x.x.1. We have static IPs from ISP1 and ISP2, with a BGP session to ISP2 but not from ISP1 (by choice, due to bandwidth constraints). Our default route goes out via ISP2. What's happening now, is that legacy clients are configured to connect to our Cisco PIX (IPSec VPNs) to an IP address assigned from ISP1. I take care of this by natting the traffic, and it is working successfully. ip nat inside source static x.x.x.5 a.a.a.126 route-map PolicyRoutes, permit, sequence 10 Match clauses: ip address (access-lists): toISP1 Set clauses: ip next-hop b.b.b.b.233 Policy routing matches: 8344989 packets, 528857596 bytes Extended IP access list toISP1 10 permit ip a.a.c.68 0.0.0.3 any (24011 matches) 20 permit ip a.a.b.96 0.0.0.7 any (571600 matches) 30 permit ip a.a.a.64 0.0.0.63 any (5980125 matches) 35 permit udp host x.x.x.5 any (2119303 matches) 40 deny ip any any (19629171 matches) The problem now, is that when a user connects directly to the PIX via x.x.x.5 instead of a.a.a.126 the return traffic is matched by the route-map, and sent via ISP1, instead of ISP2. Removing the route-map or amending the access-lists, customers connecting to a.a.a.126 via ISP1, has their return traffic sent via ISP2. Is there any way that I can send connections from any to a.a.a.126 via ISP1, and connections from any to x.x.x.5 via ISP2, whilst still keeping the NAT in place to nat all traffic to a.a.a.126 ? Hope this makes sense. -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WS-X6548-GE-TX Error?
Hi All, I have a 6506 and recently installed an WS-X6548-GE-TX into the chassis. The chassis has already rebooted once, and now I am getting errors too from the module: Jun 6 17:11:36 SAST: %ONLINE-SP-6-TIMER: Module 2, Proc. 0. Failed to bring online because of timer event Jun 6 17:11:36 SAST: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Reset) Jun 6 17:11:56 SAST: %C6KERRDETECT-SP-2-SWBUSSTALL: The switching bus is experiencing stall for 3 seconds Jun 6 17:12:45 SAST: %ONLINE-SP-6-TIMER: Module 2, Proc. 0. Failed to bring online because of timer event Jun 6 17:12:45 SAST: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Reset) Jun 6 17:12:45 SAST: %C6KERRDETECT-SP-2-SWBUSSTALL_RECOVERED: The switching bus stall is recovered and data traffic switching continues Jun 6 17:13:38 SAST: %ONLINE-SP-6-TIMER: Module 2, Proc. 0. Failed to bring online because of timer event Jun 6 17:13:38 SAST: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Reset) Jun 6 17:13:38 SAST: SP: oir_disable_notice: slot2: lcp failed to go online After executing an power enable module 2, the module does come back online as indicated below, and all ports available / usable: Jun 6 19:26:57 SAST: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Online Diagnostics... Jun 6 19:27:10 SAST: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics Jun 6 19:27:10 SAST: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online The 6506 is running IOS sup22-jk2sv-mx.121-26.E5 Software bug, or faulty hardware ?? Kind Regards, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 2811 and HWIC-1GE-SFP
Hi all, I'm in the process of planning an new edge router, and I'm currently looking at the Cisco 2811.. We need to have 2 x HWIC-1GE-SPF, 2 x WIC-1ADSL, and 2 x WIC-2T in the router. Looking at the datasheet of the 2811, it states that 4 slots are on board, capable of HWIC, WIC, VIC, or VWIC type modules - with an additional bank for an additional network module. The HWIC-1GE-SFP Datasheet (http://www.cisco.com/en/US/prod/collateral/routers/ps5854/product_data_shee t0900aecd8016be8d_ps5949_Products_Data_Sheet.html) indicates that only 1 of these modules would be supported on the 2811? Now, I realise that max throughput on the 2811 with two of these line cards will obviously be a huge bottleneck, but we will be nowhere near 100mbit/s throughput on these interfaces. My main goal in using this interface on the 2811 would be to terminate long range fiber on through an SFP interface. Given the low throughput on these WICs (Active/Passive failover), would I be able to install two of them into the 2811, or do I need to look at an alternative router? -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Two Cores connected to same eBGP AS
Hi, I have a quick question... Let's say I have RTR1 and RTR2 interconnected and exchanging routes via EIGRP, on AS abc I now want to connect AS abc from RTR1 as well as RTR2 to AS xyz and broadcast my ranges to them, and receive routes from them. Is it safe to just connect both sessions and let the traffic route via RTR1 as well as RTR2, or, considering RTR2 is for a failover scenario, how would one automatically achieve a Active/Passive failover scenario so that RTR2 will only establish the BGP session when RTR1 is down / inaccessible / etc? Sorry if this is something very common, or very complex - I'm more than willing to do some reading up if there can be pointers given please. Both RTR1 and 2 are 6500 series - the amount of routes exchanged will be minimal 100K prefixes. -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco IronPort
Hi All, We have a couple of Cisco IronPort devices - it's been a really long time since we had to renew licenses. We need to renew now and are looking for a reseller / channel partner that can sell us new licenses for our IronPort located in San Francisco, US. Anyone know of a company close by that would be able to assist? Someone from here perhaps ? Many thanks! -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Advice on Core Swithes / Routers
Hi All, I need a Layer 2 3 device that is fully capable of BGP, OSPF, HRSP, IPSEC, NAT, and Clustering/Load Balancing certain inbound services. The device needs to terminate various Serial Interfaces (up to 8 E1's) as well as provide 10/100 Ethernet on a switching as well as routing level. I was thinking of a small 6500 - but I'm not sure about Serial interfaces on the 6500. Is there any other devices that I could possibly look at. I would like to hear some recommendations. -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Advice on Core Swithes / Routers
Serials on a 6500 require flexwan + PA, and the flexwan is expensive (and I seem to remember that it's end of support, but that might be the flexwan1 while the flexwan2 is still supported). I'd not go there - the 6500 is a great platform for ethernet stuff, but WAN stuff has always been bolted to the side, with mixed-quality software support, etc. The 6500 are legacy and thus needs to stay. I am aware of the FlexWAN and it's not a problem getting it. The problem that I have is that I am unsure which SPA's in the FlexWAN is supported and will work on the 6500 platform. The SPA-4XT-SERIAL is precisely what I need and want to put in my 6500 - but I've seen varied results from google in terms of whether it does, or does not, work with the FlexWAN on the 6500. Even the documentation on Cisco is conflicting on whether or not the SPA will be supported... :( Hopefully, again - someone can shed some light for me. It is rather urgent. -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] radius accounting and residential subscribers on Cisco
netflow? On Wed, May 19, 2010 at 3:39 PM, Marlon Duksa mdu...@gmail.com wrote: Hi everyone, Does anyone knows if I can enable radius accounting per host on a Cisco platform (7600, ASR1K or even 10K; there is not support for residential subscribers on ASR9K as far as I know). I want to send interim-updates for each host to the accounting server. But if I have multiple hosts sharing the same qos template, then all the hosts are sharing the counters for the queues where I suspect the counters would be collected. Is there any way to enable a true per host accounting even if the hosts belong to the same subscriber? Thanks, Marlon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Regards, Chris Knipe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 3620 and WIC-1ADSL
Hi, I have a C3620 with 2 ADSL WICs inside a NM-1FE2W (which is supposed to be confirmed working). After lots of googling, I read much controversy about what is supposed to work and what not, both in terms of hardware, as well as software versions. From my understanding, I am running a IOS which is supposed to be supported. Before I upgraded (old IOS), the WIC-1ADSL cards was not detected. Now, both cards are detected, but I still do not have any ATM interfaces available. I would appreciate it if anyone can point me in the right direction please - or, do I have a oversized paper weight here? sh ver and sh diag below. Many thanks, Chris. cpt-cc-core01#sh ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-I-M), Version 12.3(21), RELEASE SOFTWARE (fc2) cpt-cc-core01#sh diag Slot 0: NM-1FE2W Port adapter, 1 port Port adapter is analyzed Port adapter insertion time unknown EEPROM contents at hardware discovery: Hardware Revision: 1.0 Top Assy. Part Number: 800-04796-01 Board Revision : F0 Deviation Number : 0-8707 Fab Version : 05 PCB Serial Number: JAD05350Y3U RMA Test History : 00 RMA Number : 0-0-0-0 RMA History : 00 Product (FRU) Number : NM-1FE2W= EEPROM format version 4 EEPROM contents (hex): 0x00: 04 FF 40 00 D7 41 01 00 C0 46 03 20 00 12 BC 01 0x10: 42 46 30 80 00 00 22 03 02 05 C1 8B 4A 41 44 30 0x20: 35 33 35 30 59 33 55 03 00 81 00 00 00 00 04 00 0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF WIC Slot 0: DSL SAR (ADSL) Hardware Revision: 2.3 Part Number : 73-4771-09 Board Revision : C0 Deviation Number : 0-0 Fab Version : 05 PCB Serial Number: FOC10161M3C RMA Test History : 00 RMA Number : 0-0-0-0 RMA History : 00 Product (FRU) Number : PA-1C-P= EEPROM format version 4 EEPROM contents (hex): 0x00: 04 FF 40 00 2E 41 02 03 82 49 12 A3 09 42 43 30 0x10: 80 00 00 00 00 02 05 C1 8B 46 4F 43 31 30 31 36 0x20: 31 4D 33 43 03 00 81 00 00 00 00 04 00 FF FF FF 0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF WIC Slot 1: DSL SAR (ADSL) Hardware Revision: 2.3 Part Number : 73-4771-08 Board Revision : B0 Deviation Number : 0-0 Fab Version : 05 PCB Serial Number: FOC07330WL9 RMA Test History : 00 RMA Number : 0-0-0-0 RMA History : 00 Product (FRU) Number : PA-1C-P= EEPROM format version 4 EEPROM contents (hex): 0x00: 04 FF 40 00 2E 41 02 03 82 49 12 A3 08 42 42 30 0x10: 80 00 00 00 00 02 05 C1 8B 46 4F 43 30 37 33 33 0x20: 30 57 4C 39 03 00 81 00 00 00 00 04 00 FF FF FF 0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 4006 weirdness
Hi, I have a legacy 4006 Chasis with a SUP3, recently started giving issues. I know it's EOL, and more than likely needs to be replaced, but any assistance if possible, would be appreciated. I'm getting CRC32 errors for NVRAM, always at byte 0x5400 i.e. Switch#sh ver Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24-Jan-02 17:34 by ccai Image text-base: 0x, data-base: 0x00AA2B8C CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 ROM: Switch uptime is 19 hours, 7 minutes System returned to ROM by reload CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 System restarted at 09:26:23 SAST Fri Nov 13 2009 Running default software cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. Processor board ID FOX0520S0M4 Last reset from Reload 96 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 467K bytes of non-volatile configuration memory. Configuration register is 0x0 CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 What's worring me even more at this stage: Switch#sh bootvar CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 BOOT variable does not exist CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 CONFIG_FILE variable does not exist CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 BOOTLDR variable does not exist Configuration register is 0x0 CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 FYI: Switch#sh module Mod Ports Card Type Model Serial No. +-+--+-+--- 1 2 1000BaseX (GBIC) Supervisor Module WS-X4014 JAB063505JN 2 48 10/100BaseTX (RJ45)WS-X4148-RJ JAB04100A1Q 3 48 10/100BaseTX (RJ45)WS-X4148-RJ JAB0412056T M MAC addressesHw FwSw Stat --++---+-+---+- CRC32 failed for NVRAM at 0x5400 Erasing NVRAM area at 0x5400 1 0006.28c0.ff00 to 0006.28c1.02ff 2.1 12.1(8a)EW, Ok 2 0001.42f6.9210 to 0001.42f6.923f 2.3 Ok 3 0001.42f6.81c0 to 0001.42f6.81ef 2.3 Ok Is the SUP pretty much dead? Everything is still running fine from the face of it, but I'm really concerned about these errors Regards, Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPTV Switch Recommendation
On 10/06/09 13:25 -0400, Paul Stewart wrote: We have a customer that does lots of IPTV - they have a new deployment currently going into an MDU (condos). They have asked for a recommended switch that is IPTV friendly - I'm presuming they mean multicast aware etc. Which Cisco switches would be recommended to handoff approximately 20 Cat5 drops fed by fiber coming in? We're going through the same story at this stage. Working with allot of vendors, testing, and trails. So far for us, a combination of entry level 2960s and 3560s are working fine. You are correct, the most important thing is Multicast and IGMP subscriptions, so pretty much any half decent switch would be capable. Ciscos naturally just work best for us though because we love them so much. -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPTV Switch Recommendation
On 10/06/09 14:27 -0400, Jeff Kell wrote: Chris Knipe wrote: We're going through the same story at this stage. Working with allot of vendors, testing, and trails. So far for us, a combination of entry level 2960s and 3560s are working fine. You are correct, the most important thing is Multicast and IGMP subscriptions, so pretty much any half decent switch would be capable. Reminds me... do you need the LAN Base version to make it fly, or will LAN Lite work? Didn't even know there is a LAN Lite :( All our switches runs LAN Base -- Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Some advice on switches....
Hi, We are looking currently to deploy a large scale network with 288 x 10/100 Ports. Currently, we are basing this equipment on a configuration of 1 x 24 Port 2960, 2 x 48 Port 2960 in one cabinet, and 1 x 24 Port 2960 with 2 x 48 Port 2960 in another cabinet. This is then tied together at a 3560 24 Port 10/100/1000 switch with 4 SFPs for future expansion (naturally, running things like EtherChannels between all the 2960 switches). Based on the large amount of 10/100 Ports required, I am believing that it would be cheaper to invest into a modular switch, such as a 6500 and just add a few blades. So far, the bit of pricing I have seen on the blades are very, very cheap. Our requirements would be for 288 10/100 Ports, and a few (no more than 16, 24 max) 1GB ports, and hey, fantastic if we can later upgrade to 10GB interfaces by installing a module. What I am wondering, is how close to EOL is the 6500 series? Those switches has been around for quite a while, and I see that certain models are already at EOL. What could I possibly look at? We don't require a massively fast backplane, nor long distance capabilities at this stage - frankly, the network would perform very well with the 2960s and 3560s as mentioned above - I am looking at a modular switch at this stage, purely from a pricing perspective. If I am to look at a 6500 (or another model), what kind of modules would I need to look at? I've seen lots of different modules for the 6500 already, but apart from the actual blades with the Ethernet ports, I'm a bit lost as to what is required Thanks allot, and I look forward to some constructive criticism as always :) Regards, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Some advice on switches....
Hi, You might want to look at 4500 Series switches, rather than 6500. If 2960's were sufficient for your requirements (no advanced routing, Netflow, NBAR, etc) then 4500 is closer to an apples-to-apples comparison than 6500. 4500 will generally be cheaper than 6500, especially when taking maintenance/Smartnet into account (though YMMV). For a classic non-E chassis and/or traditional supervisor blade (Sup-IV or less), you're dealing with a 6Gbps/slot backplane limitation. You may be OK with your 10/100 blades, but some of the classic 10/100/1000 ones such as the WS-X4448 you are as much as 8:1 oversubscribed onto that 6Gbps/slot. The 2960 backplane is smoking hot in comparison (but you're still limited in uplink b/w). The E-series chassis with a hot supervisor will get you 24Gbps/slot. Thank you all for the input. I would definitely agree 4500 too rather than 6500. The main purpose of this deployment is for Triple Play services, IPTV, Telephony, as well as Data. IGMP Multicast is critical for the IPTV and almost all 10/100 Ethernet ports will be running at least 3 VLANs. A single switch will also make that much easier in my opinion... I've spend a bit of time on Cisco.com now, and I just want everyone to give this a once over and ensure that there isn't anything I missed before I send this off to suppliers for costing - if I can ask that someone also just check for compatibility, I would appreciate it. I am not sure at this stage about the NetFlow Services Card, whether or not it would be compatible with the Supervisor. I've worked allot with the smaller fixed configuration Ciscos, but this is going to be all new to me in terms of size... Cisco Catalyst 4510R-E Chassis: 1 x WS-C4510R-E Cisco Catalyst E Series 4510R Switch (10-slot chassis), fan, no power supply; redundant supervisor capable 2 x PWR-C45-1400AC Cisco Catalyst 4500 Series 1400W AC power supply (data only) 1 x S45EIPB-12240SG(=) Cisco IOS Software for Supervisor Engine 6-E (IP Base image) 1 x WS-X45-Sup6-E Cisco Catalyst 4500 E Series Supervisor Engine 6-E, 2x10GE (X2) or 4x1GE (SFP), Console RJ-45,USB 1 x WS-X45-Sup6-E/2 Cisco Catalyst 4500 Redundant Supervisor Engine 6-E, 2x10GE (X2) or 4x1GE (SFP), Console RJ-45,USB 1 x MEM-C4K-FLD128M Cisco Catalyst 4500 Cisco IOS Software-Based Supervisor Engine, Compact Flash memory, 128-MB option 1 x WS-F4531(=) Cisco Catalyst 4500 NetFlow Services Card Cisco Catalyst 4510R-E Line Cards: 5 x WS-X4148-RJ(=) Cisco Catalyst 4500 10/100 Module, 48 ports (RJ-45) 1 x WS-X4424-GB-RJ45(=) Cisco Catalyst 4500 24-port 10/100/1000 Module (RJ-45) Thank you all for your time and feedback, Regards, Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] capacity planning
Hi, Does anyone know of any (preferably free) tools that is any good in terms of capacity planning for a enterprise? We already have netflow in place and various other monitoring tools and there is no doubt that we are running out of capacity (afaik, we already are), but in the same breath we are also rapidly growing - now the question becomes how much bandwidth, at what price, and why? I'm sort of looking for something that I can make various models with, this is the scenario with 100 employees, this is what happens when there's 200 employees, etc etc etc Something as simlpe as a spreadsheet should be able to do this, but I haven't been able to find anything up to now, so I thought I'd just ask and hopefully not reinvent the wheel as they say Thanks allot, looking forward to any and all responces. -- Chris. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/