Re: [c-nsp] How to recover route-object maintainer account?
+1 And change your contact info over to role accounts so you can just re-aim the role alias over to the new person talking over and have them do the password recovery if needed. I use separate role accounts for each vendor… i.e.: d...@foobar.org, al...@foobar.org, a...@foobar.org, etc. Tim On Dec 16, 2012, at 8:28 AM, Nick Hilliard n...@foobar.org wrote: On 16/12/2012 16:19, Andrew Gabriel wrote: Would anybody be able to advise on what we can do to recover the accounts or get fresh access, and what would be the process involved? contact the IRR operators (RADB / ARIN / RIPE / whoever). They all have similar procedures for account recovery stuff like this. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 starange issue-urgent
TCPDUMP and Wireshark is your friend. At the start run TCPDUMP and see if the sessions are being set up. Ie. you should see a SYN out and a SYN ACK back. See: http://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtml Tim On Nov 13, 2012, at 12:56 PM, Chuck Church chuckchu...@gmail.com wrote: Uhh, where to begin Has it ever worked? Did something change if it did work at one time? Is NAT involved? Is ping/traceroute working from the router itself, or from your PC? What are you pinging/tracerouting to? Does your PC have a valid IP address, gateway, DNS, etc? Could it be just a PC problem - hard coded proxy address that isn't reachable, etc, etc... Chuck -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of zaid Sent: Tuesday, November 13, 2012 12:35 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7600 starange issue-urgent HI I can’t browse the internet when connect my pc directly on 7600(ES+20G3CXL )7606 SRD3 The tcp mss 1400 , ping and trcaroute is OK but the page doesn’t open Any idea how to troubleshooting this issue ZH ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TACACS vs RADIUS
This is what we us and it rock solid for 80+ cisco devices we have on our network. Tim On Feb 27, 2012, at 5:25 PM, Nick Hilliard wrote: On 28/02/2012 00:57, Jason 'XenoPhage' Frisvold wrote: I'm tired of the Cisco Kool-Aid.. The only Cisco we've had luck with is the hardware. We've replaced all of the software-based stuff… ACS, LMS, NAC, etc. ISE doesn't interest me much at this point... www.shrubbery.net/tac_plus/ Cisco wrote the original version but hasn't contributed anything for some years. One great feature of this daemon is that it doesn't have a GUI, and that it's fully configuration file based. Obviously if you don't like it, you should use something else. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco AS5400XM call limitations
Oh?... I am about to buy a AS5400XM for an install that we plan on loaded up a full DS3 on it. Can you point me to the data saying it can only handle 550 calls? Thanks... Tim On Nov 29, 2011, at 5:37 PM, Matthew S. Crocker wrote: Hello, I'm looking at picking up a couple Cisco AS5400XMs with CT3 interfaces. Reading the docs it looks like they only support 550 simultaneous Voice Fax calls. Is that true? Any idea why Cisco didn't build a box that can handle the full 672 DS0s in a CT3?They will primarily handle g711 calls, some modem NAS stuff and a bit of t.38 I'm trying to avoid front ending this with a DACS to move the T1s around. 23 T1s per AS5400 seems pretty lame. Thanks -Matt -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 http://www.crocker.com P: 413-746-2760 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GBIC_SECURITY_CRYPT-4-ID_MISMATCH: Identification check failed for GBIC in port [dec]
on 5/23/11 12:15 PM Dennis said the following: [...] First see if this helps: service-unsupported transceiver Handy to have You might also, want these commands as well: no errdisable detect cause gbic-invalid errdisable recovery cause all errdisable recovery interval 30 cause all is a bit to general. For instance, you may not want to have things like bpdu recover. Also, 30 seconds is a bit short for me. 5 minutes would be more like it to be able to find and fix the problem. Tim -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Open Source netflow recommendations
http://nfsen.sourceforge.net/ Tim on 5/17/11 8:21 PM Lee Starnes said the following: Does anyone have any recommendations for an open source netflow solution? If there is nothing out there, what is recommended in the non-open source world? Are there any to absolutely stay away from? Thanks, Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] setup for LAN party
Heh... Hard interfaces work well. If you want to use cisco's rate limiting you can do something like... --- interface FastEthernet 0/0 description Inside of NAT [...] rate-limit output access-group 101 64000 5000 5000 conform-action transmit exceed-action drop rate-limit output access-group 102 192000 5000 1 conform-action transmit exceed-action drop --- This bandwdith may be too severely restricted for your clients, so you may want to bump this up. :-) You can see more details at: http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qccar.html Put the camera on some static IP address and put the DHCP clients in an ACL like... --- access-list 101 permit ip any host 192.168.88.99 access-list 101 permit ip host 192.168.88.99 any access-list 102 permit ip any 192.168.88.128 0.0.0.127 access-list 102 permit ip 192.168.88.128 0.0.0.127 any --- You don't say how yo are doing your dhcp for your clients. On the cisco box you would exclude some space for devices with static IP's like... --- ip dhcp excluded-address 192.168.88.1 192.168.88.128 --- And then create the lease pool... --- ip dhcp pool 0 network 192.168.88.0 255.255.255.0 domain-name domain.com dns-server 4.2.2.2 default-router 192.168.88.1 lease 3 --- Of course change this into your address space. Using a different platform... I have had very good luck with PFSense in doing this. We use the Priority Queuing and for an event that had only 22Mb/s of pipe with 400 heavy users at a conference, I was able to guarantee 3 Mb/s for a video stream that came out of there. Worked great. Tim on 4/21/11 8:14 AM Alan Buxey said the following: The quick easy way with no qos etc? Connect 2950 to the router. Connect web server to that, with port at 10mbps, connect 3 ports to a gig switch beneath it as port-channel all at 10 mbits... then feed each of your LAN party switches from that gig switch ...and the fileservers too. End result is better lanparty LAN and nice solid 10mbit for webserver and 30mbits for the lanparty Quick, dirty but 'effective' :) Alan - Reply message - From: harbor235 harbor...@gmail.com Date: Thu, Apr 21, 2011 15:58 Subject: [c-nsp] setup for LAN party To: Martin T m4rtn...@gmail.com Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Did you really daisy chain your switches like that? mike On Thu, Apr 21, 2011 at 10:36 AM, Martin T m4rtn...@gmail.com wrote: I have a following setup: http://img534.imageshack.us/img534/7190/lanparty.png I can manage all the switches + Cisco 2801 router. Cisco 7206VXR is managed by university IT staff- they will allocate an IP address with DHCP server to Cisco 2801 Fa0/1. In total, there are 200 hosts in the LAN divided between 8 switches. Main communication will take place between the hosts via switches and only Internet traffic will move over the WS-C2950T-24[Fa0/1] - [Fa0/0]Cisco2801 link. Internet connection provided by ISP is 40Mbps. The main question is how to allocate guaranteed bandwidth to WWW-server(~3-4Mbps). There is a camera connected to WWW-server, which will broadcast the live stream from the event to justin.tv(or similar site). Is it possible to configure Cisco 2801 in such manner, that 10% of all Internet traffic is guaranteed to WWW-server+camera and rest is for all the hosts in the LAN? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] micro bursts
Cacti has a real time monitoring and graphing that samples every 5 seconds. Tim on 3/5/11 6:07 AM Daniel Hooper said the following: What's the best way to graph or log them with 3550 switches? I once had a windows application that could do 1 second polls on interface counters that was really good, but I can no longer find this piece of software or even remember what it was called. -Dan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bonded T3 Bandwidth issue
How have you bonded the DS3? Typically load balancing on cisco boxes are per session so you will never get over anything beyond the speed of the link (45Mb/s). In order to do something beyond that, you need to load balance per packet. I wrote up this paper in '96 about how to do this with DS1s. The same applies with DS3s http://www.lns.com/papers/netload/ Tim on 2/23/11 7:40 PM Lawrence said the following: I have a bonded T3 that I have never been able to get over 45mbs. I have been on the phone with my ISP and they are able to verify that both circuits work and they feel bonded circuits are working fine and that any problem is on my side Does anybody know what could cause a bonded T3 not to be able to deliver bandwith over 45 mbs? o I am testing this circuit with a udp client/server transfer program with the server on an att circuit that can more than handle 100 mbs. o I have tied to hit the bonded t3 with muliple isps just incase it is an isp to isp thing. The t3's never go over 45 mbs. o I have run mutiple speed test.net benchmarks and that never show any speed faster that 45mbs (They work with my att circuit when leads me to belive that that are semi reliable) Any help is appreciated! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] linux based syslog viewer/GUI
I use Adiscon's LogAnalyzer. Works well. http://loganalyzer.adiscon.com/ There is also the syslog plugin for Cacti. Tim on 2/10/11 9:24 PM Brian Spade said the following: Hi cisco-nsp'ers, Sorry for the non-Cisco question, but can anyone recommend a good open source (free) syslog viewer/GUI? It looks like php-syslog is no longer open source. Thanks /bs -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NTP Server Recommendation?
How critical is it? Do you just need to insure the log timing is in sync with each other? If it isn't that critical you can make a couple of cisco boxes stratum 2 NTP servers and then you can point your clients at them. If you want something damn accurate see: http://www.febo.com/pages/soekris/ Tim on 2/5/11 2:17 PM Michael Vinogradsky said the following: Which types of devices are preferred to be used as NTP servers? Particularly for an environment of 1000 NTP Cisco clients. I understand that it's a matter of preference, but I am just trying to understand what most engineers prefer. Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 http://www.lns.com/house/pozar/pozar_4096_rsa_public.asc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/