Re: [c-nsp] BVI MTU Question
Randy wrote: I perhaps; should have been *clearer*! Default-MTUs for different media-types are *different*! That does not by any stretch of the imagination *imply* that a router/switch's BVI/SVI/L3-interface will *auto-magically* coalesce(INCREASE) transit-datagrams to fit the MTU of the outgoing-interface. I'm *not* looking to increase the size of the datagrams for an outbound interface. I have two internal interfaces. One with public IPs and one with private IPs. I have one external interface, which is bridged with the public internal interface. I want to be able to pass large datagrams *between the two internal interfaces* while fragmenting traffic originating with either internal interface and heading for the external interface. It sounds like even that is impossible, which sucks. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BVI MTU Question
Randy wrote: ...at L2 no! the BVI itself is l3 so as long as you have your mtu set to the lowest-common-denominator it will work(while your L2 interfaces are set to a higher mtu) From your email, it appears you are trying to do this *mtu-translation* at L2-conditionally. That will not work. Hmmm. In the past, when I hooked a Layer 2 switch (such as a C5500) with, say, FDDI and 10BASE-T on it, the switch had no trouble translating the ethernet's 1500-byte MTU to the FDDI's 4470. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BVI MTU Question
Randy wrote: I was thinking all ethernet for some reason...but translation between different media-types should work. My bad Is gigabit ethernet (1000BASE-SX) considered the same media type as fast ethernet (100BASE-TX)? Because that's my configuration. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BVI MTU Question
Hi. I'm running a bridge group between a Gig E interface and a Fast E interface. I'd like to use jumbo frames on the Gig E interface and have it translate the MTU for packets headed to the Fast E interface, but not translate the MTU for packets headed to a jumbo-frames enabled Gig E interface that's not part of the bridge group. Is this doable? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Brocade Vs Cisco
Mack McBride wrote: HP also has very solid switch gear, much of this is patent rights from Cisco so the tech is the same Ciscos. Primary advantage is price. The CLI leaves something to be desired. I've had very good luck with HP's Procurve switching gear, both in terms of reliability and performance. Not so much luck with HP's 3com-acquired gear. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] half duplex question
Dave Weis wrote: If the half duplex circuit is plugged directly from one device to another device, how could you possibly have collisions without a hub somewhere in the mix? You'll get collisions if the devices at either end of the link try to talk at the same time. The more traffic there is on the link, the more likely this is to happen. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] FDDI card for 7200 VXR
Luan Nguyen wrote: Ah, glad you brought that up. I was looking into a FDDI to Fast Ethernet converter: http://www.data-connect.com/RAD_AMC-101.htm http://www.data-connect.com/RAD_AMC-101.htmWonder if anyone uses those kind of converter and how reliable are they? I have a FDDI hand off. I use a Cisco Catalyst 5500 for this purpose (and to translationally bridge from FDDI to Gigabit Ethernet). The cheap solution, back in the day, was to use a 3Com CoreBuilder 2500. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Feedback on upcoming removal of FTP access to secured software
Gert Doering wrote: I may be able to lead the cabal if folks so desire, rounding up the right people from the cisco side. Count me in. But you know that already :-) Me too, FWIW. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C65K: Any significant correlation between import filter route-map complexity and BGP Router process utilization?
Ćukasz Bromirski wrote: On 2010-09-05 01:52, Keegan Holley wrote: I thought this was only optimized for TCAM operations related to packet filtering/manipulation. No, Turbo ACLs were actually made for software-forwarding platforms - primarly 7200, 7500, later 12000 with old engines to speed up the processing time by use of more RAM memory for additional lookup tables. I thought the 7200 was software-forwarded, and the 7500 and 12000 used ASICs loaded with the tables to do the forwarding? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL
Gert Doering wrote: I'm shopping on ebay. Is there any way to tell the difference by looking at them? The ones marked PA-2FE-TX/ISL or PA-2FEISL-TX are two different parts? Because they seem to be the same price. The ones with no mention at all of ISL sell for $150-200 more. I'm not sure. show diag should tell the difference, quite obviously, but I'm not sure whether it's easily visible from the outside. From the diagrams in the Installation and Configuration docs for each PA, it seems the PA-2FE-TX has PA-2FE-TX on the faceplate and the PA-2FEISL-TX has Fast Ethernet/ISL on the faceplate. CCO is a bit thin on this, the search results mainly point to this page http://www.cisco.com/en/US/docs/interfaces_modules/port_adapters/roadmaps/11022pa.html ... which makes clear that the PA-2FEISL and the PA-2FE-TX are different PAs, but doesn't say anything about the FEISL itself either. It seems that PA-2FE-TX/ISL == PA-2FEISL-TX. There is no difference. I have to look specifically for a PA-2FE-TX. Damn. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SA-VAM
Is there any way to get a SA-VAM card working in a 7500? I have both VIP2-50s and VIP4-80s available to me. The card doesn't show up in show inventory. That said, I don't know if there's a problem with the hardware or not. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500/7600
Seth Mattinen wrote: What's the difference between the C6500 and the 7600? Just software? Oh no, you're going to wake Gert :-). I always find Gert's input quite educational. ;) As do I, but being somewhat of a newbie with all this stuff, I find lurking and reading the conversations of most of you to be highly educational. (By profession, I'm a coder -- I do this network stuff in my spare time because I think it's cool.) Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL
Joe Maimon wrote: Real world I would not expect any more than roughly the same throughput through a 7500 RSP4 with VIP2-50 as you will an NPE-400. Of course. However, GEIP+ are significantly cheaper than PA-GEs, and I'm running VIP4-80s. I'd love to run an RSP8 but they still cost $$$. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL
Gert Doering wrote: I've read in the list archive of people complaining about the performance of the /ISL port adapters. I've been using a number PA-FE-TX/ISL for years without trouble. However, now I need to upgrade to PA-2FE port adapters to get auto-duplex negotiation. Those two are not the actual problematic ones - those were called PA-FEISL or something like this. I'm shopping on ebay. Is there any way to tell the difference by looking at them? The ones marked PA-2FE-TX/ISL or PA-2FEISL-TX are two different parts? Because they seem to be the same price. The ones with no mention at all of ISL sell for $150-200 more. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL
Joe Maimon wrote: If you are shopping the used market, you may be better off with the 7200 series. The 7500 isnt worth the juice it sucks and even when it was supported, it was an abysmal experience. First of all, I already have the 7500 gear. Second, doing 7200 with gigabit is WAAY more expensive. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6500/7600
What's the difference between the C6500 and the 7600? Just software? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bridging + Routing + NAT
Christopher Gatlin wrote: Change ACL 101 to reflect the following and I think you'd be good to go. access-list 101 deny ip 172.22.22.0 0.0.0.255 173.50.165.0 0.0.0.255 access-list 101 deny ip 173.50.165.0 0.0.0.255 172.22.22.0 0.0.0.255 access-list 101 permit ip any any Even though I don't have any control over that network except hosts 173.50.165.26-30? I don't want to be spewing my private network traffic to machines that have nothing to do with me. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Linear Flash
Is it possible to use a larger-than-32MB linear flash card in an RSP4? For example, a card compatible with the MEM-C6K-FLC64M? Failing that, is there any other way of getting a recent IOS onto an RSP4 without replacing it with something newer (RSP4+/RSP8)? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Linear Flash
Joe Maimon wrote: A recent bootflash image will boot system images from ATAPI/IDE (normal) flash, and will work with cf+pc card adapter up to at least 1gb size (personal experience) This applies to the RSP4 too? Not just the RSP4+? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL
I've read in the list archive of people complaining about the performance of the /ISL port adapters. I've been using a number PA-FE-TX/ISL for years without trouble. However, now I need to upgrade to PA-2FE port adapters to get auto-duplex negotiation. I understand from my readings that the PA-2FE-TX/ISL can't push both ports at line rate. However, I'll be using only one port of the two. Is there any downside to using the PA-2FE-TX/ISL if I'm only using one port, and I'm not using ISL (or any other VLAN stuff for that matter) at all? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Bridging + Routing + NAT
The machines on the bridged interfaces can talk to the outside world, the machines on the private network can talk to the outside world with NAT, but the machines on the bridged network can't talk to the machines on the private network. What am I doing wrong with the following configuration? Peace... Sridhar bridge irb ! ! interface FastEthernet2/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly no ip mroute-cache half-duplex no cdp enable no mop enabled bridge-group 1 ! interface FastEthernet2/1/0 ip address 172.22.22.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip policy route-map bypass-out full-duplex no cdp enable no mop enabled ! interface FastEthernet3/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly no ip mroute-cache half-duplex no cdp enable no mop enabled bridge-group 1 ! interface BVI1 ip address 173.50.165.26 255.255.255.0 ip nat outside ip virtual-reassembly ip policy route-map bypass-in ! ip classless ip route 0.0.0.0 0.0.0.0 173.50.165.1 ! ip nat translation max-entries 300 ip nat inside source route-map nat-traversal interface BVI1 overload ! access-list 101 deny ip 172.22.22.0 0.0.0.255 173.50.165.24 0.0.0.7 access-list 101 deny ip 173.50.165.24 0.0.0.7 172.22.22.0 0.0.0.255 access-list 101 permit ip 172.22.22.0 0.0.0.255 any access-list 101 deny ip any any access-list 102 permit ip 173.50.165.24 0.0.0.7 172.22.22.0 0.0.0.255 access-list 102 deny ip any any access-list 103 permit ip 172.22.22.0 0.0.0.255 173.50.165.24 0.0.0.7 access-list 103 deny ip any any ! route-map bypass-in permit 10 match ip address 102 set interface FastEthernet2/1/0 ! route-map nat-traversal permit 10 match ip address 101 ! route-map bypass-out permit 10 match ip address 103 set interface BVI1 ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip no bridge 1 bridge appletalk no bridge 1 bridge clns no bridge 1 bridge decnet ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How to run script file from flash
John Neiberger wrote: I have a set of complicated commands that I need to run periodically on several modules on a bunch of routers. I'd like to create a text file of the commands and store it on the flash of each router, then just run the commands from the text file stored on the router. I know we can use more to view the file, but since this will just be a file of show commands, is there a way to have the script run as if I were entering the commands myself? It would save me a lot of time if I could just run the script from the CLI. man 1 expect Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Don't NAT a Subset of Traffic
I have a Verizon FiOS connection with 5 IP addresses attached to my 7505. So because it's excluded from the access-list, traffic from my private network 172.16.16.0 to my public IP addresses is not NATed. I still can't figure out how to pass this traffic without NATing it. If I remove the deny line from the access-list, the traffic is correctly passed NATed. Anyone have any ideas for me? Thanks. Peace... Sridhar A snippet of my configuration (with irrelevant bits removed) follows: bridge irb ! ! interface FastEthernet2/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly no ip mroute-cache half-duplex no cdp enable no mop enabled bridge-group 1 ! interface FastEthernet2/1/0 ip address 172.16.16.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly full-duplex no cdp enable no mop enabled ! interface FastEthernet3/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly no ip mroute-cache half-duplex no cdp enable no mop enabled bridge-group 1 ! interface BVI1 ip address 173.50.165.26 255.255.255.0 ip nat outside ip virtual-reassembly ! ip classless ip route 0.0.0.0 0.0.0.0 173.50.165.1 ! ip nat translation max-entries 300 ip nat inside source list 101 interface BVI1 overload ! access-list 101 deny ip 172.16.16.0 0.0.0.255 173.50.165.24 0.0.0.7 access-list 101 permit ip 172.16.16.0 0.0.0.255 any access-list 101 deny ip any any ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Don't NAT a Subset of Traffic
Ziv Leyes wrote: Where do you want to pass the traffic without NAT? to your own public network? What else do you have connected there? Some server? I can suggest you either create a NAT pool of a single public IP from your range, and let it access the other public IPs in the same range. OTOH, if all your devices are on the same network, why don't you just access them via the local IPs instead the public ones? Actually, I just figured it out. I neglected to deny the traffic into the private network from the public network. It's working now. Thanks. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Don't NAT a Subset of Traffic
Octavio Alvarez wrote: I have a Verizon FiOS connection with 5 IP addresses attached to my 7505. So because it's excluded from the access-list, traffic from my private network 172.16.16.0 to my public IP addresses is not NATed. I still can't figure out how to pass this traffic without NATing it. If I remove the deny line from the access-list, the traffic is correctly passed NATed. Anyone have any ideas for me? I would go for: it is passing but you don't have return routes on your external hosts. That's what I thought I had, but when I just tried it, it didn't work. My current configuration: bridge irb ! interface FastEthernet2/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly no ip mroute-cache half-duplex no cdp enable no mop enabled bridge-group 1 ! interface FastEthernet2/1/0 ip address 172.16.16.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly full-duplex no cdp enable no mop enabled ! interface FastEthernet3/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly no ip mroute-cache half-duplex no cdp enable no mop enabled bridge-group 1 ! interface BVI1 ip address 173.50.165.26 255.255.255.0 ip nat outside ip virtual-reassembly ! ip classless ip route 0.0.0.0 0.0.0.0 173.50.165.1 ! ip nat translation max-entries 300 ip nat inside source list 101 interface BVI1 overload ! access-list 101 deny ip 172.16.16.0 0.0.0.255 173.50.165.24 0.0.0.7 access-list 101 deny ip 173.50.165.24 0.0.0.7 172.16.16.0 0.0.0.255 access-list 101 permit ip 172.22.22.0 0.0.0.255 any access-list 101 deny ip any any Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] GEIP+
My years-long quest to get a pair of GEIP+ boardsets has finally come to fruition. However, I have one question. Does the GEIP+ support 1000BASE-T GBICs? I don't need it to be eligible for Cisco support; I just need it to work. Failing that, does the C4912G support 1000BASE-T GBICs? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] full duplex mismatch speed - dynamips
Abello, Vinny wrote: The PA-FE-TX (at least the ones I've used) don't support auto speed/duplex, so it's not that they have problems with auto. They just don't support it. I've always had to set the device up that they're talking to using manual settings. It's especially bad when the device on the other end of the link from the PA-FE-TX is something for which you don't have administrator access, as it is in my case with my Verizon FiOS ONT. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-FE-TX Duplex
Gert Doering wrote: NAME: module 0, DESCR: I/O Dual FastEthernet Controller PID: C7200-I/O-2FE/E , VID:, SN: 33390818 ... and dual port. Different chip, different driver, different (less) bugs. The 2FE/E is more similar to the PA-2FE-TX. So can I conclude from your statement that the PA-2FE-TX *does* support autonegotiation? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PA-FE-TX Duplex
Is there any way to get a PA-FE-TX to autonegotiate duplex? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DC Inverters
Charles Mills wrote: Is anyone running DC for their Cisco 6509's and just using rack mount DC inverters in lieu of having a DC Power Plant? And..if so, what's everyone using for their inverters? Any to avoid or to recommend? I think the word you're looking for is rectifiers. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Come Join My Network at Digg
Is there any way to prevent these kinds of messages from making it all the way to the list? It's a pretty bad waste of bandwidth, both network and human. Peace... Sridhar Shivlu Jain (via Digg) wrote: Shivlu Jain is a member of Digg and would like to send you an invitation. With Digg you can help promote and share news to the millions of Digg viewers with a single click (Digging a story). www.mplsvpn.info It's free to join and only takes a minute to sign up! Just go to Digg to register: http://digg.com/invitefrom/mplsvpn?OTC-em-in1 To verify that this email was sent by Digg user mplsvpn, visit: http://digg.com/verifymail?key=d8a9047371f7e63f05505baf1aa43d09OTC-em-in2 To opt out of ALL future emails from Digg, visit: http://digg.com/optout?key=dbf51200686ad5926d59fc061fcab515OTC-em-in3 Digg will NOT store your email address, even if you opt out! Digg will store only an encrypted key, which even Digg cannot decipher. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can Ping Websites but cannot browse.
bharath kondi wrote: Dear All, I have a strange situation, I can browse the websites but cannot browse them. Please share your finding with me. That's often caused by MTU problems. Are you on an ADSL line? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can Ping Websites but cannot browse.
Phil Mayers wrote: Alexander Clouter wrote: Phil Mayers p.may...@imperial.ac.uk wrote: bharath kondi wrote: I have a strange situation, I can browse the websites but cannot browse them. Check for MTU issues It is a pretty impressive to screw up non-SSLed traffic with an MTU issue, I would be more inclinded to think it's something else. That directly contradicts my experience. I have observed widespread failures with ordinary HTTP traffic when MTU problems occur. It depends very much on the website you're hitting and their architecture, as well as the nature of the MTU problem. One reason why it causes so many problems is that people sometimes ignore (or drop in firewall) PMTUD messages. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] GEIP+ Prices
Why do GEIP+ cards go for so much money? There can't be *that* many people left on the 7500 platform... Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Long Uptime
Ziv Leyes wrote: I second that, besides, back then, there were not so many bugs as today, as with every new feature and more complex technology comes also a lot of bugs. When systems were simpler, there were less problems, how many times do you remember having to hard reset your PC when using DOS 6.2 because it hanged and nothing else could be done?? Also, the exploits that might be there on such an old device are SO old that nobody will think to try, is like to try to find a computer with Netbus Trojan open for you to just hack in... heheh Besides that, there are operating systems that can be updated without a reboot. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Long Uptime
Nic McCartney wrote: Not techy, just interesting anyone beat this uptime? I can, but not on a Cisco. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SSH from router to linux
Roy wrote: I am trying to ssh from a 2811 to linux box. I telnet to the Cisco and issue ssh -l root xx.xx.xx.xx and I get the password prompt. I enter that and then logon goes through and I get the shell prompt. The problem is that nothing I type seems to get through to linux. Is there some magic I am missing? Does the TERM environment variable make sense? Are there any stty lines anywhere in your login configuration? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750 or 3560?
ann kok wrote: why click tinyurl.com to redirect to cisco site? Do they have any relationship? Because the Cisco URL in question was long. That's the purpose of TinyURL and services like it. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] downloads broken?
Hank Nussbacher wrote: On Tue, 18 Nov 2008, Jared Mauch wrote: They don't hear us, they don't see us unless we happen to be doing some 6 digit tender for equipment. With their stock having dropped from 29 to under 16 today all in the course of 12 months, do you really think any VP there cares whether Jared is having a bad download day? When a company loses $90B in market cap in a year, they are for sure cutting the high expense, highly trained workforce, and hiring newly minted temps and untrained newbies to reduce their payroll expenses. The results are all rather obvious. Yeah, more customers will get pissed off and they'll lose *another* 50% of their market cap. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] GEIP or PA-GE
Anyone know where I can GEIP, GEIP+ or PA-GE cards cheap? I'm running a 7505 at home, and I'm not made of money. 8-) Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GEIP or PA-GE
Martin Moens wrote: Tried Ebay? Yup. Very expensive. More than some dealer prices. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RS232 to TCP/IP
[EMAIL PROTECTED] wrote: we need to send serial data from a PC with a rs232 Interface over IP/TCP to a Server. This was done with X.25 over Sat before. Is there any Solution to use pure IP to transport this Data Try a terminal server. I use them for that kind of stuff all the time. I suppose you could use a serial print server to rig up something similar, but the terminal server will be easy right out of the box. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 877 DSL Sync issue
Vinny Abello wrote: The 877 is for ADSL. Last I knew, I thought Covad's DSLAMs only did SDSL. What Netopia model does it work with? I can confirm if the 877 is incompatible if you let me know what does work with it. I have had ADSL service from Covad in the past. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Internet Routing Table Size
Richard A Steenbergen wrote: On Fri, Oct 10, 2008 at 03:55:04PM -0400, Jared Mauch wrote: Does anyone have a rough idea on the current internet routing table size. I see about 115K prefixes from one of my providers. ~270k is the current table size. You guys need to control your deaggreates, I'm announcing 264114 to customers currently. :) I don't get it. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Performance Of www.cisco.com
Ross Vandegrift wrote: On Wed, Sep 24, 2008 at 05:03:27PM +0800, Mark Tinka wrote: Not sure if it's just me but for the past several months, I've found the performance (response times) when browsing www.cisco.com is not all too great. I've found issues with my browser - I use Mozilla Seamonkey, the continuation of the suite version of Mozilla. Interactive tools like Bug Toolkit and the IOS Feature Navigator do not load in Seamonkey. Browsing them with Firefox is a much better experience. It's a bit perplexing, since they are both Gecko based, but hey, it's not enough of a headache for me to really care. They work fine in SeaMonkey here. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SA-ISA
Is the SA-ISA supported on the VIP2-50 in a 7500-series router? If it isn't, will it work anyway? Thanks. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 switch needs: 2960G vs 3560G
Deny IP Any Any wrote: I'm looking for a 24-port GigE 1RU layer 2 switch, and comparing the 3560G-24TS to a C2960G-24TC-L. They seem to have similar backplane, and similar pps forwarding. I just need L2. They seem pretty similar on paper, except the 3560 is a almost double the price of the 2960. Any reason to get the 3560? I don't think so. The main selling point on the 3xxx series versus the 2xxx series is Layer 3 switching. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WIC-1ADSL vs PA-1C-P
Adam Greene wrote: Yeah, weird, isn't it? But it's definitely terminating an ADSL PVC and passing traffic! If it turns out that this is indeed a PA-1C-P card and not just mis-listed in the inventory, that would be great, because it means I can use a 7200 as a DSL CPE without using an external modem. Peace... Sridhar Adam Greene wrote: Wondering if anyone can help me dispel this mystery ... I've got two ADSL cards, both p/n 73-4771-08. One is inserted into a WIC slot on a 2811 running 12.3(8)T6. The show diag mentions no FRU #, but I know it is a WIC-1ADSL. The other is inserted into a NM-2W module on a 3640 running 12.3(26). The show diag shows FRU # PA-1C-P. Isn't the PA-1C-P an IBM Mainframe Parallel Channel? I don't think it's an ADSL card. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WIC-1ADSL vs PA-1C-P
Adam Greene wrote: Wondering if anyone can help me dispel this mystery ... I've got two ADSL cards, both p/n 73-4771-08. One is inserted into a WIC slot on a 2811 running 12.3(8)T6. The show diag mentions no FRU #, but I know it is a WIC-1ADSL. The other is inserted into a NM-2W module on a 3640 running 12.3(26). The show diag shows FRU # PA-1C-P. Isn't the PA-1C-P an IBM Mainframe Parallel Channel? I don't think it's an ADSL card. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Giving customers access to your gear.
Richey wrote: I've got a customer with a T1. They have been bought out by a large hotel chain. They are pretty much demanding that they have SNMP full read access to our router that is at their location as well as a copy of the config for the router. This is not their router, it is ours and we fully manage our router and hand them Ethernet. This seems a little odd that they want access to our gear, and I am not too keen on giving them access unless they are willing to accept some responsibility. They don't want to accept any responsibility for the access they would have to this box. They say that Verizion and ATT don't have any problems giving them this kind of access to their gear. Any thoughts from the group? My inclination would be something similar to, Hell no! Do you have a written contract that covers any of these issues? If so, and they indeed still want that kind of access, they will have to accept your terms. Otherwise you're leaving yourself open to situations where they repeatedly screw with the router and you have to repeatedly fix the issues they generate without charge. Just the diagnosis time, alone, could be significant. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SSH Authoized Keys?
Mark Tinka wrote: On Friday 09 May 2008, Chris Riling wrote: I've done some research on SSH in IOS and I've only been able to find the usual information on how to implement SSH; (generate keys, change transport, etc.) but I'm more interested in seeing if I can use key files for authentication without a password. I've read that you can do it on the IDS boxes, but I haven't found anything on routers/switches... Any ideas? AFAIK, IOS routers will not store SSH keys for private/public-based authentication. No, but they should. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Any to terminate a DSL loop on a 72xx or 75xx?
David Coulson wrote: You have to use an fast ethernet port with a external dsl modem... Run pppoe client on cisco with modem in bridge mode passing ppp to router. Which DSL modems support fast ethernet (and full-duplex)? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] trunks, vlans and a metroLAN
Peter Rathlev wrote: On Thu, 2008-05-01 at 17:06 +0200, Benny Amorsen wrote: Eric Van Tol [EMAIL PROTECTED] writes: Are /31 subnets valid for an ethernet network nowadays? See RFC 3021. So the answer is: No, not unless Ethernet is point-to-point, which it isn't. It can be, can't it? How would you describe an ethernet with two nodes on it, using an RFC 3021 addressing scheme? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS pirating requests
Ziv Leyes wrote: What's an IOS anyway??? In Outer Space. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Catalyst 3750 failure - marsupial interference
[EMAIL PROTECTED] wrote: Hi, On Wed, April 2, 2008 10:47 am, Dale Shaw wrote: From the same people responsible for the VMS wombats? Did Cisco hire a bunch of ex-DEC folks? ... It was founded by ex-DEC folks http://en.wikipedia.org/wiki/Len_Bosack well, the other DEC folk went to join AMD after their exertions on Alpha CPUs IIRC. but anyway, this is going way off-topic...i want to know other marsupial problems! ;-) Do the DEC engineers who went to Cisco have pouches? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT : IPv6 - Will it hit like an avalanch?
Whisper wrote: Got to love Microsoft, XP has a Windows IPv6 stack that doesn't do native IPv6 DNS lookups. Bleh!! Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT : IPv6 - Will it hit like an avalanch?
Mohacsi Janos wrote: Whisper wrote: Got to love Microsoft, XP has a Windows IPv6 stack that doesn't do native IPv6 DNS lookups. May be worth asking Microsoft to fix this in Windows XP SP3? Isn't SP3 too close to release for that? It's not like they couldn't release any old Tuesday patch for that. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router security defaults (WAS RE: Proxy ARP -- To disable, or not to disable..)
Fred Reimer wrote: Exactly, autosecure is just a macro. It is always advisable to check the actual router configuration after it is completed. The engineer should make sure they understand how all of the commands implemented, and if they don't research them and make sure they know of any caveats. Is there anything similar that will allow me to take a router configuration file and interactively process it on an external system to increase security on my router? I don't think autosecure exists on my platform. (7500 RSP4+) Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PF to IOS FW Translation
Does anyone know of any resources available on the 'net for learning how to translate pf firewall rulesets into IOS Firewall rulesets? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] External Firewall
I'm interested in adding a firewall to a network I admin at work. The gateway router on the network is a 7200 NPE-G1. What I want to know is whether I have to route all of my packets through my external firewall, or is there a way to have the firewall set state in the router to enable it to route packets in a session without the further involvement of the firewall? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] External Firewall
Masood Ahmad Shah wrote: Normally people would put like show below.. WAN-Router-Firewall--LAN-Switch That's what I was hoping to avoid. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] External Firewall
Fred Reimer wrote: Why, exactly? Performance of the firewall? Yes. I have two identical networks setup for one company in two different locations. One has a Cisco router (said 7200) talking upstream to a big WAN pipe and downstream to two gigabit ethernet networks. The second location has the same WAN and LAN configuration, WAN line distance and quality measurement numbers, etc. The only difference it is a BSD PC. The Cisco performs noticeably and measurably better in latency and throughput. Neither is running firewall code. Now, the BSD PC has gobs more processor horsepower, memory- and bus-bandwidth. Why should the Cisco outperform it? To find out, I wanted to set up a selection of scenarios in the lab. (1) I wanted to try setting up the firewall between the internal gigabit network and the 7200. (2) I then wanted to setup the firewall between the WAN interface and the router to see how that performs. (3) I wanted to setup what I described in my original message, with the firewall performing only stateful inspection functions, and allowing the router to perform packet switching functions without interference from the firewall once the session is operating. As far as I can see, the advantage of (1) is that traffic heading to the external gigabit LAN wouldn't come across the firewall PC. However, the disadvantage would be that traffic between the two LANs would have to pass through it. That might be unacceptable. The advantage of (2) might be that traffic between the internal and external LANs wouldn't come near the firewall PC. Also, the WAN pipe may not require the throughput advantage of the Cisco. (It may indeed, but it might not be as sensitive.) However, this does add a couple dozen ms to the latency of the upstream connection. As far as I can tell, (3) would be the best of both worlds, but I, for the life of me, can't figure out if there's a way to set a network up like that. Any ideas? Peace... Sridhar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sridhar Ayengar Sent: Monday, March 24, 2008 1:31 PM To: Masood Ahmad Shah Cc: 'Cisco NSPs' Subject: Re: [c-nsp] External Firewall Masood Ahmad Shah wrote: Normally people would put like show below.. WAN-Router-Firewall--LAN-Switch That's what I was hoping to avoid. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Connecting PA-MC-T3 to PA-T3+
David Coulson wrote: Short of using the PA-MC-T3 to finance the purchase of a PA-T3+, nope. Couldn't you do it with some kind of T3 channel bank? Peace... Sridhar Brandon Price wrote: Is there any way to have a PA-MC-T3 in a 7206 use the full DS3 (non channelized) for an HDLC connection to Another 7206 with a PA-T3+ in a lab environment? Thanks Brandon Price Sterling Communications Inc. /31 --- The Subnet Formally Known as Unusable ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10k?
Jason Berenson wrote: Can you elaborate on that a bit? I believe he might be referring to the power consumption. Peace... Sridhar e ninja wrote: c10k is a beast. You're better of with the VXRs. /eninja On Wed, Mar 12, 2008 at 8:40 PM, Jason Berenson [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Greetings, We currently have 3 7206VXRs with NPE-300's in them. Adding PA-MC-T3 cards for DS1 edge connectivity at $3800/port is starting to get really unbearable. So I started to look at the Cisco 10k and noticed that an 8 port channelized DS3 card turns out to be around $1800/port. I've done a lot of research on the 10k and am interested in migrating away from the 7206's. I'd like to use the 10k as our core edge router, it would need to run QoS, VRFs, OSPF, BGP, vlans (would expect that), connectivity for TLS customers and eventually DS1 channelized OCx ports to connect to our Turin DAX so we can move away from copper and towards the light so to speak. :) If anyone could give me input on their experience with the 10k as a 7206 replacement as well as any input on models of the PREs that I should be looking at and models on different cards like channelized DS3 and OCx cards I would greatly appreciate it. I'd most likely go with 48V power since we already have a distribution system in place. The more information the better, I'd like to start looking at ebay for parts and get a pitch setup for the higher-ups. Any input/experience on the feasibility of selling off the VXRs and expensive DS3 cards would be good too. I'd also like to hear what people would expect me to be paying for each of the components needed to put together a fully functional 10k. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10k?
Jason Berenson wrote: Justin, I'm not worried too much about the size, I have room and on top of that it will replace 3+ 7206's. I do however have the option of just upgrading the 7206's to NPE-G1's, adding more chassis as needed and calling it a day. I'm trying to make a decision now before things get too out of hand whether or not I want to move to a single router platform or just keep adding routers as needed. It would eventually have multiple Gige ports which would handle TLS circuits as well as DS1 termination and ATM termination for DSLs. Another thing to remember is we may eventually get a blade for our Turin DAX which will allow us to terminate the DS1's on the Turin and transport them to the router via ethernet and VLANs/DS1. This long-term option would let us get rid of the DS3 cards and go mostly ethernet except for the limited ATM needed for DSLs. The big advantages I can see is moving to a single chassis (one router to manage), it's a much more powerful router then the 7206's and on a per channelized DS3 port basis, it's half the price per port. With all that in mind, would you suggest going for a 10k and selling the 7206's or just upgrading/adding more 7206's as needed? Well, you did mention that the per-port cost was lower (significantly?) with the 1 than with the 7200VXR. And that's definitely something. And the 1 is ASIC-accelerated, right? That should give you a nice performance kick, right? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10k?
Paul Stewart wrote: Hey Jason... I'm curious as to what you decide in the final aspect and why... we have several NPE-1G and NPE-2G boxes right now and I need to order a couple of more to meet capacity needs (DSL termination via PPPOE)... we were also looking at the 10k series and also took a step back to investigate ERX from Juniper... I really like the Juniper boxes having talked to several people who use them (and who are also Cisco literate)... long story short we're probably sticking with Cisco just because of it being Cisco (and staff are used to Cisco boxes and also the way that Cisco thinks)... In my opinion, our reasons for staying Cisco are not necessarily the right ones but I believe the management group will head that way regardless...;) So then we're back to the same issue you are - keep stacking 7206's or buy a big box such as the 10k our datacenter is starting to run shy on space and power is always a challenge to keep up with ... so the 10k has pros there for sure... Anyways, just wanted to chime in letting you know you're definitely not the only person facing these issues ; ) I would definitely upgrade to NPE-1G or 2G if it's in budget though as that will be a significant upgrade from a performance spec But doesn't the 7200 (and 7500 and others) still have the issue of bus bandwidth not being big enough for aggregating multiple gigabit links? I'm not familiar enough with the 1 to know how wide its bus is, but I know that the 6500/7600 has more than enough bus. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10k?
Adrian Chadd wrote: Anyways, just wanted to chime in letting you know you're definitely not the only person facing these issues ; ) I would definitely upgrade to NPE-1G or 2G if it's in budget though as that will be a significant upgrade from a performance spec But doesn't the 7200 (and 7500 and others) still have the issue of bus bandwidth not being big enough for aggregating multiple gigabit links? To the PA slots, perhaps. I thought a big bonus of the NPE-Gx and such is the onboard gige ports aren't limited by the PA backplane architecture. But then you're *very* limited as to port count. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2960G power supply
[EMAIL PROTECTED] wrote: R M A -- Regards, Jason Plank CCIE #16560 e: [EMAIL PROTECTED] -- Original message -- From: Jonas [EMAIL PROTECTED] Hello, Anyone who know where to buy a power supply for a 2960G? I got one which just caught fire!! Really. You have no idea what else the power supply might have taken with it when it went. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ADSL
I *really* wish Cisco had made an ADSL PA. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ADSL
David Freedman wrote: And Whats wrong with PA-FE-TX + ISR? It requires MSS clamping in the configuration to work right because people tend to ignore proper guidelines and block all ICMP. Peace... Sridhar Sridhar Ayengar wrote: I *really* wish Cisco had made an ADSL PA. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] What is this part number?
Is there a web page for Cisco that will allow me to look up a part number to find out what model it is? Right now, I need to find out what a 73-2570-01 is. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PA-2FE-TX-ISL = PA-2FEISL-TX ??
The subject says it all. Are these two cards the same thing? Before anyone tells me to read the archive, I have, and I'm still confused. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cheapening the value of a CCIE
Ted Mittelstaedt wrote: Does Cisco do anything to stop these kind of antics: http://losangeles.craigslist.org/lac/cpg/536118581.html I think Cisco probably figures anyone smart enough to get a CCIE would not be dumb enough to respond to this ad. I particularly loved the line: I am prepared to offer you some, although not a lot of compensation in the form of computer training (if someone on your staff needs training) or perhaps eReferenceware In short, you give me something worth a pile of money to my company and I'll give you nothing in return Keep in mind if they actually offered money to a CCIE that would essentially mean the CCIE was on the payroll - in which case the setup becomes exactly the same as every other Cisco Partners that employs CCIE's. How does it work when a company hires a CCIE as an outside consultant? (In the US, being on a 1099 instead of a W-2 is basically what I mean.) Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DSL router recommendation
Jason Gurtz wrote: Here in the N.E. of the US we get primarily ADSL from or resold from ATT. Bog standard. Over the years, SNET/SBC/ATT has supplied consumer grade speedstream or netopia equipment and neither has been stellar from a quality standpoint. I thought that Verizon was by far the largest DSL provider in the northeast. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ATM + 7505
Ian MacKinnon wrote: I came across ATM25 in a previous life, and the best advice is to start running now :-) Now having googled I have to say which ATM25? I was using 8510's before with the C85MS-ATM25-4P I can see that there is now a dsl ATM25 card for the 3600 NM-1ATM-25 Which one are you talking about? I was digging through a pile of hardware and I found a box that talks to ADSL on one side and ATM25 on the other. I'm trying to get out from under the sub-1500 MTU with PPPoE. Peace... Sridhar Sridhar Ayengar wrote: Is there any way to hook an ATM25 device to a 7505? Or a 7206VXR? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ATM + 7505
Gert Doering wrote: I was digging through a pile of hardware and I found a box that talks to ADSL on one side and ATM25 on the other. Get a used Cisco 1401 from somewhere - ethernet in, ATM25 out. Usually they (don't) sell on eBay for 1 US$. Wouldn't that require an additional layer of NAT somewhere? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ATM + 7505
Gert Doering wrote: I was digging through a pile of hardware and I found a box that talks to ADSL on one side and ATM25 on the other. Get a used Cisco 1401 from somewhere - ethernet in, ATM25 out. Usually they (don't) sell on eBay for 1 US$. Wouldn't that require an additional layer of NAT somewhere? Well, if you insist on doing NAT, the 1401 is capable of doing so... I'd like to avoid it, if possible. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ATM + 7505
Gert Doering wrote: Well, if you insist on doing NAT, the 1401 is capable of doing so... I'd like to avoid it, if possible. In that case, just don't use NAT... :-) So then how do I get the static IP assigned to my 7505 to my 7505 when the 1401 is in the way? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ATM + 7505
Gert Doering wrote: Well, if you insist on doing NAT, the 1401 is capable of doing so... I'd like to avoid it, if possible. In that case, just don't use NAT... :-) So then how do I get the static IP assigned to my 7505 to my 7505 when the 1401 is in the way? Assign a transfer network? I need clarification. I don't have any control of the network upstream, and my entire subnet is in use. Also, the upstream connection uses PPPoE. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Network going really slowly
I have a 7505 with an RSP2 running IOS 12.4. One of the boards is a VIP2-50, and on that board is a PA-FE-TX and a PA-4E. The PA-FE-TX is attached to my routed public network, and one of the ports on the PA-4E is attached to my NATed private one. The outbound connection is a PPPoE DSL line at 3Mbps, which is on another port of the PA-4E. All interfaces have full-duplex turned on. When I download something on the internet using a machine on the public network, it downloads more than 10 (probably more than 100) times faster than a download of the same file from the same server performed from any of the machines on the private network. Moreover, an SFTP file transfer moving a file from a machine on the public network to a machine on the private network only transfers at about 150KB/s. A Windows file sharing transfer doesn't go much faster, so it's not the encryption doing it. My configuration follows: ! ! Last configuration change at by X ! NVRAM config last updated at by X ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service single-slot-reload-enable ! hostname blackcube ! boot-start-marker boot system slot1:rsp-jk9o3sv-mz.124-1a.bin boot bootldr slot0:rsp-boot-mz.124-1a.bin boot-end-marker ! ! redundancy enable secret ! aaa new-model ! ! ! aaa session-id common ! resource policy ! ip subnet-zero ! ! ip cef distributed ip domain name ikickass.org ip name-server 168.100.193.130 ip name-server 168.100.250.212 no ip dhcp use vrf connected ! ! ip multicast-routing distributed no ip ips deny-action ips-interface ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username XX password X X ! ! ! ! ! interface FastEthernet2/0/0 ip address 168.100.193.129 255.255.255.224 full-duplex ! interface Ethernet2/1/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip mroute-cache distributed full-duplex pppoe enable pppoe-client dial-pool-number 1 no cdp enable ! interface Ethernet2/1/1 ip address 172.22.22.1 255.255.255.0 ip nat inside ip virtual-reassembly full-duplex ! interface Ethernet2/1/2 no ip address no ip route-cache cef no ip route-cache distributed no ip route-cache shutdown full-duplex ! interface Ethernet2/1/3 no ip address no ip route-cache cef no ip route-cache distributed no ip route-cache shutdown ! interface Virtual-Template1 no ip address ! interface Dialer1 mtu 1492 ip address negotiated no ip unreachables ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 no ip mroute-cache dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp chap hostname X ppp chap password X XXX ppp pap sent-username X password X XX ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! no ip http server no ip http secure-server ! ip nat inside source list 1 interface Dialer1 overload ! access-list 1 permit 172.22.22.0 0.0.0.255 ! ! ! ! control-plane ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password X transport input ssh line vty 5 99 password X transport input ssh line vty 100 999 transport input ssh ! ntp clock-period 17180016 ntp server 168.100.193.130 prefer ! end Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network going really slowly
Jeff Kell wrote: I have a 7505 with an RSP2 running IOS 12.4. One of the boards is a VIP2-50, and on that board is a PA-FE-TX and a PA-4E. The PA-FE-TX is attached to my routed public network, and one of the ports on the PA-4E is attached to my NATed private one. So you've got one side at 10Mbps... Yes, indeed. Moreover, an SFTP file transfer moving a file from a machine on the public network to a machine on the private network only transfers at about 150KB/s. 150KBytes/sec = 1.2Mbps... Sure. I also noticed: interface Ethernet2/1/1 ip address 172.22.22.1 255.255.255.0 ip nat inside ip virtual-reassembly full-duplex You've set the 10Mbps interface to full-duplex. What is on the other end? 10Mbps devices are typically half-duplex. If you have a duplex mismatch that would certainly slow down the transfers. Check error rates on both sides of that link. The other side of that interface is an IBM Thinkpad T60p running Windows XP. I tried turning off full-duplex. Doesn't make much of a difference. Of course, the collision counts on the interface go up, but other than that... From the machine on the private side, a download from ftp.netbsd.org goes at 4.9kB/s. The same file from the same server on the public side goes at 175.3kB/s. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] List Port Adapters
Hyunseog Ryu wrote: Or if you have recent IOS running, you can try show inventory. I didn't know about that one. That's a handy command. Thanks a lot. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SA-ISA on VIP2-50
Does the SA-ISA work properly with the VIP2-50? There are mentions of VIPs in the index for the IC docs for the SA-ISA, but nowhere in the doc is anything but the 7100/7200 mentioned. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] gigabit ports/modules for 7507 and 7513 routers
Pete Templin wrote: What kind of Gigagit modules should I use for Cisco 7507 and 7513 routers? I appreciate if somebody give me some recommendations in this regard. Ok, I got it, will check GEIP+. We have 7507 in a border which is connected to peer with ATM modules right now and we are thinking to upgrade this link to gigabit link. So I guess I don't have any choice other than using GEIP+. Keep in mind that you're likely limited to ~330Mbps per IP slot, so you'll get nowhere near line rate GE. I believe Rodney has said more than once that 7500 GE solutions were engineered for SPs who were standardizing on GE links within their POPs, not to provide a full gigabit pipe for the platform. Has anyone ever gotten a PA-GE working with a VIP6? Would two PA-GEs be able to talk to each other at something approaching line rate across a VIP6? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] gigabit ports/modules for 7507 and 7513 routers
Kevin Graham wrote: My understanding is that the PA-CyBus interface is a variation of PCI that's limited to 330Mbps. So then doesn't that limitation also apply to the 7200VXR series routers? Yes, which is why the NPE-G1 and NPE-G2 have onboard gigabit interfaces that don't touch the shared backplane, along with the addition of VSA for NPE-G2. Theoretically the bus bandwidth to a PA in C7200-JC-PA could be increased as well, though I don't believe this is done presently. Ah. That makes it much clearer. Thanks. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] dCEF Problem
David Coulson wrote: I'm not sure how much memory is required to load 12.4 onto a VIP - I only run 12.2S on the 7507s/7513s I manage. That said, you can probably pick up 128Mb of DRAM and 8Mb of SRAM for less than $50 to get the card up to snuff. Plus, if you're really wanting to run 12.4, you should probably get something that isn't that old. I probably at least meet the minimum, since the VIP works fine when dCEF is disabled. How many routes do you have loaded on that router? A VIP2-50 I'm running (1x PA-FE-TX + 1x PA-2T3) has 65Mb free running 12.2S(25)12 with approx 100k routes on the RSP - It seems pretty happy. I'd look at how much memory is available without dCEF and go from there. I've not touched a VIP with 32Mb of RAM for a long time (except for when someone configured one incorrectly and put 32/8 on it and it didn't even load IOS onto it before it crashed). I only have 6-7 routes. This router is *very* lightly loaded. I was thinking of upgrading to a VIP4-80 anyway, so I'll either upgrade the memory on this VIP2, or swap it for a VIP4. FYI, there is the handy 'if-con X' command, which will give you access to the VIP on slot X. From there you can do show proc, show mem, and whatnot. sh ip cef summary is handy: Thanks. That's a neat trick to know. IPv4 CEF is enabled for distributed and running VRF Default-IP-Routing-Table: 95779 prefixes (95779/0 fwd/non-fwd) Default network 0.0.0.0/0 Table id 0, 0 resets Database epoch: 7 (95779 entries at this epoch) I'll check as soon as I'm able. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] dCEF Problem
Jon Lewis wrote: My VIP2-50 has 32MB of DRAM and 4MB SRAM. Does this need to be upgraded? The RSP2 has 128MB DRAM and is running IOS 12.4(1a). if-con into that vip with dCEF off, and do a show mem. I bet with 12.4 IOS, 32mb is barely enough to boot up. I checked, and you're right. There's about 512kB left after boot. If you bought these things recently, you need to take them back to whoever sold them to you, hit them over the head with the cards, and ask for your lunch money back. If these have been sitting around and just put in service, you really need some upgrades. RSP4 and vip2-50s with 128MB RAM should be dirt cheap. I'm having trouble finding an RSP4 cheap. Also, I used to see 128/8 upgrades for VIP2-50s on ebay all the time, but I don't see any on there now. Maybe supplies are starting to dry up. Oh, and don't the cisco guys on-list keep telling us the 7500 is the wrong platform for PPP over anything but T1 and similar circuits? I'm running one PPPoE. I'm not terminating a bunch of customer ADSL. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Reverse telnet from Cisco 7500 aux port to 2948 console port
insan praja wrote: Dear all, I'm trying to do reverse telnet from 7507 aux port to 2948 console port. Since I don't have rj-45 to db25 adapter, I'm trying to build my own cable. Right now, I'm frustated since I failed to build it. Can't someone help me? please.. In Indonesia, it's not easy to order or find aux port adapter.. I've already download Cisco documentation on Console and Aux port, but, there is nothing on how to build it.. Thanks, http://www.technick.net/public/code/cp_dpage.php?aiocp_dp=pinadaser_cisco_rj45_db25 Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 7507 RSP4+ with VIP-2 and 2PA-FE-TX
Howard Leadmon wrote: For home use, just find some GEIP units, not the GEIP+ units, as there is a HUGE different in the resale value as I am sure you know. If I remember my reading correctly, the older GEIP is still good for 3-400mbps, if your running more than that wow. From what I've been seeing, it doesn't make that much of a difference. The GEIP+ goes for about $100 more. I'm seeing GEIP cards for $850 and the GEIP+ cards for $950. Either would be outside of my price range. Humm, and I haven't followed them for a while, so sure it's all dropped, but when I was last watching eBay for the suckers, the GEIP sold for about 750-1000, and the GEIP+ sold for about 3000-4000. If they GEIP+ is now down to under a 1000, I agree it's a no-brainer. The VIP4-80 is a far nicer VIP than the VIP2-50, which is what the GEIP+/GEIP's are based on. Yeah, I'm definitely thinking of upgrading to the VIP4. I'm definitely not pushing 400Mbps continuously. As you would imagine for a home network, my traffic is *very* peaky, but if I could get my peaky transfers as fast as possible, I'd be happy. Really at home, your internal traffic around the house shouldn't be routed unless your really doing something unusual or for play. For that type of stuff a nice Catalyst switch, maybe even one with L3 if you need routing would handle that peaky traffic much better. Well, what I'm doing could probably be considered unusual. I have one network for which the firewall is mostly open which contains outward-facing servers. I have a second network for which the firewall is mostly closed, and which uses NAT, and contains my internal workstations and Sun Rays among other things. The third network is another private network, but is separate because it carries mostly DECnet traffic for my VAX/Alpha cluster. Performance improved a lot when I started segregating this traffic away from the other stuff. The fourth network is my outbound link. The fifth is a permanent VPN link to my father's private network at my parents' house. Outside of BGP table issues, I wouldn't even touch it, it's been a great router. I have it running 12.2S, in SSO mode with dual RSP4's, a couple of the GEIP+'s, and all the other cards are all on VIP4-80's as well. That's a pretty nice setup. I am probably going to try to upgrade to RSP4 + VIP4 soon. I know some seem to have terrible issues with the 75xx units, but knock on wood, this thing has been a rock. Shy of someone DDOSing the hell out of it, I never have any problems. I almost hate to loose the redundant RSP's upgrading to a 7206VXR, but I just couldn't justify putting a 76xx router with a SUP720-3BXL in to run the co-lo stuff. Granted I can't say I recall any of my 7206's at the old company ever failing, so hopefully the new NPE-G2 will be a champ as well. Here is the old stuff that is still online and running, just real close to being out of RAM for BGP.. http://gallery.leadmon.org/d/5637-2/DSC03352.jpg This is at work, I assume? I'd love to be able to multi-home at the house, but getting an IP block would probably be waay too expensive. At least until IPv6 hits, I guess. I'm still using 7500s at work right now, but we're going to upgrading to 7600s soon. I'm not really a network guy, having come up through the programming areas, but being a technical lead now, I find I have to learn a little bit of everything. Lurking on this list has taught me a lot. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA Remote site VPN
Daniel Hooper wrote: Always a good idea to remove passwords (even encrypted ones) and production IP address's from configuration's posted to public mailing list. I usually change the password to something stupid, post the configuration, and then change it back. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 7507 RSP4+ with VIP-2 and 2PA-FE-TX
Winders, Timothy A wrote: The problem is... no one wants to pay the cost of the shipping for a 7507 chassis and power supplies. I wouldn't mind, but only if there were good cards in the chassis. I frankly don't need that many slots at home, though. Sorry, no GEIP+ here, just the RSP4 32/256, 3 VIP2 8/128's, a PA-FE-TX and a PA-FE-FX. Right now I'm running with an RSP2 (probably will upgrade to a bigger RSP soon) with two VIP2-50s, one of which contains a PA-4E and a PA-FE-TX, and other contains two PA-Fs. I also have a C5500 with a Gig E card, a FDDI card and a load of Fast E ports to hook my non-expandable machines onto my FDDI ring. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 7507 RSP4+ with VIP-2 and 2PA-FE-TX
Winders, Timothy A wrote: So what is everyone doing with these forklifted 7507's? I just replaced my 7507 and it's sitting powered off in the corner. I wish more of them got on ebay for us hobbyists/home users to pick over. I'd love to get a GEIP+ for a reasonable amount of money. $1000+ is just too much. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 7507 RSP4+ with VIP-2 and 2PA-FE-TX
Howard Leadmon wrote: For home use, just find some GEIP units, not the GEIP+ units, as there is a HUGE different in the resale value as I am sure you know. If I remember my reading correctly, the older GEIP is still good for 3-400mbps, if your running more than that wow. From what I've been seeing, it doesn't make that much of a difference. The GEIP+ goes for about $100 more. I'm seeing GEIP cards for $850 and the GEIP+ cards for $950. Either would be outside of my price range. I'm definitely not pushing 400Mbps continuously. As you would imagine for a home network, my traffic is *very* peaky, but if I could get my peaky transfers as fast as possible, I'd be happy. Outside of BGP table issues, I wouldn't even touch it, it's been a great router. I have it running 12.2S, in SSO mode with dual RSP4's, a couple of the GEIP+'s, and all the other cards are all on VIP4-80's as well. That's a pretty nice setup. I am probably going to try to upgrade to RSP4 + VIP4 soon. The only thing I would really see wrong with it at home is the power it draws, I am sure that has to hurt on the electric bill! Well, I am running a 7505 and not a 7507, which helps a bit with the power bill. It's still a pretty big load. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 7507 RSP4+ with VIP-2 and 2PA-FE-TX
Jon Lewis wrote: Well, I am running a 7505 and not a 7507, which helps a bit with the power bill. It's still a pretty big load. What about the noise and heat? Do you run it in the garage? I run a datacenter in the house. http://www.ikickass.org/machineroom/ Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NTP Config
Justin Shore wrote: 1) Always use authentication between your local peers. Ideally you would also take advantage of NIST's offer of authenticated NTP (or make arrangements with another provider with whom you peer). This isn't a big deal if all of the devices are behind a firewall. You can just drop the NTP packets trying to cross the firewall. 3) Pick at least a couple stratum 1 or 2 servers external to your network, even if you have a local GPS or WWVB radio. 5) Ask before you use an external NTP server that doesn't give implicit permission for everyone to query it (ie, isn't listed on NIST's NTP server page). I tend to use tick and tock (.usno.navy.mil) for my stratum-2 servers. There are others which allow public access, but why not just go to the horse's mouth? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Another Router Question
Jeff Crowe wrote: Hi all, I am trying to configure a router that will be able to handle the following: Multichannel T3 (probably PA-MC-T3), Couple of routed FE ports Gig Uplink to switching fabric Sorry to change the subject, but I had a similar question. I need to source a router to talk to Two FDDI rings One Gigabit Ethernet network One PPPoE over Ethernet connection for ADSL Am I right in understanding that the only routers that support internal ADSL don't support FDDI? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NAT Question
I have a NAT question which could probably be considered simple, but my Google-fu fails me. I would appreciate either an answer, or a pointer to where I can RTFM. I have four networks that I'm routing between. The first is a publicly-accessible block for servers with a routeable IP block. The second and third are networks with private IP blocks. The fourth is, of course, the outbound connection to the upstream provider. Now, as I understand it, the two private networks will be considered inside for the purposes of NAT, and the connection to the outside world will be considered outside. What I can't figure out is how to configure the network for the servers. I need the workstations on the private networks to be able to access the servers without being NATed, and vice-versa. Of course, the machines on the two private networks need to be able to talk to each other as well. Many thanks for the help. Peace... Sridhar (P.S. I will be adding a VPN in addition to the above, but that's for another day, I suppose.) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] advice for L2 switches
Kevin Blackham wrote: Did I mention this is spread out over 20,000 square feet? I'll have to do some math on huge wads of non-reusable cable. I had avoided the big-and-dense option due to that hassle. Is it *absolutely* required to have 100Mbps ports everywhere? It would simplify things a lot if you could have patches of Fast Ethernet with predominantly 10Mbps ethernet. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] advice for L2 switches
Kevin Blackham wrote: We're promoting a one day event that requires around 500 FE access ports. I need to filter at layer 4 (block DHCP serving) and perform some QoS duties to ensure a good experience. 40x 2950T-24 will do the job, but even on the grey market I'm looking at a $20k project (including larger agg switch). On the lower end, I might be able to use 2924XL with protected port/port blocking (effectively isolated private-vlan), as long as I can perform a U-turn after filtering (sorta breaks split-horizon doesn't it, perhaps local proxy-arp at L3) and instead have more intelligence at the aggregator. I would lose out on DHCP snooping and full control over QoS by this plan though. I'm willing to give up QoS at the access port, and apply to the agg switch, but I really need option-82 so I know exactly who has what IP when the time comes to kick someone in the head. Recommendations? The only hard requirements are low cost (grey market ok), SNMP stats, option-82, and 24-25 100M ports. Preferred are L4 QoS marking, two egress queues per port, L4 filtering. No L3 forwarding is needed. A pair of Cisco 5513s should get you to the number of ports and do it on the cheap on the used market. They do have Layer 4 filtering features, but what I don't know is whether you need the Route Switch Module + IOS to use them. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] advice for L2 switches
Kevin Blackham wrote: Did I mention this is spread out over 20,000 square feet? I'll have to do some math on huge wads of non-reusable cable. I had avoided the big-and-dense option due to that hassle. Would it be possible to locate the switches in two central locations? That way, all you would need would be one or two (preferably gigabit) fiber trunks connecting the two switches together, and you would run a metric buttload of Cat 5e out in a star configuration from each of the switches. You might end up with one or two places where you need ports that are too far from the nearest switch, but for those exceptions, there would be nothing to stop you from running fiber out to those points. There has to be a way to make it work. It would get you down about an order of magnitude in cost. We're only talking about one day. Peace... Sridhar On 6/22/07, *Sridhar Ayengar* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Kevin Blackham wrote: We're promoting a one day event that requires around 500 FE access ports. I need to filter at layer 4 (block DHCP serving) and perform some QoS duties to ensure a good experience. 40x 2950T-24 will do the job, but even on the grey market I'm looking at a $20k project (including larger agg switch). On the lower end, I might be able to use 2924XL with protected port/port blocking (effectively isolated private-vlan), as long as I can perform a U-turn after filtering (sorta breaks split-horizon doesn't it, perhaps local proxy-arp at L3) and instead have more intelligence at the aggregator. I would lose out on DHCP snooping and full control over QoS by this plan though. I'm willing to give up QoS at the access port, and apply to the agg switch, but I really need option-82 so I know exactly who has what IP when the time comes to kick someone in the head. Recommendations? The only hard requirements are low cost (grey market ok), SNMP stats, option-82, and 24-25 100M ports. Preferred are L4 QoS marking, two egress queues per port, L4 filtering. No L3 forwarding is needed. A pair of Cisco 5513s should get you to the number of ports and do it on the cheap on the used market. They do have Layer 4 filtering features, but what I don't know is whether you need the Route Switch Module + IOS to use them. Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
