Re: [c-nsp] Odd Network Issue (7600/Sup3BXL)
Probably unrelated, but it could be ASICs overheating. Believe I returned 3-4 X6700 cards with this problem http://blog.gmane.org/gmane.network.nsp.cisco/month=20090501/page=65 Jon H Bovre On March 14, 2014, Devon True de...@noved.org wrote: Twice in the past two weeks, a Cisco 7600 router with a Sup3BXL has stopped egress traffic from a port on a WS-X6708-10GE module to one of our Internet providers. All other circuits on the same WS-X6708-10GE module are fine. BGP with the provider never goes down, however bandwidth drops from ~500 Mbps to 1 Mbps. During the second event, I looked at the CEF table for the interface and I saw the appropriate entries. I had to restore traffic levels by shutting down BGP with the provider. I have a ticket opened with Cisco TAC, but has anyone seen this issue before? Running 15.2(4)S2 Enterprise -- Devon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlan ?
Anyway, if you go down this path by connecting vlans together using connect or vlan rewrite Be aware of what could happen it you send STP BPDU's across You might see ports errdisabled, STP inconsistent or similar messages on the access switch CDP might also start complaining. Jon H Bøvre On 29. nov. 2013 17:33 Jon Harald Bovre c...@bovre.no wrote: Local Connect? Try This: connect gig 3/1.500 gig3/1.501 Jon Harald Bøvre -- -- - Opprinnelig melding - Fra: Olivier CALVANO o.calv...@gmail.com Sendt: 29.11.2013 16:50 Til: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Emne: [c-nsp] Vlan ? Hi a small question : i have a cisco 6503 with sup720, on this 6503, i have a interface: interface GigabitEthernet3/1.500 encapsulation dot1q 500 interface GigabitEthernet3/1.501 encapsulation dot1q 501 i want a ethernet link between vlan 500 and 501 it's possible ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Problem with 7200 and 12.2(33)SRE upgrade
Hi You mention DSL, radius and PPP. We had similar problems some years ago, PPPoA/l2tp tunnels did not come up from all clients (7206 acted as LNS) Our upgrade was from 12.2T something to 12.3T something, cannot remember details. After several tries of this upgrade on several routers we opened a TAC case, and had a possible solution back within record breaking half an hour. Problem: Early versions of IOS did not check all parameters coming back from ACS Radius We had an errored/missing configuration on our ACS Radius Somewhere in 12.3 train this behaviour was changed to check all parameters Now the LNS refused tho make the connections. After making the neccesary adjustment on the ACS we had no problems with the upgrade. There is a BUG ID for this, search Later these routers have been upgraded to 12.2(24)T, and one to 15.0 something without problems Dont know if this relates to your problems. Also check ATM support in your IOS, as ATM has started to fade away from newer IOS Jon Harald Bøvre On 4. jan. 2012 20:12 Walter Keen walter.k...@rainierconnect.net wrote: Hi, I have a router I'm trying to move to a SR train, or more specifically 12.2(33)SRE from 12.3(15a) but I have a reports from DSL users of being unable to get to most places after that upgrade, which we reverted. We've even setup a test router, and tried to duplicate it, with no luck so far. We do have one production router with that IOS (SRE) that works fine. About the only difference I can find is hardware (CPU/midplane) revisions and bootloader versions. I'm starting to wonder if anyone else on this list has encountered similar issues. All are NPE-G1, some with 512m ram, others with 1G ram C7200-1 uses NAT(I know), PPP, radius, tacacs, ospf, bgp. C7200-2 and -3 use the same without NAT. We've tried replicating the config of -1 onto -4 (the lab system) without being able to reproduce the issue. unfortunately these are all out of a support contract C7200-1 (with the issue): current IOS 12.3(15a) ROM: 12.3(4r)T3 SB-1 CPU at 700MHz, Implementation 1, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.0 Bootloader: 12.3(9), RELEASE SOFTWARE (fc2) Exhibited packet loss to ATM sub-interfaces (DSL customers) when moving to 12.2(33)SRE C7200-2 (another with the issue): current IOS 12.4(25b) ROM: 12.3(4r)T3 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.6 Bootloader: 12.4(12), RELEASE SOFTWARE (fc1) Exhibited packet loss to ATM sub-interfaces (DSL customers) when moving to 12.2(33)SRE C7200-3 (working in production on SRE): current IOS 12.2(33)SRE ROM: 12.2(20030826:190624) [BLD-npeg1_rommon_r11 102], DEVELOPMENT SOFTWARE SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.11 Bootloader: 12.4(12), RELEASE SOFTWARE (fc1) C7200-4 (lab system, trying to replicate problem -- working on SRE): current IOS 12.2(33)SRE ROM: 12.3(4r)T1 fc1 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.6 Bootloader: none listed in 'sh ver' output ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Deploying MSTP
During your transition, or possibly for a long time dependent on where the STP edge will be: This is the statement from config guide which has made my headache: -In a mixed MSTP and PVST+ network, the common spanning-tree (CST) root must be inside the MST backbone, and a PVST+ switch cannot connect to multiple MST regions. A. have full controll of root (and STP edge) for all vlans B. start migration on root switch Any vlan outside MST region with lower STP priority than MST will be in a Inconsistent state until this has been solved. 'show spantree root' on the root switch is a good starting advice Easy to simulate this behaviour using only 2 switches Jon Harald Bøvre On 28. des. 2011 17:14 Steve Dodd sd...@syringanetworks.net wrote: -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chuck Church Sent: Wednesday, December 28, 2011 7:02 AM To: 'Frédéric Loui'; 'Jay Nakamura' Cc: 'cisco-nsp' Subject: Re: [c-nsp] Deploying MSTP Yep, definitely important to verify what VLANs are mapped to the instances. The Nexus for example reserves some VLANs that aren't obvious, so when you map them, they end up back in instance 0 with no warning. IOS didn't reserve those, so both my instance 0 and the one with high-numbered VLANs didn't match, so I had all kinds of problems till we discovered that. There is a checksum that you can get it to display that should match between all connected devices. Can't remember the command, but it worked well. Chuck show spanning-tree mst configuration digest will show you the hash and should match on all devices in the MST region. -Steve ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] handling customer interfaces for single IP address
Would be a bit hardware spesific, but on Cisco 6500 you can use UBRL: User-Based Rate Limiting in the Cisco Catalyst 6500 I never got i working though. Jon Den 11/17/2011 1:57 AM, skrev root net: I wanted to find out how some of you are handling customer interfaces, specifically when giving a customer one IP address. How do you make sure the customer is only getting bandwidth he/she is paying for? Currently, we assign customers /29 subnet to their 802.1Q sub interface and apply some policies to the sub interface. For customers wanting a single IP or broadband package that included only a single IP we have a 802.1Q sub interface with a /24 and we just assign the static IPs to the customer as they need. With this model you have to throw more bandwidth at the link in order to satisfy all customers wanting for example 20 down / 5 up Using ATM DSL this was a walk in the park but just trying to make sure we hit the nail on the head since it's all Ethernet and L2 ports for customers. I believe if we simply did a /30 for each customer on a 802.1Q interface that would solve our issue but we would waste IP addresses. Also if we did this we could route a /29 or any subnet size to their interface at that point should they need. What are your experiences and do you have any other suggestions? We do all routing on our side and hand off a L2 port. Thanks in advance, rootnet ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smaller MPLS/EoMPLS capable router
http://www-au.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6557/prod_white_paper0900aecd8051fbdc.html 1841 (I would probably not use this in production as a SP) Also as Lars mentions: ME3600X Jon Harald Bøvre Sent from my iPad On 27. okt. 2011, at 20:59, Lars L. Christensen perseu...@gmail.com wrote: You could take a look at the Metro Ethernet switches. Some of them might be suitable for your setup. Regards Lars Christensen CCIE #20292 Den 27-10-2011 20:41, Andrew K. skrev: I've been waiting for my SE to get back to me on this but I wanted to ping the community to see what has been successfully used in the field. Proving WAN services in a remote rural area we have several small POP sites providing minimal customers (some 10 or less). We are looking to run MPLS in these area for loop prevention. From my digging around the smallest device I can see supporting these features would be a 2811. Anyone use anything smaller? Thanks in advance for any input. Andrew. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] limited bgp traps
could be transport connection-mode passive will help, for one side of the peering. router bgp 45000 neighbor 192.168.1.2 remote-as 4 neighbor 192.168.1.2 activate neighbor 192.168.1.2 transport connection-mode passive Jon Harald Bøvre On (2011-09-06 12:03 +0400), Nikolay Shopik wrote: I understand this because it actually changes state from down to active(trying to establish tcp session) and after timeout goes down again thus sending trap again. Is this behavior by design? I don't actually expect receive another trap until it change state from what I define(down or up). Unfortunately this is by design, people who designed BGP traps were dreadfully confused what people need. Now you must save previous BGP state in your NMS, so you are able to determine what happened. However some platforms, like IOS, extend standard BGP traps and include 'previous state' field, this will allow you to react only on establihes-down and X-established events, without saving states in NNS. Some other platforms, like JunOS unfortunately do not provide you with this luxory. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Jon Harald Bøvre ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500/SUP720-3B EtherChannel Sample ?
add command 'channel-group 5 mode on' to interface. This creates port-channel interface configuration below from one 7609 SUP720 interface Port-channel5 description xxx link switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-253,255-283,285-288,291-306,308-337,339-355 switchport trunk allowed vlan add 357-372,375,376,380-382,384-388,390-531 switchport trunk allowed vlan add 534-603,607-610,612-691,693-703,705-899 switchport trunk allowed vlan add 901-973,975-1156,1158-1207,1209-1252 switchport trunk allowed vlan add 1254-1268,1270,1271,1274-1276,1278-1296 switchport trunk allowed vlan add 1298-1356,1358-1383,1385-1422,1424-1513 switchport trunk allowed vlan add 1515-1524,1526-1604,1606,1608-1628,1630 switchport trunk allowed vlan add 1632-1968,1971-1979,1981-2099,2101-2204 switchport trunk allowed vlan add 2206-2899,2901-3472,3474,3476-3478,3480-4094 switchport mode trunk switchport nonegotiate mtu 2200 load-interval 30 mls qos trust cos interface TenGigabitEthernet7/1 description xxx portchannel 5 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-253,255-283,285-288,291-306,308-337,339-355 switchport trunk allowed vlan add 357-372,375,376,380-382,384-388,390-531 switchport trunk allowed vlan add 534-603,607-610,612-691,693-703,705-899 switchport trunk allowed vlan add 901-973,975-1156,1158-1207,1209-1252 switchport trunk allowed vlan add 1254-1268,1270,1271,1274-1276,1278-1296 switchport trunk allowed vlan add 1298-1356,1358-1383,1385-1422,1424-1513 switchport trunk allowed vlan add 1515-1524,1526-1604,1606,1608-1628,1630 switchport trunk allowed vlan add 1632-1968,1971-1979,1981-2099,2101-2204 switchport trunk allowed vlan add 2206-2899,2901-3472,3474,3476-3478,3480-4094 switchport mode trunk switchport nonegotiate mtu 2200 load-interval 30 mls qos trust cos channel-group 5 mode on interface TenGigabitEthernet7/3 description xxx portchannel 5 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-253,255-283,285-288,291-306,308-337,339-355 switchport trunk allowed vlan add 357-372,375,376,380-382,384-388,390-531 switchport trunk allowed vlan add 534-603,607-610,612-691,693-703,705-899 switchport trunk allowed vlan add 901-973,975-1156,1158-1207,1209-1252 switchport trunk allowed vlan add 1254-1268,1270,1271,1274-1276,1278-1296 switchport trunk allowed vlan add 1298-1356,1358-1383,1385-1422,1424-1513 switchport trunk allowed vlan add 1515-1524,1526-1604,1606,1608-1628,1630 switchport trunk allowed vlan add 1632-1968,1971-1979,1981-2099,2101-2204 switchport trunk allowed vlan add 2206-2899,2901-3472,3474,3476-3478,3480-4094 switchport mode trunk switchport nonegotiate mtu 2200 load-interval 30 mls qos trust cos channel-group 5 mode on site#sh etherchannel 5 detail Group state = L2 Ports: 2 Maxports = 8 Port-channels: 1 Max Port-channels = 1 Protocol:- Minimum Links: 0 Ports in the group: --- Port: Te7/1 Port state= Up Mstr In-Bndl Channel group = 5 Mode = On Gcchange = - Port-channel = Po5 GC = - Pseudo port-channel = Po5 Port index= 0 Load = 0x55 Protocol =- Mode = LACP Age of the port in the current state: 160d:04h:22m:01s Port: Te7/3 Port state= Up Mstr In-Bndl Channel group = 5 Mode = On Gcchange = - Port-channel = Po5 GC = - Pseudo port-channel = Po5 Port index= 1 Load = 0xAA Protocol =- Mode = LACP Age of the port in the current state: 117d:23h:20m:43s Port-channels in the group: -- Port-channel: Po5 Age of the Port-channel = 167d:04h:04m:53s Logical slot/port = 14/5 Number of ports = 2 GC = 0x HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol=- Fast-switchover = disabled Direct Load Swap= disabled Ports in the Port-channel: Index LoadPort EC stateNo of bits --+--++--+--- 0 55 Te7/1 On 4 1 AA Te7/3 On 4 Time since last port bundled:117d:23h:20m:48sTe7/3 Time since last port Un-bundled: 120d:20h:49m:00sTe7/3 Last applied Hash Distribution Algorithm: Fixed Channel-group Iedge Counts: --: Access ref count : 0 Iedge session count: 0 Den 8/28/2011 7:29 AM, skrev Olivier CALVANO: Hi I request a small help: We have two cisco 6500 with SUP720-3B and 4 port 10G card. First C6500 are not on the same site of the second and we have two fiber for the interconnect. Actually, only one fiber is used, we want connect the second for create a etherchannle (2x10GB) and for
Re: [c-nsp] QinQ config sample on Cisco 7600/6500
Hi To add up with complete configurations: define a transport vlan: vlan 1285 name qinq-transport configure QinQ port. Increase mtu (7600 does not inherit system mtu when configuring qinq port) If any layer 2 transport required, configure this. interface GigabitEthernet4/2 description QinQ accessport switchport switchport access vlan 1285 switchport mode dot1q-tunnel mtu 2200 no cdp enable l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel vtp Trunk transport vlan out of switch, and all the way to the other end of the tunnel: (all switches in between) interface GigabitEthernet1/20 description trunk switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1285 switchport mode trunk mtu 2200 and finally, if desired: no mac-address-table learning vlan 1285 Jon Den 8/26/2011 12:41 AM, skrev Peter Rathlev: On Thu, 2011-08-25 at 23:37 +0200, Rolf Hanßen wrote: nobody an idea about this ? Cannot be i am the first one trying to run/built such setup or migrating from a platform that can do it. ;) Okay then, I'll bite. :-) On Wed, 2011-08-24 at 18:46 +0200, Rolf Hanßen wrote: All I can find is several howtos saying to configure something like that here on the customer port: switchport switchport mode dot1q-tunnel That sounds right. When trying to set the above commands I get that error: Gi4/48 doesn't support 802.1q tunneling. My linecard is a WS-X6548-GE-TX, does that mean I cannot use QinQ here or is there another way ? You can't AFAIK. There's no alternative that I know of, and the URL Stig posted describes the limitation. It's probably a limitation in the hardware ASICs. You would need another card, like the WS-X6748-GE-TX. Same config on a WS-X6724-SFP is accepted. What I cannot find is where to set the vlan id that I use on my router (i.e. the outer tag like 123 in the Froundry config). Do I need to configure it like an access port or is there a setting somewhere else ? You use switchport access vlanID. The naming might seem illogical but considering how Catalyst switches forward traffic it does make sense. Port towards my equipment will be on a WS-X6704-10GE card. Furthermore I read about setting vlan dot1q tag native to support forwarding of untagged frames. How does this work if I do not know the vlans used by my custimer and therefore cannot set an ID for untagged ? The vlan dot1q tag native has no effect on the customer facing port. It's on your core links it matters. (It's a global command though.) Cisco's native VLAN for a trunk is normally a VLAN that is untagged. There can of course be only one of these on a trunk. Untagged traffic received on a port is assumed to be in this VLAN. If you were to transport customer traffic in a VLAN that is used as a native VLAN on one of your trunks you could end up having the traffic go places you don't expect. Always tagging all traffic, even the native VLAN, would work around this problem. Always using a native VLAN not used for anything else would give you the same result. Is untagged traffic dropped then or does it work anyway? The command means that untagged traffic is dropped on your core links, i.e. all trunks. Untagged traffic from a customer would carry only one tag but still be forwarded. The dot1q-tunnel ports are not considered trunks but access ports. Concerning the MTU: Do I need to increase the ports manually or is there a setting like aggregated-vlan on some Foundrys that increases all MTUs for QinQ ? You would need to configure each switchport with a higher MTU, using something like: interface GigabitEthernet9/4 mtu 1508 ! Does increasing the interface MTUs have some side-effects to take care about if I do not touch the vlan mtu and the MTUs of the Layer3 vlan interfaces ? I can't think of any side-effects. We always adjust the MTU of (non customer) links to whatever max the interface supports. You would only adjust the (physical) interface MTU. VLAN MTU (i.e. the mtu# command in vlan-config-mode) is irrelevant here; take a look at this page for an explanation (the Note: There is no relationship between ... section): http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml#cc4 Do you have any L3 VLAN interfaces (SVIs) on these customer tunnel VLANs? That doesn't make sense to me, but maybe I misunderstand. Concerning learning of MAC-adresses: On Foundry (MLX/XMR) you can turn off learning of MAC-adresses on vlans with only 2 ports (transparent-hw-flooding) to save ressources. Is there an equivalent that should be used on Cisco ? You can use no mac-address-table learning vlan#. You can use it on a VLAN with more than one port, but it does mean that every frame is flooded. Software used is 15.1(2)S, devices are only used for usual switching + routing (OSPF+BGP, MTU 1500, no MPLS) at the moment. Caveat: My experience is almost exclusively with the 6500, not the 7600. But this specific use is
Re: [c-nsp] recomended 12 dot IOS for 7206/G2
Hi Most of our 7206/G2 are running 12.4-24.T1 System restarted at 02:42:05 UTC Tue Jul 28 2009 System image file is disk2:c7200p-spservicesk9-mz.124-24.T1.bin Some has also been upgraded to 15.0-1.M5 using advipservice (for OSPFv3 support) System restarted at 12:03:27 cet Tue Jun 14 2011 System image file is disk2:c7200p-advipservicesk9-mz.150-1.M5.bin MPLS, L3VPN, EoMPLS, L2TPv2(PPPoE) Never any problems with these routers using above IOS Jon Den 7/25/2011 5:56 PM, skrev Gert Doering: Hi, On Tue, Jul 26, 2011 at 01:42:39AM +1000, Phil Pierotti wrote: I was just wondering what the consensus recommended 12 dot something IOS is for L2TP/MPLS (L3VPN) use these days. No ATM, no fancy voice stuff, nothing NAT and barely any ACLs. I'd go with 12.4 main or 15.0 main. 12-with-letters for 7200 seems to cause pain (these days). But some folks are using 12.2SRE* and can still talk, so maybe things have improved. (Not that all of this wouldn't be in the mailing list archives). gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configuring NetFlow from the Catalyst 6500 Card
Hi As already indicated, remember to add the mls netflow commands. And watch this video http://www.plixer.com/blog/network-problem-resolution/cisco-catalyst-6509-rap-mix-master-mitch-strikes-again/ Jon Harald Bøvre Sent from my iPad On 11. juli 2011, at 12:20, Manu Chao linux.ya...@gmail.com wrote: I have configured NetFlow on Catalyst 6500 but i only received packet being proceed by CPU (SNMP, PIM...). Is it normal? I need to see full transit packets in all SVI. ip route-cache flow configured on interface seems not enough. Can you please share your Netflow experience on 6500? I am using NAM-2. Regards, Manu ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IS-IS on L3 vlan interfaces
We are using this type of configuration on our 7609SUP720 with no problems. 4 routers connected by a shared LAN Find info below Jon System image file is bootdisk:c7600s72033-advipservicesk9-mz.122-33.SRE3.bin Site4-520-060#sh cln n vl 3000 Tag null: System Id Interface SNPAState Holdtime Type Protocol Site1-520-060 Vl3000 001b.0def.9bc0 Up 8 L2 IS-IS Site2-520-060 Vl3000 0012.dac2.ef40 Up 29L2 IS-IS Site3-520-060 Vl3000 0013.19fd.9880 Up 27L2 IS-IS interface Vlan3000 mtu 2000 ip address x.x.32.82 255.255.255.240 ip router isis ip pim dr-priority 100 ip pim sparse-mode ipv6 address x:x:0:3::20/64 ipv6 ospf cost 3 ipv6 ospf 41 area 0 mpls ip mpls traffic-eng tunnels isis circuit-type level-2-only isis metric 5 ip rsvp bandwidth On 28.05.2011 02:38, Walter Keen wrote: I'm having some trouble getting (integraded) IS-IS to form an adjacency over a L3 vlan that has 3 routers in it. It's on a Cisco 7600 series with 12.2(33)SRE code, however if I configure the vlan interface with the network type point-to-point, it comes up as expected. Since they all have dot1q trunks to a metro ethernet provider, I could certainly make vlans to form point to point connections to all of them, but I don't really want to unless I have to. Does anyone have experience with this sort of issue? I get as far as, with debug isis adj, I can see router A send packets, and B/C (all in the same ethernet segment/broadcast domain) receive it and transmit packets, presumabely in response, but A 's debug never indicates receiving an isis packet. isis and clns neighbor state on B and C get stuck in INIT ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] pseudowire
Assume your config to like this: interface vlan 222 xconnect 1.10.1.10 222 encap mpls Xconnect on interface vlan will not work. (depends on type of line card) Change to MUX UNI config: interface gig 4/48 switchport mode trunk switchport trunk allowed vlan 1-221,223-4094 (change to your requirement) interface gig 4/48.222 encap dot 222 xconnect 1.10.1.10 222 encap mpls Also make sure xconnect are targeted against LDP ID on remote router (loop 0) Jon On 15.05.2011 20:12, nigel cooper wrote: I am trying to create a psuedowire between two 7600 routers and don't seem to be able to get the VC up. I can do it between two 3700 routers at each end but with the 7600s the VC shows DOWN. The infrastructure is the same (testing in a lab environment). Has anyone ever used a pseudowire between two 7600's ? Trunking is not an option. Diag here, just swap 3725s for 7600s in diag and use int gi4/48 for fe0/0, int gi4/47 swpt acc 222 for Fe 0/1 and created int vlan 222 to add the xconnect statement. http://nncooper2.fortunecity.com/psmpls/LAB%20MPLS6.jpg Any help/ideas appreciated. 7604C#show mpls l2 vc 21 56 LAB TAS B02 Local intf Local circuit Dest addressVC ID Status 21 56 LAB TAS B02 - -- --- -- -- 21 56 LAB TAS B02 Vl222 Eth VLAN 222 1.10.1.10 222DOWN 7604D#sho mpls l2 vc 21 55 LAB TAS B02 Local intf Local circuit Dest addressVC ID Status 21 55 LAB TAS B02 - -- --- -- -- 21 55 LAB TAS B02 Vl222 Eth VLAN 222 1.10.1.9 222DOWN 21 55 LAB TAS B02 7604D# 3725B#sho mpls l2 vc 21 47 LAB TAS B02 21 47 LAB TAS B02 Local intf Local circuit Dest addressVC ID Status 21 47 LAB TAS B02 - -- --- -- -- 21 47 LAB TAS B02 Fa0/1.222 Eth VLAN 222 1.10.1.7 222UP 21 47 LAB TAS B02 3725B# ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Private VLANs for customer isolation on sup720/12.2(33)
Done similar to this with SXF (for FTTH rollout): interface vlan xxx (might be possible to use loopback intf) ip address x.x.x.x 255.255.252.0 ip local-proxy-arp interface vlan xxx+1 desc server1 ip unnumbered vlan xxx (or ip unnumbered loopback xxx) ip local-proxy-arp interface vlan xxx+2 desc server2 ip unnumbered vlan xxx (or ip unnumbered loopback xxx) ip local-proxy-arp to avoid burning av vlan for each server(customer), consider using switchport protected on access switch (if feature exists) Configuration from my head, might contain errors. Jon H Bøvre On 19.04.2011 15:38, Phil Mayers wrote: All, We've got a pair of Cisco 6500/sup720 serving as our datacentre collapsed routing/distribution. Servers are attached to downstream Foundry/Brocade devices, and possibly other dumb/cheap devices in future. Can I use private VLANs in this case to isolate customers and avoid burning 5 IPs (network, broadcast, HSRP master, slave vip) per-customer? I do *not* want to stop customers talking to each other at layer3 - just get some degree of isolation (including the sticky arp). I think I can't, because 12.2(33)SXI seems to lack switchport mode private-vlan trunk. Is this correct? What I want to do is: vlan 600 name customer-1 private-vlan community vlan 601 name customer-2 private-vlan community vlan 60 name all-customers private-vlan primary private-vlan assoc 600,601 int Te1/1 switchport mode trunk switchport trunk allowed vlan 600,601 int Vl60 ip address ... private-vlan mapping ... 600,601 ip local-proxy-arp Cheers, Phil ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] netflow top-talkers
Hi Same result on our 7609's at SRE3. From command reference: http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1014717 ip flow-top-talkers To configure NetFlow top talkers to capture traffic statistics for the unaggregated top flows of the heaviest traffic patterns and most-used applications in the network, use the ip flow-top-talkers command in global configuration mode. To disable NetFlow top talkers, use the no form of this command. ip flow-top-talkers no ip flow-top-talkers TipThe ip flow-top-talkers command does not appear in the configuration until you have configured the top number and sort-by [bytes | packets] commands. Router(config)# ip flow-top-talkers Router(config-flow-top-talkers)# top 4 Router(config-flow-top-talkers)# sort-by bytes When I try to configure: 520-060(config)#ip flow-top-talkers ^ % Invalid input detected at '^' marker. Assume this to be a bug Jon h Bøvre On 29.03.2011 19:53, Alexey wrote: Hi, I have updated Cisco IOS c7600rsp72043_rp-ADVENTERPRISEK9-M from version 122-33.SRB4 to 122-33.SRE3 on my Cisco 7600. Аfter update I can't find command RR(config)#ip flow top-talkers, but in the enable mode I can see that: RR#show ip flow top-talkers % Top talkers not configured Is this image supports netflow top-talkers? Thank you for answers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] New Joiner - ME3600X and tools
Hi We are also in process of buying some ME3600X. IPv6 supported? No. Probably coming in october this year. (which made me look to alternatives) Jon Harald Bøvre On 28.03.2011 14:06, Leigh Harrison wrote: Hello there group, I'm new and wanted to drop a note to say hello. I work for a service provider over in the UK and although not new to Cisco, I'm pretty new to Service Provider environments, I've been a member of the cisco-voip group before. First question then: We're just about to buy a job lot of ME3600X's - anyone using them and any feedback on them (especially on them running IPv6)? And Second questions whilst I'm on: What tools are you guys using (ideally open source ones) to keep an eye on your networks? (Especially Jitter) We have a full Cisco network setup here being monitored by Solarwinds, which we also use to monitor CPE equipment too. But I've installed us a Debian server running smokeping. I'm using the TelnetIOSPing to login into various network nodes and graph latency over the core - check it out if you've not seen it before. Cheers Group! Leigh H ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Small network Route Reflectors?
IS-IS: Anytime you might want to consider IPv6, and IS-IS dual-stack might be a challenge Check for OSPFv3 support Jon H Bøvre On 15.03.2011 16:07, Peter Rathlev wrote: We're thinking about introducing dedicated Route Reflectors in our small-ish MPLS VPN network. We currently have ~35 PE devices, all 6500/Sup720. There are no dedicated P devices. A couple of the PEs are RRs currently, but given the slow RP on a Sup720 we'd like dedicated RRs instead; and there are many other good reasons for that of course. We're talking ~10k MP-BGP routes now (plus about ~100 IGP routes (IS-IS)) with per-PE RDs. The ISR 2901 seems fit for the job. Any comments on that? Are there other devices better suited, assuming we intend to buy something brand new? According to FN the ISR 2901 IP Base image doesn't support MPLS, but otherwise supports all we need, i.e. IS-IS and MP-BGP. MPLS forwarding isn't a problem since the RR isn't supposed to forward traffic. Any good reasons to choose something other than IP Base? Thanks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CRC Errors on Ethernet Router
duplex? On 23.02.2011 12:19, alex nyagah wrote: Hi All, I am noting CRC errors on my Ethernet port on my cisco router, what could it be causing it.. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Q-in-Q frame sent into Q-in-Q tunnel
Hi done some testing as we had problems with this some months ago. QinQ tunnel 1 (transport vlan 5) - outer tunnel where customer are connected - STP,CDP (L2) forwarded QinQ tunnel 2 (transport vlan 6) - inner SP tunnel where tunnel 1 should be transported - STP,CDP NOT L2 forwarded No problem with this. But if you configure inner SP tunnel with L2 forwarding there will be problems QinQ tunnel 2 edge ports will see the encapsulated frames as invalid, and err-disable the port. Solution: -do not enable errdisable l2pt-guard on switches where SP tunnels are configured (probably undesired?) or -do not forward l2protocol on inner SP tunnel (customer will still have their STP,CDP forwarded) Jon Harald Bøvre On 10.02.2011 22:31, Stevan Zupanic wrote: Hello, As long as you adjust your switching MTU for 4 dot1q tags, things should work fine. We have a customer who is doing Q-in-Q on in our Q-in-Q already. I believe (but don't quote me on this!) you can have up to 8 layer 2 dot1q tags at once. Stevan Zupanic -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeff Fitzwater Sent: Thursday, February 10, 2011 3:01 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Q-in-Q frame sent into Q-in-Q tunnel I have an external customer which I need to tunnel across our network, but the traffic they are sending is QinQ already; Can I QinQ the traffic again so that I can control the VLAN ID ? Is my only concern the additional 4 bytes that I have to add to the MTU size in all the switches it propagates through? Thanks for any help. Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How to pass VLAN through router
Ideas that might be possible: If R1 and R2 are MPLS enabled: use EoMPLS If not MPLS: L2TPv3 could be used between R1 and R2 Jon Harald Bøvre Sent from my iPad On 12. feb. 2011, at 18:13, Pavel Dimow paveldi...@gmail.com wrote: Is this possible at all? I ended in pretty ugly scenario (for a short time period I hope) where I must pass VLAN through router (yes router not L3 switch). The scenario is: SW1-trunk-R1-trunk-R2-trunk-L3SWITCH I don't have control over SW1 and R1, but I do know that I have trunk from my R2 to other side R1 for sure (I already terminate one VLAN on R2). Now, I need somehow to get VLAN from other side (SW1) to L3SWITCH where I will setup a SVI. Any thoughts? How router behaves considering VLANs? Is it only possible to terminate vlan on subinterface and no vlan passing? It is logical to me, because router is a router not a switch (in my case R2 is Cisco ASR). And IF router will pass VLAN over trunk interfaces how do I control which VLANs are allowed to pass over which interface? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
