Re: [c-nsp] Outdoor switch
Might also look at https://www.balticnetworks.com/mikrotik-routerboard-rb-260gs-complete-with-enclosure-and-power-supply-fiber-enabled.html I’ve had good luck with Mikrotik in the past but they are very different from IOS devices. Buz On 10/19/17, 12:03 PM, "cisco-nsp on behalf of Jared Mauch"wrote: If you just need one port, there is this box that works quite well: https://www.balticnetworks.com/mikrotik-fiber-to-copper-converter.html It does not have an integrated splice tray though. - Jared > On Oct 19, 2017, at 12:00 PM, Christina Klam wrote: > > All, > > I am hoping for some ideas. We are running fiber to an outdoor pole (for cameras and wireless access-points) and need a switch that can be configured remotely, does 802.1q, Qos, and has 3 - 5 ports. We are in the MidAtlantic so the temperatures range from well below freezing to 100 deg F. > > What do people use in these situations? > > Thank you, > Christina > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9k with a bundle to Nexus3k
Looks like Channel 1 on the Nexus is trunk. Have you tried it without the trunk? Buz -- buz.d...@usg.edu Network Support Specialist University System of GA -IT Services. 706-583-2052 or (Toll Free in GA) 888-875-3697 On 3/2/16, 7:40 AM, "cisco-nsp on behalf of jo...@bjorklund.cn"wrote: >Hello, > >Im trying to do a simple bundle from a ASR9k to Nexus3k. >However I cant get it to work. Bundle between Nexus and Nexus is no problem. >Or between ASR and ASR. > >The ports in the nexus get suspended. And the error message in the ASR is: >Partner System ID/Key do not match that of the Selected links > >Nexus: > >interface port-channel1 > switchport mode trunk > >interface Ethernet1/1 > channel-group 1 mode active > >interface Ethernet1/2 > channel-group 1 mode active > >ASR: > >interface Bundle-Ether1 > description ToNexus >! >interface TenGigE0/0/0/0 > bundle id 1 mode active >! >interface TenGigE0/0/0/1 > bundle id 1 mode active >! > > >Bundle-Ether1 > Status:Down > Local links : 0 / 0 / 2 > Local bandwidth : 0 (0) kbps > MAC address (source): 78ba.f924.e4ba (Chassis pool) > Inter-chassis link:No > Minimum active links / bandwidth: 1 / 1 kbps > Maximum active links: 64 > Wait while timer: 2000 ms > Load balancing:Default > LACP: Operational > Flap suppression timer: Off > Cisco extensions:Disabled > mLACP: Not configured > IPv4 BFD: Not configured > > Port Device StatePort ID B/W, >kbps > --- --- -- > -- > Te0/0/0/0 LocalConfigured 0x8000, 0x0003 > 1000 > Partner System ID/Key do not match that of the Selected links > Te0/0/0/1 LocalConfigured 0x8000, 0x0004 > 1000 > Partner System ID/Key do not match that of the Selected links > > >Any ideas what could be wrong? > >/Jonas >___ >cisco-nsp mailing list cisco-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-nsp >archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ABF not working
I would think you could do something like this with the ACL. ipv4 access-list internet 10 permit ipv4 10.0.0.0/16 10.0.0.0/16 20 permit ipv4 10.0.0.0/16 any nexthop1 ipv4 x.x.x.x Where if it is from 10/16 to 10/16 it just gets routed normally and make sure that normal routing works right. Luck, Buz -- buz.d...@usg.edu Network Support Specialist University System of GA -IT Services. 706-583-2052 or (Toll Free in GA) 888-875-3697 On 7/13/15, 6:51 AM, Alex William alex.willia...@outlook.com wrote: ipv4 access-list internet 10 permit ipv4 10.0.0.0/16 10.0.0.0/16 default 20 permit ipv4 10.0.0.0/16 any nexthop1 ipv4 x.x.x.x ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ping getting IPv6 address, though IPv6 is not enabled.
Looks like your ping and nslookup commands are ipv6 aware. DNS gives both records and ping takes the v6 one. Specify ³ping ipv4 address² Like here: RP/0/RSP0/CPU0:TELX1.BB#ping www.google.com Fri Apr 17 12:41:27.530 EDT Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2607:f8b0:4002:c06::63, timeout is 2 seconds: . Success rate is 0 percent (0/5) RP/0/RSP0/CPU0:TELX1.BB#ping ipv4 www.google.com Fri Apr 17 12:41:44.674 EDT Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 74.125.21.103, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms Luck, Buz -- buz.d...@usg.edu Network Support Specialist University System of GA -IT Services. 706-583-2052 or (Toll Free in GA) 888-875-3697 On 4/16/15, 3:29 PM, Joseph Mays m...@win.net wrote: Got something going on on a router that seems strange. To me, anyway. I have a router that does not have IPv6 enabled, nor is IPv6 being used in the network it¹s on. ³ipv6² does not even occur anywhere in the config. On any addresses it looks up the IPv4 address fine, and can route to that address. But when I ping something like www.yahoo.com it grabs the IPv6 address and tries to ping that. And fails, of course. How do I get it to stop preferring IPv6 addresses? core-gw1.noc#show ip route www.yahoo.com Translating www.yahoo.com...domain server (216.24.27.4) [OK] Routing entry for 98.139.128.0/17 Known via bgp 7333, distance 20, metric 126041 Tag 174, type external Last update from 38.122.142.5 1w0d ago Routing Descriptor Blocks: * 38.122.142.5, from 38.122.142.5, 1w0d ago Route metric is 126041, traffic share count is 1 AS Hops 3 core-gw1.noc#show run | include ping core-gw1.noc#show run | include icmp permit icmp any host 216.24.27.41 core-gw1.noc#ping www.yahoo.com Translating www.yahoo.com...domain server (216.24.27.4) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:4998:58:C02::A9, timeout is 2 seconds: . Success rate is 0 percent (0/5) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cursed IP address
If you sh arp do you see the right MAC address for the ip. Could that address be in use on some dumb device? Sent from my iPhone On Nov 26, 2014, at 2:43, Victor Sudakov v...@mpeks.tomsk.su wrote: Colleagues, We have found a very interesting problem. There are a dozen routers connected to a common 10.65.127.224/27 L2 backbone. All are running OSPF area 0. Any router which has the IP address 10.65.127.246 cannot establish OSPF adjacency with some other routers, showing them forever in the INIT/DROTHER or EXSTART/DROTHER state. When a different IP address is configured on the same router, the problem is solved. More over, when 10.65.127.246 is configured on ANY router in the segment, it experiences adjacency problems. We are currently using a workaround of never assigning 10.65.127.246 to any router. Is this Sauron's IP address, or is there some kind of curse thereon? Below is a typical output sw-bptoik#sh ip ospf 12 neighbor Neighbor ID Pri State Dead Time Address Interface 10.65.127.7 130 2WAY/DROTHER984 msec10.65.127.249 Vlan22 10.65.127.9 130 FULL/DR 707 msec10.65.127.250 Vlan22 10.65.127.10 1 2WAY/DROTHER942 msec10.65.127.248 Vlan22 10.65.127.12 1 2WAY/DROTHER841 msec10.65.127.252 Vlan22 10.65.127.13 1 INIT/DROTHER942 msec10.65.127.235 Vlan22 10.65.127.14 1 INIT/DROTHER782 msec10.65.127.245 Vlan22 10.65.127.15130 INIT/DROTHER908 msec10.65.127.251 Vlan22 10.65.127.17 1 2WAY/DROTHER866 msec10.65.127.241 Vlan22 10.65.127.19 1 2WAY/DROTHER959 msec10.65.127.238 Vlan22 10.65.127.21 1 2WAY/DROTHER740 msec10.65.127.244 Vlan22 10.65.127.22 0 INIT/DROTHER766 msec10.65.127.243 Vlan22 10.65.127.23 1 2WAY/DROTHER891 msec10.65.127.230 Vlan22 10.65.127.24 1 2WAY/DROTHER682 msec10.65.127.231 Vlan22 10.65.155.11 1 2WAY/DROTHER816 msec10.65.127.253 Vlan22 172.16.146.11 1 2WAY/DROTHER858 msec10.65.127.247 Vlan22 sw-bptoik#sh ip ospf int Vlan22 Vlan22 is up, line protocol is up Internet Address 10.65.127.246/27, Area 0 Process ID 12, Router ID 10.65.127.246, Network Type BROADCAST, Cost: 1 Topology-MTIDCostDisabledShutdown Topology Name 0 1 no noBase Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 10.65.127.9, Interface address 10.65.127.250 Backup Designated router (ID) 10.65.127.9, Interface address 10.65.127.250 Timer intervals configured, Hello 333 msec, Dead 1, Wait 1, Retransmit 5 oob-resync timeout 40 Hello due in 264 msec Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 15, Adjacent neighbor count is 1 Adjacent with neighbor 10.65.127.9 (Designated Router) Suppress hello for 0 neighbor(s) -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] more net flow, which interfaces to monitor and in which direction?
That¹s the way we do it. By getting ingress flows pretty much everywhere you know where the egress is going and can match up conversations. Luck, Buz -- buz.d...@usg.edu Network Support Specialist University System of GA -IT Services. 706-583-2052 or (Toll Free in GA) 888-875-3697 On 5/22/14, 9:35 AM, Scott Granados sc...@granados-llc.net wrote: So for a little more clarification on this, I would want to monitor say ingress on my transit links and then ingress on say my input links from my server farm ports and capture the data that way instead of monitoring ingress and egress on the same transit only interfaces? So in other words measure inbound from the public internet and then inbound from the internal sites and customer pools? Do I more or less have it? On May 21, 2014, at 9:58 PM, Roland Dobbins rdobb...@arbor.net wrote: On May 22, 2014, at 8:40 AM, CiscoNSP List cisconsp_l...@hotmail.com wrote: Can anyone please explain why? Another problem with egress NetFlow is that you won't get stats on traffic which is being dropped by ACLs, uRPF, et. al. You should always use ingress NetFlow unless you have a specific topological issue which precludes its use. -- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Equo ne credite, Teucri. -- Laocoön ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6504-E IOS SSH/memory issues
We had a similar problem with a 7609 with a supe720. TAC diagnosed that we were using too much memory for our BGP tables. We would get a login prompt but it would fail even with the correct password. The box seems to be passing packets although we get some BGP peering issues occasionally. This box is scheduled for replacement soon so we are just dealing with it for the next week or so. Good Luck, Buz -- buz.d...@usg.edu Network Support Specialist University System of GA -IT Services. 706-583-2052 or (Toll Free in GA) 888-875-3697 On 3/24/14, 9:16 AM, Patrick M. Hausen hau...@punkt.de wrote: Hi, all, in Saturday our Rancid started to complain that it could not log on to one of our core/uplink routers, anymore. Yet the system is generally alive and happily pushing packets - Nagios did not ring me about any link or service failing, so this came as a bit of a surprise. Turns out, SSH logins are not possible, anymore. Telnet and rsh work just fine. For each faile SSH login there is a line like this in the log: Mar 20 12:30:09.415: %AAA-3-ACCT_LOW_MEM_UID_FAIL: AAA unable to create UID for incoming calls due to insufficient processor memory Ah ... OK ... if it's failing in AAA, why does telnet still work? And the free memory doesn't look too bad, either: HeadTotal(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 477267E0 881661984 8603850442127694018235288 20933772 I/O80067108864216056044550326045451176 45501532 Processor memory Alloc PCSize Blocks BytesWhat 0x4014A218 24 01 24XDR: mfib pltf group 0x4014A218 28 01 28XDR: mfib pltf group 0x4014A218 32 01 32XDR: mfib pltf group 0x401567F4 003808 01 003808Init 0x4016D4BC 24 01 24Init ... In the thousands of lines that follow, there are precisely 256 memory blocks allocated to the SSH process. Is this a single process holding all that memory or are there 256 SSH processes, that are somewhat stuck/zombie because they are not terminated when the connection is closed? I admit that I rarely log off, but rather just close the window running my SSH connection. Bad admin. ;-) But any sane OS should timeout the TCP connection eventually and then terminate the process waiting on that socket. IOS version is 15.1(2)SY1 advanced enterprise. How can I proceed finding and eliminating the root cause? Rebooting the box to clean up is an option if planned ahead, but not a suitable permanent fix (i.e. rebooting regularly is out of the question). Thanks for any hints, Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Static Default route missing
My first thought was that it rebooted and wasn¹t in the saved config. IS the route statement missing or just the route from the table? Luck, Buz On 11/15/13, 6:42 AM, Nick Hilliard n...@foobar.org wrote: On 15/11/2013 10:44, Methsri Wickramarathna wrote: Any Ideas ??? most likely to be someone's typo. Best idea to enable logging and tacacs+ AAA on the device so that you can see what's going on and who did it. AAA logging is an invaluable tool for follow-up problem diagnosis. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Static Default route missing
This is the line that was missing then? ip route 0.0.0.0 0.0.0.0 X.X.X.X From: Methsri Wickramarathna mmethw2...@gmail.commailto:mmethw2...@gmail.com Date: Friday, November 15, 2013 at 10:03 AM To: Chuck Church chuckchu...@gmail.commailto:chuckchu...@gmail.com Cc: Buz Dale buz.d...@usg.edumailto:buz.d...@usg.edu, cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Static Default route missing Chuck default route config ip route 0.0.0.0 0.0.0.0 X.X.X.X # directed to next hop IP no DHCP configured On Fri, Nov 15, 2013 at 8:31 PM, Chuck Church chuckchu...@gmail.commailto:chuckchu...@gmail.com wrote: Is there an IP address on the interface the default is using, or is it using DHCP? DHCP can add a default route to the table, but wouldn't show up in either config. Chuck -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.netmailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Methsri Wickramarathna Sent: Friday, November 15, 2013 9:50 AM To: Harold 'Buz' Dale Cc: cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Static Default route missing Nick Router is enabled with tacas+ AAA ... I can see all the commands entered with the usernames... Chuck Router isn't rebooted .. uptime was 30 weeks :( Harold Router statement missing from both running and startup configs ... When I enter *show ip route 0.0.0.0* it says network not available :( Any ideas ???/ On Fri, Nov 15, 2013 at 8:12 PM, Harold 'Buz' Dale buz.d...@usg.edumailto:buz.d...@usg.edu wrote: My first thought was that it rebooted and wasn¹t in the saved config. IS the route statement missing or just the route from the table? Luck, Buz On 11/15/13, 6:42 AM, Nick Hilliard n...@foobar.orgmailto:n...@foobar.org wrote: On 15/11/2013 10:44, Methsri Wickramarathna wrote: Any Ideas ??? most likely to be someone's typo. Best idea to enable logging and tacacs+ AAA on the device so that you can see what's going on and who did it. AAA logging is an invaluable tool for follow-up problem diagnosis. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- -- ´`_,,,_ ___´$$$`_´$$$` `$$$`__,,,,___´´ _`$$$`´$$`_´$$`´$´ __`$$$`_´$`_´$`__´$$$´ ___`$$$_$$$_$$$_´$$$´_ `$$_$$$_$$$`´$$´_ ___,,__`$$_$$$_$$$_$$´_ _´$``$$_$$$_$$$_$$´_ ´$`´$$$_$$$_$$$_$´_ ´$$_$$$_$$$_$´_ ___`$$$_$$$_$$_$$´_ __`$_$__$$_$$_$$´_ ___`,___,,_,$´_ _`$´_ __`$$$´_ `´_ ___`´_ ~~( ŊëŌ )~~ ___ cisco-nsp mailing list cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- -- ´`_,,,_ ___´$$$`_´$$$` `$$$`__,,,,___´´ _`$$$`´$$`_´$$`´$´ __`$$$`_´$`_´$`__´$$$´ ___`$$$_$$$_$$$_´$$$´_ `$$_$$$_$$$`´$$´_ ___,,__`$$_$$$_$$$_$$´_ _´$``$$_$$$_$$$_$$´_ ´$`´$$$_$$$_$$$_$´_ ´$$_$$$_$$$_$´_ ___`$$$_$$$_$$_$$´_ __`$_$__$$_$$_$$´_ ___`,___,,_,$´_ _`$´_ __`$$$´_ `´_ ___`´_ ~~( ŊëŌ )~~ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone
Are you planning on providing native v6 via dual stack at the edges and then using 6PE to traverse your core? Maybe I am a little slow but it isn't clear to me exactly what you are trying to do. Thanks, Buz -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ahmed Hilmy Sent: Sunday, April 14, 2013 15:56 To: cisco-nsp@puck.nether.net Subject: [c-nsp] IPv6 Transition - IP/MPLS Backbone Hello Expert, We are planning to deploy IPv6 at our IPv4 Backbone, our PE to as Dual Stack and carry IPv6 packet through MPLS label. There are different scenarios, one of them is 6PE. Would you please guide me from where can i start ? Thanks, Ahmed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Monday morning brain teaser
Is your traceroute sourced from a different IP? -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of John Neiberger Sent: Monday, April 01, 2013 11:43 To: Rick Coloccia Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Monday morning brain teaser I've verified that we have no policy maps or route maps in place. The interfaces in question are plain L3 interfaces with barely more than an IP address configured. I'm not nearly awake enough to deal with this sort of weird behavior. :) On Mon, Apr 1, 2013 at 9:39 AM, Rick Coloccia coloc...@geneseo.edu wrote: On 4/1/2013 11:36 AM, John Neiberger wrote: I honestly don't know what to think about this. I don't think I've ever seen anything like it. I didn't have an ACL in the way, but I did have a policy route map in place, which was a little too aggressive, one upon a time. Similar symptoms. May be something to look at... -- Rick Coloccia, Jr. Network Manager State University of NY College at Geneseo 1 College Circle, 119 South Hall Geneseo, NY 14454 V: 585-245-5577 F: 585-245-5579 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] STP active/listed on wrong port
Sure - It's a trunk. VLAN one is the native vlan the tagged frames flow over... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rolf Hanßen Sent: Tuesday, March 12, 2013 13:34 To: cisco-nsp@puck.nether.net Subject: [c-nsp] STP active/listed on wrong port Hello list, do you have an explanation why STP thinks Gi7/16 belongs to vlan 1 ? edge1-dus3#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root IDPriority32769 Address 5475.d0a6.75c0 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority32769 (priority 32768 sys-id-ext 1) Address 5475.d0a6.75c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type --- --- - Gi7/16 Desg FWD 4 128.1552 P2p Interface Config: interface GigabitEthernet7/16 description custsw2-dus1 A16 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1253,1606 switchport mode trunk mtu 9216 load-interval 30 end STP is disabled on all other vlans: no spanning-tree vlan 2-4000 Gi7/16 is not listed here: edge1-dus3#sh vlan id 1 VLAN Name StatusPorts - --- 1default activeGi1/5, Gi1/8, Gi1/13, Gi1/25, Gi1/27, Gi1/48, Te4/1, Gi6/1, Gi7/1, Gi7/3, Gi7/4, Gi7/5, Gi7/6, Gi7/7, Gi7/8, Gi7/9, Gi7/10, Gi7/11, Gi7/12, Gi7/13, Gi7/14, Gi7/15, Gi7/17, Gi7/18, Gi7/19 Gi7/20, Gi7/21, Gi7/22, Gi7/23, Gi7/24 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 - -- - -- -- -- -- 1enet 11 1500 - - ---0 0 Remote SPAN VLAN Disabled Primary Secondary Type Ports --- - - -- Port is up and works fine: edge1-dus3#sh int Gi7/16 GigabitEthernet7/16 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is 001d.a246.3743 (bia 001d.a246.3743) Description: custsw2-dus1 A16 MTU 9216 bytes, BW 100 Kbit/sec, DLY 10 usec, reliability 255/255, txload 6/255, rxload 6/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is LX input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output never, output hang never Last clearing of show interface counters never Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 30 second input rate 27117000 bits/sec, 3517 packets/sec 30 second output rate 24383000 bits/sec, 2860 packets/sec 32078138057 packets input, 32998390284372 bytes, 0 no buffer Received 524965 broadcasts (173874 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 13839785752 packets output, 9991981200426 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out edge1-dus3#sh version Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVIPSERVICESK9-M), Version 15.1(2)S, RELEASE SOFTWARE (fc1) Hardware is Cisco 7609-S, Sub720-3BXL, Slot 7 is a WS-X6724-SFP kind regards Rolf Hanßen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Show mac adresses connected to ports
Try show cam or sh mac address-table show arp can also be quite useful depending on the device. Luck, Buz -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Harry Hambi Sent: Friday, November 02, 2012 11:19 To: 'cisco-nsp@puck.nether.net' Subject: [c-nsp] Show mac adresses connected to ports Hi all, Is there a command that will show me the list mac addresses connected to a port. I suspect more than one device connected to a port. Thanks Rgds Harry Harry Hambi BEng(Hons) MIET Rsgb http://www.bbc.co.uk This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WARNING: Netflow Data Export Hardware assisted NAT not supported on 76xx/65xx on the same interface
Another problem with a SPAN is that you can get two gigs of data heading to a gig port if the port you are mirroring is (full duplex - as it should be and)running wide open. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andrew Miehs Sent: Monday, August 29, 2011 11:11 AM To: Matthew Huff Cc: 'cisco-nsp@puck.nether.net' Subject: Re: [c-nsp] WARNING: Netflow Data Export Hardware assisted NAT not supported on 76xx/65xx on the same interface On 26/08/2011, at 6:25 PM, Matthew Huff wrote: I'm looking at using SPAN to replicate the data and send it to a linux box to then create netflow data exports, however, given the nature of the data (high bandwidth and microburst), I'm not sure that the Linux box will work accurately. I assumed the PFC would be doing the exports in hardware giving us the most accurate realtime look at the market data. Evidently I was wrong. Why does everyone want to use SPAN ports to do this sort of thing? Buy a TAP(ethernet), thats what they are there for! SPAN ports are great for a quick debugging session, but you are (iirc) limited to 2 of them. You will be stuck if you ever need this functionality in future and you are using the SPAN for production purposes. Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Dumb question
It seems to me that RTR 2 is the one advertising the routes to ISP1 and ISP2 and the path from RTR2 to both of these nets is RTR1 via the same link. Would be much easier to do this from RTR2. Buz -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ziv Leyes Sent: Wednesday, August 03, 2011 8:54 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Dumb question Hi all, I have the following scenario (excuse my lousy ascii art...) ISP1 / / / RTR1 -iBGP- RTR2 \ \ \ ISP2 For the simplicity of the case, I have two prefixes, 1.1.1.1/24 and 2.2.2.2/24, I want to advertise prefix 1.1.1.1/24 to ISP1 as best, and 2.2.2.2/24 to ISP1 with prepends, and the opposite too, prefix 2.2.2.2/24 to ISP2 as best and prefix 1.1.1.1/24 to ISP1 with prepends. What I'm trying to do is to set up all in a way that the only place I set up my decision is on RTR1 only, and that will be reflected via the iBGP to RTR2 about how I want the prefixes to be advertised to my eBGP neighbors ISP1 and ISP2 I tried setting communities, but all I got is RTR2 to see and match the communities, but based on this, I couldn't get the prefixes advertised to the ISPs at all. What kind of manipulation I need to do in order for the RTR2 after matching the communities coming from RTR1, to advertise it to the ISPs according to the priorities I've mentioned before? This sounds very basic and not so complicated to do, but I guess I'm missing something here! Please help, and if possible, don't send me links to cisco web site case studies or to some 300 pages PDF about how BGP and communities work. A simple straight forward example of how this can be set will be enough. Thanks! Ziv The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer. Thank you! This mail was sent via Mail-SeCure System. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] half duplex question
I would think that there is a big difference. By moving you to half duplex you are opening yourself up to the possibility of collisions and higher overhead. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of james edwards Sent: Wednesday, August 03, 2011 12:56 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] half duplex question I have a metro Ethernet connection with a 5 mbs commit. Normally they shape the incoming and I shape the outgoing to the commit rate. This time they want me to go half duplex, 10 mbs. The end result is 5 mbs. Is this wise or are there any drawbacks to using half duplex here ? Thanks, -- James H. Edwards Network Systems Administrator Judicial Information Division jedwa...@nmcourts.gov ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] no bgp route from 0.0.0.0 for a interface ip address
At first blush it looks like 192.168.2.50 can't talk to anyone. Try changing his mask to /31 or something so that 192.168.2.49 is on the same network.. BGP routing table entry for 192.168.2.50/32 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of tao liu Sent: Tuesday, April 19, 2011 8:55 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] no bgp route from 0.0.0.0 for a interface ip address Why bgp route from 0.0.0.0 doesn't exist, 192.168.2.50 is a interface ip address on routerB! Instead bgp route for 192.168.2.50 is from 192.168.96.1 and 192.168.2.49, it is strange. we redistribute static and connected on all four routers. the topology like below: lo0:192.168.96.2lo0:192.168.96.1 routerA ebgp - routerB --ibgp routerBB 192.168.2.49 192.168.2.50 | | | |ibgp--routerAAebgp--- routerB# show ip bgp 192.168.2.50 BGP routing table entry for 192.168.2.50/32, version 151 Paths: (2 available, best #2, table default, RIB-failure(17) - next-hop mismatch ) Advertised to update-groups: 1 65450 192.168.96.1 from 192.168.96.1 (192.168.96.1) Origin incomplete, metric 0, localpref 100, valid, internal 65450 192.168.2.49 from 192.168.2.49 (192.168.0.2) Origin incomplete, metric 0, localpref 100, valid, external, best ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CRC Errors on Ethernet Router
First thing I would do would be to check for a duplex mismatch and then check the wiring (either by replacing the cable if it's a simple patch or using a cable tester over the span.) You might also just physically trace it and see if someone decided to hang a fluorescent light off of it or something too. Luck, Buz -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of alex nyagah Sent: Wednesday, February 23, 2011 6:19 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] CRC Errors on Ethernet Router Hi All, I am noting CRC errors on my Ethernet port on my cisco router, what could it be causing it.. -- ** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Using L3 switches as CPE
Why mess with VLAN 768 - just give the upstream port the correct ip address and don't use it as a switchport. If you only have one uplink and one client/VLAN off of this box then there is really only one route off of that box as well. I'm not sure I would mess with BGP there. Good Luck, Buz -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of David Prall Sent: Thursday, March 25, 2010 10:14 AM To: 'Steve Bertrand'; 'Cisco-NSP Mailing List' Subject: Re: [c-nsp] Using L3 switches as CPE Hi all, I'm going to be deploying some old 3550's as CPE on a Fibre-over-Ethernet network. I've never used a layer-3 switch for this job before, I've always used a router with a separate switch. I'm looking for some advice, as the setup is a bit different from what I'm used to. What I think I have to do is this: - trunk vlan 768 through gi0/1 back to my PE router Just set the port as an access port. No need to trunk. - configure an int vlan768 to contain the /30 ptp IP Correct - configure a second vlan (eg: 5) and apply one of the client's IP addresses on it (which will act as their default gw) Correct - configure the fa interfaces as access ports for vlan 5 - enable ip-routing - set up BGP as usual, using int vlan768 as the update-source Shouldn't have to explicitly configure this. Does this sound right? Can anyone offer any other advice regarding this setup, particularly any config techniques that I should know about for this type of deployment? As long as the GigE port is line rate you shouldn't have any issues. If you are providing a subrate service, then they really need something with HQoS so that they can send what they want, and not let you randomly drop what they send. Steve ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP to OSPF redistribution
Can you stop learning routes from 'provider b' and add it back as a default? Then everything should go to the more specific route and if 'provider a' goes down things will then go through 'provider b'? Luck, Buz -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Saxon Jones Sent: Wednesday, January 13, 2010 3:39 PM To: null zeroroute Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP to OSPF redistribution Actually I re-read your problem. Sham links may be a solution to look at, if you control the right pieces of equipment. You can also mess with the AD of OSPF external routes versus OSPF internal routes but this is probably a Bad Idea(TM) (and my testing of this a few years ago showed it didn't have the desired result). __ Saxon Jones Email: saxon.jo...@gmail.com Telephone: (780) 669-0899 Toll-free: (866) 701-8022 United Kingdom: 0(1315)168664 2010/1/13 Saxon Jones saxon.jo...@gmail.com If I understand your question properly, why not just change the administrative distance of the eBGP routes to something less than 110. __ Saxon Jones Email: saxon.jo...@gmail.com 2010/1/13 null zeroroute nullzero.ro...@gmail.com I'm having a problem trying to figure out a way to get eBGP learned routes (from a layer-3 VPN MPLS WAN provider) into our internal OSPF, so that the routes learned via the provider are preffered over the internally learned OSPF routes. No matter where the BGP--OSPF redistribution point is, if it's the PE or CE, the routes will still show up (by default) as OSPF external, and will never be prefferred. The provider who's path we prefer will only run BGP. We would like to use OSPF everywhere if possible, for several reasons. WAN provider A is a layer-3 VPN MPLS network, and is the prefferred path. WAN provider B is a layer-2 VPN MPLS network over which we run OSPF. Provider B's network is inferior at times and we use it as a backup. The equipment where the eBGP peering relationsips exist is a mix of 7600, 3800, 2800, 1800, 6500, 3750, 3550. We considered GRE over the providers network however we then wind up with 25+ tunnels at each location, and that just grows as each new site is added, not to mention some potential issues regarding throughput with a GRE tunnel in the path. Is there a way to redistribute BGP into OSPF so that the routes can be anything but OSPF external? I have not found a way to do this yet, and was wondering if it's even possible, or if I'm missing something obvious. Any suggestions appreciated. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Adding vlan to port-channel trunk causes port-channel to flap
Check the other end to make the the LACP config is correct and maybe a sh etherchannel variation to look at what is going on. If the LACP is wrong maybe the trunk was carried over gi1/0/1. Luck, Buz -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Gillis Sent: Thursday, January 07, 2010 3:23 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Adding vlan to port-channel trunk causes port-channel to flap Hi all, I just ran into a strange problem on a 3750ME. I've got two gig ports in an active LACP port-channel looking like this: interface GigabitEthernet1/0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102,400,664,1000-2999 switchport mode trunk speed 1000 duplex full channel-group 1 mode active end interface GigabitEthernet1/0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102,400,664,1000-2999 switchport mode trunk speed 1000 duplex full channel-group 1 mode active end interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102,400,664,1000-2999 switchport mode trunk end When I added vlan 400 to the trunk allowed vlan list, one of the underlying gig ports flapped, which caused the port-channel to flap as well. Jan 7 12:09:27.647 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down Jan 7 12:09:27.656 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down Jan 7 12:09:28.654 PST: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down Jan 7 12:09:31.464 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up Jan 7 12:09:32.454 PST: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up Jan 7 12:09:33.461 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up Jan 7 12:09:48.745 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan400, changed state to up This definitely seems like something that should not happen. I'm running Cisco IOS Software, C3750ME Software (C3750ME-I5K91-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2). Any thoughts on what I should be checking? --Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/