Re: [c-nsp] Physical Network TAP devices
For the 1G thing, we use this one http://www.pandacomdirekt.com/en/products/wdm/transponder-cards/267-gbps/2-c hannel-up-to-267gbps-3r.html With that, we can put loops in (missing at for example alcatel SAS) Do the medias-conversion (wdm/singlemode to cooper or whatever the next device is. You can program the output of any of the four ports to be the input of one of the four. So, we have 1 port line , 2 port our router , two port with gig output for each direction, So we can tap 1G full duplex and put it to whatever collecting device (silk ?) Also, we use it as an STM1 Switch for our last 155MBit line (switch the line to one or another router, so we do not need the power consuming atm-switch any more) Juergen. PS Hope this was not too much advertising ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PVST+ with arista box
Either configure MST everywhere, once, same configuration; Keep trunk vlan-assignement in sync with that and never try to change to avoid problems. So design your MST instances well; or stay on Cisco pvst+ with only Cisco switches. (caveat: some switches really want to have vlans mentioned in the MST instance config configured which may be above their vlan limit count.) Everything else give headache, white hair falling out too early, ... Just my $0.01 ... white hair on the floor, Juergen. -Ursprüngliche Nachricht- Von: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von james list Gesendet: Montag, 6. März 2017 21:41 An: cisco-nsp NSP Betreff: [c-nsp] PVST+ with arista box Dear experts, I'm looking for hands on experience in interconnecting a huge cisco network (>400 vlan) running PVST+ with some arista boxes which in principle as default uses MST but in theory could interact with Cisco proprietary PVST+. Despite the arista document which confirm the interop, has anybody ever done something similar? If yes any outcome? Thanks in advance Cheers James ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco One Licensing
> Some day, when I'm finally giving up on networking, I'll change to the dark side and apply for a job in >the license-model creation business unit for one of the big network vendors. > > gert I am thinking about creating special electric connectors, say, the upcoming IPv8-Connector; forcing it to be _the_ world-wide standard (even star fleet must use them) and getting a golden nose with the licence-fees. Only well-educated technicians are allowed to handle them, so education courses and certification business boosts. Finaly, my book "the IPv8-Connector for dummies" will be a best-seller. Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF LSA Type 3 / 5 question ...
On Fri, Feb 3, 2017 at 1:05 PM, Bryan Hollowaywrote: > > Imagine an ABR bordering areas 0 and 1 which is summarizing 10.0.0.0/8 > > to the backbone.> > > >> Downstream is a router running OSPF with the ABR. On that router is a > > static route to yet another device that does not support OSPF. Let's >> say that static route is 10.100.0.0/24. > > Am I correct in understanding the redistribution is in area 1? > > If so, this link may help: https://learningnetwork.cisco.com/thread/102826 > > The idea is to turn area 1 into an NSSA area, so the static would be a type 7, and you could then drop the type 5 LSAs on the ABR. > The idea is cool, but I am not sure whether I would really want this in production. > > BGP instead of areas anyone? Ospf reacts much faster than bgp, iff you have some sort of redundancy/backup line. You may also want to inject default into the totally-stubby-not-so-stubby area, And implement some sort of prefix filtering on both sides. Just my 0.01$ Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] strange crypto map on C891f
Just for later reference After opening a TAC case, They found the old bug CSCsq07109, and my case increased the number of devices effected dramatically. The old one did show up during boot, mine does not, so they created the new also just cosmetic BUG CSCvc69129 for it. Thus spoke Nikolas Geyer [n...@neko.id.au]: > > It's used for internal crypto self tests during boot up, there was a bug about it about 18 months ago making it visible like you are seeing but I don't recall it affecting 15.4. > > Log a case with TAC. > > On 28 Dec 2016, at 6:53 AM, Juergen Marenda <c...@marenda.net> wrote: > > That are Cisco C891F-K9 (revision 1.0) devices running > > c800-universalk9-mz.SPA.154-3.M6a.bin > > > > ursamajor#sh crypto map > >Interfaces using crypto map NiStTeSt1: > > [...] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] strange crypto map on C891f
Hi, i just migrated a pair of 1812's to C891f with ipsec-tunnels and found a (even in show run all) not configured crypto-map called NiStTeSt1 : That are Cisco C891F-K9 (revision 1.0) devices running c800-universalk9-mz.SPA.154-3.M6a.bin ursamajor#sh crypto map Interfaces using crypto map NiStTeSt1: Crypto Map IPv4 "x" 100 ipsec-isakmp [...] ursamajor#conf t no crypto map NiStTeSt1 end ursamajor#sh crypto map Crypto Map IPv4 "x" 100 ipsec-isakmp [...] Ok that seems to work, now I have to ask for timeslot To reload (after a wr mem) to see weather it re-appears... Very strange. Any experience with this ? An other Back-Door ? Thank you for some insights, Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] c7301 and hot-swapping of PAs?
Hi Gert, > I know I used to know this, but my memory is aging faster than the hardware... can PAs in a 7301 (= 1RU / 7200 / NPE-G1) be hot-plugged or not? According to the install guide, they can be hot-plugged: "Online insertion and removal (OIR) Allows you to add, replace, or remove port adapters with minimal interruption of the system" From http://www.cisco.com/c/en/us/td/docs/routers/7300/install_and_upgrade/7301/7 301_install_and_config_guide/7301icg/5418o.html Hope this help's, Juergen. -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird throughput issue
Check MTU on the links provided, probably some (vlan-/mpls-/...)tags does not fit. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
Because of https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- sa-20160525-ipv6 asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542 it should be 5.3.4.1 or for the brave 6.1.1.16 but I cannt see it for download (but 5.3.3 two times ! ) ... waiting for a fix of severity-2 BUG for more than 6 weeks ... ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will arrive A.D. MMXX ?) Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI interfaces on my cat4900M to less than 300 (out of TCAM resources...) just for the basics. I am desperately disappointed . Just my 0.01 $, Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR920 drops despite policy-map
Start at Layer 0+1... Sure that the links are all full-duplex , esp. to the test-loop ? If half-duplex, then youll see collisions. (and autoneg'ed an both sides shows same result, on all links ?) (just as a starting point, before checking higher levels And doing days off dbugging: eliminate bad cable/transiever...) Juergen. > [...] > It’s a pretty simple topology. Gi0/0/22 on each A920 is connected to an Exfo > test set. Gi0/0/23 on each A920 is connected to the other. I’ve got an > EoMPLS PW connecting Gi0/0/22 on both devices. > > Exfo Tester - gi0/0/22 - ASR920-1 - gi0/0/23 - gi0/0/23 - ASR920-2 - gi0/0/22 > - Exfo Loopback > > The Exfo transmitted 45469372 packets during the test, and I’m seeing output > drops on ASR920-1 Gi0/0/23. > > There’s no other traffic going across this box, except for ISIS and BFD, but > I highly doubt this would contribute to 2.1 million dropped packets. > [...] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISR4431 memory usage
> Thanks Juergen > - Did you notice any significant increase in ram utilisation once you enabled the 2 full tables? > (i.e. ours is currently sitting at ~83%, base conf)or did memory usage not change that much > (i.e. it was "reallocated" from other processes) One Pair of them: 46.9% (1.62 GB) of 3.46 GB used 47.0% (1.63 GB) of 3.46 GB used started after reload at 37% and increases 1% per month Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(1)S1, RELEASE SOFTWARE (fc1) Other Pair: 37.6% (1.30 GB) of 3.47 GB used 36.2% (1.25 GB) of 3.47 GB used few variations +-1% since last reload 9 months ago Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S3, RELEASE SOFTWARE (fc1) Third set: 40.7% (1.41 GB) of 3.47 GB used 40.7% (1.41 GB) of 3.47 GB used started with 39,7 5 month ago, so 0,2% grow per month Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S4, RELEASE SOFTWARE (fc3) Looks like I must check the first pair. Why the heck is it running a ...1... release while all were installed with 15.4(3)S_latest_ ... found ... Customer did that upgrade by himself. Juergen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ip virtual-reassembly drop-fragments
Ok, i found a document stating that "ip virtual..." is good for DDOS prevention http://blog.ine.com/2008/11/05/dealing-with-fragmented-traffic/ and does not help in reassembling in memory-efficient way what I learned from reading Cisco-doc when I first saw that command appearing on my router's configs. May be that this is evolution of functionality. Nevertheless, having it active on route-only routers (without "drop-fragments") does have (massive) negative impact on the traffic between (for example) the firwalls behind those routers using ipsec-tunnels (sending ip/esp packets, often fragmented ) (PMTU does not help since that is no ip/tcp traffic). Seeing this (also in setups with no connection to the internet so "DDOS" is not there) brought me to the recommendation to disable that feature. Sorry for any confusion I may have created, Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ip virtual-reassembly drop-fragments
Reassembling ipv4 pakets inside the router is only needed for fragmented packets with the router as destination; in the ipv4 world, the target host is responsible for reassembling the fragmented pakets, even when this happens on a router between an not on the source host. (for example, if an ipsec encapsulated packet got too big with the additional infos, the destination router which will de-ipsec it must first reassemble it. (global settable ipsec behavior) On GRE-Tunnels, the ip fragments will be delivered to the destination host, which must reassemble it. To help with fragment-ddos, configuring a mechanism not involed will not help; so you may want to use ACLs or the IOS firewall. See for example http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-g re/8014-acl-wp.html (not special for GRE even when the name suggests it) Juergen. -Ursprüngliche Nachricht- Von: Satish Patel [mailto:satish@gmail.com] Gesendet: Freitag, 3. Juni 2016 03:01 An: c...@marenda.net Cc: Nick Hilliard; Cisco Network Service Providers Betreff: Re: AW: [c-nsp] ip virtual-reassembly drop-fragments Sorry typo it was "Internet" We are getting many IP fragment DDoS so I was planning to use on outside interface to drop all IP fragmented packet. -- Sent from my iPhone > On Jun 2, 2016, at 10:44 AM, Juergen Marenda <c...@marenda.net> wrote: > > > Satish Patel wrote: >> is it safe to put on internap facing interface? >> >> ip virtual-reassembly drop-fragments > > what's an "internap"? > > s/ap/et/ > > Yes it is safe, but > > "no ip virtual-reassembly" > is the best thing you can do, on every interface, and look form time > to time and after reloads weather it reappears. > > "virtual-reassembly" should "reassembly" fragments (in a special, > memory conserving way) So dropping fragments in that context must be > an april's first joke. > > Having too few resources, > the theoretically good idea behind "virtual-reassembly" does not work > very well (in practice) esp. when it should be usefull. > > Using the "no" form on every interface where it appears automagically > When you configure nat, crypto, ... did help us to solve many problems. > > Juergen. > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISR4431 memory usage
Have several ISR4431 with minimum two full tables (but no default), without problems, migrated from 7201 and [23]8xx'er (but memory-eater "soft-reconfiguration" is no longer in use) Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ip virtual-reassembly drop-fragments
Satish Patel wrote: > is it safe to put on internap facing interface? > > ip virtual-reassembly drop-fragments what's an "internap"? s/ap/et/ Yes it is safe, but "no ip virtual-reassembly" is the best thing you can do, on every interface, and look form time to time and after reloads weather it reappears. "virtual-reassembly" should "reassembly" fragments (in a special, memory conserving way) So dropping fragments in that context must be an april's first joke. Having too few resources, the theoretically good idea behind "virtual-reassembly" does not work very well (in practice) esp. when it should be usefull. Using the "no" form on every interface where it appears automagically When you configure nat, crypto, ... did help us to solve many problems. Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR920 vs ASR1001-x
Even a 3COM 4200G is called a "layer 3 switch" (but it's very limited : " 32 static routes 8 IP interfaces Hardware based routing" (from an ancient datasheet) That's just marketing clouds ... tons of features, often mutex; so they will not fly as a cloud should. (The mentioned device and it's successors work quite well for their target market as "full manageable" L2 device .) Today, a bridge with some hardware-speed-up is called a "switch" even if it does only store-and-forward; "switch" was the name for such a device with "cut through" and minimal Number of Ethernet-frame bits delay (6 Octets for the destination-MAC plus some bits for setup up the path to the output port). A L3 Switch would be a similar device, looking into L3 info which is "later" in the paket (and sometimes on variable place to complicate this) so the minimum delay ( with real switching - not store-and-forward ) must be higher. Everything else forwarding on L3 (per "store and forward") should be just called "router" even when it's quite fast due to high CPU or hardware-based acceleration. just my 0.01 $ Juergen. -Ursprüngliche Nachricht- Von: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von sth...@nethelp.no Gesendet: Freitag, 29. April 2016 12:36 An: mark.ti...@seacom.mu Cc: cisco-nsp@puck.nether.net Betreff: Re: [c-nsp] ASR920 vs ASR1001-x > > ASR920 is more like a switch. > Not really - it's actually a router. > It just looks like a switch. Interesting - one of our local Cisco distributors, in a meeting with us and with Cisco people present, repeatedly called ASR920 a Layer 3 switch. With no protest from the Cisco representatives. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SFP compatibility
Most SFP's (esp. Older one for "low" speed) are fixed frequency, So they will not get in sync. An "GIG" SFP syncs at approx. 1.25 GHz and will not operate at FastEthernet Speed. OK, there _are_ multi-frequency SFP's, 1G SAN+2GSAN +1GE for example, but yoru device will not set the Clock to FastEthernet on the normal Gig-SFP . So the will not get in sync, and only see the light. -Ursprüngliche Nachricht- Von: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von Wilmer Gesendet: Donnerstag, 4. Februar 2016 03:06 An: cisco-nsp@puck.nether.net Betreff: [c-nsp] SFP compatibility Hey Guys, Probably a stupid question, but I can't find an obvious answer on Cisco. Are the following SFP's able to be used to together: One device is using at GLC-FE-100EX & the other end is using a 1000BASE-LX/LH (Single Mode fibre). I "think" these SFP's are compatible with each other.. But if someone can confirm this it would be great. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TFTP/SCP
The crypto-work gets done on the CPU in software, and the CPUs on those switches are not very strong. (data traffic is forwarded by the hardware, only some special pakets (STP, CDP, ...) disturb the CPU; while management traffic must be handled by the CPU) Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Does Cisco 3845 support EHWIC-1GE-SFP-CU ?
3845 does not support EHWIC . ISR(-1) maximum H-WIC, never E-H-WIC. The build-in ethernet Ports are sufficient to overload that box. Use a NM-FE[12] to get an dedicated FastEthernet-management port. Also keep in mind that most ethernet-WICs or low-density-etherswitch-wic's may have deficits in MTU, VLAN-Tagging, ... So read the datasheet and release notes first carefully and then dont bay. Just my 0.01$, Juergen. -Ursprüngliche Nachricht- Von: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von Zahid Khan Gesendet: Dienstag, 8. September 2015 17:00 An: cisco-nsp@puck.nether.net Betreff: [c-nsp] Does Cisco 3845 support EHWIC-1GE-SFP-CU ? Hi Folks, Can anybody please help me to find whether Cisco 3800 series routers support EHWIC-1GE-SFP-CU card? -- Regards, Zahid Khan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BVI Configuration on 1600 Access Points
What I want to achieve is creating a BVI Interface in separate VLAN (our Management VLAN 232 in this specific case) so that the AP is tagging all packets with the respective VLAN 232. However, after doing the configuration the AP is not reachable on the configured IP address. The AP is connected to a 2960 switch and the port configured as trunk. As soon as I configure the native vlan to 232 on the trunk port the management IP of the AP becomes reachable. This indicates that the AP is not tagging the packets at all. [...] So, what am I missing? It might be something completely trivial, and feel free to slap me if this is the case ;) Cisco AP's are not routers but bridges. The are managed only on the (untagged) interface. Just configure your mgmt-vlan as native vlan on the switchport, and tag all wlan-vlans, then everything will work fine. (... and you may also use the default int bvi1 as mgmt interface for the ap, My good old AP1131's did insist on that) . ...No reason to slap you instead of the vendor. Just my 0.01 $ Juergen Marenda. -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] %NTP: Multicast peer 224.0.1.1 does not exist
It's c7200p-advipservicesk9-mz.124-24.T8.bin Have you checked that the clock of your NPE-G2/7201 is in sync, # sh ntp status # sh ntp asso without having an accurate time, it will not send any ntp time-info -- Juergen Marenda ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can ASA 5550 do BGP
On Mon, Feb 11, 2013 at 09:21:46PM +0100, Peter Rathlev wrote: On Mon, 2013-02-11 at 18:58 +, pamela pomary wrote: Quick one. I have just read from Cisco's support community that generally ASA's dont do BGP. I want to verify if that is the case or there is tweak to get it to do BGP :) . We have ASA 5550 software version 8.2(3) which we possibly want to use as a border/edge router with our ISP. I'm pretty certain the ASA doesn't do any BGP. The FWSM supports BGP Stub Routing though it's very limited (bordering to useless). http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/ip_f.html#wpxref74349 pix and asa did and do not route very well. Use Cisco Router IOS with ACL etc. works much better. This is my very personal opinion, Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] can not configure modem by router
On Sat, Nov 17, 2012 at 02:22:58PM +0330, s m wrote: hello guys i wanna connect a modem to a 2800 router by AUX port. this is my configuration: modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 38400 flowcontrol hardware the speed value changes because mode autoconfigure discovery is set. i used blue console cable RJ45 to DB9 for connecting AUX port to modem. use the black cable or the supplied 9-to-25 CON-MODEM-adapter. the light-blue cable is to connect to a PC-AT Serial Port. Or crimp an RJ45 Plug reverse on the router's end of the cable . Or use a NULLmodemcable beetween Modem and DB9 con . You should be able to telnet ip-of-your-router 2001 , authenticate at router, and then speak with the modem. If you connect PC with Hyperterm instead of the modem, and this works, then it will not work with the modem, and you need to get/build a fitting cable, see above. [...] i read when the connection is correct, modem hardware stats should be CTS not noCTS. moreover i can not do reverse telnet to modem. YOur cabling is wrong, both sides SEND and RECIVE Lines are connected together (RS232 i must be shorit-ciruit proof, +-12 V...) please let me know how i should fix it and configure my modem by AT commands. Hope this helps, Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SFP high power alarm
On Tue, Aug 21, 2012 at 06:05:32PM +0200, Gert Doering wrote: Hi, On Tue, Aug 21, 2012 at 12:26:50PM +, John Brown wrote: Put a real optical power meter on the fibers and adjust with pads as needed to get your levels within specs. That's *RX* power. Not TX power. TX power is something that is measured inside the SFP - an the question how can TX power go high is a valid one. From an X2-Datasheet: VII. DOM Parameters Values Parametermin. max. Unit Transponder Temperature Monitor Accuracy 1) -5 +5 °C Laser Bias Current Monitor Accuracy 2) -10 +10 % Transmit Power Monitor Accuracy 3) -3 +3 dB Receive Power Monitor Accuracy 3) -3 +3 dB 1) 0 to 70°C case temperature. 2) 0 to 12.5 mA. 3) -8.2 dBm to +0.5 dBm ... so that may be just a measurement error. An other SFP+ shows +-2dB TX or RX Power Monitor Accurancy, and +-10% TX BIAS Accurancy. Did not find an explanation of how optical modules determine optical output power, some kind of handshake with the remote side , increasing output power so that the remote side _sees_ sufficient light? But *cleaning* the fibers and plugs is a very good idea(TM), with (too much) power the reciever gets blind; somtimes the dirt beetween fiber-fiber ore fiber-optics get grilled/emailed onto the glas. -- Juergen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loop/Unreachable problem with C6500/SUP720
(proxy-) ARP on wrong Interface / vlan ? You have random /32 more specific host-routes, compare mac-address table and arp-cache for the current wrong routed ip. Or are the ip's those found as ospf router-id ? Hope this help's, Juergen -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Tim Densmore Sent: Wednesday, August 08, 2012 8:04 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Loop/Unreachable problem with C6500/SUP720 On 8/8/2012 10:29 AM, Xu Hu wrote: If yes, it is a normal behaviour. Hi, Can you explain in what circumstance this would be normal? IIRC, OSPF has an AD of 110 and iBGP 200, so even if the routes weren't known via connected, how would they randomly compete for space in the FIB? I don't have OSPF or BGP running on any SVIs, so this is an honest question, not snarkiness, since I may find myself in this scenario in the not too distant future, albeit on 7600s rather than 6500s. Pointers to docs would be great. Thanks, TD ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] me3600 svi's not showing in and out bit counts that isee on corresponding phy int
on 4900M ! int vlan NNN counter ! did help (yes i know the 4900M ist not a metro switch) Mit freundlichen Gru?en Kind regards Veuillez agreer mes salutations distinguees Met vriendelijke groet Juergen. Try to set the load-interval to 30s, then check again. Xu Hu On 8 Aug, 2012, at 21:54, Aaron aar...@gvtc.com wrote: anybody know why me3600 svi doesn't seem to show in and out bit counts that the underlying phy int shows? all svi's (10,11,13) are in a vrf running over mpls l3vpn 3600#sh int vl 10 | in 30 sec 30 second input rate 2000 bits/sec, 3 packets/sec 30 second output rate 1000 bits/sec, 3 packets/sec 3600#sh int g0/1 | in 30 sec 30 second input rate 402000 bits/sec, 359 packets/sec 30 second output rate 6157000 bits/sec, 613 packets/sec [...] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] pppoe server
On the lower-price end, the 3845 has 1200 as maximum recommended number of l2tp tunnels or sessions; (cisco application note l2tp support for the cisco 800, 1800, 2800, 3800 integrated service routers ) or a 7206VXR with NPEg1 or the 1HE NPEg2 called 7201 will terminate 8000 sessions (mircom report and datasheet at cisco.com) But they have 2/3/4 GE Interfaces, resp., not 10GE, and second source Memeory to max the NPE-G1 out is now rare. Juergen. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Bruce D. Sidlinger Sent: Tuesday, June 28, 2011 7:51 AM To: K bharathan Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] pppoe server ASR1000 is the current preferred solution, or so my salesperson tells me. For various telcos I currently use Cisco 1s for PPPoE but in the future will change to the new little ASR. -Bruce On Jun 28, 2011, at 12:36 AM, K bharathan kbhara...@gmail.com wrote: hi all which cisco router can be used for pppoe server (about 1200 customers) -bharathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Boot from TFTP
Hello Jay, Here is a link for the different linear Flash cards from Cisco. http://www.cisco.com/en/US/products/hw/routers/ps341/products_tech_note09186a00800a7515.shtml PCMCIA Filesystem Compatibility Matrix and Filesystem Information ... The Flash disk is more flexible than linear Flash memory because the Flash disk has controller circuitry that allows it to emulate a hard disk and that automatically maps out bad blocks and performs automatic block erasure. Further, the Flash disk provides the capability to allocate noncontiguous sectors, which eliminates the need for the squeeze command (previously required with linear Flash memory cards). ... From ancient http://www.cisco.com/en/US/docs/ios/11_3/configfun/configuration/guide/fcmemory.html ... You can delete and undelete a file up to 15 times. ... i think this is what i remembered as delete 8/9 times i my post. I personally tried 16 MByte Linear Flash Card from a 7206vxr/NPE300/IO-1FE and 4 MByte Linear Flash card from 1603R on my newton MP110, they both did not work there. (also not in casio zoomer). Compactflash-ATA Disks with (mechanix only) PCMCIA Adapter may work on 7206VXR or not due to different disk-controller chip-sets in the compact-flash (windows-xp showed me the controller-type when inserting into Laptop) so i could sort and swap them with my digicam's compact-flashcards. Even when formatted on the target router, a 7206VXR may mutter not formatted in this router . just plugged a Cisco 32M Compactflash from an 1812 into my laptop: STI Flash 8.0.0 Properties Filesystem FAT Capacity 31.973.376 Bytes (keine FDISK Partitionstabelle no tapllicable) Hope this help's, Juergen. -Original Message- From: Murphy, Jay, DOH [mailto:jay.mur...@state.nm.us] Sent: Friday, June 24, 2011 11:33 PM To: j...@ilk.net; 'Scott Voll' Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Boot from TFTP Juergen, Könnten Sie bitte mir helfen... can you point me to the source of this information, since some networks have legacy devices, and different classes of flash file systems. Dankt meinem freund, ~Jay Murphy Sr. IP Network Specialist NM State Government IT Services Division PSB – IP Network Management Center Santa Fé, New México 87505 Bus. Ph.: 505.827.2851 We move the information that moves your world. “Engineering is about finding the sweet spot between what's solvable and what isn't. “Good engineering demands that we understand what we’re doing and why, keep an open mind, and learn from experience.” Radia Perlman If human beings are perceived as potentials rather than problems, as possessing strengths instead of weaknesses, as unlimited rather than dull and unresponsive, then they thrive and grow to their capabilities. ? Please consider the environment before printing e-mail -Original Message- From: Juergen Marenda [mailto:j...@ilk.net] Sent: Friday, June 24, 2011 3:19 PM To: Murphy, Jay, DOH; 'Scott Voll' Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Boot from TFTP no, the compact flash cards have dos filesystems, squeeze is not needed and not offered by the ios on those filesystems. Esp. after format squeeze on the compactflash is not needed. The old , linear fast PCMCIA FLASH Cards (but not compatible with the Newton :-( as a former form of ip* was named) ) did also not need squeeze but you had to delete a file 8? 9 ? times to free the blocks, or use squeeze if offerde by yoru IOS. Even though you reformat the CompactFlash card, you will need to use squeeze to recoup the memory space. ~Jay Murphy Sr. IP Network Specialist NM State Government ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Boot from TFTP
You need some RAM... The (first) image in FLASH will be loaded started and uncompresses itself. It reads the config file and, after configuring some of the interfaces, loads the indicated IOS thru tftp into RAM to uncompress and start it. So you need RAM for two IOS's unziped... or a smaller, older, not full-featured Image for booting purposes (for some mashines exist boot-helper images). Why dont you - boot device and get ip address ...int gig 0/0 ip address dhcp no shut - ping tftp server (ok) - format flash: to clear it or delete some big files (not the vlan.dat ) to make sufficient space for the wanted IOS - copy tftp:/ip/file flash:/file - reload from flash - (probably you want to delete or update the LIST of boot system and boot config cammands, if there is more than 1 of each they all will get executed.) -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll Sent: Friday, June 24, 2011 10:24 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Boot from TFTP OK... I'm in a pinch and I need to upgrade a 2821 to a newer ISO and don't have time to get a new Flash card. So i'm trying to boot from TFTP. But I keep getting a file to large error %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0/0 assigned DHCP address 10.14.1.53, mask 255.255.255.0, hostname Router %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. %SYS-3-IMAGE_TOO_BIG: 'tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin' is too large for available memory (51691544 bytes). %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. Config looks like this: boot system tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin Memory needed is 512mb I have Cisco 2821 (revision 53.50) with 776192K/10240K bytes of memory. so I should have enough ram. What am I missing? Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Boot from TFTP
No, boot system does not copy to flash, it loads file to RAM amd starts it. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Rathlev Sent: Friday, June 24, 2011 10:41 PM To: Scott Voll Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Boot from TFTP On Fri, 2011-06-24 at 13:23 -0700, Scott Voll wrote: %SYS-3-IMAGE_TOO_BIG: 'tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin' is too large for available memory (51691544 bytes). %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. Config looks like this: boot system tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin Memory needed is 512mb I have Cisco 2821 (revision 53.50) with 776192K/10240K bytes of memory. so I should have enough ram. I'm guessing it's the flash. You probably have 51691544 bytes left on the flash device. The image is 64562864 bytes. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Boot from TFTP
no, the compact flash cards have dos filesystems, squeeze is not needed and not offered by the ios on those filesystems. Esp. after format squeeze on the compactflash is not needed. The old , linear fast PCMCIA FLASH Cards (but not compatible with the Newton :-( as a former form of ip* was named) ) did also not need squeeze but you had to delete a file 8? 9 ? times to free the blocks, or use squeeze if offerde by yoru IOS. Even though you reformat the CompactFlash card, you will need to use squeeze to recoup the memory space. ~Jay Murphy Sr. IP Network Specialist NM State Government -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll Sent: Friday, June 24, 2011 2:54 PM To: j...@ilk.net Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Boot from TFTP Thats what I was forgetting.. I knew there was was something. I'll see if I can find a Boot helper image to replace the full blown one that is currently on the flash. Thanks Scott On Fri, Jun 24, 2011 at 1:47 PM, Juergen Marenda j...@ilk.net wrote: You need some RAM... The (first) image in FLASH will be loaded started and uncompresses itself. It reads the config file and, after configuring some of the interfaces, loads the indicated IOS thru tftp into RAM to uncompress and start it. So you need RAM for two IOS's unziped... or a smaller, older, not full-featured Image for booting purposes (for some mashines exist boot-helper images). Why dont you - boot device and get ip address ...int gig 0/0 ip address dhcp no shut - ping tftp server (ok) - format flash: to clear it or delete some big files (not the vlan.dat ) to make sufficient space for the wanted IOS - copy tftp:/ip/file flash:/file - reload from flash - (probably you want to delete or update the LIST of boot system and boot config cammands, if there is more than 1 of each they all will get executed.) -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll Sent: Friday, June 24, 2011 10:24 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Boot from TFTP OK... I'm in a pinch and I need to upgrade a 2821 to a newer ISO and don't have time to get a new Flash card. So i'm trying to boot from TFTP. But I keep getting a file to large error %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0/0 assigned DHCP address 10.14.1.53, mask 255.255.255.0, hostname Router %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. %SYS-3-IMAGE_TOO_BIG: 'tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin' is too large for available memory (51691544 bytes). %SYS-6-READ_BOOTFILE_FAIL: tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin File read failed -- Not enough space. Config looks like this: boot system tftp:// 10.14.1.108/c2800nm-advipservicesk9-mz.151-3.T1.bin Memory needed is 512mb I have Cisco 2821 (revision 53.50) with 776192K/10240K bytes of memory. so I should have enough ram. What am I missing? Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Dot11Radio0 ipv6 command
Sorry, but I do not see the difference beetween IPv4 and IPv6 Behaviour here. As far as i remember you put the LAN-Interface vlan1 and the radio-(sub-)interface into the same bridge-group and configure the IPv4 (or Ipv6) on the bvi interface to emulate the normal behaviour of home-customer-CPE's. Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/