from:"Scott Voll"

Re: [c-nsp] IOS-XE?

2020-11-10 Thread Scott Voll

I'm still running 3650/3850's 4-8 switch stacks.  primary stack switch
reboots.  No logs created to help TAC figure out why.  has happened on
multiple stacks over the time we have been on 16.9.x train.

your issue on the 9200's does not make me feel much better.

Scott


On Mon, Nov 9, 2020 at 3:40 PM Gary Smith  wrote:

> On 09/11/2020 23:33, Scott Voll wrote:
>
> > 16.9.6 or 16.12.4?
> > and Why?
> >
> > Any issues seen in the 16.12 line?  I've seen some unexplained reboots in
> > the 16.9.5 train that TAC can't explain so need to upgrade.  16.9.6 is
> the
> > Starred release.  I've not been impressed with the whole 16.9.x train
> over
> > the last two years so really thinking hard about 16.12.4.
>
> Found some issues with 16.12.4 in relation to 9200 switches in larger
> stacks if that's likely to have any bearing on your decision. Notably
> that the 48PXG switches will only stack to four high. If you go with
> five then a random stack member will fail to join the stack. Issue
> raised with TAC on this. I have a boatload of 48Ps on 16.09 where this
> behaviour is not exhibited. Haven't yet tried downgrading the
> 48PXGs/upgrading the 48Ps to see how this might manifest itself.
>
> Gary
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IOS-XE?

2020-11-09 Thread Scott Voll

16.9.6 or 16.12.4?
and Why?

Any issues seen in the 16.12 line?  I've seen some unexplained reboots in
the 16.9.5 train that TAC can't explain so need to upgrade.  16.9.6 is the
Starred release.  I've not been impressed with the whole 16.9.x train over
the last two years so really thinking hard about 16.12.4.

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Non-disruptive Nexus 77xx upgrade

2019-03-15 Thread Scott Voll

What does a Non-disruptive Nexus 77xx upgrade look like to a single homed
device, attached to it?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Correct syntax for Boot system

2019-02-28 Thread Scott Voll

my question is the extra flash in the command:

boot system *flash* bootflash:filename.bin

is that something new?

Scott




On Thu, Feb 28, 2019 at 9:53 AM Tyler Applebaum 
wrote:

> On the 4k series I use bootflash:
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Scott Voll
> Sent: Thursday, February 28, 2019 9:40 AM
> To: cisco-nsp 
> Subject: [c-nsp] Correct syntax for Boot system
>
> I have always used
>
> boot system flash:xx.bin or boot system bootflash:.bin
>
> did the syntax change to boot system flash flash0:x.bin???
>
> I have a new 4331 that without the extra flash it failed to boot.   Is this
> new?  did I miss the memo?
>
> does this carry over to ASRs and the older 29xx/39xx platforms?
>
> I'm booting a bunch of remote routers and don't want to be driving to
> recover them from a simple mistake I missed.
>
> TIA
>
> Scott
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> Attention: Information contained in this message and or attachments is
> intended only for the recipient(s) named above and may contain confidential
> and or privileged material that is protected under State or Federal law. If
> you are not the intended recipient, any disclosure, copying, distribution
> or action taken on it is prohibited. If you believe you have received this
> email in error, please contact the sender with a copy to
> complia...@ochin.org, delete this email and destroy all copies.
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Correct syntax for Boot system

2019-02-28 Thread Scott Voll

I have always used

boot system flash:xx.bin or boot system bootflash:.bin

did the syntax change to boot system flash flash0:x.bin???

I have a new 4331 that without the extra flash it failed to boot.   Is this
new?  did I miss the memo?

does this carry over to ASRs and the older 29xx/39xx platforms?

I'm booting a bunch of remote routers and don't want to be driving to
recover them from a simple mistake I missed.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7700 sup2e Upgrade

2018-08-03 Thread Scott Voll

Been running our 7706 on 8.2.1 for 231 days without issues.  Nothing to
big. VPC, routing, Data Center and Core.  IPv4 and v6

scott


On Mon, Jul 30, 2018 at 8:26 AM Nick Griffin 
wrote:

> Looking to upgrade some 7ks from 6.2.12 to something 7.2 or 7.3 to support
> the peering of layer 3 devices across vpc port channels. Looking to see
> what code versions others are using that have proven to be stable.
>
> Sent from my iPhone
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: Cell phone service inside buildings

2018-06-27 Thread Scott Voll

For those that work in Large buildings that cell phone reception is a
problem, what solutions have you used that work well and you would suggest.

you can unicast me since it's pretty Off Topic.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Syslog timezone

2018-03-22 Thread Scott Voll

how about:

service timestamps debug datetime msec

Scott

On Thu, Mar 22, 2018 at 8:32 AM, Dan Letkeman  wrote:

> Hello,
>
> I'm trying to change the syslog message timezone to the correct one for my
> location.
>
>
> This:
> service timestamps log datetime msec localtime show-timezone
>
> Only changes the console log timezone to the correct timezone.  The syslog
> messages continue to use the UTC timezone.
>
> Is there any way to modify this, or do we have to somehow change this on
> our logging server?
>
> Thanks,
> Dan.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 7700

2017-12-01 Thread Scott Voll

What are others running on their 77xx's?

6.2.16 is the starred release but is over a year and a half old. and there
is an .18 version too (but not starred).

8.2.1 is very new.

cisco is shipping with 8.1.1.

if you were going in green, what version would you recommend?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 3850 / 3650 storm control

2017-11-22 Thread Scott Voll

So I'm green field with 3850 at the distribution layer and 3650 at the
access layer.

Since I don't have anything to start with, what would be save storm control
limits to start with on each platform for Broadcast, multicast,and
Unicast?

Mgig to the edge, 20gig to the distribution, and 160 gig to the core.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 7700

2017-10-11 Thread Scott Voll

Anyone have a Nexus 7700?

Can you (not do you choose to) install it in a standard 34" deep server
cabinet?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR 1001x for BGP

2017-10-04 Thread Scott Voll

Need to order a BGP router asap...

Looking at an ASR 1001x.  Stock it comes with 8gb of ram.

is that enough for 2 full BGP feeds these days?  Both IPv4 and v6.  Netflow
/ AppX.

Nothing else at this time.

or do I need to bump up the RAM?

Anything else I should know before pulling the trigger?

Thanks for your quick feedback.

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco One Licensing

2017-03-02 Thread Scott Voll

Not exactly what I was looking for But thanks for the giggle.

Scott


On Thu, Mar 2, 2017 at 1:30 PM, Gert Doering <g...@greenie.muc.de> wrote:

> Hi,
>
> On Thu, Mar 02, 2017 at 12:51:26PM -0800, Scott Voll wrote:
> > In what kind of situation would this licensing structure make sense?
>
> Many licensing structures make lots of sense if you sit in the department
> devising these.  "How can we make things so complicated that people
> give up understanding things and just pay?"
>
> Some day, when I'm finally giving up on networking, I'll change to the dark
> side and apply for a job in the license-model creation business unit for
> one of the big network vendors.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>//
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025g...@net.informatik.tu-
> muenchen.de
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco One Licensing

2017-03-02 Thread Scott Voll

Anyone looked at Cisco One licensing?

I have not yet done a side by side comparison with Ala-cart but pricing
structure looks like I get to pay up front and continue to pay long term.
I have to think ala-cart has to be more reasonable.

Then this "transferable" license I still get to pay for a switch transfer
when I need to upgrade or replace.

I get that with the cisco one license I can use any and all options, but I
just can't get past the pricing.  literally I get to pay more in 5 years on
this cisco one stuff then the pricing of the switches themselves.

Anyone using it?  In what kind of situation would this licensing structure
make sense?

TIA

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 3650 multi gig

2017-01-25 Thread Scott Voll

Anyone have a 3650 Multi gig switch?

Which ports are multi gig?

we are building a new building and trying to figure out how would be the
best way to wire out the closets.  if you have ways that you wish your IDF
looked let me know.

Thanks

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 VPC Port channel Nexus -- 2951

2016-10-31 Thread Scott Voll

it ended up being a Port channel issue.  the router needed mode on rather
than mode active.  IPv4 was able to work without the port channel working
where as IPv6 was seeing a loop.  Fixed the port channel issue and
everything worked.

scott

On Mon, Oct 31, 2016 at 8:51 AM, John Kougoulos <john.kougou...@gmail.com>
wrote:

>
> Hi,
>
> On Wed, Oct 26, 2016 at 9:06 PM, Scott Voll <svoll.v...@gmail.com> wrote:
>
>> So I have a 2951 setup with a Port-channel to a set of L3 Nexus 5548's on
>> a
>> VPC.
>>
>>
> Well, I don't know specifically about IPv6, but in general, connectivity
> between a router and nexus using vPC is not recommended, but the result is
> also very platform specific.
> The preferred way if I remember correctly is to have 2 separate l3 links
> and use eg OSPF instead of etherchannel for load balancing & redundancy.
> You may read more here: https://www.cisco.com/en/US/
> docs/switches/datacenter/nexus5000/sw/mkt_ops_guides/
> 513_n1_1/n5k_L3_w_vpc_5500platform.pdf.
> Maybe IPv6 is a bit more problematic than IPv4 because of the use of
> multicast.
>
> Kind regards,
> John
>
>
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IPv6 VPC Port channel Nexus -- 2951

2016-10-26 Thread Scott Voll

So I have a 2951 setup with a Port-channel to a set of L3 Nexus 5548's on a
VPC.

IPv4 seems to work fine.

IPv6 on the other hand I'm getting a loop detected.

%IPV6_ND-4-LOOPBACK: Looped back NS(DAD) packet detected for 
on Port-channel XX.yy

What am I missing so that IPv6 will work?

Can someone head me down the right path?



Sample Config:

2951

interface Port-channelxx.yy
 encapsulation dot1Q xxx
 ip address 10.x.yy.5 255.255.255.0
ipv6 address 2620:xx:yy:zz::5/64
ipv6 enable

Nexus

interface port-channelxx
  description router
  switchport mode trunk
  speed 1000
  vpc xx

interface Vlanyyy
  description
  no shutdown
  ip address 10.x.yy.2/24
  ipv6 address 2620:xx:yy:zz::2/64
  ipv6 router 
  ip router 
  ip pim sparse-mode
  hsrp version 2
  hsrp yyy
preempt
priority 110
ip 10.x.yy.1
  hsrp yyy ipv6
preempt
priority 130
ip 2620:xx:yy:zz:::1
  ip dhcp relay address 10.x.y.z
  ipv6 dhcp relay address 2620:xx:yy:zz::40

is it as easy as only allowing router vlan's down the VPC on the nexus?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 routing vs IPv4 Nating

2016-08-23 Thread Scott Voll

Gert and Lee,  your picking up what I'm putting down.

two geographically dispersed exit points with multiple internal dispersed
sites each with a /48.  my over all is a /44.  So from a BGP stand point
I'm announcing half my sites out one exit site and the other half out the
other.  with iBGP announcing out the other.  since the firewalls are not
sync'd in any way, and since I'm only leaking BGP default routes to the
firewalls that are leaking them internally, I end up with two default
routes internally to my routing protocol.  This way if I loss a ISP /
Router / Firewall all my internal traffic goes out the one that is still up.

The problem like Lee and Gert points out is you must have the traffic
return to the same Firewall (stateful) to get the traffic back into the
network

Lee, I like the idea for putting a proxy at each exit point, but I'm using
a Cloud proxy solution (bound by contract).

I was thinking if I leaked all the IPv6 networks internally that would get
the traffic going the correct direction, but there is still a possibility
of asymmetric routing on the internet.

For this reason, NAT sure does help, but I don't want to NAT IPv6 but do
need a solution, to provide redundancy.

An other ideas?

TIA

Scott

On Tue, Aug 23, 2016 at 5:21 AM, Gert Doering  wrote:

> Hi,
>
> On Mon, Aug 22, 2016 at 10:54:04PM +0100, Tom Hill wrote:
> > On 22/08/16 22:34, Gert Doering wrote:
> > > Not if you NAT the IPv4 - the NAT part enforces symmetry.
> > >
> > > Not that I'm a big fan of NAT, but it has its uses :-)
> >
> > FHRPs aren't just for 'inside' interfaces. You do have to be sure to
> > adjust the priorities of 'inside' and 'outside' interfaces together to
> > maintain your symmetry, but that's not difficult. FHRP also takes care
> > of ARP delays during failover.
>
> So how do you FHRP one firewall(cluster) in the US with one
> firewall(cluster)
> in Europe, ensuring symmetric traffic?
>
> > Assuming there's state synchronisation in all cases, of course.
>
> Think larger networks :-)
>
> In the "I have two firewalls that are connected to the same inside and
> outside LANs" case, everything is mostly trivial.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>//
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025g...@net.informatik.tu-
> muenchen.de
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IPv6 routing vs IPv4 Nating

2016-08-22 Thread Scott Voll

I'm not really able to wrap my mind around what best practice would be.

Currently I have two exit points in my network.  BGP / iBGP.  Two Firewalls
behind those.  Each Firewall has a IPv4 Class C to NAT to.

With publicly Routed IPv6 not nat'ing how do I setup the firewalls / bgp to
route correctly?  Do I have to leak all IPv6 routes to the internal network
to make sure the IPv6 address comes back to the correct Firewall?  Also
thinking about redundancy if one ISP / BGP router / Firewall goes down, I
need it to dynamically reroute to the other side.  See attached.

Thank for your input. maybe I'm just missing something easy.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR 1001-x rock solid code?

2016-01-08 Thread Scott Voll

I'm just getting a couple ASR's and do not have any in production, but have
to move to production in short order.  Can someone give me some idea of the
most rock solid code for these guys right now?  I'm just routing packets on
a wan internally so nothing big.  Came with 3.13.2S but the only MD is
3.13.4S and there is code all the way up to 3.17.x but they are all
ED.Nothing is currently Starred as a Best bet type image.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco WS2960-X - Are these switches lemons or is there a stable release?

2015-10-16 Thread Scott Voll

we have been running 15.2(3)E pretty reliably for the past several months.
The EX code pretty much sucked.  Same issues as the others with SFPs.
Since we have the Gig switches we just burned a couple gig ports for the
uplink and stopped using the 1 gig SFP's.  and one of the bugs suggested
shutting down the ten gig ports not in use.  So we have done that and they
have been working fine.  But it hasn't gone with out it's issues like
others have said.

you're not going mad.

Scott


On Fri, Oct 16, 2015 at 7:55 AM, Ian Hiddleston  wrote:

> Thanks for the responses guys, good to see I'm not going mad...
>
> Ian Hiddleston | Senior Network Analyst | Civica UK Limited
> Tel: 0845 055 2323
> e-mail: ian.hiddles...@civica.co.uk | http://www.civica.co.uk
>
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Steve Mikulasik
> Sent: 13 October 2015 15:49
> To: Hagen AMEN 
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Cisco WS2960-X - Are these switches lemons or is
> there a stable release?
>
> My recent experiences with TAC suggested releases has not been good when
> it comes to switches. I have been doing a lot more reading into the release
> notes to figure out the most suitable release.
>
>
>
> From: Hagen AMEN [mailto:hagen.a.a...@multco.us]
> Sent: Tuesday, October 13, 2015 8:38 AM
> To: Steve Mikulasik 
> Cc: Nick Cutting ; cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Cisco WS2960-X - Are these switches lemons or is
> there a stable release?
>
> Certainly, we saw the issue happen running 15.0(2)EX5, but we've also seen
> it happen on 15.2(2)E, 15.2(2a)E1, as well as ES releases from TAC (which
> were supposed to fix the issue).
>
> We're running 15.2(3)E1, for the last couple of months (July timeframe).
> So far, no recurrence.
>
> On Tue, Oct 13, 2015 at 6:57 AM, Steve Mikulasik <
> steve.mikula...@civeo.com> wrote:
> I think that was a bug in 15.0.2EX5. 15.0.2aEX5 has been working fine for
> me since it came out in Feb.
>
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net cisco-nsp-boun...@puck.nether.net>] On Behalf Of Hagen AMEN
> Sent: Monday, October 12, 2015 11:29 AM
> To: Nick Cutting >
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Cisco WS2960-X - Are these switches lemons or is
> there a stable release?
>
> Indeed, not only do they stop forwarding on the copper SFPs, the SFP tends
> to drop off entirely (just generates that lovely HULC error when you query
> the ethernet-controller phy detail).
>
> And, for extra fun, some iterations of the hardware will also (when the SFP
> fails) start generating:
>
> "%ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured
> by Cisco or with Cisco's authorization..."
>
> Which causes the switch to stop forwarding all traffic. Requires a full
> power cycle to restore.
>
>
> On Mon, Oct 12, 2015 at 10:20 AM, Nick Cutting  >
> wrote:
>
> > I've never got over the bug that plagues copper SFP's in this model of
> > switch.  They just stop forwarding traffic randomly.
> >
> > They keep promising a fix - I still haven't seen anything rock solid.
> >
> > -Original Message-
> > From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net cisco-nsp-boun...@puck.nether.net>] On Behalf
> > Of Ian Hiddleston
> > Sent: 12 October 2015 17:29
> > To: cisco-nsp@puck.nether.net
> > Subject: [c-nsp] Cisco WS2960-X - Are these switches lemons or is
> > there a stable release?
> >
> > Hi guys,
> >
> > For reasons best left alone, I’ve ended up with a pair of Cisco
> > 2960-X’s (WS-C2960X-48TD-L to be precise). I’ve had nothing but
> > trouble with them so far, hence asking the list. Does anyone know if
> > there is a stable software image for them that doesn’t crash when you
> > SSH to it or drop the stack module offline and split brain for fun?
> >
> > Thanks,
> > Ian
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> Ian Hiddleston | Senior Network Analyst | Civica UK Limited
> Tel: 0845 055 2323
> e-mail: ian.hiddles...@civica.co.uk | http://www.civica.co.uk<
> http://www.civica.co.uk/>
>
>
> ■ Civica commits to the next generation by joining The 5% Club.. more<
> https://www.civica.co.uk/articles/816-Civica-commits-to-the-next-generation-by-joining-The-5-Club
> >
> ■ The Great British Cloud-off... more<
> https://www.civica.co.uk/articles/813-The-Great-British-Cloud-off>
> ■ Bristol City Council selects Civica’s Housing Cx system to transform
> tenant services... more<
>

[c-nsp] oid's? 3850 each core?

2015-09-29 Thread Scott Voll

Does anyone know where I can find the OID's for each CPU Core on a cisco
3850?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ISE 1.4

2015-06-19 Thread Scott Voll

Has anyone upgraded to ISE 1.4?  I'm currently on a earlier release of 1.2
and need to upgrade.  I was planning on a 1.3 version, but notice about a
month ago 1.4 came out.

Seeing if anyone else has upgraded?  Issues with the upgrade?  Any show
stopper issues with 1.4?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Black hole routing dynamically

2015-05-08 Thread Scott Voll

I am downloading a list of hacker networks that I would like to automate
updating a ACL on my router to blackhole them.

How are others doing this?  What is this called?  My Google-fu is not
working for me.

Thanks

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT: NTP windows servers

2015-03-26 Thread Scott Voll

we ended up changing the NTP FQDN to the IP and restarted services and it
fixed it.  It's like the FQDN only gets resolved once and never again.  So
after changing it to the IP I'm guessing I could change back to the FQDN.
 we were just hoping that changing the DNS was going to fix it.

Scott

On Wed, Mar 25, 2015 at 4:50 PM, Eric Louie elo...@techintegrity.com
wrote:

 restarting the NTP service might fix the problem, although if I'm reading
 this right, you restarted the Windows Servers after changing the NTP source.

 I'm assuming that you changed the C:\Program Files (x86)\NTP\etc\ntp.conf
 file to use the new address AND removed the old one.  Directions from there
 are to stop and start the NTP service.



 On Mon, Mar 16, 2015 at 12:54 PM, Scott Voll svoll.v...@gmail.com wrote:

 I am migrating NTP from one router to another (and changing IP addresses).

 All our servers were pointing to the old router for NTP.

 I have changed the NTP source on those servers to the new one.  restarted
 and if I log an ACL for NTP, I'm still seeing the servers connect to the
 old router.  Any ideas on how to fix that?  I'm not a windows server guy.

 TIA

 Scott
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT: NTP windows servers

2015-03-26 Thread Scott Voll

TTL is 1 hour. this lasted over 2 weeks before we changed from FQDN
to IP.  which corrected the problem.

On Thu, Mar 26, 2015 at 8:20 AM, Chuck Church chuckchu...@gmail.com wrote:

 What was the TTL of the DNS entry?  I'm assuming windows DNS respects TTLs
 and re-polls when it expires?

 Chuck

 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Scott Voll
 Sent: Thursday, March 26, 2015 10:44 AM
 To: Eric Louie
 Cc: cisco-nsp@puck.nether.net
 Subject: Re: [c-nsp] OT: NTP windows servers

 we ended up changing the NTP FQDN to the IP and restarted services and it
 fixed it.  It's like the FQDN only gets resolved once and never again.  So
 after changing it to the IP I'm guessing I could change back to the FQDN.
  we were just hoping that changing the DNS was going to fix it.

 Scott

 On Wed, Mar 25, 2015 at 4:50 PM, Eric Louie elo...@techintegrity.com
 wrote:

  restarting the NTP service might fix the problem, although if I'm
  reading this right, you restarted the Windows Servers after changing the
 NTP source.
 
  I'm assuming that you changed the C:\Program Files
  (x86)\NTP\etc\ntp.conf file to use the new address AND removed the old
  one.  Directions from there are to stop and start the NTP service.
 
 
 
  On Mon, Mar 16, 2015 at 12:54 PM, Scott Voll svoll.v...@gmail.com
 wrote:
 
  I am migrating NTP from one router to another (and changing IP
 addresses).
 
  All our servers were pointing to the old router for NTP.
 
  I have changed the NTP source on those servers to the new one.
  restarted and if I log an ACL for NTP, I'm still seeing the servers
  connect to the old router.  Any ideas on how to fix that?  I'm not a
 windows server guy.
 
  TIA
 
  Scott
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus Layer 2 Multicast and IGMP querier

2015-03-20 Thread Scott Voll

I'm not sure if I'm understanding everything correctly, But here is my 2
cents.


Cisco Live had a BUNCH of Nexus / Multicast sessions last year because with
the whole VPC / Active / active nature of Nexus it's a different beast.

we are using n5k's with Iayer 3.

But what we have found out is that Multicast does not flow over peer
links.  Thus one of the 5k's is the source the second one can hand out the
IP mroute to another connected device without the actual traffic.

Which lead us to put all of our layer three connected devices to run point
to point l3 rather than l2 vpc's

Then we had to figure out which 5k was the source and then add IP Mroutes
to the l3 connected devices to point to the correct 5k.

To add insult to injury we also found that VMware 5.1 vswitch has major
multicast issues.  so our Multicast server is being moved to a physical
box.  At least until we can get to a nexus 1000v or upgrade VMware to a
version that doesn't have Multicast issues.

YMMV

scott


On Thu, Mar 19, 2015 at 11:12 PM, Stoward, Matt 
matt.stow...@team.telstra.com wrote:

 We are in the middle of a large (1000s) of physical server (on IOS
 switches) to virtual server (on NX-OS) migration and more and more we are
 stumbling on weird situations like servers having back-to-back connections
 for heart beats where we have to make a non routable VLAN and run them out
 to all the prospective hosts to emulate this connectivity.

 Some applications need L2 multicast to work and because we don't have an
 any SVIs in these non routable VLANs we have been configuring up an IGMP
 querier under the VLAN configuration mode to get this to work but we are
 becoming reluctant to keep on creating more and more and more VLANs.

 I'm hoping to be able to run a general purpose clustering VLAN for this
 situation but I think I have a problem where one cluster might want to talk
 on say 192.168.34.0/24 and another on 10.10.10.0/24 and as the VLAN only
 allows one igmp querier address multicast will break for servers that talk
 on another range that the querier address does not belong to (e.g. igmp
 snooping querier 192.168.34.254 means that 192.168.34.0/24 cluster will
 work but a cluster talking on 10.10.10.0/24 will not work).

 We run a bunch of N2Ks so there is some unwillingness to turn off the
 multicast flood protection that would turn multicast into broadcast due to
 the 2K uplink cost of having lots broadcast on the network.

 I'm struggling to find documentation that confirms whether I can get
 different IP range IGMP working on NX-OS, and I'm hoping someone can
 confirm expected behaviour. I suspect I'm stuffed, and will need to either
 run some VLANs that turn off the multicast flood protection or commission
 even more VLANs.

 Regards,
 Matt


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: NTP windows servers

2015-03-16 Thread Scott Voll

I am migrating NTP from one router to another (and changing IP addresses).

All our servers were pointing to the old router for NTP.

I have changed the NTP source on those servers to the new one.  restarted
and if I log an ACL for NTP, I'm still seeing the servers connect to the
old router.  Any ideas on how to fix that?  I'm not a windows server guy.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: Adobe Media Server over Multicast

2015-03-02 Thread Scott Voll

Has anyone used Adobe Media Server with Multicast on their network?

I find that I'm having greater quality issues than when VLC when it comes
to Multicast.  I was just wondering if there is something I'm missing.
Either in the server side or the network side.

I've learned a lot since we have had do redesign some of the network with
cisco's nexus line.

But now looks to be a QoS type problem.

Thanks for any input.

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT: Wireless 2.4ghz

2015-02-04 Thread Scott Voll

I hear what everyone is saying but I thought 2.4ghz was being
deprecated?  When will manufactures stop producing it?

Scott


On Wed, Feb 4, 2015 at 8:29 AM, Blake Dunlap iki...@gmail.com wrote:

 Heh, in health care you're just lucky when the wireless super
 expensive med gear isn't B only, and requires a single broadcast
 domain with the server windows ME box that they refuse to let you
 own...

 Been there, got the t-shirt, ideally never again

 -Blake

 On Wed, Feb 4, 2015 at 5:31 AM, Andrew Gallo akg1...@gmail.com wrote:
  On 2/3/2015 4:53 PM, Scott Voll wrote:
 
  Not talking pie in the sky but reality. when do you think we will be
  able to turn off 2.4ghz wifi radios?  we currently have about 50/50 5ghz
  vs
  2.4ghz.
 
  What do you think?  18 months?
 
  TIA
 
  Scott
 
  Depends on your client base.  In healthcare, probably not anytime soon.
  There are still devices being manufactured with 2.4Ghz radios.  Given the
  long life cycle of some medical equipment, you could easily be looking at
  supporting 2.4Ghz for many, many years.
 
  Have you played around with Band Select?
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: Wireless 2.4ghz

2015-02-03 Thread Scott Voll

Not talking pie in the sky but reality. when do you think we will be
able to turn off 2.4ghz wifi radios?  we currently have about 50/50 5ghz vs
2.4ghz.

What do you think?  18 months?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Enabling multicast routing on 3750G platform

2015-01-28 Thread Scott Voll

and, remember that VLC only has a TTL of one I think. so in your VLC
config change your TTL to something like 10 (depending on the size of the
whole network).

Scott


On Wed, Jan 28, 2015 at 9:55 AM, Antonio Soares amsoa...@netcabo.pt wrote:

 Enable PIM on the loopback.


 Regards,

 Antonio Soares, CCIE #18473 (RS/SP)
 amsoa...@netcabo.pt
 http://www.ccie18473.net

 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Lobo
 Sent: quarta-feira, 28 de Janeiro de 2015 17:38
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] Enabling multicast routing on 3750G platform

 Hi everyone.  I've been trying to get multicast routing to work on a single
 3750G switch between two vlans but for the life of me it just doesn't work.
 When the host and receiver are on a single vlan the streaming works but
 then
 you don't even need multicast routing enabled for it to work.
 When I split the two hosts onto separate vlans that's where the problem
 begins.

 This is what I've configured so far and I'm sure it's just some extra
 commands I'm missing or something:

 ip multicast-routing distributed
 !
 ip pim rp-address 3.3.3.3
 !
 interface Loopback0
  ip address 3.3.3.3 255.255.255.255
 !
 interface GigabitEthernet1/0/1
 switchport access vlan 100
 !
 interface GigabitEthernet1/0/2
 switchport access vlan 200
 !
 interface Vlan100
 ip address 1.1.1.2 255.255.255.0
 ip pim sparse-dense-mode
 !
 interface Vlan200
 ip address 2.2.2.2 255.255.255.0
 ip pim sparse-dense-mode
 ip igmp join-group 239.0.0.1
 !

 The server streaming via VLC is 1.1.1.1 and is using 239.0.0.1 for the
 multicast address. The receiver is 2.2.2.1 and using VLC to stream.  I can
 see the traffic coming in on port 1 but no traffic leaving the switch's
 other port.

 BTW, I tried dense-mode and sparse-mode as well with similar results.

 Any thoughts?

 Jose
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: NAT64 kills what protocols?

2015-01-27 Thread Scott Voll

OK I think I know that NAT64 kills TFTP because the ipv4 address is in
bedded in the body of the packet.

What other protocols will not go through a NAT64 translation?

in wireshark, how do I see an IP in the body of the packet?  I have a
couple other applications that are having issues so I'm trying to figure
out why.

Thanks

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] is the list just slow?

2015-01-06 Thread Scott Voll

I have not seen any emails to the list since yesterday. is it just a
slow day, or is the list having issues.?

TIA

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] newbie questions about jumbo packets

2014-12-18 Thread Scott Voll

I'm working on my Nexus 5k's. I need to adjust QoS for the first time.  I'm
following the white papers about input QoS, Network QoS, and Queuing QoS.
I currently have a very simple network QoS with MTU of 9216 to allow jumbo
frames on the pair of Nexus (storage).

But now that I'm adjusting QoS I will be classifying my traffic, rather
than just using the default.  What happens if I add jumbo frames to all my
network classifications and it's not enabled everywhere (other switches
connected(Ethernet))?  I Believe on networks where the MTU is smaller it
will just down size to the standard 1500.  Is that correct?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VPN client logging?

2014-12-08 Thread Scott Voll

I know via the CLI and ASDM I can see the anyconnect client OS. Windows vs
Mac vs linux.

has anyone graphed or reported on this data historically?

If so, how?  I don't want to duplicate something if I don't have too.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] EIGRP has issues when Multicast is configured

2014-11-14 Thread Scott Voll

Anyone ever see issues with EIGRP flapping after enabling Multicast on the
network?

Network is Full Mesh over Provider MetroE cloud.  I'm only doing multicast
in a Star topology from the Hub.

I would not think I would need to enable ip multicast multipath on the
routers since it's eigrp.

Can someone give me some things I can do to troubleshoot the flapping of
EIGRP nodes?

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: Enterprise (Not ISP) Maintenance Windows

2014-09-26 Thread Scott Voll

For those of you working in an enterprise, company, agency, etc.  Do you
have a standard (network) maintenance windows?

If so, when?  How often?  Can you schedule anything in it, or if it will
cause an outage does it need to go through 3+ layers of meetings and buy
off to get it approved before you can schedule it?

I'm just trying to understand what the norm is, in the real world.

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] cisco 4451

2014-09-12 Thread Scott Voll

Anyone have a 4451 in production?  any concerns with it?  anything to watch
out for?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] QoS Thresholds......

2014-08-18 Thread Scott Voll

If I wanted to change my threshold  number 2, Example:

*mls qos queue-set output 1 threshold 2 3100 3100 100 3200*


Would that cause me any issues with Voice quality?


TIA


scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] icmpv6 through ASA

2014-07-25 Thread Scott Voll

How do you allow ICMPv6 into your network with a cisco ASA?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multicast group but no traffic

2014-05-14 Thread Scott Voll

Why would I see this on my WAN router?

(*, 225.5.5.5), 02:02:57/00:03:29, RP 10.255.255.2, flags: S
  Incoming interface: GigabitEthernet0/0, RPF nbr 10.0.1.3
  Outgoing interface list:
GigabitEthernet0/1.902, Forward/Sparse, 00:42:16/00:03:29

if I have an incoming and outgoing interface shouldn't I see an SC flag?

TIA

Scott



On Sat, May 10, 2014 at 12:20 AM, Vitkovský Adam adam.vitkov...@swan.skwrote:

 Well talking multicast you need to specify what route (state) are you
 seeing as well as which PIM mode are you running across your WAN.

 So you see either just the (*,g) state -means the designated router for
 the LAN segment as displayed by the cmd:  sh ip pim int (Nexus) has
 translated the IGMP membership reports(igmp joins) into PIM Joins and sent
 them towards the RP (would be good to know which of your routers is RP).
 You might actually be getting the stream if PIM is running in BIDIR or
 Dense mode -the stream can be checked via sh ip mroute active.

 Or you see also the (s,g) state -means the RP has an active source for the
 previously requested group or has send a register message towards the
 source.
 In either case as the source starts to send traffic down the shared tree
 (*,g) this is how the Nexus will learn about the source of the source for
 the group and can join source tree by sending PIM Join towards the Source
 (s,g) state.  -the stream can be checked via sh ip mroute active.


 adam
  -Original Message-
  From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
  Scott Voll
  Sent: Friday, May 09, 2014 9:38 PM
  To: Phil Mayers
  Cc: cisco-nsp@puck.nether.net
  Subject: Re: [c-nsp] Multicast group but no traffic
 
  VLC Player with TTL 10.  Connected to 3560 to Nexus 55xx with Layer 3.
   connection to 3845 over WAN to remote site, to 2911 to 2960 layer 2
 switch.
 
  I can see on Nexus, 3845 and 2911 the IP Mroute for the group I'm
 sending.
   Via a packet capture I can see the multicast local to the Nexus on
 multiple
  vlan's
 
  I can see on the 2960 the groups and interfaces.  But a wire capture on
 the
  local PC all I see is the join packets, no traffic.
 
  Other ideas?
 
  Scott
 
 
  On Fri, May 9, 2014 at 11:28 AM, Phil Mayers
  p.may...@imperial.ac.ukwrote:
 
   On 09/05/2014 18:53, Scott Voll wrote:
  
   I'm working on rolling out my Multicast across my WAN.
  
   I can see the Multicast group on the WAN router and I can see it on
   the switch interface, but I'm not getting the traffic.  What should I
   be looking at?
  
  
   That's a bit vague. John has made some good suggestions but you'd get
   more specific answers if you can specify the topology in detail.
  
   How are you determining you're not seeing the traffic? No video at
   receiver app? If so, check again with tcpdump/wireshark and look out
   for software firewalls. That one catches me a lot - I always forget
   iptables on my laptop :o(
  
   sh ip mr active and sh ip mr count are useful at L3 hops. L2 hops
   are far harder to debug, unfortunately.
  
   ___
   cisco-nsp mailing list  cisco-nsp@puck.nether.net
   https://puck.nether.net/mailman/listinfo/cisco-nsp
   archive at http://puck.nether.net/pipermail/cisco-nsp/
  
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Multicast Reporting......

2014-05-09 Thread Scott Voll

OK so we are moving from a Unicast to Multicast video stream and we have
been reporting on how many people are watching the stream.  as we move this
to a multicast stream how do I report on how many people are watching?

Are there package apps that will do this?  the only thing I can think to do
is run through every switch and see if it's receiving the stream and try to
sparse out the numbers.

There has to be a better way

TIA

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Multicast group but no traffic

2014-05-09 Thread Scott Voll

I'm working on rolling out my Multicast across my WAN.

I can see the Multicast group on the WAN router and I can see it on the
switch interface, but I'm not getting the traffic.  What should I be
looking at?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multicast group but no traffic

2014-05-09 Thread Scott Voll

VLC Player with TTL 10.  Connected to 3560 to Nexus 55xx with Layer 3.
 connection to 3845 over WAN to remote site, to 2911 to 2960 layer 2 switch.

I can see on Nexus, 3845 and 2911 the IP Mroute for the group I'm sending.
 Via a packet capture I can see the multicast local to the Nexus on
multiple vlan's

I can see on the 2960 the groups and interfaces.  But a wire capture on the
local PC all I see is the join packets, no traffic.

Other ideas?

Scott


On Fri, May 9, 2014 at 11:28 AM, Phil Mayers p.may...@imperial.ac.ukwrote:

 On 09/05/2014 18:53, Scott Voll wrote:

 I'm working on rolling out my Multicast across my WAN.

 I can see the Multicast group on the WAN router and I can see it on the
 switch interface, but I'm not getting the traffic.  What should I be
 looking at?


 That's a bit vague. John has made some good suggestions but you'd get more
 specific answers if you can specify the topology in detail.

 How are you determining you're not seeing the traffic? No video at
 receiver app? If so, check again with tcpdump/wireshark and look out for
 software firewalls. That one catches me a lot - I always forget iptables on
 my laptop :o(

 sh ip mr active and sh ip mr count are useful at L3 hops. L2 hops are
 far harder to debug, unfortunately.

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3750E to stack of 2960x.....

2014-03-06 Thread Scott Voll

We have a VTP domain.  so they are set to client.

But I think we are now thinking it's a SFP issue.

we have had several 2960X's in the lab that will not recognize the SFP
(glc-t) unless we reboot.  Then they are recognized and we use them.
 Yesterday we had on stack that lost it's primary sfp and looking at the sh
interface it shows no hardware in the SFP slot.  But after a reboot it came
back to life.

I know that putting a GLC-T in a SFP+ slot is overkill, but we have not
moved our new Nexus gear in yet to move to the 10 Gig SR stuff.  in the
compatiblity matrix it shows the GLC-T as supported in the spf+ slots of
the 2960X switch.  So is this a Bug?  Bug scrub comes up with nothing.

TIA

Scott


On Thu, Mar 6, 2014 at 3:03 AM, Darren O'Connor darre...@outlook.comwrote:

 If you think its spanning-tree you really need to check that it is. If it
 happens again make sure you console on and check the spanning-tree state
 before you reboot it. Are you actually running VTP? Did you turn VTP to
 transparent or off?

 Thanks
 Darren
 http://www.mellowd.co.uk/ccie



  Date: Tue, 4 Mar 2014 12:41:13 -0800
  From: svoll.v...@gmail.com
  To: blake.mailingl...@pfankuch.me
  CC: cisco-nsp@puck.nether.net
  Subject: Re: [c-nsp] 3750E to stack of 2960x.

 
  uplinks are Copper SFP's 1 gig. all cisco branded GLC-T. IOS on the 2960x
  is latest 15 ex4 code.
 
  I think it might be a spanning tree issue. we found that the legacy
  devices were still using pvst rather than rapid pvst.
 
  we are going to update everything to Rapid pvst and see if we have any
 more
  issues. Unfortunately I was not able to see the console before someone
  rebooted them. Looks like the switches were up and working. just the
  uplinks were not. No CDP from the 3750E.
 
  TIA
 
  Scott
 
 
 
  On Tue, Mar 4, 2014 at 11:44 AM, Blake Pfankuch - Mailing List 
  blake.mailingl...@pfankuch.me wrote:
 
   What kind of uplinks? Fiber or Copper? SFP? 1gig or 10gig? Cisco
   Branded SFP? IOS Versions on all affected devices?
  
   Thanks,
   Blake
  
   -Original Message-
   From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
 Of
   Scott Voll
   Sent: Tuesday, March 4, 2014 8:19 AM
   To: cisco-nsp@puck.nether.net
   Subject: [c-nsp] 3750E to stack of 2960x.
  
   I have a building that has a 3750E at the core and access layer with
 some
   new 2960X's
  
   I have both a stack of two and a single.
  
   Both have a port channel up to the 3750E.
  
   Both have now lost there uplinks to the 3750E within two days of being
   installed.
  
   Anyone have any ideas as to what to look for?
  
   I see nothing in the syslogs of either the 2960x or the 3750E.
  
   I'm thinking Spanning tree? or VTP? or ??
  
   Areas you would look at?
  
   TIA
  
   Scott
   ___
   cisco-nsp mailing list cisco-nsp@puck.nether.net
   https://puck.nether.net/mailman/listinfo/cisco-nsp
   archive at http://puck.nether.net/pipermail/cisco-nsp/
  
  ___
  cisco-nsp mailing list cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3750E to stack of 2960x.....

2014-03-06 Thread Scott Voll

Follow up. Bug CSCul88801
SFP's become unavailable

Scott


On Thu, Mar 6, 2014 at 7:23 AM, Scott Voll svoll.v...@gmail.com wrote:

 We have a VTP domain.  so they are set to client.

 But I think we are now thinking it's a SFP issue.

 we have had several 2960X's in the lab that will not recognize the SFP
 (glc-t) unless we reboot.  Then they are recognized and we use them.
  Yesterday we had on stack that lost it's primary sfp and looking at the sh
 interface it shows no hardware in the SFP slot.  But after a reboot it came
 back to life.

 I know that putting a GLC-T in a SFP+ slot is overkill, but we have not
 moved our new Nexus gear in yet to move to the 10 Gig SR stuff.  in the
 compatiblity matrix it shows the GLC-T as supported in the spf+ slots of
 the 2960X switch.  So is this a Bug?  Bug scrub comes up with nothing.

 TIA

 Scott


 On Thu, Mar 6, 2014 at 3:03 AM, Darren O'Connor darre...@outlook.comwrote:

 If you think its spanning-tree you really need to check that it is. If it
 happens again make sure you console on and check the spanning-tree state
 before you reboot it. Are you actually running VTP? Did you turn VTP to
 transparent or off?

 Thanks
 Darren
 http://www.mellowd.co.uk/ccie



  Date: Tue, 4 Mar 2014 12:41:13 -0800
  From: svoll.v...@gmail.com
  To: blake.mailingl...@pfankuch.me
  CC: cisco-nsp@puck.nether.net
  Subject: Re: [c-nsp] 3750E to stack of 2960x.

 
  uplinks are Copper SFP's 1 gig. all cisco branded GLC-T. IOS on the
 2960x
  is latest 15 ex4 code.
 
  I think it might be a spanning tree issue. we found that the legacy
  devices were still using pvst rather than rapid pvst.
 
  we are going to update everything to Rapid pvst and see if we have any
 more
  issues. Unfortunately I was not able to see the console before someone
  rebooted them. Looks like the switches were up and working. just the
  uplinks were not. No CDP from the 3750E.
 
  TIA
 
  Scott
 
 
 
  On Tue, Mar 4, 2014 at 11:44 AM, Blake Pfankuch - Mailing List 
  blake.mailingl...@pfankuch.me wrote:
 
   What kind of uplinks? Fiber or Copper? SFP? 1gig or 10gig? Cisco
   Branded SFP? IOS Versions on all affected devices?
  
   Thanks,
   Blake
  
   -Original Message-
   From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
 Of
   Scott Voll
   Sent: Tuesday, March 4, 2014 8:19 AM
   To: cisco-nsp@puck.nether.net
   Subject: [c-nsp] 3750E to stack of 2960x.
  
   I have a building that has a 3750E at the core and access layer with
 some
   new 2960X's
  
   I have both a stack of two and a single.
  
   Both have a port channel up to the 3750E.
  
   Both have now lost there uplinks to the 3750E within two days of being
   installed.
  
   Anyone have any ideas as to what to look for?
  
   I see nothing in the syslogs of either the 2960x or the 3750E.
  
   I'm thinking Spanning tree? or VTP? or ??
  
   Areas you would look at?
  
   TIA
  
   Scott
   ___
   cisco-nsp mailing list cisco-nsp@puck.nether.net
   https://puck.nether.net/mailman/listinfo/cisco-nsp
   archive at http://puck.nether.net/pipermail/cisco-nsp/
  
  ___
  cisco-nsp mailing list cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 3750E to stack of 2960x.....

2014-03-04 Thread Scott Voll

I have a building that has a 3750E at the core and access layer with some
new 2960X's

I have both a stack of two and a single.

Both have a port channel up to the 3750E.

Both have now lost there uplinks to the 3750E within two days of being
installed.

Anyone have any ideas as to what to look for?

I see nothing in the syslogs of either the 2960x or the 3750E.

I'm thinking Spanning tree?  or VTP?  or ??

Areas you would look at?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3750E to stack of 2960x.....

2014-03-04 Thread Scott Voll

uplinks are Copper SFP's 1 gig.  all cisco branded GLC-T.  IOS on the 2960x
is latest 15 ex4 code.

I think it might be a spanning tree issue.  we found that the legacy
devices were still using pvst rather than rapid pvst.

we are going to update everything to Rapid pvst and see if we have any more
issues.  Unfortunately I was not able to see the console before someone
rebooted them.  Looks like the switches were up and working. just the
uplinks were not.  No CDP from the 3750E.

TIA

Scott



On Tue, Mar 4, 2014 at 11:44 AM, Blake Pfankuch - Mailing List 
blake.mailingl...@pfankuch.me wrote:

 What kind of uplinks?  Fiber or Copper?  SFP?  1gig or 10gig?  Cisco
 Branded SFP?  IOS Versions on all affected devices?

 Thanks,
 Blake

 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Scott Voll
 Sent: Tuesday, March 4, 2014 8:19 AM
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] 3750E to stack of 2960x.

 I have a building that has a 3750E at the core and access layer with some
 new 2960X's

 I have both a stack of two and a single.

 Both have a port channel up to the 3750E.

 Both have now lost there uplinks to the 3750E within two days of being
 installed.

 Anyone have any ideas as to what to look for?

 I see nothing in the syslogs of either the 2960x or the 3750E.

 I'm thinking Spanning tree?  or VTP?  or ??

 Areas you would look at?

 TIA

 Scott
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] TRUSTPOOL_EXPIRATION_WARNING: The Trustpool will expire in 20 days

2014-01-21 Thread Scott Voll

Any idea what this error message is for:  TRUSTPOOL_EXPIRATION_WARNING: The
Trustpool will expire in 20 days 

It's coming from a 2960S stack of switches.

Thanks

scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Fwd: Anyone using Cisco Security Manager

2014-01-10 Thread Scott Voll

Is there anyone that is using CSM?  I'm new to the application and was
hoping to have some dialog with someone familiar with the application.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ScanSafe, aka Cisco Cloud Web Security

2013-12-06 Thread Scott Voll

Accept the terms of the captive portal, then all your connections go to
CCWS after that.  The anyconnect client is smart enough to not push the
traffic until it has a internet connection.  I guess unless you put it into
a closed state.  we have it open so that when they are out of the office
they can go through the portal, then be proxied.

Hope I understood that correctly.

Scott



On Thu, Dec 5, 2013 at 11:14 PM, Eugeniu Patrascu eu...@imacandi.netwrote:

 Hi,

 How do you handle captive portals in hotels and other venues where you
 first have to login into the portal and then have Internet access ?

 This is my biggest woe right now in this regards with any kind of proxy
 settings I can push to users.

 Thanks,
 Eugeniu


 On Thu, Dec 5, 2013 at 10:05 PM, Scott Voll svoll.v...@gmail.com wrote:

 We currently use CCWS (previously ScanSafe) with the Anyconnect client.
  Nice solution.  Whether your in the office or remoting from a Starbucks,
 the traffic is always proxied.  We went with the solution because of a
 couple reasons:

 1. with multiple egress points on the corporate network, we didn't want to
 be down if we lost a proxy server.

 2. corporate laptops whether in the office or at Starbucks would still be
 proxied.  This helps limit our virus and malware infections.  and provides
 HR reports.

 3 split tunneling would be an option because the traffic doesn't have to
 come back to your internal proxy.

 4. our remote home office bandwidth is very limited, so using the cloud it
 provided for better use of that bandwidth.

 all and all it's a good solution.  I'm not going to tell you that we have
 not had any issues, but with any new solution, there will be a couple
 bruises along the way.

 YMMV

 Scott



 On Wed, Dec 4, 2013 at 7:53 AM, Herro91 herr...@gmail.com wrote:

  Hi,
 
  I'm doing some research on the Cisco Cloud Web Security offering, also
  known as ScanSafe.
 
  Has anyone on the lists explored Cisco's ScanSafe SaaS offering, now
 called
  Cisco Cloud Web Security - as a means of providing protection in the
 cloud
  that would potentially negate the requirement to have a full tunnel
 (i.e.
  allow split tunneling) for teleworkers?
 
 
  Thanks!
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ScanSafe, aka Cisco Cloud Web Security

2013-12-06 Thread Scott Voll

you have a couple options.

option one, you can use the browser proxy via GPO or what ever, but this
limit's you to a single Tower (it's still a cluster setup, but if that DC
goes down, your still up a creek).

option two is that you install the Cisco Anyconnect Client (Web security
part, there is the VPN part, and some posturing parts two, but you just
need the base and the web security).  This Allows the client to check in
with all of the towers and pick the fastest response.  And there are towers
in a lot of different countries so if your users travel, it will pick the
closest, typically.  Thou we did have an issue where we picked a Canada
West coast rather than a US west coast..

YMMV

Scott


On Fri, Dec 6, 2013 at 7:39 AM, Eugeniu Patrascu eu...@imacandi.net wrote:

 Aha, so the client determines that hey, you need to authenticate to this
 portal first and then is business as usual. This makes complete sense.

 From the discussion I was under the impression that there is no client
 installed on the machine and you push browser proxy settings through GPO
 and that's it, hence my dilemma.

 Regads,
 Eugeniu


 On Fri, Dec 6, 2013 at 4:51 PM, Scott Voll svoll.v...@gmail.com wrote:

 Accept the terms of the captive portal, then all your connections go to
 CCWS after that.  The anyconnect client is smart enough to not push the
 traffic until it has a internet connection.  I guess unless you put it into
 a closed state.  we have it open so that when they are out of the office
 they can go through the portal, then be proxied.

 Hope I understood that correctly.

 Scott



 On Thu, Dec 5, 2013 at 11:14 PM, Eugeniu Patrascu eu...@imacandi.netwrote:

 Hi,

 How do you handle captive portals in hotels and other venues where you
 first have to login into the portal and then have Internet access ?

 This is my biggest woe right now in this regards with any kind of proxy
 settings I can push to users.

 Thanks,
 Eugeniu


 On Thu, Dec 5, 2013 at 10:05 PM, Scott Voll svoll.v...@gmail.comwrote:

 We currently use CCWS (previously ScanSafe) with the Anyconnect client.
  Nice solution.  Whether your in the office or remoting from a
 Starbucks,
 the traffic is always proxied.  We went with the solution because of a
 couple reasons:

 1. with multiple egress points on the corporate network, we didn't want
 to
 be down if we lost a proxy server.

 2. corporate laptops whether in the office or at Starbucks would still
 be
 proxied.  This helps limit our virus and malware infections.  and
 provides
 HR reports.

 3 split tunneling would be an option because the traffic doesn't have to
 come back to your internal proxy.

 4. our remote home office bandwidth is very limited, so using the cloud
 it
 provided for better use of that bandwidth.

 all and all it's a good solution.  I'm not going to tell you that we
 have
 not had any issues, but with any new solution, there will be a couple
 bruises along the way.

 YMMV

 Scott



 On Wed, Dec 4, 2013 at 7:53 AM, Herro91 herr...@gmail.com wrote:

  Hi,
 
  I'm doing some research on the Cisco Cloud Web Security offering, also
  known as ScanSafe.
 
  Has anyone on the lists explored Cisco's ScanSafe SaaS offering, now
 called
  Cisco Cloud Web Security - as a means of providing protection in the
 cloud
  that would potentially negate the requirement to have a full tunnel
 (i.e.
  allow split tunneling) for teleworkers?
 
 
  Thanks!
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/





___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ScanSafe, aka Cisco Cloud Web Security

2013-12-05 Thread Scott Voll

We currently use CCWS (previously ScanSafe) with the Anyconnect client.
 Nice solution.  Whether your in the office or remoting from a Starbucks,
the traffic is always proxied.  We went with the solution because of a
couple reasons:

1. with multiple egress points on the corporate network, we didn't want to
be down if we lost a proxy server.

2. corporate laptops whether in the office or at Starbucks would still be
proxied.  This helps limit our virus and malware infections.  and provides
HR reports.

3 split tunneling would be an option because the traffic doesn't have to
come back to your internal proxy.

4. our remote home office bandwidth is very limited, so using the cloud it
provided for better use of that bandwidth.

all and all it's a good solution.  I'm not going to tell you that we have
not had any issues, but with any new solution, there will be a couple
bruises along the way.

YMMV

Scott



On Wed, Dec 4, 2013 at 7:53 AM, Herro91 herr...@gmail.com wrote:

 Hi,

 I'm doing some research on the Cisco Cloud Web Security offering, also
 known as ScanSafe.

 Has anyone on the lists explored Cisco's ScanSafe SaaS offering, now called
 Cisco Cloud Web Security - as a means of providing protection in the cloud
 that would potentially negate the requirement to have a full tunnel (i.e.
 allow split tunneling) for teleworkers?


 Thanks!

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IPv6 in the lab......

2013-11-27 Thread Scott Voll

So I may be dense or something, but if I have two devices on a Vlan with
IPv6 addresses in the same network, why would I not be able to ping them?

Is there something I have to do on layer 2 switches in order to allow the
icmpv6 to flow?

Switches are 3560's and nexus 5500/2k's

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 filters

2013-11-19 Thread Scott Voll

So how do you keep IPv6 off of IPv4?  if you are running dual stack
shouldn't it just go out it's native protocol?

Scott


On Tue, Nov 19, 2013 at 6:42 AM, Mark Tinka mark.ti...@seacom.mu wrote:

 On Friday, November 15, 2013 02:56:39 PM Tony Tauber wrote:

  Depending on your OS, you may have to explicitly disable
  v6 routes being sent over a v4 session.
  That's possible to do but I don't know why one would want
  to in a truly dual-stack deployment.
  In v6 the only v4 artifact will be that the router ID
  is still a 32-bit number which is most commonly set to
  the v4 loopback or some such.

 This has been discussed a few times on this list.

 Some operators do it, others don't.

 I don't - I prefer to have my address families running over
 their own native transport. Some might see it as double
 work, but it's peace of mind and still looks neat :-).

 Mark.

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IPv6 filters

2013-11-14 Thread Scott Voll

New to IPv6 so sorry if this is a very basic question:

I currently am dual homed with ipv4

I'm currently using a filter list:

ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*

to make sure I'm not a transit provider.

in my googleing around I'm not seeing that done in IPv6

Looks Like I should be putting together prefix list instead.  is that the
best practices in IPv6?

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IPv6 BGP Dual Homed dual site

2013-09-19 Thread Scott Voll

I'm trying to wrap my head around the best way to setup BGP with IPv6

We currently have two different ISP's connected to two different sites.
 then we run iBGP between the sites.

so in an IPv4 world have a class C at each location.  then at each location
my Firewalls NAT to the correct Class C as they exit my network.

This way if the link between sites go down I'm not black holing the other
sites because each site has it's own Class C it's announcing.

Now if I have a single /40 and I'm subnetting it per location(eg /44), but
all the other sites behind these sites are within that /40 how do I make
sure I don't end up blackholing the other site(s)?  Does that make sense?
 Do I need to announce a /44 from each site?  if so, that will kill my
meshed network(internal) if one site(external) goes down, or the WAN links
go down.

Thanks for any ideas.  Is there a best practice for this kind of setup?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Network training clases

2013-08-29 Thread Scott Voll

Not sure if the classes are the same, but 13 years ago I took the CCNA
 courses at the local community College.  The first part of that class is
basically memorization.  What is the OSI model and what is done at each
level.  My instructor pounded us for a full term just on this stuff.  I'm
so thankful for that.  All Troubleshooting and configuration is based on
that knowledge.

YMMV

Scott


On Thu, Aug 29, 2013 at 10:43 AM, james edwards 
lists.james.edwa...@gmail.com wrote:

 My org is looking to get the field tech's into some basic network
 training. Mostly we are finding classes that are Cisco or other vendor
 centric and while we use a lot of Cisco gear we also use other vendors
 (HP and Vyatta). So we are looking for classes that are not specific
 to a vendor but teaches basic network skills and troubleshooting. Can
 anyone make a suggestion ? Off list is fine.


 James H Edwards
 State of New Mexico
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 5548 layer 3 interface counters????

2013-08-16 Thread Scott Voll

Does the Nexus 5548 with Layer 3 card support vlan interface counters in
any release?  I don't have them in version 5.2(1)N1(3), but need them, so
would like to know if they are in some other release.

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] NX-OS version 6.0?

2013-08-16 Thread Scott Voll

Anyone running NX-OS version 6.0 in production?  Specifically on 5500's.
 Any problems?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 5548 layer 3 interface counters????

2013-08-16 Thread Scott Voll

Found the bug ID CSCti07554.

need something newer than 6.0.2.n1(1)

Scott


On Fri, Aug 16, 2013 at 7:45 AM, Scott Voll svoll.v...@gmail.com wrote:

 Does the Nexus 5548 with Layer 3 card support vlan interface counters in
 any release?  I don't have them in version 5.2(1)N1(3), but need them, so
 would like to know if they are in some other release.

 Thanks

 Scott

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NX-OS version 6.0?

2013-08-16 Thread Scott Voll

Thanks Quinn and Blake.  Anyone using the layer 3 daughter cards?

Scott


On Fri, Aug 16, 2013 at 9:28 AM, Scott Voll svoll.v...@gmail.com wrote:

 Anyone running NX-OS version 6.0 in production?  Specifically on 5500's.
  Any problems?

 TIA

 Scott

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASA 8.4 to 9.1 question.

2013-08-06 Thread Scott Voll

OK, I'm slammed right now, but they are talking about upgrades of our ASA's
to 9.1.  we are currently on 8.4 train.  Is there a big difference like 8.2
to 8.4 there was?

or is this the typical type upgrade?

I just need to let them know how much time it's going to take to research
and implement.

Sorry for the laziness.  Much appreciated.

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] New Catalyst 6k chassis

2013-06-27 Thread Scott Voll

As for the 4xxx I had this conversation before cisco live It fits
between the isrg2 and the asr Do to bandwidth requirements and added
features it fits well in the 500mb to gig with services..


Ymmv

Scott

On Wednesday, June 26, 2013, Dobbins, Roland wrote:


 On Jun 27, 2013, at 10:10 AM, Justin M. Streiner wrote:

  It just seems like the new 6k is positioned to poach prospective
 customers from the (arguably) higher-margin Nexus 7k product line.

 Not 'just seems' - 'is'.  Just as the new fixed-config one is positioned
 to poach prospective customers from the 4xxx-series.

 ;

 ---
 Roland Dobbins rdobb...@arbor.net javascript:; // 
 http://www.arbornetworks.com

   Luck is the residue of opportunity and design.

-- John Milton


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net javascript:;
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] New Catalyst 6k chassis

2013-06-27 Thread Scott Voll

Per the cisco live session I was in... I believe it's layer three was
160gbps  I'm not pushing anything close so it works well for us.   6k's
could be an option but the push factor is that they don't have the FC. Or
unified ports.

For us the 5548ups work great.

Ymmv

Scott

On Wednesday, June 26, 2013, Jeff Kell wrote:

 On 6/26/2013 11:10 PM, Justin M. Streiner wrote:
  It just seems like the new 6k is positioned to poach prospective
  customers from the (arguably) higher-margin Nexus 7k product line.

 Now that you mention the N-word I have to ask (as we're looking into a
 deployment)...  how much of it is ready for prime time, and feature
 compatible with the Catalysts?

 I've been nudged toward the 5K series, but have heard the L3 version
 isn't ready for prime time (oversubscribed L3 module).

 I've been pointed at the 6K series, but somewhat amused by the 40G
 splits to 10G...

 We've only casually looked at the 7K... beyond our immediate budget.

 We are currently a 6500-based shop for Core and Border, FWIW.

 Jeff

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net javascript:;
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] New Catalyst 6k chassis

2013-06-26 Thread Scott Voll

Announced at cisco live yesterday I believe

Scott

On Wednesday, June 26, 2013, Phil Mayers wrote:

 On 09/06/13 20:58, Rinse Kloek wrote:

 Hi,

 Can someone confirm rumors about the new Catalyst 6k chassis ?
 The new Catalyst 6807-XL chassis will be able to scale up to 220-880Gbps
 per slot with feature linecards/sup. The chassis will be compatible with
 the current SUP2T supervisor.


 These are on the website now, for the curious.
 __**_
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at 
 http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] New Catalyst 6k chassis

2013-06-26 Thread Scott Voll

Nothing at cisco live shows the nexus, asr, or cats going away anytime soon.

Ymmv

Scott

On Wednesday, June 26, 2013, Gert Doering wrote:

 Hi,

 On Wed, Jun 26, 2013 at 04:38:16PM +0100, Phil Mayers wrote:
  Can someone confirm rumors about the new Catalyst 6k chassis ?
  The new Catalyst 6807-XL chassis will be able to scale up to 220-880Gbps
  per slot with feature linecards/sup. The chassis will be compatible with
  the current SUP2T supervisor.
 
  These are on the website now, for the curious.

 Doesn't particularily satisfy my curiousity :-) - the 6807XL so far is
 just a new chassis for -2T line cards, as there's no ultra-high-speed
 supervisor or line card yet.  Marketing this as investment protection
 for brand new 2T stuff is... interesting, though.

 Makes me wonder, though, which platform will survive in the end - 6500
 (with 6800 included), 7600, Nexus 7k, or ASR9k...  with 3-4 different OSes
 as well.

 gert
 --
 USENET is *not* the non-clickable part of WWW!
//
 www.muc.de/~gert/
 Gert Doering - Munich, Germany
 g...@greenie.muc.de javascript:;
 fax: +49-89-35655025
 g...@net.informatik.tu-muenchen.de javascript:;

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] router selection......

2013-05-28 Thread Scott Voll

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

Scott

On Tue, May 28, 2013 at 12:10 AM, Calin C. calin.chior...@secdisk.netwrote:

Hello Scott,

Where did you find that 2951 can do up to 300Mbps?

Per this document:

http://www.cisco.com/en/US/prod/collateral/routers/ps10538/aag_c45_556315.pdf

The upper router of ISR2 line can do up to 350Mbps, and that's a 3945E.

I did attached a document, with specs for different lines ISR2 and ASR,
maybe you can find it useful.
I take into consideration especially the Recommend WAN Access Speed
field from the attached document.

HTH,
Calin

On Fri, 24 May 2013 16:53:25 +0200 Scott Voll wrote

Sorry for the cross post. But I wasn't sure which was the better forum to
post in.

I currently have a 2951 running voice, Security, VPN, and Data. it works
really great for our current needs. BUT we are going to start pushing more
that 300mbps and this router is only rated for 296mbps per the spec sheet.

What is the next move up to support up to gig throughput and still support
ZBFW, GRE, IPSEC, PRI's for Voice, and QoS at Gig speeds?

Do I have to separate out my WAN (use an ASR) and then continue with the
2951 for my security / voice?

What are my options?

Thanks

Scott
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] router selection......

2013-05-24 Thread Scott Voll

Sorry for the cross post.  But I wasn't sure which was the better forum to
post in.

I currently have a 2951 running voice, Security, VPN, and Data.  it works
really great for our current needs.  BUT we are going to start pushing more
that 300mbps and this router is only rated for 296mbps per the spec sheet.

What is the next move up to support up to gig throughput and still support
ZBFW, GRE, IPSEC, PRI's for Voice, and QoS at Gig speeds?

Do I have to separate out my WAN (use an ASR) and then continue with the
2951 for my security / voice?

What are my options?

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 5548 Questions and experiences...

2013-05-16 Thread Scott Voll

We have just started our move from a 4506E to a set of 5548's.  NXOS is a
little different from IOS.  Learn the vPC, and such will be a good thing.
 as someone already stated, having one is not the best design.  With all
the 10 Gig stuff running, what are you going to use for layer 3?

we went with the 5548's, but there are some design considerations to be
made.  my understanding is you can't do a Non interrupting upgrade.  Was
not my plan originally, and makes upgrades more of a problem (especailly
with Storage running through them also), thus I'm back to what ever you
install will be on it until we by new hardware.  Thus we went with the 5.2
flavor, having been burned on .0 stuff way to often.

we have a Cisco Blade chassis with multiple blades.  very happy with the
TwinAX cables.  So long as you get the right sizes.  I don't like looping
them a bunch.  But it's hard to order before you get them in, with out
knowing were everything will be racked.

also another note, you will not want to place any IOS switches hanging off
the 2k's.  They don't support Spanning tree and will error disable your
port.  Wish I would have known that before buying a 5548.  Might have went
bigger.

YMMV

Scott


On Thu, May 16, 2013 at 7:35 AM, Blake Pfankuch - Mailing List 
blake.mailingl...@pfankuch.me wrote:

 Within the next week I will be starting my first dive into Nexus.  I have
 read the Cisco Press book for nexus, however its primarily focused on 4.x
 not 5.x and 6.x.

 I am looking for some real world feedback, including some of the gotchas
 people have found in existing deployments.  Really this will be a small
 deployment, a single 5548 for now and a couple 2232TM-E and 2224TP for
 fabric extenders.  What has been the experience using TwinAX cables to
 uplink to servers?  Cisco Twinax cables working only or have people been
 able to use HP/Sun/Dell provided cables with luck?  What's the experience
 with the Nexus B22 blade chassis FEX?

 OS suggestions?  Again this is going to be a new deployment, and its going
 into an environment that is not upgraded heavily.  As an example I have
 moved some devices off 12.2 (20) or earlier in the past few weeks.

 Thanks,

 Blake
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Config template utility?

2013-04-18 Thread Scott Voll

if your just looking for a canned solution, solarwinds works really well.

For the Vlan's you could just use VTP and wouldn't need the config manager.
 other things you still would.

Scott



On Wed, Apr 17, 2013 at 3:17 AM, Jimbo Jones jimbojones...@outlook.comwrote:

 Hi,

 Looking for any recommendations for a template utility - i.e., for adding
 new vrf's, interfaces, vlans to switches etc? Where you just enter in
 variables (eg,  vrf name, rd), and a pre-defined template is generated with
 the variables entered.

 Has anyone used Solarwinds network config manager?

 Cisco Template Manager? (http://www.gelogic.net/?page_id=3)

 Thanks.
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NAt issue - two isp connections, need to nat 2nd isp for two dest addresses only

2013-04-18 Thread Scott Voll

Look into PBR.  you didn't state what your network config looks like.  you
will need to setup PBR to say if it's going X then route Y, then add your
Nat'ing accordingly.

Scott


On Thu, Apr 18, 2013 at 6:12 AM, false jct...@yahoo.com wrote:

 I have a generic nat overload statement that nats all my internal
 (192.168.1.x) traffic outbound. Works fine. I just added a second dedicated
 isp connection for voip traffic only and I need to have traffic destined
 for the two provider voip servers use the second/new ISP connection and
 perform nat using the public ip address of this new isp connection.

 ex:
 192.168.1.0 - use isp1 connection with nat outside and nat inside
 statements using standard nat overload command, except:

 anything destined for 5.5.5.5 and 5.5.5.6 must use the second isp
 connection and nat accordingly.

 How do I accomplish this? Could someone provide a config snippet? Any help
 would be greatly appreciated.

 Thank you,

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus LR SR over VPC

2013-04-12 Thread Scott Voll

I have two different types of fiber between my buildings(roughly 300 meters
between); Multi mode and single mode.  I would like to run a 10gSR over MM
and a 10gLR over SM from my 4506e to my Nexus 5548's.  I would setup the
port channel on my 4506 and a Virtual Port channel over my pair of Nexus.
 Does anyone see any problems with that?  Would it be supported?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SPAN on Nexus 5k

2013-04-05 Thread Scott Voll

We tried to use the 5k(A) and it worked.  is the only way to get it working
on the 5k(B) is a remote SPAN?  Eventually the plan is to dual home the
4506 back to the 5k's but we currently can't do that.

TIA

Scott


On Fri, Apr 5, 2013 at 12:57 AM, Виктор Моисеев v...@psu.ru wrote:

 We are using something like this on 5K.
 We have some VPC to monitor on pair of 5Ks.

 monitor session 1
   source interface port-channel1012 rx
   destination interface Ethernet1/40
   no shut

 interface Ethernet1/40
   switchport monitor

 Are you sure that vlan9 traffic actually flows through 5k(B)?
 From your picture I see 4506 single-homed to 5k(A) only.
 If so, you might want to use RemoteSPAN.
 If 4506 dual-homed to both NXs via VPC
 you can monitor port-channels on both of N5K.


 Best regards,
 Victor Moiseev


  -Original Message-
  From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
  boun...@puck.nether.net] On Behalf Of Scott Voll
  Sent: Friday, April 05, 2013 2:31 AM
  To: cisco-nsp@puck.nether.net
  Subject: [c-nsp] SPAN on Nexus 5k
 
  I'm trying to setup a SPAN on a 5k and it's not working as I would have
  thought.
 
  Topology:
 
  Servers on vlan 9 connected to 4506E -10g- 5k(A) -Peer Link- 5k(B).
 
  I'm trying to setup a monitor session on 5k(B) that monitors vlan 9 but
  I'm
  not getting any traffic.
 
  Vlan 9 is allowed on all the trunks.
 
  Am I missing something here?
 
  Thanks
 
  Scott
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: ScanSafe and Office 365

2013-04-05 Thread Scott Voll

Has anyone successfully installed Office 365 while using ScanSafe service?
 If so, how did you get it working?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] SPAN on Nexus 5k

2013-04-04 Thread Scott Voll

I'm trying to setup a SPAN on a 5k and it's not working as I would have
thought.

Topology:

Servers on vlan 9 connected to 4506E -10g- 5k(A) -Peer Link- 5k(B).

I'm trying to setup a monitor session on 5k(B) that monitors vlan 9 but I'm
not getting any traffic.

Vlan 9 is allowed on all the trunks.

Am I missing something here?

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FQDN ACL's on ASA

2013-04-02 Thread Scott Voll

I went down that road too.  the policy-map type inspect http does NOT
have a permit or allow.  thus it won't work in this setup.

other options?

Scott


On Tue, Apr 2, 2013 at 8:47 AM, Vijay Ramcharan vrli...@gmail.com wrote:

 You can try with regex and MPF.
 See https://supportforums.cisco.com/docs/DOC-1268

 http://www.cisco.com/en/US/products/ps6120/products_configuration_example091
 86a0080940e04.shtml

 -Original Message-
 From: cisco-nsp-boun...@puck.nether.net
 [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll
 Sent: Thursday, March 28, 2013 6:10 PM
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] FQDN ACL's on ASA

 I know I can setup FQDN acls on my ASA, but is there a way to do wildcard
 Domain names?

 Example being *.microsoftonline.com

 We are looking to use office 365 and microsoft lists some FQDN and then
 they
 add a bunch of wildcard ones like above.

 If you can give me a link or example that would be great!

 TIA

 Scott
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SFPs for Nexus

2013-03-28 Thread Scott Voll

I'm guessing your problem, might be related to the multi-rate.  I think
cisco only has 1 gig or 10 gig, not something that does different rates.
 We found that with the 4gig and 8 gig FC.

Scott


On Thu, Mar 28, 2013 at 6:36 AM, Shane Heupel sheu...@twlakes.coop wrote:

 Is anyone using non-branded SFPs in their Nexus switches?  We have
 purchased some intel multi-rate SFPs and are curious if they would work in
 the Nexus.  Thus far, we've been able to get the ports to come up at 1Gig
 but can't get them to work at 10Gig.  If we put the SFPs in a 4948 10Gig
 port they come up at 10Gig.  Just curious if anyone else might have run
 into a similar issue.

 Thank you,
 Shane




 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco Wireless VOIP IP phone issue

2013-03-28 Thread Scott Voll

This is not a phone issue, but a Wireless network design issue.

What are you using for wireless?

What does your coverage look like?

There needs to be a very good overlap in order to have good voice coverage.

There was a great wireless class at cisco live about voice design on your
wireless network.

Scott


On Thu, Mar 28, 2013 at 10:09 AM, Zach Hill zach.reb...@gmail.com wrote:

 Does anyone know if there is a way to make a IP Phone update it's
 access-point more often? We're having an issue where traveling between two
 access points while on a call doesn't seem to poll for the strongest
 wireless signal often enough. The symptoms include bi-directional voice
 issues due to the low signal strength.

 It seems the phones attempt to stay with the access-point they were on when
 the call was made until it cannot reach it at all even at huge signal loss.

 Thanks,

 -Zach
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco Wireless VOIP IP phone issue

2013-03-28 Thread Scott Voll

I'm trying to remember everything from last year, some of it depends on
wireless power, AP placement, Speed in which the user is walking, what
objects might interfere etc.

I think they also talk about some specific setting that you want to set on
the wireless to force faster roaming.  Wish I could find that PP.

Scott


On Thu, Mar 28, 2013 at 12:16 PM, Zach Hill zach.reb...@gmail.com wrote:

 I'll do another coverage analyses though just to be sure and crank the
 access-points down a bit.


 On Thu, Mar 28, 2013 at 2:51 PM, Zach Hill zach.reb...@gmail.com wrote:

 Sorry, I said -65dB but meant -55dB in looking at the graphing I did just
 the other week.

 Thanks,

 -Zach


 On Thu, Mar 28, 2013 at 2:49 PM, Zach Hill zach.reb...@gmail.com wrote:

 Sorry but this isn't a wireless coverage issue. Doing wireless mapping
 it nver drops below -65dB walking throughout the entire building. Laptops
 and various other wirless network devices poll often enough to switch
 between the access points as to never lose full bars. The Cisco IP Phones
 are the only devices with issues.

 Based on my findings the IP Phones do not try and switch to the
 nearest/strongest access-point often enough.


 On Thu, Mar 28, 2013 at 2:40 PM, Scott Voll svoll.v...@gmail.comwrote:

 This is not a phone issue, but a Wireless network design issue.

 What are you using for wireless?

 What does your coverage look like?

 There needs to be a very good overlap in order to have good voice
 coverage.

 There was a great wireless class at cisco live about voice design on
 your wireless network.

 Scott


 On Thu, Mar 28, 2013 at 10:09 AM, Zach Hill zach.reb...@gmail.comwrote:

 Does anyone know if there is a way to make a IP Phone update it's
 access-point more often? We're having an issue where traveling between
 two
 access points while on a call doesn't seem to poll for the strongest
 wireless signal often enough. The symptoms include bi-directional voice
 issues due to the low signal strength.

 It seems the phones attempt to stay with the access-point they were on
 when
 the call was made until it cannot reach it at all even at huge signal
 loss.

 Thanks,

 -Zach
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/






___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] FQDN ACL's on ASA

2013-03-28 Thread Scott Voll

I know I can setup FQDN acls on my ASA, but is there a way to do wildcard
Domain names?

Example being *.microsoftonline.com

We are looking to use office 365 and microsoft lists some FQDN and then
they add a bunch of wildcard ones like above.

If you can give me a link or example that would be great!

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASA IPS Module SSM-20 in Failover Reboot

2013-02-21 Thread Scott Voll

I just installed a couple SSM-20's in my ASA's.  install was a little less
that I had hoped as the backup came online with the module and the Primary
didn't have the module yet.  So we will just say we had a little down time
(ever so brief).

my question now becomes, how do I reboot one of these modules without the
ASA failing over to the backup?  I don't want to knock off all my VPN users.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 5k version 6?

2013-02-15 Thread Scott Voll

Has anyone upgraded to 6.0 yet?

pro's? con's?  Stability?  Reason not to upgrade?

Ours is a new install, thus if I can upgrade now, I won't have to later.

Thanks for your opinions.

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Radius Nexus 5k permissions

2013-02-14 Thread Scott Voll

I have Radius setup on my Nexus 5k but I don't have permissions to copy run
start.  What is needed on the radius server?

I already have priv level 15.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Radius Nexus 5k permissions

2013-02-14 Thread Scott Voll

yes, that is what I have. I need the server side because after doing
this, I can log in and authenticate but doing anything including the copy
run start I get you don't have permission.  so the standard priv leve 15 is
not doing it.

if you can find out what attributes are being passed that would be very
helpful

Thanks

scott


On Thu, Feb 14, 2013 at 10:24 AM, Justin M. Streiner 
strei...@cluebyfour.org wrote:

 On Thu, 14 Feb 2013, Scott Voll wrote:

  I have Radius setup on my Nexus 5k but I don't have permissions to copy
 run
 start.  What is needed on the radius server?

 I already have priv level 15.


 Not sure about the RADIUS server side, but I can check.

 The RADIUS/AAA config on one of my Nexus 5Ks looks like this - pretty
 basic.

 radius-server key [KEY]
 radius-server timeout 2
 radius-server retransmit 0
 radius-server deadtime 2
 radius-server host 10.1.1.96 authentication accounting
 radius-server host 10.2.1.97 authentication accounting
 radius-server host 10.10.14.187 authentication accounting
 aaa group server radius RADIUS
 server 10.1.1.96
 server 10.2.1.97
 server 10.10.14.187
 ...
 aaa authentication login default group RADIUS local
 aaa authentication login console local
 aaa accounting default group RADIUS local

 jms

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Radius Nexus 5k permissions

2013-02-14 Thread Scott Voll

Thanks all. ended up being shell:roles=network-admin  This was for
ISE1.1.2 and Nexus 5k

Thanks

Scott


On Thu, Feb 14, 2013 at 12:59 PM, James Slepicka (c-nsp) 
cisco-...@slepicka.net wrote:

  I think the AV-Pair was something like shell:role=network admin or
 whichever role you want assigned to that user.
 I'm using:

 shell:roles=network-admin

 I seem to recall shell:role not working (though that may've been w/ MDS
 gear)

 -Original Message-
 From: cisco-nsp-boun...@puck.nether.net [mailto:
 cisco-nsp-boun...@puck.nether.net] On Behalf Of Eric Girard
 Sent: Thursday, February 14, 2013 1:18 PM
 To: Scott Voll; cisco-nsp@puck.nether.net
 Subject: Re: [c-nsp] Radius Nexus 5k permissions

 -Original Message-
 I have Radius setup on my Nexus 5k but I don't have permissions to copy
 run start.  What is needed on the radius server?

 I already have priv level 15.

 I don't have access to check on the systems that I did this on recently,
 but I recall that by default the Nexus does not pay attention to the
 :shell:priv-lvl Cisco AV-Pair.  Since the Nexus uses RBAC by default, I
 think the AV-Pair was something like shell:role=network admin or
 whichever role you want assigned to that user.  Hope that helps,

 Eric


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] New to Nexus gear.... how does the licenses work?

2013-02-13 Thread Scott Voll

So we just got our new 5548UPs in the door.  per the doc's it says the
licenses are installed from the factor.  But doing a show license usage we
get all the pkg files saying install -- no.  license count --

What am I missing here?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Fwd: 2960s-48fps-l flex stack

2013-01-14 Thread Scott Voll

I have a 2960s-48fps-l and when I inserted the flex stack module I get:

%PLATFORM-6-FLEXSTACK_UNSUPPORTED_MODULE: Unsupported FlexStack module
inserted in Switch 1. C2960S-F-STACK

Is this not supported?  I'm running 15.0.2se1.  How do I get it talking to
the other switches?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] How is this working..... ASA 5505 inside DHCP?

2012-12-06 Thread Scott Voll

I have a ASA 5505 running and working.

The inside interface is 192.168.1.1/24


but the config shows:

interface Vlan192
 nameif inside
 security-level 100
 ip address dhcp setroute

this 5505 is also the DHCP server for this network and default GW.  How in
the hey is it working?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Wake on Lan over layer 3 hops

2012-11-27 Thread Scott Voll

I need to be able to send a magic packet over three layer 3 hops.  Can this
be done?  all I'm finding is an ip directed broadcast on a simple layer 3
switch.

How do you do it over multiple router hops?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Wake on Lan over layer 3 hops

2012-11-27 Thread Scott Voll

Thanks all.  it ended up being the ACL didn't include the WoL server

Scott


On Tue, Nov 27, 2012 at 2:12 PM, Peter Rathlev pe...@rathlev.dk wrote:

 On Tue, 2012-11-27 at 13:55 -0800, Randy wrote:
  umm..since it is over three L3 hops, wouldn't OP also need -
  ip helper-address broadcast ip of dest_subnet at the source in
  addition to the above?

 Have the WoL management station use the subnet broadcast address as
 destination instead of the limited broadcast address. With the suggested
 helper-address configuration you'd send all WoL packets to all of your
 networks every time. And with many hundred access networks the interface
 configuration wouldn't scale.

 --
 Peter


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OT: Duplicate IP's.

2012-10-29 Thread Scott Voll

We have VM's and now Desktops that are getting Duplicate IP errors on boot
up when they have a static IP configured (and there is not duplicate IP).

VMware says it's a ASA issue with Proxy arp.  I have turned off proxy arp.
 Is there something else that may be causing these issues?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT: Duplicate IP's.

2012-10-29 Thread Scott Voll

Care to expand?

Scott

On Mon, Oct 29, 2012 at 8:46 AM, Iftikhar Mehar iftikhar.me...@maxima.co.uk
 wrote:

 VLANs are not properly set up between the VMs and the hardware switch
 ports.

 Regards,
 Ifti

 -Original Message-
 From: cisco-nsp-boun...@puck.nether.net
 [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll
 Sent: 29 October 2012 15:40
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] OT: Duplicate IP's.

 We have VM's and now Desktops that are getting Duplicate IP errors on
 boot up when they have a static IP configured (and there is not
 duplicate IP).

 VMware says it's a ASA issue with Proxy arp.  I have turned off proxy
 arp.
  Is there something else that may be causing these issues?

 TIA

 Scott
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/


  This message has been scanned for malware by Websense. www.websense.com


 DISCLAIMER:This message is intended only for the use of the person(s)
 (the intended recipient(s)) to whom it is addressed. It may contain
 information which is privileged, proprietary and/or confidential within the
 meaning of applicable law. If you are not the intended recipient, be
 advised that you have received this email in error and that any use,
 dissemination, forwarding, printing or copying of this message (including
 any attachments) is strictly prohibited. If you have received this message
 in error, please contact the sender of this message as soon as possible.
 The views or opinions expressed in this message are those of the author and
 may not necessarily be the views held by Maxima Holdings plc.Maxima
 Holdings plc. Cotswold Court, Lansdown Road, Cheltenham, Glos, GL50 2JA.
 Registered in England. 5043538. VAT Number - 728778184

 This message has been scanned for malware by Websense. www.websense.com

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT: Duplicate IP's.

2012-10-29 Thread Scott Voll

8.4.4.5

On Mon, Oct 29, 2012 at 8:48 AM, Ryan West rw...@zyedge.com wrote:

 ASA version?

 -Original Message-
 From: cisco-nsp-boun...@puck.nether.net [mailto:
 cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll
 Sent: Monday, October 29, 2012 11:40 AM
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] OT: Duplicate IP's.

 We have VM's and now Desktops that are getting Duplicate IP errors on boot
 up when they have a static IP configured (and there is not duplicate IP).

 VMware says it's a ASA issue with Proxy arp.  I have turned off proxy arp.
  Is there something else that may be causing these issues?

 TIA

 Scott
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT: Duplicate IP's.

2012-10-29 Thread Scott Voll

No, it does not show a mac for the dup ip.  I could only wish.

On Mon, Oct 29, 2012 at 10:34 AM, Jay Hennigan j...@west.net wrote:

 On 10/29/12 8:40 AM, Scott Voll wrote:
  We have VM's and now Desktops that are getting Duplicate IP errors on
 boot
  up when they have a static IP configured (and there is not duplicate IP).

 Does the duplicate IP error show the MAC address of the conflicting
 device?  If so, what have you done to track it down on the network?

 --
 Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
 Impulse Internet Service  -  http://www.impulse.net/
 Your local telephone and internet company - 805 884-6323 - WB6RDV
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Config management

2012-10-26 Thread Scott Voll

Solarwinds or Rancid.

Scott

On Fri, Oct 26, 2012 at 12:51 PM, Dan Letkeman danletke...@gmail.comwrote:

 Hello,

 Curious as to what everyone is using for config management for
 switches.  I have a few hundred 2960's and 3560's to manage on a
 regular basis, and I would like to have something that can make mass
 config changes.  Not really looking for anything to monitor them as I
 have that part covered.  Just the ability to mass add to acl's or
 upload config changes to keep everything consistent.


 Thanks,
 Dan.
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] proxy arp?

2012-10-12 Thread Scott Voll

what could break if I turn Proxy arp off on my inside or DMZ interface of
my ASA?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] layer 3 switch vs router....

2012-10-03 Thread Scott Voll

Can anyone fill in the blanks for me?

We currently have MetroE connections to all our remote sites.  we use a
3845 at the core and 38xx or 28xx to all the remote sites.  Current
connections are 200mb.

Remote sites are Voice Routers, and do FW / IPSec VPN backup to the Core in
case of WAN failure.

If I move my remote site Routers back, and put a Layer 3 switch in front to
do the routing (wire speed) what will I lose?

Do I lose QoS flexiblity?

I should still be able to do my backup VPN with the current Router as it
only has about a 20mb backup link and will still be a routing peer.

Is there anything else I might loose by moving to a Layer 3 switch rather
than a 2951?

Any suggestions as to a Layer 3 switch to use?  3750x?  I only need 48 1
gig ports.  49xx? Other thoughts?

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Etherchannels on a 4506E?

2012-09-25 Thread Scott Voll

How many Ether channels (port channels) can you have setup on a Cat 4506E
with sup 6E?  I can't find the documentation on it.

Thanks

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

1 2 >

1 - 100 of 149 matches

Mail list logo