Re: [c-nsp] IPv6 ACL question for the 3750
The 3750 does not support Ipv6 output port ACL's but does support output router ACL's. You need the advanced IP Services IOS feature set for output router ACL's. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Seth Mattinen Sent: Tuesday, September 02, 2008 12:08 PM To: cisco-nsp Subject: [c-nsp] IPv6 ACL question for the 3750 I'm playing with IPv6 on a 3750. Looking at the release notes for 12.2(46)SE, I see the following limitation for IPv6 access lists: * The switch does not support output port ACLs. It's currently running 12.2(25)SEE and I tested statements like permit tcp any host x:x:x:x:2d0:b7ff:fee6:574 eq 80 that work fine, but that limitation (which does not appear in the release notes for 12.2(25)SEE) lead me to believe this capability was dropped. Is this true, or am I misreading it? Or am I stuck with jumping all the way to a 6500/Sup720 to get decent (i.e. complete) IPv6 support? ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560 ACL performance?
The SDM template documentation has guidelines. http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swsdm.html -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of rendo Sent: Monday, August 25, 2008 7:00 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 3560 ACL performance? hi, is there any exact/rough number of acl which doesn't impact the cpu? or how can we check/make sure that the cpu will not be impacted if the traffic increasing? Thanks. ./rendo On Mon, Aug 25, 2008 at 7:51 PM, Brian Turnbow [EMAIL PROTECTED] wrote: We use them and have never experienced problems as long as you keep in the tcam space. With too many routes/acls ecc they punt to cpu. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Christian MacNevin Sent: venerdì 15 agosto 2008 6.00 To: cisco-nsp@puck.nether.net Subject: [c-nsp] 3560 ACL performance? Hi So the marketing machine tells me 3650s do ACLs in hardware and zero performance hit blah blah. Anyone had any real world experience with high loads of packets on every interface under a simple ACL? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3400 IP SLA Clarification
Yes it does support UDP jitter based codec's. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Eric Van Tol Sent: Friday, March 28, 2008 7:10 AM To: 'cisco-nsp@puck.nether.net' Subject: [c-nsp] ME3400 IP SLA Clarification Can anyone clarify whether or not the Catalyst ME3400 supports the following config? ! ip sla 1 udp-jitter 10.25.0.2 6088 source-ip 10.25.0.1 codec g711ulaw tos 184 timeout 250 frequency 21 ! In particular, the 'codec g711ulaw' option. The ME3400 docs state: The switch does not support IP SLAs Voice over IP (VoIP) service levels using the gatekeeper registration delay operations measurements. However, I do see some minimal information in the stats when I configure this type of udp-jitter IP SLA: ME3400-24T#sh ip sla statistics Round Trip Time (RTT) for Index 1 Latest RTT: 3 ms Latest operation start time: 10:08:01.468 EDT Fri Mar 28 2008 Latest operation return code: OK RTT Values Number Of RTT: 782 RTT Min/Avg/Max: 1/3/6 ms Latency one-way time milliseconds Number of Latency one-way Samples: 0 Source to Destination Latency one way Min/Avg/Max: 0/0/0 ms Destination to Source Latency one way Min/Avg/Max: 0/0/0 ms Jitter time milliseconds Number of SD Jitter Samples: 0 Number of DS Jitter Samples: 0 Source to Destination Jitter Min/Avg/Max: 0/0/0 ms Destination to Source Jitter Min/Avg/Max: 0/0/0 ms Packet Loss Values Loss Source to Destination: 0 Loss Destination to Source: 0 Out Of Sequence: 0 Tail Drop: 1000 Packet Late Arrival: 0 Voice Score Values Calculated Planning Impairment Factor (ICPIF): 1 Mean Opinion Score (MOS): 4.34 Number of successes: 99 Number of failures: 0 Operation time to live: Forever -evt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3400 IP SLA Clarification
-Original Message- From: Eric Van Tol [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2008 9:11 AM To: Tom Zingale (tomz); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ME3400 IP SLA Clarification -Original Message- From: Tom Zingale (tomz) [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2008 11:57 AM To: Eric Van Tol; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ME3400 IP SLA Clarification Yes it does support UDP jitter based codec's. Thanks, Tom. If that's the case, then I take it that it does not keep other stats, such as what is listed in the output? I cannot see anything else besides the RTT, MOS, and ICPIF scores. Even then, I cannot get the scores to change, no matter what I do. I am trying to simulate a poor quality VoIP link by saturating it with traffic and setting speed/duplex mismatches. In fact, I don't get any of these sorts of stats with even a non-codec enabled udp-jitter config. I'm unable to get any historical stats for other SLA monitors, either. Are there unsupported IP SLA features in 12.2(40)SE? The codec should not affect stats it is just changing measurement parameters. You either have a configuration issue or some sort of bug you should be seeing statistics. You have a responder running on your remote switch. UDP jitter requires responder on the remote end. The docs don't really mention much besides the lack of VoIP gateway SLA and lack of historical stats for jitter operations, due to the amount of data. Ok. Thanks, evt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560/3750 12.2(44)
There is a bug in the release and the command is not available. This will be fixed in the next maintenance release. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Mike Louis Sent: Tuesday, January 22, 2008 11:49 AM To: Higham, Josh; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 3560/3750 12.2(44) Its not being dropped from the configuration, its not available in the global configuration. (config)# -Original Message- From: Higham, Josh [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 22, 2008 1:12 PM To: Mike Louis; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] 3560/3750 12.2(44) [mailto:[EMAIL PROTECTED] On Behalf Of Mike Louis I recently upgraded some switches 3750 from 12.2(35) ipbase to 12.2(44) and now the ip tacacs source-interface command is missing Anyone else seen this?. I upgraded my lab 3560 to same rev of code and found the same command missing. I believe that the source-interface command is silently dropped if the interface doesn't exist. Not sure if that's what you hit, but it's caught me on several occasions. Thanks, Josh Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS network on 3750 switches - ISIS or OSPF which isscalable ?
The SDM templates are used for route table sizing. The total number listed is approximate number and the number of entries will depend on mask length and prefixes. http://www.cisco.com/en/US/products/ps6580/products_configuration_guide_ chapter09186a008087831f.html -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Zahid Hassan Sent: Wednesday, October 17, 2007 1:09 PM To: Saku Ytti; Asbjorn Hojmark - Lists Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS network on 3750 switches - ISIS or OSPF which isscalable ? Hi, Does anyone happen to know the routing table size capacity of the ME- 3400G series ? I am wondering if the box will be able to take full BGP table, which I very much doubt it will be. Will be really appreciate any input on this. Regards, ZH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Saku Ytti Sent: 16 October 2007 14:48 To: Asbjorn Hojmark - Lists Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS network on 3750 switches - ISISor OSPFwhichisscalable? On (2007-10-16 13:48 +0200), Asbjorn Hojmark - Lists wrote: WS-C3750G-12S-S = 8 k$ ME-3400G-12CS-A = 7 k$ (possibly add Metro Access at 1 k$) Here 3750 will do L3, 3400 will not. You have to add some software there, and only the most expensive will do L3. Of course after that license, 3400 would do full IP, while 3750 only static and RIP. So direct head-to-head comparison is not possible, depending on what you need price difference can go either way. Layer 3 WS-C3750G-12S-E = 12 k$ ME-3400G-12CS-A + Metro IP Access = 10 k$ Then add the price of a RPS2300 to the 3750. You'd still be missing stackwise and I guess IPv6 might be relevant to few. But I'll rather take IS-IS than IPv6, to be honest. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 3550 traffic policing/QoS limitations?
The 3550 QoS policer usage is detailed in the configuration guide: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/relea se/12.2_25_see/configuration/guide/swqos.html#wp1044737 The same policy-map with policer can be attached to each port and in your case you can use up to 1 policer per FE port so its within limits. However, Policy-map applies to either ingress (service-policy input) or egress (service-policy output) are separate.. You can have 5M ingress/5M egress (or anything that adds to 10M total) by attaching an ingress policy-map and an egress policy-map. Egress policy-map however, can only match on DSCP(s) so you have to know the DSCP(s) (if don't care, set them all to 0 at ingress policy-map first so egress can match on it). -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of TCIS List Acct Sent: Thursday, September 13, 2007 9:31 AM To: cisco-nsp Subject: [c-nsp] Cisco 3550 traffic policing/QoS limitations? According to: http://www.cisco.com/warp/public/473/153-2.gif It appears that there are limitations on the number of policers that you can use. What isn't clear is how these apply -- in a nutshell, what we want to be able to do is define a policer that limits ingress/egress traffic to 10M (we will likely use ACLs on Ingress to only apply this limit to traffic bound for non-local subnets) on _every_ FE port on our 3550-EMI's. Is this possible or no? TIA. --Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MAC authentication bypass (mac-auth-bypass) on 2950s
I'm wondering whether this info was included in the 2950 docs in error - should be replaced with a why you should really upgrade to 2960s section? :-) 2950 does not support Mac-Auth-Bypass http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst2950/softwa re/release/12.1_22ea/SCG/sw8021x.html 2960 http://www.cisco.com/en/US/partner/products/ps6406/products_configuratio n_guide_chapter09186a0080892a41.html#wp1196845 -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Martin Hamilton Sent: Tuesday, August 21, 2007 1:53 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MAC authentication bypass (mac-auth-bypass) on 2950s On Mon, Aug 20, 2007 at 12:55:03PM -0400, Mike Johnson wrote: | Did you enable dot1x globally and assign the interface to access mode first? | Otherwise the dot1q commands will not show up. Also, there should | be no voice configuration on the port as well. Have you got mac-auth-bypass on your 2950s? I've got the per-interface dot1x commands, but no dot1x mac-auth-bypass. I'm wondering whether this info was included in the 2950 docs in error - should be replaced with a why you should really upgrade to 2960s section? :-) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SNMP for VRF [Lite] ?
The MPLS-VPN-MIB is only supported on the 3750 metro not the 3750. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Phil Mayers Sent: Tuesday, August 07, 2007 1:45 AM To: Jeff Kell Cc: 'NSP List' Subject: Re: [c-nsp] SNMP for VRF [Lite] ? On Mon, 2007-08-06 at 23:06 -0400, Jeff Kell wrote: Is there a quick way to determine if a switch has VRFs enabled via SNMP? We have some network monitoring/manipulation procedures that get broken when VRFs are enabled. Logging into the CLI and doing a 'show ip vrf' does the trick, but I am looking for a lightweight SNMP-able variable I can pull from a generic switch (at least down to a 3550) as opposed to the more elaborate MPLS MIBs for the higher-end routers. This is tedious to do, unfortunately. There is some support for binding an SNMPv3 context to a VRF, such that queries using that context see ip-related tables specific to the VRF, but that appears not to be present in the platforms I've tried it on (6500 + sup720, 3750) - maybe it's a GSR-ism. Google for: site:cisco.com snmp vrf I don't believe MPLS-VPN-MIB is supported for 3750s - certainly the ones I am running (12.2(25)SEE1) don't answer queries for it. It's a pretty poor mib anyway - the tables are indexed by that stupid string format: x.V.R.F.N.A.M.E.S.T.R.I.N.G.column.row ...and is very, very slow on a 6500. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Catalyst with HSRP
Is it safe to assume the same question and answer apply for VRRP as well, and that SVI's for VLANs trunked over the same physical interface count as multiple interfaces in reference to the above QA? Yes SVIs for vlans count as multiple interfaces. -Original Message- From: Jon Lewis [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 17, 2007 4:15 PM To: Tom Zingale (tomz) Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Catalyst with HSRP On Tue, 17 Jul 2007, Tom Zingale (tomz) wrote: The 3560e/3750e, we can support up to 32 groups but each group can be supported across multiple vlans. Therefore, you can have one group on multiple VLAN's but it will only count once toward the 32 group limit. Q. What is the implication of the use of the same HSRP group ID on multiple interfaces? A. When you define the same HSRP group ID on multiple interfaces, they all share the same HSRP virtual MAC address. In most modern LAN switches, there are no issues because they maintain a per-VLAN MAC address table. However, if your network contains any third party switches which maintain a system-wide MAC address table regardless of VLAN, you may experience problems. Is it safe to assume the same question and answer apply for VRRP as well, and that SVI's for VLANs trunked over the same physical interface count as multiple interfaces in reference to the above QA? So given a network of reasonably modern cisco gear, there's no compelling reason to use different HSRP or VRRP group numbers on any number of SVIs unless you need to support multiple groups within a single SVI / vlan subinterface? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VLan Translation 2950?
VLAN translation is not supported on 2950. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Paul Stewart Sent: Monday, July 16, 2007 7:52 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] VLan Translation 2950? Hi folks... Does a 2950-EI support VLAN translation? I've searched cisco.com and googled - can't find references anywhere... thanks, Paul ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Catalyst with HSRP
The 3560e/3750e, we can support up to 32 groups but each group can be supported across multiple vlans. Therefore, you can have one group on multiple VLAN's but it will only count once toward the 32 group limit. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Phil Bedard Sent: Tuesday, July 17, 2007 10:14 AM To: Roman Bestuzhev Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Catalyst with HSRP A 4500 series switch with a Supervisor IV/V. Phil On Jul 17, 2007, at 12:26 PM, Roman Bestuzhev wrote: Hello, I am trying to choose L2/L3 gigabit Catalyst switch with HSRP support. The is a requirement that the device must support at least 128 SVI/L3 interfaces for HSRP (256 or more would be excellent). As far as I know, Cat3550 can support 256 HSRP interfaces but it is supplied only with 10/100 fast ethernet ports. I was looking at 3560/3750 models and found that according their documentation they can have only 32 HSRP- capable L3 interfaces. Is there anyr device with same HSRP capabilities as Cat3550 but with gigabit ports which is not so expencive as Cat6500? May be some new IOSes can help to bypass a limitation of 32 HSRP interfaces on 3560/3750. -- Roman Bestuzhev, System Administrator ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DC power for 3650
Also, Yes the 3560 has no DC power but the new Catalyst 3560-E Series offers a DC power supply option for the data only (non-PoE) models -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Dan Armstrong Sent: Monday, July 16, 2007 6:32 AM Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] DC power for 3650 AFAIK, there is no DC power option for the 3560. We use 3550s still, or ME3400s when we need DC power. Jeff Crowe wrote: Hi Paul, Yes, you are correct - it is a 3560 switch, not a 3650 unit (it must be Monday morning). The document at http://www.cisco.com/en/US/products/ps7077/products_installation_guide_ cha pt er09186a008076393e.html#wp1211258 shows how to install the DC module into a 3750 and a 3560, but it does not mention a part number for that module. Jeff. -Original Message- From: Paul Stewart [mailto:[EMAIL PROTECTED] Sent: July 16, 2007 9:11 AM To: 'Jeff Crowe' Subject: RE: [c-nsp] DC power for 3650 If you mean 3560 switch, there is no DC version that I am aware of 3750 if you want DC power or at least that's what we use...:) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Crowe Sent: Monday, July 16, 2007 9:04 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] DC power for 3650 Hi all, Does anyone know if there is a DC power module for the 3650 switch? If so, can an AC model be changed to a DC module via module replacement and what part number would be needed? Thanks, Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-C3560G-48TS-S per port ACLs?
Yes the SMI software feature set supports ACL's on a per port basis -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of TCIS List Acct Sent: Tuesday, June 05, 2007 11:46 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WS-C3560G-48TS-S per port ACLs? Can the WS-C3560G-48TS-S do extended access-lists on a per-port basis when using the standard -S image? --Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-C3560G-48TS-S per port ACLs?
Yes on a vlan or port you can allow/deny tcp/ip traffic. See the docs http://www.cisco.com/en/US/partner/products/hw/switches/ps5528/products_ configuration_guide_chapter09186a008081da63.html -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of TCIS List Acct Sent: Tuesday, June 05, 2007 6:19 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] WS-C3560G-48TS-S per port ACLs? Tom Zingale (tomz) wrote: Yes the SMI software feature set supports ACL's on a per port basis So I can apply an ACL on a Layer2 port, that allows/denies TCP/IP traffic? I know I can do this on some Foundry switches, but have never tried on a 35xx when the port is not a L3 port.. --Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CoPP on 3550-EMIs
CoPP is not supported on 3550. -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of TCIS List Acct Sent: Tuesday, May 08, 2007 11:36 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] CoPP on 3550-EMIs Is the CoPP feature available on the 3550-48-EMI or 3550-12T platforms? If so, what IOS release would I need, and is it hardware or software based? We've got 48-EMI's deployed to our Co-lo network (all L3 interfaces to the customer) and are looking to add some reasonable DoS protection internally. TIA. --Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/