[c-nsp] cisco nexus vpc hybrid topology
Hello, is anyone heavily using nexus vpc in hybrid topology ? I want to maintain my standard L2 network ( with STP as loop avoidance mechanism) with the possibility to configure some vpc when is possible or when is useful. In the vpc documentation STP is evil, connecting switches in daisy-chain discouraged but I can't rebuild from scratch all my campus network. Simplifying I have 3 building connected each-over with a couple of dark-fiber: a triangle with double edges. In each vertex I'm going to place a couple of Nexus9k. I'm interested in vpc to aggregate the couple of dark-fiber interconnecting each building but: - a triangle topology require STP ( I guess) - In each building the existing switches ( Catalyst 3560) are mostly in daisy-chain and can't be connected to the local couple of nexus via a dedicate vpc port. I understand that what I want is not what Cisco suggests, but I don't see any issue of doing that. I simply prefer vpc in hybrid topology that no vpc at all Thanks Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EVPN-VPWS PW and AC status coupling
Adam, You're right. I didn't explain it well. PW is UP, but LDP propagates AC status to the other end. Anyway it doesn't look to be supported by EVPNs, which is a pity. Regards On Fri, Feb 9, 2018 at 2:29 PM, <adamv0...@netconsultings.com> wrote: >> Marco Marzetti >> Sent: Friday, February 09, 2018 10:34 AM >> >> Hello, >> >> It's been a few weeks I've been working on EVPNs and IOS-XR 6.1 and i >> wonder if ther's a way to couple AC and PW status so that you can > propagate >> PE-CE link failures end-to-end. >> >> I know it's supported for "regular" EVPNs (RFC7432), but EVPN-VPWS >> (RFC8214) is definitely a special case. >> >> Here's my configuration snippets >> >> ! >> hostname XRV1 >> ! >> interface GigabitEthernet0/0/0/0.200 l2transport encapsulation dot1q 200 > ! >> router bgp 64496 >> bgp router-id 192.0.2.1 >> address-family l2vpn evpn >> ! >> neighbor 192.0.2.2 >> remote-as 64496 >> local address 192.0.2.1 >> address-family l2vpn evpn >> ! >> ! >> ! >> l2vpn >> xconnect group test >> p2p test >>interface GigabitEthernet0/0/0/0.200 >>neighbor evpn evi 100 target 300 source 200 >> ! >> ! >> ! >> >> >> ! >> hostname XRV2 >> ! >> interface GigabitEthernet0/0/0/0.300 l2transport encapsulation dot1q 300 > ! >> router bgp 64496 >> bgp router-id 192.0.2.2 >> address-family l2vpn evpn >> ! >> neighbor 192.0.2.1 >> remote-as 64496 >> local address 192.0.2.2 >> address-family l2vpn evpn >> ! >> ! >> ! >> l2vpn >> xconnect group test >> p2p test >>interface GigabitEthernet0/0/0/0.300 >>neighbor evpn evi 100 target 200 source 300 >> ! >> ! >> ! >> >> >> What i'd expect is XRV1 to turn Gi0/0/0/0.200 down when XRV2 withdraws >> the BGP advertisements. >> >> Is that supported? >> > Hmm I'm getting a bit rusty on the Carrier-Ethernet stuff but isn't that the > other way around? > I mean what I remember is that if AC goes down that in turn brings down the > PW -but the bit where the PW failure propagating to the other end then in > turn brings the AC down on that end too -that one I don't recall to be > honest. (Would I need to enable that with some knob first?) > And what if the other end is configured with PW-redundancy -in that case I'd > need the AC at remote end to stay up and just use the backup PW. > > Sure if you run LFM or the whole CFM suite end-to-end, then that could bring > down ACs at both ends in case any component along the path fails. > > > adam > > netconsultings.com > ::carrier-class solutions for the telecommunications industry:: > -- Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EVPN-VPWS PW and AC status coupling
Hello, It's been a few weeks I've been working on EVPNs and IOS-XR 6.1 and i wonder if ther's a way to couple AC and PW status so that you can propagate PE-CE link failures end-to-end. I know it's supported for "regular" EVPNs (RFC7432), but EVPN-VPWS (RFC8214) is definitely a special case. Here's my configuration snippets ! hostname XRV1 ! interface GigabitEthernet0/0/0/0.200 l2transport encapsulation dot1q 200 ! router bgp 64496 bgp router-id 192.0.2.1 address-family l2vpn evpn ! neighbor 192.0.2.2 remote-as 64496 local address 192.0.2.1 address-family l2vpn evpn ! ! ! l2vpn xconnect group test p2p test interface GigabitEthernet0/0/0/0.200 neighbor evpn evi 100 target 300 source 200 ! ! ! ! hostname XRV2 ! interface GigabitEthernet0/0/0/0.300 l2transport encapsulation dot1q 300 ! router bgp 64496 bgp router-id 192.0.2.2 address-family l2vpn evpn ! neighbor 192.0.2.1 remote-as 64496 local address 192.0.2.2 address-family l2vpn evpn ! ! ! l2vpn xconnect group test p2p test interface GigabitEthernet0/0/0/0.300 neighbor evpn evi 100 target 200 source 300 ! ! ! What i'd expect is XRV1 to turn Gi0/0/0/0.200 down when XRV2 withdraws the BGP advertisements. Is that supported? Thank you Regards -- Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] VxLAN on Nexus 9000v and trunk ports
Hello, I am trying to configure EVPN VxLANs on Nexus 9000v. And i am stuck with trunk ports Configuration looks like: vlan 101 vn-segment 1 interface nve1 no shutdown overlay-encapsulation vxlan-with-tag host-reachability protocol bgp source-interface loopback0 member vni 1 ingress-replication protocol bgp interface ethernet 1/3 no shutdown switchport access vlan 101 router bgp 64496 router-id 192.0.2.2 address-family l2vpn evpn neighbor 192.0.2.1 remote-as 64496 update-source loopback0 address-family l2vpn evpn send-community extended evpn vni 1 l2 rd auto route-target import auto route-target export auto As long as i use access ports on both leafs everything works as expected. But i can't get it working when one of the two is in trunk mode. So, for instance: hostname leaf1 ! interface ethernet 1/3 no shutdown switchport access vlan 101 and hostname leaf2 ! interface ethernet 1/3 no shutdown switchport mode trunk switchport trunk allowed vlan 101,2 Vlan2 is connected to a SVI on the Nexus. Vlan101 is connected to NVE1 via vn-segment I'd expected traffic going out from e1/3 on leaf2 for vlan101 to be tagged with id 101, but it is not. It's untagged. Is it a bug (or a limitation of Nexus 9000v) or am i missing something? Thank you -- Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ode to the old days
. I didn't just play with them back in the day, I still own one! A CGS running IOS 8.0. It's actually older than the one they have in the small museum in the main Cisco building here in Amsterdam. I checked :-) Ah, when ciscos (no capitals!) were white and the IOS documentation fit in a single binder... On December 9, 2016 4:58:10 PM CET, Traveling Dinerwrote: >You guys making reference to all these Cisco numbered-series devices... >let's go back and talk AGS/AGS+, CGS, IGS... the letter-series devices. >How many of ya'll got to play with the jumpers on the boards inside the >AGS+? ;-) > >On Fri, Dec 9, 2016 at 4:44 AM, Saku Ytti wrote: > >> On 9 December 2016 at 09:49, Gert Doering >wrote: >> >> > Compare a 7200 of 15 years ago with an ASR9001 of today for list >price >> > insanity. >> >> I think 7200 and ASR1k are more apt comparison. ASR9001 should be >> compared against GSR, but no small model existed. >> >> -- >> ++ytti >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >___ >cisco-nsp mailing list cisco-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-nsp >archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ode to the old days
I had the same reaction when I first saw a Lannet 3LS some twenty years ago, back when the 7500s were king. '1.28 Gbps of routing performance? WHAT!?' On December 8, 2016 10:29:01 PM CET, Nick Cuttingwrote: >The day I got my hands on a 3550, when I was new to networking - and I >thought we will never ever need routers again ! Removed all our routers >living on sticks > >-Original Message- >From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of >Mattias Gyllenvarg >Sent: Thursday, December 8, 2016 6:46 AM >To: cisco-nsp >Subject: [c-nsp] Ode to the old days > >Dear All > >10year 4weeks 6days and about 11hours ago I was working for my first >ISP (ispA). > >On that day I put a 3560-24TS into production as a device to terminate >to a Metronet running OSPF/BGP och public IP space. > >A few years later I started consulting for ispB who later split into >and became ispC for whom I worked for several years. > >After this I ventured into a smaller ISP (ispD) that was acquiring >ispA. > >During that time that 3560 has been working without issue or power >interruptions. >Today, that it was replaced to add MPLS capabilities to the node >boasting an up-time of 10 years 4 weeks 6 days and 11 hours. > >I fear I will never beat this record in my career. > >To the old gear! >___ >cisco-nsp mailing list cisco-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-nsp >archive at http://puck.nether.net/pipermail/cisco-nsp/ > >___ >cisco-nsp mailing list cisco-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-nsp >archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?
On 16/09/2016 13:36, Curtis Piehler wrote: Exactly! On the 6500/7600 platforms you can't have your cake and eat it :) Indeed :-). And 'routed ports' are actally SVIs on a VLAN you don't see, but does get taken from the global pool (try 'show vlan internal usage' sometime). A 6500 is a switch, even when it calls itself a 7600 :-) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 RTBH on IOS
On 2016-05-03 08:47, Gert Doering wrote: Hi, On Mon, May 02, 2016 at 11:39:47PM +0200, Sebastian Ganschow wrote: There's a feature request open for this. The whole "use link-local next-hops for peers where the session is via a global address" is one of the most stupid ideas in this whole IPv6 thing anyway. There is no benefit, but a heap of drawbacks (like, instant black holing if ND fails for the link-local address) - and it's no wonder that no other vendor but Cisco does this... I have a feature request to at least add a knob for "please use GUA next-hop!" - CSCut26765 - it was opened by a friendly Cisco developer, and I have no read access to it, so no idea whether it's proceeding or not. But if you have interest in getting this fixed, please open a case and link to it... gert Sebastian, Thank you! Gert, As far as i can see there are two valid options for that: 1) route-map + disable-connected-check 2) bgp table-map And on XR (5.3.1) you only need the route-policy. Why do we need yet another knob? Regards -- Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IPV6 RTBH on IOS
Hello, I am working on RTBH for IPv6 on IOS and i am stuck with the odd behavior of the OS. Let's say that i have the following configuration on the router: ! hostname R2 ipv6 unicast-routing ! interface Gi1/0 ipv6 address 2001::DB8::2/64 ! router bgp 64512 bgp maxas-limit 30 neighbor 2001:DB8::1 remote-as 64513 ! address-family ipv6 neighbor 2001:DB8::1 activate neighbor 2001:DB8::1 send-community neighbor 2001:DB8::1 prefix-list AS64513_IN in neighbor 2001:DB8::1 route-map CUST_IN_V6 in exit-address-family ! ipv6 route 100::/64 Null0 ! route-map CUST_IN_V6 permit 10 match community BLACKHOLE set community no-export additive set local-preference 200 set ipv6 next-hop 100::1 ! route-map CUST_IN_V6 permit 20 ! ipv6 prefix-list AS64513_IN permit 2001:db8:100::/48 le 128 ! Now let's say that R1 (the peer) is sending the following prefixes to R2 via eBGP marked with community BLACKHOLE: - 2001:DB8:100::/48 - 2001:DB8:100::1/128 The prefixes are received by R2 and next-hop is set to 100::1 as expected (because of the community) R2#show bgp ipv6 unicast BGP table version is 17, local router ID is 192.0.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next HopMetric LocPrf Weight Path *> 2001:DB8:100::/48 100::1 100200 0 64513 i *> 2001:DB8:100::1/128 100::1 100200 0 64513 ? But, even if 100::1 is routed to Null0, the routing table shows that the next-hop for the eBGP prefixes is the link-local address of R1 (the peering router) R2#show ipv6 route IPv6 Routing Table - default - 6 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP S 100::/64 [1/0] via Null0, directly connected C 2001:DB8::/64 [0/0] via GigabitEthernet1/0, directly connected L 2001:DB8::2/128 [0/0] via GigabitEthernet1/0, receive B 2001:DB8:100::/48 [20/100] via FE80::C801:37FF:FEB0:1C, GigabitEthernet1/0 B 2001:DB8:100::1/128 [20/100] via FE80::C801:37FF:FEB0:1C, GigabitEthernet1/0 L FF00::/8 [0/0] via Null0, receive And the same does FIB: R2#show ipv6 cef 2001:DB8:100::1/128 2001:DB8:100::1/128 nexthop FE80::C801:37FF:FEB0:1C GigabitEthernet1/0 R2# So The prefix is reachable R2#ping 2001:DB8:100::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:100::1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms R2# The outcomes is that I cannot null-route traffic destined to a neighbor on the same router of the source of the attack. Now, i understand that RFC2545 permits a router to use link-local for eBGP. It precisely says: " The link-local address shall be included in the Next Hop field if and only if the BGP speaker shares a common subnet with the entity identified by the global IPv6 address carried in the Network Address of Next Hop field and the peer the route is being advertised to. " But this is "less than optimal" and i wonder if there's a trick/kludge/whatever to amend that. For instance IOS-XR is smart enough to stick to the specified next-hop if the use "set next-hop" within a route-policy. So far the only thing that have come to my mind was to set ebgp-multihop (in the wrong hope that would have forced IOS to consider the neighbor as non-connected), but it didn't work. And you can't even forward the prefixes to another router/exabgp and somehow receive them back because you'll end up in overwriting the originals. Do you have any ideas? -- Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cat 6800 performance mode
No, the Catalysts were external acquisitions. Low end stuff like the 1900 came from Grand Junction, the 3K was Kalpana, and the 5K & 6K Crescendo. Regards, Marco. On December 31, 2015 9:33:31 PM CET, Wes Smith <fath...@live.com> wrote: >Insieme is the skunkworks venture Cisco backed group they use for some >new tech. These guys operate outside Cisco and develop Product to >eventually be bought / acquired. > >Nx9k is the latest example. I'm told the original catalyst and cat5k >were similar. > >Sent from my iPhone > >> On Dec 31, 2015, at 11:20 AM, Gert Doering <g...@greenie.muc.de> >wrote: >> >> Insieme >___ >cisco-nsp mailing list cisco-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-nsp >archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] rtfilter for VPLS
Hello, I've not been able to find any references on cisco.com so i'm asking here before reaching TAC. As per my understanding IOS-XE does not support RT constrained route distribution (address-family rtfilter / RFC4684 ) for VPLS NRLIs (AFI=25, SAFI=65). Is it a bug or a (missing) feature? Ps. We're running 15.4(3)S1 on ME3600x with the AdvancedMetroIPAccess license. Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TCN's - Causing brief outages on ASR1K
On 18/12/2014 05:59, Blake Dunlap wrote: This seems like...interesting advice. At that point, you might as well just turn spanning-tree off. This is somewhere around cutting off your foot to stop your toe bleeding. That said: This seems like design problem not so much gear problem. Why are you running spanning tree with devices you don't administratively control? And if you do control them, why the hell are you seeing TCNs so often if your network is stable? That happens very often when you buy inter-pops links from your town's metro ethernet carrier. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Multipath broken on ASR1k
Hello, I'm afraid that multipath is broken on our ASR1k routers We redistribute the address 192.0.2.4 on both the upstream routers of the box named BG-ASR1. BG-ASR1#show ip route 192.0.2.4 Routing entry for 192.0.2.4/32 Known via ospf 1, distance 110, metric 20, type extern 2, forward metric 10 Redistributing via bgp 41497 Advertised by bgp 41497 match external 2 Last update from 212.183.160.94 on GigabitEthernet0/1/4, 00:11:25 ago Routing Descriptor Blocks: * 212.183.160.126, from 212.183.160.52, 00:11:38 ago, via GigabitEthernet0/1/3 Route metric is 20, traffic share count is 1 212.183.160.94, from 212.183.160.50, 00:11:25 ago, via GigabitEthernet0/1/4 Route metric is 20, traffic share count is 1 As you can see they're both active in RIB BG-ASR1#show ip cef 192.0.2.4 detail 192.0.2.4/32, epoch 5, per-longest-match-prefix sharing local label info: global/2398 nexthop 212.183.160.94 GigabitEthernet0/1/4 label explicit-null nexthop 212.183.160.126 GigabitEthernet0/1/3 label explicit-null And, according to the output above, the corresponding entries are present in FIB. Anyway there is only one entry in mpls forwarding-table. BG-ASR1#show mpls forwarding-table 192.0.2.4 detail Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 2398 explicit-n 192.0.2.4/32 0 Gi0/1/3 212.183.160.126 MAC/Encaps=14/18, MRU=9192, Label Stack{} C47D4FB09F804C4E351A3E938847 No output feature configured Why? Do You have any ideas? Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unable to create BFD session on C6500
On 12/12/2014 18:00, Murat Kaipov wrote: Hello Marco. Now I don't have any idea. But in my opinion there is issue on me3600. I haven't any proof, but it is just my experience with ME series switches. If you can, check this theory. Connect gi2/7 on cat6500 to another box and try setup ospf with bfd in some another ospf process. You can do it for me3600 too. Thank you. I really have no other idea. Murat Hello, Thanks to Andrew Koch, I've finally managed to bring the session up. On C6500_1 there was an overlapping subnet configured on an interface that has been shut down months ago.t Gi2/71 0 192.0.2.174/30 10P2P 1/1 Gi3/11 1 0 192.0.2.173/30 10DOWN 0/0 That was enough to break the BFD stack. Thank you for your help. Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unable to create BFD session on C6500
On 11/12/2014 21:28, Мурат Каипов wrote: Hello Marco. Can you provide what type of Line Cards you use and check your Cat6500 for this restrictions: * Cisco Catalyst 6500 series switches support up to 100 BFD sessions with a minimum hello interval of 50 ms and a multiplier of 3. The multiplier specifies the minimum number of consecutive packets that can be missed before a session is declared down. * If SSO is enabled on a dual RP system, the following limitations apply: o The maximum number of BFD sessions supported is 50. o The minimum hello interval is 500 ms with a multiplier of 3 or higher. o If EIGRP is enabled, the maximum number of BFD sessions supported is reduced to 30. o Echo mode is supported on Distributed Forwarding Cards (DFCs) only. * BFD SSO is supported on Cisco Catalyst 6500 series switches using the E-chassis and 67xx line cards only. Centralized Forwarding Cards (CFCs) are not supported. * To enable echo mode the system must be configured with the no ip redirects command. * During the In Service Software Upgrade (ISSU) cycle the line cards are reset, causing a routing flap in the BFD session. Hello, Gi2/7 is on a very old line card: WS-X6724-SFP We're not running SSO on that box and the number of session is a lot less the 100. Also note that C6500_1 is not able to create the BFD session on the interface Gi2/7 even if we disable the protocol on ME3600X. ME3600X(config)#interface GigabitEthernet0/24 ME3600X(config-if)#no bfd template bfd-core ME3600X(config-if)#do sho bfd neig IPv4 Sessions NeighAddr LD/RD RH/RS State Int 192.0.2.202 8/199UpUp Gi0/23 ME3600X(config-if)# C6500_1(config-if)#no bfd interval 300 min_rx 300 multiplier 3 C6500_1(config-if)# bfd interval 300 min_rx 300 multiplier 3 Dec 12 09:17:57.360: BFD-DEBUG EVENT: bfd_session_create failed, 6 C6500_1(config-if)# So i guess that something went wrong on that box. Do You have any ideas? Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unable to create BFD session on C6500
On 11/12/2014 03:30, Alessandro Braga wrote: Marco, Are you using NSF/SSO on the C6500 devices? If yes, please check the restrictions regarding the use of BFD and NSF. Regards, Alessandro Hello Alessandro, We're not. Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unable to create BFD session on C6500
On 11/12/2014 02:50, Мурат Каипов wrote: Hello Marco, can you show Ip ospf interface on both sides? Hello, Of course: C6500_1#show ip ospf interface brief InterfacePID AreaIP Address/MaskCost State Nbrs F/C Lo0 1 0 192.0.2.52/32 1 LOOP 0/0 Gi2/71 0 192.0.2.174/30 10P2P 1/1 Gi2/61 0 192.0.2.110/30 10P2P 1/1 Gi3/11 1 0 192.0.2.173/30 10DOWN 0/0 Vl27 1 0 192.0.2.126/28 10DR4/4 Gi2/41 0 192.0.2.105/30 10P2P 1/1 Gi1/11 0 192.0.2.97/30 1 P2P 1/1 Gi2/51 0 192.0.2.57/30 10P2P 1/1 C6500_1#show mpls interfaces Interface IPTunnel BGP Static Operational GigabitEthernet1/1 Yes (ldp) No No No Yes GigabitEthernet2/4 Yes (ldp) No No No Yes GigabitEthernet2/5 Yes (ldp) No No No Yes GigabitEthernet2/6 Yes (ldp) No No No Yes GigabitEthernet2/7 Yes (ldp) No No No Yes GigabitEthernet3/11Yes No No No No Vlan27 Yes (ldp) No No No Yes C6500_1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.0.2.190 FULL/ -00:00:34192.0.2.173 GigabitEthernet2/7 192.0.2.180 FULL/ -00:00:38192.0.2.109 GigabitEthernet2/6 192.0.2.3 0 FULL/DROTHER00:00:38192.0.2.114 Vlan27 192.0.2.4 0 FULL/DROTHER00:00:36192.0.2.113 Vlan27 192.0.2.5 0 FULL/DROTHER00:00:37192.0.2.119 Vlan27 192.0.2.7 0 FULL/DROTHER00:00:38192.0.2.118 Vlan27 192.0.2.500 FULL/ -00:00:39192.0.2.106 GigabitEthernet2/4 192.0.2.1 0 FULL/ -00:00:38192.0.2.98 GigabitEthernet1/1 192.0.2.500 FULL/ -00:00:38192.0.2.58 GigabitEthernet2/5 C6500_1# ME3600X#show ip ospf interface brief InterfacePID AreaIP Address/MaskCost State Nbrs F/C Lo0 1 0 192.0.2.19/32 1 LOOP 0/0 Gi0/24 1 0 192.0.2.173/30 10P2P 1/1 Gi0/23 1 0 192.0.2.201/30 10P2P 1/1 ME3600X#show mpls interfaces Interface IPTunnel BGP Static Operational GigabitEthernet0/23Yes (ldp) No No No Yes GigabitEthernet0/24Yes (ldp) No No No Yes ME3600X#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.0.2.520 FULL/ -00:00:35192.0.2.174 GigabitEthernet0/24 192.0.2.500 FULL/ -00:00:35192.0.2.202 GigabitEthernet0/23 ME3600X# As you can see ( on both sides ): - OSPF is in FULL state - MPLS is enabled - LDP is up Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unable to create BFD session on C6500
On 09/12/2014 20:39, Murat Kaipov wrote: Hello Marco. Keep in mind that ME3600/ME3800 platforms doesn't support BFD offload, and all BFD packets processed by CPU. http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/r elease/15-4_1_S/chassis/configuration/guide/3600x_24cxscg/swbfd.pdf Show configuration on both sides please. Hello Murat, I'm well aware of the hardware offload limit. But cisco brought it to ME-3600X-24CX and I *HOPE* they will do the same with the other platforms in future. Anyway you can find the configuration below C6500_1 ! router ospf 1 router-id 192.0.2.52 auto-cost reference-bandwidth 1 redistribute connected subnets bfd all-interfaces mpls ldp sync ! interface GigabitEthernet2/7 mtu 9216 ip address 192.0.2.174 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 *HIDDEN* ip ospf network point-to-point ip ospf 1 area 0 udld port disable mls qos trust dscp mpls ip bfd interval 300 min_rx 300 multiplier 3 ! ME3600X ! platform bfd allow-svi ! bfd-template single-hop bfd-core interval min-tx 300 min-rx 300 multiplier 3 ! router ospf 1 router-id 192.0.2.19 auto-cost reference-bandwidth 1 redistribute connected subnets redistribute static subnets bfd all-interfaces mpls ldp sync mpls ldp autoconfig area 0 ! interface GigabitEthernet0/24 no switchport mtu 9216 ip address 192.0.2.173 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 *HIDDEN* ip ospf network point-to-point ip ospf 1 area 0 udld port disable bfd template bfd-core ! Thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Unable to create BFD session on C6500
Hello, We run BFD on all of our devices and we're currently having some problems between a pair of C6500/SUP720 and a ME3600X . The network diagram is as follows: +---+ | | ++ C6500_1 | || | |++-++ +++| | | || | | ME3600X || | | || | +++| | |++-++ || | ++ C6500_2 | | | +---+ Both the C6500 run the following software: s72033-adventerprisek9-mz.151-2.SY2.bin Both C6500 are SUP720-3B and there isn't any dCEF enabled card on them. The OSPF sessions on C6500_1 is in FULL state: C6500_1# show ip ospf neighbor | i 2/7 192.0.2.190 FULL/ -00:00:32192.0.2.173 GigabitEthernet2/7 and the relevant configuration is as follows: interface gigabitEthernet 2/7 ip ospf network point-to-point ip ospf 1 area 0 bfd interval 300 min_rx 300 multiplier 3 no bfd echo ! router ospf 1 bfd all-interfaces ! Anyway IOS is not able to start a BFD session on that interface: C6500_1# show ip ospf neighbor 212.183.160.19 | i BFD C6500_1# And returns an error when BFD debugging is on: C6500_1#show debugging BFD: BFD event debugging is on for interface GigabitEthernet2/7 BFD packet debugging is on for interface GigabitEthernet2/7 C6500_1#conf t Enter configuration commands, one per line. End with CNTL/Z. C6500_1(config)#int gi2/7 C6500_1(config-if)#no bfd interval C6500_1(config-if)#bfd interval 300 min_rx 300 multi 3 C6500_1(config-if)# Dec 9 16:07:42.737: BFD-DEBUG EVENT: bfd_session_create failed, 6 C6500_1(config-if)# At the same time there are running BFD sessions on other interfaces configured with the very same statements: For instance the following interface is connected to another ME3600X that is running the same software version: C6500_1#show bfd neighbors | i 2/6 192.0.2.109 294/3 UpUpGi2/6 C6500_1# Can anyone help? Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading to 40G
On February 28, 2014 1:33:52 PM CET, Gert Doering g...@greenie.muc.de wrote: Hi, On Fri, Feb 28, 2014 at 12:49:26PM +0200, Mark Tinka wrote: While I can appreciate this, history has always proven that users will find a use for something for which it wasn't initially intended - y'know, like using a Cisco 2901 as a core router :-). old age day 2503 made a good core router, back in the day... (we had two! A 2503 and a 4500, with a E1 between them...) This newfangled 2900 stuff, nobody needs that much RAM in a router! /old age day gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Young whippersnapper :-). We had no need of those newfangled 2500s. We had AGS+es and liked it! (Still have a CGS running IOS 8.0 lying about somewhere...) -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] raspberry pi
Thinking of using it at home for email, http, ftp, DHCP, DNS server and AirPlay sound device :) It will replace my current WinXP PC has it will be silent and use less energy. Maybe it will also have a backup HDD attached to it... it depends on the network performance. On 20-11-2013 06:23, Preston Chilcote (pchilcot) wrote: Hi Everyone, I'm curious: Does anyone use one or more raspberry pis in their network (for networking related stuff)? What kinds of things are they used for? Thanks, Preston Chilcote ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7200 - policy-map foo enter causes telnet/console to freeze?
Il giorno mar, 09/04/2013 alle 15.11 +1030, CiscoNSP List ha scritto: Hi guys, Have a 7200(G1), with existing policy-maps (Working fine) - Today, tried adding a new policy-map(telnet session), and the telnet session froze after hitting enter? (config)#policy-map TESTTEST enter(telnet session frozen) Tried also via console, and get the same result? (No error messages on console session) Anyone experienced this before? In a simpl word: No. What IOS version are you running? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Switching Loops
You can use Flex Links marco 2013/3/25 M K gunner_...@live.com Hi I was wondering if I can avoid switching loops without turning on spanning tree ?I have two connections between two switches and they are configured as access in the same vlan , and i do not want to configure spanning tree , how to avoid loops ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1000 and QOS
Il giorno mer, 22/08/2012 alle 14.23 +, Brian Turnbow ha scritto: Hello Everyone, I am trying to realize a qos configuration on an asr 1006 for pppoe services being sold by our national incumbent. On a single GE interface I will receive two classes of services, cos 0 and cos 1, each with a set bandwidth. i.e. cos 0 100mbps cos 1 20mbps. Each dslam gets terminated using a vlan for each cos , so in the end I will have n vlans for the cos 0 traffic and x vlans for the cos 1 traffic. Things gets complicated though as we want to assign a policy to the pppoe sessions as well, as we will have varying line rates on the customer lines. Ideally I would like to be able to shape the n vlans to the cos 0 rate and the x vlans to the cos 1 rate, and then be able to shape the single sessions as each will have a different line rate. I have tried 1) with the SE following us (on vacation now since we need him) we thought that service policy aggregation would be the way to go. http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_policies_agg.html but when we assign the end user policy via radius it does not get applied and we have the error policy TEST with fragment class can only be attached to ethernet subifc and port-channel subifc Tinkered awhile with various configs but no go lets try something else.. 2) setting up a policy on the GE that shapes on match vlans , and sending service policy for the users via radius. error message service-policy with queueing features on sessions is not allowed in conjunction with interface based and the policy is not applied bummer I am thinking about trying to declare the interface bandwidth via radius and then use bandwidth % instead of shape but that should be queueing as well and also the scaling documents for the asr have big warnings on the use of lcp:interface-config ... So here I am looking for a way to do this The only other thing that comes to mind is placing a box before the asr to shape the vlans and just work on the sessions on the asr, but that means another box to purchase, maintain, etc etc. If you've made it this far (sorry about the length) Has anyone done something similar, or have any suggestions ? Thanks in advance! Brian Hello Brian, We faced the same problem ( and, i bet, the same incumbent too ) earlier in the summer. We got out of it by placing an old Catalyst switch between the incumbent and our BRAS. Regards Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] HQF for broadband
Hello, Is it possible to hierarchically shape the egress traffic of the PPPoE sessions aggregated on a GigabitEthernet port on C7200 or C7600? We must comply with the SLA offered by the carrier that carries to us the aggregated sessions and, also, we would like to modify the per PPP session egress bandwith limit with RADIUS. Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MQC and PA-A6
Hello, Simple and plain question: does MQC work in hardware when attached to ATM VP||PVC on c7200+PA-A6 ? Thank You Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WFQ and PPPoE on BRAS
Hello, How is WFQ supposed to work on cisco when there's only PPPoE traffic on the interface? WFQ uses source and dst address/port values to identifies flows and the distributes them among the queues ( AFAIK ), anyway i don't think IOS inspect the PPP payload looking for them. Thank You Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Problem with 7200 and 12.2(33)SRE upgrade
Hello, Why had so MANY problems with 12.2(33) SRE ( and SRD too ) and ATM on C7200 that we decided to revert to previous IOS ( ~12.3 ) and buy a new box to terminate the new ethernet services. We experienced VC flapping and weird CLI counters. Workaround for flapping was to remove and re-configure the ATM sub-interface. We found no solution for counters Ps. Since we opened a bug, Cisco reccomended us to upgrade to 15.1. Hope this help Jon Harald Bøvre c...@bovre.no ha scritto: Hi You mention DSL, radius and PPP. We had similar problems some years ago, PPPoA/l2tp tunnels did not come up from all clients (7206 acted as LNS) Our upgrade was from 12.2T something to 12.3T something, cannot remember details. After several tries of this upgrade on several routers we opened a TAC case, and had a possible solution back within record breaking half an hour. Problem: Early versions of IOS did not check all parameters coming back from ACS Radius We had an errored/missing configuration on our ACS Radius Somewhere in 12.3 train this behaviour was changed to check all parameters Now the LNS refused tho make the connections. After making the neccesary adjustment on the ACS we had no problems with the upgrade. There is a BUG ID for this, search Later these routers have been upgraded to 12.2(24)T, and one to 15.0 something without problems Dont know if this relates to your problems. Also check ATM support in your IOS, as ATM has started to fade away from newer IOS Jon Harald Bøvre On 4. jan. 2012 20:12 Walter Keen walter.k...@rainierconnect.net wrote: Hi, I have a router I'm trying to move to a SR train, or more specifically 12.2(33)SRE from 12.3(15a) but I have a reports from DSL users of being unable to get to most places after that upgrade, which we reverted. We've even setup a test router, and tried to duplicate it, with no luck so far. We do have one production router with that IOS (SRE) that works fine. About the only difference I can find is hardware (CPU/midplane) revisions and bootloader versions. I'm starting to wonder if anyone else on this list has encountered similar issues. All are NPE-G1, some with 512m ram, others with 1G ram C7200-1 uses NAT(I know), PPP, radius, tacacs, ospf, bgp. C7200-2 and -3 use the same without NAT. We've tried replicating the config of -1 onto -4 (the lab system) without being able to reproduce the issue. unfortunately these are all out of a support contract C7200-1 (with the issue): current IOS 12.3(15a) ROM: 12.3(4r)T3 SB-1 CPU at 700MHz, Implementation 1, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.0 Bootloader: 12.3(9), RELEASE SOFTWARE (fc2) Exhibited packet loss to ATM sub-interfaces (DSL customers) when moving to 12.2(33)SRE C7200-2 (another with the issue): current IOS 12.4(25b) ROM: 12.3(4r)T3 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.6 Bootloader: 12.4(12), RELEASE SOFTWARE (fc1) Exhibited packet loss to ATM sub-interfaces (DSL customers) when moving to 12.2(33)SRE C7200-3 (working in production on SRE): current IOS 12.2(33)SRE ROM: 12.2(20030826:190624) [BLD-npeg1_rommon_r11 102], DEVELOPMENT SOFTWARE SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.11 Bootloader: 12.4(12), RELEASE SOFTWARE (fc1) C7200-4 (lab system, trying to replicate problem -- working on SRE): current IOS 12.2(33)SRE ROM: 12.3(4r)T1 fc1 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.6 Bootloader: none listed in 'sh ver' output ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ADSL-PORTAL service
Hello, Instead of reject the sessions, to send out-of-credit users to a captive portal using RADIUS attribute 104 would be easy if your server has any sort of SQL backend. Hope this help john travolta johnbe...@yahoo.com ha scritto: Hi all, We want to provide a portal service for our broadband users (PPPOE), where they can check their balance, recharge their account and etc. we are using a cisco 7201 as BRAS, it is required that a user with no credit still be able to access this portal, right now the users are authenticated by a AAA server and the IP allocation is done by the AAA too, the problem is when the user has no credit will not be authenticated, will not get an IP address and will not be able to access the portal. what are the existing case scenarios to accomplish this. Yours, John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] daisy-chain hop limit
Hi, i have to daisy-chain 28 cisco switch, my humble is only about spanning-tree (rapid-pvst). I think I will work for the reasons I wrote below but if you have any experience please help me. When the chain is closed the max-distance from the root bridge is 14 ( more than 7 but I know it works). When some link failure occurs and opens the chain the max-distance from the root bridge raise to 28 but there is no possible loop in a broken daisy-chain. If the root-bridge dies eventually... I don't know, but I think I will not incur in any loops: only take more time to choose a new bridge-root and putting the port in forwarding state. Marco Regini ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Router
On Wed, 12 Jan 2011 23:04:28 +1100, Reuben Farrelly reuben-cisco-...@reub.net wrote: Yes this switch is fine for running BGP with the caveat that you won't be able to take a full BGP table on this hardware. I believe the hardware TCAM is limited to about 250,000 routes. Yep. The ME6500 is pretty much a fixed-config SUP32. Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Tool To Backup Configurations
On Tue, 4 Jan 2011 08:57:21 +, Righa Shake righa.sh...@gmail.com wrote: Am looking for a tool that i can use to backup Cisco configurations with ease. The tool could be opensource or commercial. RANCID has been mentioned a few times. On the commercial end, we use Kiwi (Solarwinds now) CatTools. Works fine too. http://www.kiwisyslog.com/kiwi-cattools-overview/ Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SIP to ISDN Call Progress
Hello, I have a problem with SIP to ISDN internetworking on Cisco IOS. I'm unable to receive early-media messages from the ISDN side of the call. Hardware and software versions are: Cisco 2800 Software (C2800NM-ENTSERVICES-M), Version 12.4(20)T6, RELEASE SOFTWARE (fc2). # debug isdn q931 int Se0/1/0:15 Nov 15 10:06:54.437 CET: ISDN Se0/1/0:15 Q931: Applying typeplan for sw-type 0x12 is 0x0 0x1, Calling num 03631970XXX Nov 15 10:06:54.441 CET: ISDN Se0/1/0:15 Q931: Sending SETUP callref = 0x0D0D callID = 0x980D switch = primary-net5 interface = User Nov 15 10:06:54.441 CET: ISDN Se0/1/0:15 Q931: TX - SETUP pd = 8 callref = 0x0D0D Bearer Capability i = 0x8090A3 Standard = CCITT Transfer Capability = Speech Transfer Mode = Circuit Transfer Rate = 64 kbit/s Channel ID i = 0xA9839F Exclusive, Channel 31 Calling Party Number i = 0x0180, '03631970XXX' Plan:ISDN, Type:Unknown Called Party Number i = 0x81, '199151119' Plan:ISDN, Type:UnknownsipSPIUpdateRtcpSession: sx79861: started RTP timer in state STATE_SENT_ALERTING Nov 15 10:06:54.457 CET: ISDN Se0/1/0:15 Q931: RX - SETUP_ACK pd = 8 callref = 0x8D0D Channel ID i = 0xA9839F Exclusive, Channel 31 Nov 15 10:06:56.745 CET: ISDN Se0/1/0:15 Q931: RX - CALL_PROC pd = 8 callref = 0x8D0D Nov 15 10:07:18.206 CET: ISDN Se0/1/0:15 Q931: RX - ALERTING pd = 8 callref = 0x8D0D Nov 15 10:07:18.302 CET: ISDN Se0/1/0:15 Q931: RX - CONNECT pd = 8 callref = 0x8D0D Nov 15 10:07:18.302 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:18.302 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:18.302 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:18.302 CET: ISDN Se0/1/0:15 Q931: TX - CONNECT_ACK pd = 8 callref = 0x0D0DsipSPIUpdateRtcpSession: sx79861: started RTP timer in state STATE_SENT_ALERTING Nov 15 10:07:21.294 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:21.294 CET: %ISDN-6-DISCONNECT: Interface Serial0/1/0:30 disconnected from 199151119 , call lasted 2 seconds Nov 15 10:07:21.294 CET: ISDN Se0/1/0:15 Q931: TX - DISCONNECT pd = 8 callref = 0x0D0D Cause i = 0x8090 - Normal call clearing Nov 15 10:07:21.306 CET: ISDN Se0/1/0:15 Q931: RX - RELEASE pd = 8 callref = 0x8D0D Nov 15 10:07:21.306 CET: ISDN Se0/1/0:15 Q931: TX - RELEASE_COMP pd = 8 callref = 0x0D0D The router places the call to our public switch and cut-through the voice path only after the CONNECT message ignoring the CALL_PROC messages and the relative early-audio stream. Looking at the SIP side of the call no SIP 183 Progress is sent by the router between the Trying and the Ringing messages. I would expect the router to generate proper SIP signaling and cut-through in the backward direction the voice path after the CALL_PROC message has been received. Any help? Thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SIP to ISDN Call Progress
On Mon, 15 Nov 2010 13:44:26 +0100, Roger Wiklund co...@xy.org wrote: Exactly what problems are you experiencing? One way audio? No ringback? DTMF issues etc? Have you tried voice rtp send-recv? This is used for cut Through Two-Way Audio Early. Not sure it will help though. http://www.cisco.com/en/US/docs/ios/12_2/voice/command/reference/vrf_t.html#wp1076026 /Roger On Mon, Nov 15, 2010 at 10:36 AM, Marco Marzetti ma...@lamehost.it wrote: Hello, I'm experiencing no audio in the backward direction when in-band information are generated from the remote switch. I'm unable to hear other telco's alert messages, like The number you've dialed is not in service. Thank You Hello, I have a problem with SIP to ISDN internetworking on Cisco IOS. I'm unable to receive early-media messages from the ISDN side of the call. Hardware and software versions are: Cisco 2800 Software (C2800NM-ENTSERVICES-M), Version 12.4(20)T6, RELEASE SOFTWARE (fc2). # debug isdn q931 int Se0/1/0:15 Nov 15 10:06:54.437 CET: ISDN Se0/1/0:15 Q931: Applying typeplan for sw-type 0x12 is 0x0 0x1, Calling num 03631970XXX Nov 15 10:06:54.441 CET: ISDN Se0/1/0:15 Q931: Sending SETUP callref = 0x0D0D callID = 0x980D switch = primary-net5 interface = User Nov 15 10:06:54.441 CET: ISDN Se0/1/0:15 Q931: TX - SETUP pd = 8 callref = 0x0D0D Bearer Capability i = 0x8090A3 Standard = CCITT Transfer Capability = Speech Transfer Mode = Circuit Transfer Rate = 64 kbit/s Channel ID i = 0xA9839F Exclusive, Channel 31 Calling Party Number i = 0x0180, '03631970XXX' Plan:ISDN, Type:Unknown Called Party Number i = 0x81, '199151119' Plan:ISDN, Type:UnknownsipSPIUpdateRtcpSession: sx79861: started RTP timer in state STATE_SENT_ALERTING Nov 15 10:06:54.457 CET: ISDN Se0/1/0:15 Q931: RX - SETUP_ACK pd = 8 callref = 0x8D0D Channel ID i = 0xA9839F Exclusive, Channel 31 Nov 15 10:06:56.745 CET: ISDN Se0/1/0:15 Q931: RX - CALL_PROC pd = 8 callref = 0x8D0D Nov 15 10:07:18.206 CET: ISDN Se0/1/0:15 Q931: RX - ALERTING pd = 8 callref = 0x8D0D Nov 15 10:07:18.302 CET: ISDN Se0/1/0:15 Q931: RX - CONNECT pd = 8 callref = 0x8D0D Nov 15 10:07:18.302 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:18.302 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:18.302 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:18.302 CET: ISDN Se0/1/0:15 Q931: TX - CONNECT_ACK pd = 8 callref = 0x0D0DsipSPIUpdateRtcpSession: sx79861: started RTP timer in state STATE_SENT_ALERTING Nov 15 10:07:21.294 CET: %ISDN-6-CONNECT: Interface Serial0/1/0:30 is now connected to 199151119 N/A Nov 15 10:07:21.294 CET: %ISDN-6-DISCONNECT: Interface Serial0/1/0:30 disconnected from 199151119 , call lasted 2 seconds Nov 15 10:07:21.294 CET: ISDN Se0/1/0:15 Q931: TX - DISCONNECT pd = 8 callref = 0x0D0D Cause i = 0x8090 - Normal call clearing Nov 15 10:07:21.306 CET: ISDN Se0/1/0:15 Q931: RX - RELEASE pd = 8 callref = 0x8D0D Nov 15 10:07:21.306 CET: ISDN Se0/1/0:15 Q931: TX - RELEASE_COMP pd = 8 callref = 0x0D0D The router places the call to our public switch and cut-through the voice path only after the CONNECT message ignoring the CALL_PROC messages and the relative early-audio stream. Looking at the SIP side of the call no SIP 183 Progress is sent by the router between the Trying and the Ringing messages. I would expect the router to generate proper SIP signaling and cut-through in the backward direction the voice path after the CALL_PROC message has been received. Any help? Thank you ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SIP to ISDN Call Progress
On Mon, 15 Nov 2010 13:51:49 +0100, Brian Turnbow b.turn...@twt.it wrote: Hi Marco See inline -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Marco Marzetti Sent: lunedì 15 novembre 2010 10:36 To: cisco-nsp@puck.nether.net Subject: [c-nsp] SIP to ISDN Call Progress Hello, I have a problem with SIP to ISDN internetworking on Cisco IOS. I'm unable to receive early-media messages from the ISDN side of the call. Hardware and software versions are: Cisco 2800 Software (C2800NM-ENTSERVICES-M), Version 12.4(20)T6, RELEASE SOFTWARE (fc2). # debug isdn q931 int Se0/1/0:15 Nov 15 10:06:54.437 CET: ISDN Se0/1/0:15 Q931: Applying typeplan for sw-type 0x12 is 0x0 0x1, Calling num 03631970XXX Nov 15 10:06:54.441 CET: ISDN Se0/1/0:15 Q931: Sending SETUP callref = 0x0D0D callID = 0x980D switch = primary-net5 interface = User Nov 15 10:06:54.441 CET: ISDN Se0/1/0:15 Q931: TX - SETUP pd = 8 callref = 0x0D0D Bearer Capability i = 0x8090A3 Standard = CCITT Transfer Capability = Speech Transfer Mode = Circuit Transfer Rate = 64 kbit/s Channel ID i = 0xA9839F Exclusive, Channel 31 Calling Party Number i = 0x0180, '03631970XXX' Plan:ISDN, Type:Unknown Called Party Number i = 0x81, '199151119' Plan:ISDN, Type:UnknownsipSPIUpdateRtcpSession: sx79861: started RTP timer in state STATE_SENT_ALERTING Nov 15 10:06:54.457 CET: ISDN Se0/1/0:15 Q931: RX - SETUP_ACK pd = 8 callref = 0x8D0D Channel ID i = 0xA9839F Exclusive, Channel 31 Nov 15 10:06:56.745 CET: ISDN Se0/1/0:15 Q931: RX - CALL_PROC pd = 8 callref = 0x8D0D There is no progress indicator indicating that inband information is now available. So no opening of the audio channel. You can play around with the progress indicators you send out with your setup to manipulate this Try searching for no ringback , no busytones on the cisco website for an in depth explanation. Hello, I configured my dial-peer in this way: dial-peer voice 1400 pots voice cut-through alert preference 4 destination-pattern 199151119 progress_ind setup enable 1 no digit-strip port 0/0/1:15 ! Now i see the PI reminder: Nov 15 14:39:07.121 CET: ISDN Se0/1/0:15 Q931: TX - SETUP pd = 8 callref = 0x1C5C Bearer Capability i = 0x8090A3 Standard = CCITT Transfer Capability = Speech Transfer Mode = Circuit Transfer Rate = 64 kbit/s Channel ID i = 0xA9839F Exclusive, Channel 31 Progress Ind i = 0x8181 - Call not end-to-end ISDN, may have in-band info Calling Party Number i = 0x0180, '03631970353' Plan:ISDN, Type:Unknown Called Party Number i = 0x81, '199151119' Plan:ISDN, Type:Unknown Nov 15 14:39:07.133 CET: ISDN Se0/1/0:15 Q931: RX - SETUP_ACK pd = 8 callref = 0x9C5C Channel ID i = 0xA9839F Exclusive, Channel 31 Nov 15 14:39:08.253 CET: ISDN Se0/1/0:15 Q931: RX - CALL_PROC pd = 8 callref = 0x9C5C Looking at this: http://www.cisco.com/en/US/tech/tk1077/technologies_tech_note09186a0080094c33.shtml#progresstones I would expect the call to be cutted-throug after the SETUP_ACK has been received. Anyway I have the same problem, no audio i sent to my phone before the CONNECT message. Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SIP to ISDN Call Progress
On Mon, 15 Nov 2010 13:00:21 +, Ryan West rw...@zyedge.com wrote: Please post your sanitized sip-ua config. You may be missing your progress mappings. Sent from handheld On Nov 15, 2010, at 5:36 AM, Marco Marzetti ma...@lamehost.it wrote: Hello, My sip-ua setting is totally plain. What setup do you reccomend? Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Problems with dot1q trunk over EoMPLS with WS-X6148-GE-TX
Hi all, was trying to configure an EoMPLS link between two 6500s: Router1 6506 w/VS-S720-10G IOS 12.2(33)SXI2 Customer facing blade: WS-X6148-RJ-45 Router2 6503 w/WS-SUP32-10GE-3B IOS 12.2(33)SXI2 Customer facing blade: WS-X6148-GE-TX The routers are connected between via the Sup integrated 10Gb interface, mtu on them is 9000. EoMPLS works fine if there's no dot1q trunk going over the VC. If there's one set, everything SEEMS to work, pings go thru, dns requests are fine, I can access any vlans from anywhere etc. Problems is with that I cannot access any internet page of downloading anything, all the connections stall! Seems like a MTU problem to me so begin troubleshooting and find that the maximum packet size that can travel between this dot1q trunk over EoMPLS is 1496 instead of 1500. On both routers of course the VC is up: Router1#sh mpls l2 vc Local intf Local circuit Dest addressVC ID Status - -- --- -- -- Fa2/32 Ethernet x.y.z.56 71172104 UP Router2##sh mpls l2 vc Local intf Local circuit Dest addressVC ID Status - -- --- -- -- Gi2/3 Ethernet x.y.z.40 71172104 UP And the MTU of the VC is 1500: Router1##sh mpls l2 vc 71172104 det Local interface: Fa2/32 up, line protocol up, Ethernet up Destination address: x.y.z.56, VC ID: 71172104, VC status: up Output interface: Te5/5, imposed label stack {700} Preferred path: not configured Default path: active Next hop: x.y.z.14 Create time: 03:32:35, last status change time: 03:32:35 Signaling protocol: LDP, peer x.y.z.56:0 up Targeted Hello: x.y.z.40(LDP Id) - x.y.z.56 MPLS VC labels: local 969, remote 700 Group ID: local 0, remote 0 MTU: local 1500, remote 1500 Remote interface description: -VC-71172104-- Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 1959291, send 3518574 byte totals: receive 1809500293, send 700321865 packet drops: receive 0, send 0 Router2##sh mpls l2 vc 71172104 det Local interface: Gi2/3 up, line protocol up, Ethernet up Destination address: x.y.z.40, VC ID: 71172104, VC status: up Output interface: Te1/2, imposed label stack {969} Preferred path: not configured Default path: active Next hop: x.y.z.13 Create time: 3d19h, last status change time: 03:30:59 Signaling protocol: LDP, peer x.y.232.40:0 up Targeted Hello: x.y.z.56(LDP Id) - x.y.z.40 MPLS VC labels: local 700, remote 969 Group ID: local 0, remote 0 MTU: local 1500, remote 1500 Remote interface description: -VC-71172104-- Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 50349195, send 5715589 byte totals: receive 10440236044, send 5129079765 packet drops: receive 0, send 0 This is the port config: Router1#sh run int fa 2/32 Building configuration... Current configuration : 245 bytes ! interface FastEthernet2/32 description -VC-71172104-- no ip address ip verify unicast source reachable-via any allow-default no ip redirects no ip proxy-arp xconnect x.y.z.56 71172104 encapsulation mpls Router2##sh run int gi 2/3 Building configuration... Current configuration : 257 bytes ! interface GigabitEthernet2/3 description -VC-71172104-- no ip address ip verify unicast source reachable-via any no ip redirects no ip proxy-arp speed 100 duplex full xconnect x.y.z.40 71172104 encapsulation mpls Unfortunately I cannot bump up the mtu on WS-X6148-GE-TX (need the A version for that!), but this is the port where the xconnect is terminating, so I was under the impression that I wouldn't need jumbo frames support as the labels would just be passed thru the TenG mpls enabled interfaces, isn't it? I verified that lowering the interface mtu of the client machines makes everything work again. Played with the mpls mtu command, but it does not seem to have any effect whatsoever. Oddly enough, I see giants increasing on Router1, but not on Router2. I assume these are the dot1q trunk packets, but then why I'm seeing the counter increasing only on one side? The customer says on his switch interfaces, the mtu is 1500 on both trunks. So do you think I really need to bump the blade to at least WS-X6148A-GE-TX for this config to work, or am I missing something else? Thanks! ]\/[arco -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird ACL behaviour
On Fri, Jun 18, 2010 at 3:52 PM, Rodney Dunn rod...@cisco.com wrote: Ben forgot to mention the development engineers are porting it over to the SR train for 7600 as it was one they missed in the cross port of applicable fixes. So are also the 7600 affected? I thought only the 6500 trains were, at least it looked this way from the bug toolkit! Cheers, ]\/[arco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Weird ACL behaviour
Hi all, I'm facing a strange behaviour on an ACL just wanted to know if someone has encountered a similar issue? Here're the facts: I'm using a Cisco 6509 on SXI2, I've setup Netflow to collect and send traffic to a collector. The collector is on my management network. The relevant configs: [...snip...] mls netflow interface mls flow ip interface-full mls nde sender [... some interfaces has ip flow ingress configured...] interface FastEthernet3/48 description Management Network ip address 10.16.x.y 255.255.255.0 ip access-group Management out no ip proxy-arp ip flow-export source FastEthernet3/48 ip flow-export version 9 origin-as ip flow-export destination 10.16.x.z 9995 ip access-list extended Management deny ip any any with this configuration in place the collector only receives flows generated by CPU switch traffic. All the traffic generated by the mls nde sender command does get blocked by the ACL. As soon as I remove the ACL the traffic flows fine. I was under the assumption that traffic generated by the router was not affected by the ACLs, and in fact all the rest of the traffic is fine... Maybe I'm catching a bug here, or is that written somewhere that packets created by the mls gets blocked by ACLs? Cheers, ]\/[arco -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird ACL behaviour
On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovell belov...@cisco.com wrote: The code path for MLS netflow versus software netflow is not the same. For MLS netflow the export records are created by the DFC/PFC so it's not surprising that they act differently than locally generated traffic. I'm not surprised that the flows are created by different 'entities' inside the 6500. Another evidence is the fact that mls record are created with a source port different than the software created records. I just found it unexpected that this 'entity' was considered external by the point of view of the ACL. Once you know it, I can punch an hole in the ACL, but wanted to be sure this is expected and not actually a bug of some sort (in the software or in the documentation! ;) Thanks! ]\/[arco -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird ACL behaviour
Fantastic Ben, looks like you catched it! Will punch an hole in the ACL, waiting for the next software upgrade cycle then! Cheers, ]\/[arco On Thu, Jun 17, 2010 at 6:38 PM, Benjamin Lovell belov...@cisco.com wrote: Marco, This looks like CSCtc54878NDE direct export packets are checked by egress ACL When the packets are exported by the SP(MLS netflow) the flag for hardware to ignore ACL checks is not set. Fixed in SXI4. -Ben On Jun 17, 2010, at 11:52 AM, Rodney Dunn wrote: If it is an inconsistency in implementation between the software and hardware generated records it should be clearly articulated as a gotcha in the configuration guide. Ben is checking on both parts for us. Rodney On 6/17/10 11:15 AM, Marco Matarazzo wrote: On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovellbelov...@cisco.com wrote: The code path for MLS netflow versus software netflow is not the same. For MLS netflow the export records are created by the DFC/PFC so it's not surprising that they act differently than locally generated traffic. I'm not surprised that the flows are created by different 'entities' inside the 6500. Another evidence is the fact that mls record are created with a source port different than the software created records. I just found it unexpected that this 'entity' was considered external by the point of view of the ACL. Once you know it, I can punch an hole in the ACL, but wanted to be sure this is expected and not actually a bug of some sort (in the software or in the documentation! ;) Thanks! ]\/[arco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MVR and PIM
Hi and thanks for the help to my previous post multicast on transit LAN. I read about Multicast Vlan Registration, the configuration seems very easy but in my network there are some multicast sources and receivers that are not directly connected to the mvr apparatus. Have you any suggestions on how to deal with this situation? To do a concrete example I have: Source--- PIM_ROUTER --- MVR_SWITCH ---MVR_SWITCH---Receiver and also Receiver--- PIM_ROUTER --- MVR_SWITCH ---MVR_SWITCH---Source Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] multicast on transit LAN
Hi, i did some progress on this topic, with the help of ip igmp helper address. At L3 my network lab is like this, the vlan/network between 3560 and 3750 is the vlan 100. Customers_cpe--Cisco3560-| Customers_cpe--Cisco3560-| Customers_cpe--Cisco3560-| -|---Cisco3750---Core Customers_cpe--Cisco3560-| Al L1 is simply a daisy-chain on the gigabit interface with a trunk that carry only the vlan100. Well, IGMP snooping, CGMP, RGMP do not limit the multicast packet on the vlan 100, I do not know why. Perhaps this is because all apparatus are routing and switching the vlan 100: on cisco doc I see dedicated L2 only switch connecting customers cpe and provider router. But this is only an ipotesis, I need to capture some traffic to understand. The workaround I have found is to put on the customer interface ip igmp helper address 151.1.1.1, in this way the multicast join/leave of the customers cpe are forwarded by the 3560 to the Cisco3750. This has 2 nice effect: 1) IGMP snooping start working on Vlan100. 2) show ip igmp groups on the 4006 show me multicast group registration on all the 3560. Questions: Why a need igmp helper address hack? Is anyone of you using igmp helper address in a production environment? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] netiquette
Thanks. So if I post a question to cisco-nsp@puck.nether.net and t...@gmail.com answer to me directly, I can't replay to the mailing list but only to tom? Even if the message is only about technical stuff? Marco -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mikael Abrahamsson Sent: mercoledì 17 febbraio 2010 09:54 To: cisco-nsp@puck.nether.net Subject: [c-nsp] netiquette Since this has now happened to me TWICE in 24 hours, I feel I need to post this because it seems enough people doesn't know about it: http://lowendmac.com/lists/netiquette.shtml Never post private (off-list) correspondence to the list without the permission of the sender. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] multicast on transit LAN
Hi, I 'am in a serious problem with multicast because my distribution ( Cisco Catalyst 3750) and access apparatus ( Cisco Catalyst 3560) see each over via a common network ( build on the common vlan 100). Physically they are in daisy-chain with the gigabit interface, the gigabit are in trunk, all the L3 interface are SVI. The problem is to limit the multicast traffic on this vlan because at L2 it is like a broadcast. Have you any suggestions? I read documentation about CGMP,RGMP but on the notes there is written that this stuff works only when multicast routers are connected via a L2 switch, and regarding the vlan 100 my cisco are both router ( there is a svi ) and switch. Another idea is to use IGMP snooping but my multicast receivers/sources are not in this vlan: so no IGMP traffic pass in this vlan. My last chance is to proxy the IGMP, let me explain: Receiver --Vlan7-- Fa0/7.Catalyst3560.Gi0/1---Vlan100-Gi0/1.Catalyst3750 If a configure the Catalyst3560 to proxy the igmp join/leave to upstream Catalyst3750 perhaps I give a chance to IGMP snooping to start working on Vlan100. Marco Regini ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multicast on transit LAN
Hi Phil, all my cisco are routing the multicast, the problem is that the l3 link between them are not point-to-point. I tried to enable rgmp,cgmp ... but seems they assumes the apparatus being a router or a switch ( if the cisco has a svi on the vlan 100 it is a router, if not is a switch). I'am not sure if proxing the IGMP will works, because IGMP snooping probably has the same limitation, but I want to tray; do you know how to enable it? This is a pseudo configuration of apparatus, what lines I need to proxy the IGMP arriving to the access interface Fa0/30? ! interface Vlan 100 description L3 DAESY-CHAIN-NUMBER-100 ip address 172.16.100.1 255.255.255.0 ip pim sparse-dense-mode ! interface range Gi 0/1 - 4 description L2 DAESY-CHAIN-NUMBER-100 switchport mode trunk switchport trunk allowed vlan 100 ! On the access apparatus there are the Customers interface. ! interface Fa0/30 description L2 Customer Smith switchport access vlan 30 ! ! interface Vlan 30 description L3 Customer Smith ip address 10.0.30.1 255.255.255.240 ! -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: martedì 16 febbraio 2010 16:37 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] multicast on transit LAN On 02/16/2010 11:29 AM, Marco Regini wrote: My last chance is to proxy the IGMP, let me explain: Receiver --Vlan7-- Fa0/7.Catalyst3560.Gi0/1---Vlan100-Gi0/1.Catalyst3750 So the 3560 and 3750 are routing the multicast? In that case you probably need PIM snooping on the layer2 equipment between them. If you don't have that, then yes - IGMP proxy is an option. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multicast on transit LAN
Hi Jon, MVR is a very interesting feauture, thanks. I need some time to reflect, may be I'am not going to use it this time but knowing i can do multicast in this way is important. One question: how I use MVR with PIM? On my 3570 ( my distribution router) I configure a svi 101 ! int Vlan 101 description L3 FOR MVR MULTICAST ip address 172.16.101.1 255.255.255.0 ip pim sparse-dense-mode ! On my Catalyst 3560 ( my access apparatus) I do not create a svi 101 but simply put mvr on the access interface: ! interface Fa0/30 description L2 Customer Smith switchport access vlan 30 mvr type receiver mvr vlan 101 group 228.1.23.4 ! ! interface Vlan 30 description L3 Customer Smith ip address 10.0.30.1 255.255.255.240 ! -Original Message- From: Bøvre Jon Harald [mailto:jon.harald.bo...@hafslund.no] Sent: martedì 16 febbraio 2010 13:47 To: Marco Regini; cisco-nsp@puck.nether.net Subject: SV: multicast on transit LAN Might not solve your problem but have a look at a MVR vlan. http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/swigmp.html#wp1035931 Jon -Opprinnelig melding- Fra: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] På vegne av Marco Regini Sendt: 16. februar 2010 12:29 Til: cisco-nsp@puck.nether.net Emne: [c-nsp] multicast on transit LAN Hi, I 'am in a serious problem with multicast because my distribution ( Cisco Catalyst 3750) and access apparatus ( Cisco Catalyst 3560) see each over via a common network ( build on the common vlan 100). Physically they are in daisy-chain with the gigabit interface, the gigabit are in trunk, all the L3 interface are SVI. The problem is to limit the multicast traffic on this vlan because at L2 it is like a broadcast. Have you any suggestions? I read documentation about CGMP,RGMP but on the notes there is written that this stuff works only when multicast routers are connected via a L2 switch, and regarding the vlan 100 my cisco are both router ( there is a svi ) and switch. Another idea is to use IGMP snooping but my multicast receivers/sources are not in this vlan: so no IGMP traffic pass in this vlan. My last chance is to proxy the IGMP, let me explain: Receiver --Vlan7-- Fa0/7.Catalyst3560.Gi0/1---Vlan100-Gi0/1.Catalyst3750 If a configure the Catalyst3560 to proxy the igmp join/leave to upstream Catalyst3750 perhaps I give a chance to IGMP snooping to start working on Vlan100. Marco Regini ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multicast on transit LAN
Hi Phil, I apologize if I'm obscure, and thanks a lot :-) for your patience. I have Layer3/Layer2--Layer3/Layer2 --Layer3/Layer2-- ... The vlan 100 span the entire chain (the cisco are interconnected via the fc gigabit interface with 802.1q trunk), each node on the chain has a interface vlan 100 with address on the same network. The customer, the multicast sender/receiver are on the FastEthernet interfaces, in their dedicated vlan and network. Regarding Pim Snooping my poor 3560,3750 do not support it, but in the documentation I found again that you need the cisco be or a router or a switch, not both. But I'm not an expert so do not trust very much what I say. Cheers -Original Message- From: Phil Mayers [mailto:p.may...@imperial.ac.uk] Sent: martedì 16 febbraio 2010 18:19 To: Marco Regini Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] multicast on transit LAN On 02/16/2010 04:45 PM, Marco Regini wrote: Hi Phil, all my cisco are routing the multicast, the problem is that the l3 link between them are not point-to-point. Understood. You have the config: layer3 -- layer2 -- (...) -- layer2 -- layer3 ...and the multicast needs to pass between the layer3 devices. The layer3 devices are using PIM to speak to each other, yes? In which case, you need PIM snooping on the layer2 devices. What are the layer2 devices? How many are there? Who runs them? I tried to enable rgmp,cgmp ... but seems they assumes the apparatus being a router or a switch ( if the cisco has a svi on the vlan 100 it is a router, if not is a switch). I'am not sure if proxing the I'm sorry, I don't understand you. RGMP and CGMP are different things, which serve different purposes. IGMP will works, because IGMP snooping probably has the same limitation, but I want to tray; do you know how to enable it? This is a pseudo configuration of apparatus, what lines I need to proxy the IGMP arriving to the access interface Fa0/30? I'm sorry, I don't understand. That configuration cannot possibly work. Can you give a more detailed configuration? I've never used IGMP proxy on a cisco, and upon examination it looks like it might be a different feature than I thought - the docs seem to link it to unidirectional tunnels. You really need PIM snooping. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPN Tunnel Question
Il 29/12/09 04.58, O n i ha scritto: thanks! CUT i can post the partial config after i edite out some details On Thu, Dec 24, 2009 at 15:50, swap mccie19...@gmail.com wrote: Well, post your config pls Bye. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Idle sessions on 12.2(33)SR cause high CPU
Hi, On Fri, Dec 11, 2009 at 10:19:40AM +, Zoe O'Connell wrote: critical number of sessions in Idle (More than 5, less than 20) the CPU we even saw it with 2 IDLE sessions (after a reboot) where the CPU went to 50% permanently. only a shutdown of that IDLE session helped. point. This behaviour has been confirmed on 12.2(33)SRC4 and 12.2(33)SRD2, with other possible reports on SXF, SRC3, SRC5 and also on 12.2(33)SRA4 was/ is on that box. br marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Dumb question of the day (on vlans)
Security Admin (NetSec) wrote: Been having trouble setting up vlans on a Cisco 2950 switch. I add one using the typical method via CLI: Int vlan x Ip address 192.xxx.yyy.zzz 255.255.255.240 No ip route-cache No shut The CLI screen notes that the vlan is up. As soon as I add another vlan (vlan y) vlan y will come up but vlan x will administratively go down. This process is repeated each time I add a vlan so that only one vlan is up at any one time, which is the last vlan created. Please note that I have vlan 1 shutdown and it is not used. Question is how do I keep all my vlans up simultaneously? You don't, at least not like that. A 2950 is a pure L2 switch, and it can have only one IP address at the same time, purely for management purposes. So as soon as you assign an IP adress to a VLAN interface (the 'int vlan xxx' command), the other one will go admin down. You create L2 VLANs with the 'vlan xxx' command. Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXI1 is out
Mike Louis wrote: SXI didn't support Netflow export from a VRF other than the global table. The command option wasn't available in the ip flow export command syntax. Here is what I am seeing in SXI 6509(config)#ip flow-export destination 10.1.1.3 9996 ? cr The vrf flag was available in SXH. Has that been fixed in SXI1? Probably not. I ran into the same thing when trying to run NetFlow on a number of ME6524s. SXH had it, SXI didn't. TAC said: 'It wasn't fully functional in SXH and worked only for software flows. It's removed in SXI and there are no plans to bring it back'. Bummer :-( Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3400
I need to find out how many routes a Cisco ME3400 can hold. Anyone with an idea or pointer as to where I can find out? Any help would be appreciated. Datasheet says 5000: http://www.cisco.com/en/US/prod/collateral/switches/ps6568/ps6580/product_data_sheet0900aecd8034fef3.html Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP outbound loadsharing
Kevin wrote: If you have connections to differnt ISPs and cannot take full routes then requesting partial routes and/or filtering received routes may enable you to do some path based TE. If you have multiple links to the same ISP you can set maximum-paths for bgp to install multiple next-hops for the same path in the fib. I've only read something it, however there is also a useful feature called BGP LINK BANDWIDTH used to enable multipath load balancing for external links with unequal bandwidth capacity. Traffic is sent proportionally to the bandwidth of the links that are used to exit the AS. It requires bgp-multipath(iBGP/eBGP) enabled too. Honestly, I'm not sure if this ext-community ovverrides all the other best path selection criterias and if we can use it when we are multihomed to multiple ISP I think is not explained clearly,but if you want to learn more check http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftbgplb.html#wp1047649 Comment please! _ Quante ne sai? Gioca con i 50 nuovi schemi di CrossWire! http://livesearch.games.msn.com/crosswire/play_it/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS Overlapping VPN problem (lab simulation)
Marco wrote on Friday, January 16, 2009 20:53: this is expected. routes imported into a VRF x are not exported by this VRF to other VRFs, so a bit like BGP's rule where routes received from an iBGP speaker are not advertised to other iBGP speakers. So you cannot loop back the traffic on the PE itself. [...] oli Ok, I have just realized I completly misundestood the data flow diagram. I thought that if A-central is in VPN with B-central and B-central is in VPN with its remote sites, then A-central should reach B-central and via B-central ALL its sites(A sites) . WRONG!. A-central(vrf AC) sees only B-central(vrf-BC) routes. A separate routing instance(VRF-B), gives B-cental connectivity to sites B1 and B2. Vrf-B routes are imported(RT 2:2) in vrf-BC on Pe2, but are not exported back with RT 3:100 to vrf-AC on Pe1 So easy when you know how it works.My idea of overlapping was just too large:P It's time for an espresso Thanks Regards _ Party… con Eventi! http://events.live.com/?showunauth=1 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Policing Confusion
Aaron Riemer wrote: ...I am trying to achieve is to police virus updates from our server so that this traffic can only obtain 128Kbps of the remote sites bandwidth. Attaching this as an outbound policy-map at the remote site will only affect traffic outbound from that site. You'll need to either use an outbound policy at your central site where the server is, or use an inbound policy at the remote site. I think that an inbound policy at the remote end won't help. The policing/shaping can only act when the packets have already been transmitted across the link, eating up the bandwidth in the process. What happens to them afterwards won't affect that (short of messing with TCP windows by selectively delaying/dropping ACKs and higher-order stuff like that, which simple policing won't address). Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-POS-1OC3 vs. PA-A3-OC3SMI
Yep. The PA-MC-STM-1: http://www.cisco.com/en/US/prod/collateral/modules/ps2033/ps2762/product_data_sheet09186a008007d6c0.html This card looks like it's more at home on the Europe side of the pond, i.e. handling STM1s, and breaking service down to E1s. You're absolutely right, of course. Mea culpa. Odd, though, that this card exists and its -OC3 brother doesn't... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-POS-1OC3 vs. PA-A3-OC3SMI
David Aldworth wrote: Hmm. Okay, so the PA-MC-T3 breaks the DS3 down to individual DS1's (T1's). Is there nothing equivalent at the OC3 level? Yep. The PA-MC-STM-1: http://www.cisco.com/en/US/prod/collateral/modules/ps2033/ps2762/product_data_sheet09186a008007d6c0.html Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] which IOS supports sup720 + FlexWAN + PA-POS-OC3?
On Aug 26, Ian Cox [EMAIL PROTECTED] wrote: PA-POS-OC3 has been supported in both FlexWANs since they FCS'd. Maybe that particular PA has the idprom messed up. Try doing a sh diagbus with it inserted and see what the PA idprom is telling the system. FYI: thanks to Ian I found out that the problem is that FlexWANs do not support OIR even for plug-in, not just for unplugging. The Ethernet PA I first tried worked when hotplugged, but the POS one just failed unless I first unplugged the FlexWAN. BTW: my FlexWANs happily accepted a 256 MB SODIMM from my old MSFC2, and even work with one 256 MB and one 64 MB banks (CEF is enabled only on the first slot now, but I do not need the other one anyway). -- ciao, Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] which IOS supports sup720 + FlexWAN + PA-POS-OC3?
When I plug in the PA I get this: SLOT 5/0: 00:00:03: %PA-2-UNDEFIO: Unsupported I/O Controller (type 65535) in I/O Bay. The I/O Controller network interfaces will be unavailable. a normal fast ethernet PA works fine. cisco.com says that the PA is supported even by non-enhanced FlexWANs. IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(18)SXF13, RELEASE SOFTWARE (fc1) -- ciao, Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] which IOS supports sup720 + FlexWAN + PA-POS-OC3?
On Aug 26, Ian Cox [EMAIL PROTECTED] wrote: PA-POS-OC3 has been supported in both FlexWANs since they FCS'd. Maybe that particular PA has the idprom messed up. Try doing a sh diagbus with it inserted and see what the PA idprom is telling the system. This is the output for card back in the 7200 where it has been in use so far: picard.mil#show diag 3 Slot 3: POS Single Width, Single Mode Port adapter, 1 port Port adapter is analyzed Port adapter insertion time 13:18:33 ago EEPROM contents at hardware discovery: Hardware revision 2.0 Board revision A0 Serial number 1xx6 Part number73-3193-02 FRU Part Number: PA-POS-OC3SMI= Test history 0x0 RMA number 00-00-00 EEPROM format version 1 EEPROM contents (hex): 0x20: 01 95 02 00 00 E8 71 06 49 0C 79 02 00 00 00 00 0x30: 50 00 00 00 99 08 27 00 00 00 FF FF FF FF FF FF Marco d'Itri wrote: When I plug in the PA I get this: SLOT 5/0: 00:00:03: %PA-2-UNDEFIO: Unsupported I/O Controller (type 65535) in I/O Bay. The I/O Controller network interfaces will be unavailable. a normal fast ethernet PA works fine. cisco.com says that the PA is supported even by non-enhanced FlexWANs. IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(18)SXF13, RELEASE SOFTWARE (fc1) -- ciao, Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sup32 TCAM limit
What I do not understand is what would happen to the routes being inserted above this limit. Would such routes be 'soft' routed ? Is there also a treshold for Prefixes that cannot fit in the TCAM are punted to the MSFC, and thus software switched, probably in an interrupt based CEF path. That's what supposed to happen, yes. But I ran into this recently (with a SUP720 now upgraded to XL) and the box didn't punt the packets. It just hardware switched them based on what was in the TCAM. Result was that the correct route was in the routing table and CEF FIB, but packets got dropped or shunted elsewhere without any sign except the TCAM_FULL messages, and those didn't look right either (no route in the message at all or junk chars where it should be). This was the sup running hybrid, IOS 12.2(17d)SXB8 on the MSFC and CatOS 8.6(1) on the SP. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sup32 TCAM limit
From what I understand, the 'less specific prefix' punted routes would not be a problem, the problem was if less specific where in the TCAMs while more specifics not ? This would make for some interesting routing :-) So it did :-) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading SUP720 to SUP720-3BXL while switch is hot..is it possible?
Richard J. Sears wrote: We have a 6500 switch in our network with two SUP720 engines running in SSO mode. One engine is Active and the other is Standby HOT. Engines are located in slot 5 and slot 6. We are also running NSF. I want to upgrade the engines to SUP720-3BXLs without taking the switch off line. No can do. You cannot mix XL non-XL supervisors in the same chassis. The best you can do is preconfig the new sups, power down the switch, put the new sups in and power it back on. I've been through this an upgrade like it myself recently: pull redundant sup, upgrade it to 3BXL, power down switch, swap upgraded sup with active sup, power switch back on, upgrade second sup and plug it back in. Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Mystery Cisco device
Eric Andrews wrote: It's a 1U Cisco device, two XENPAKs on the right and 24 SFP ports in groups of 8 on the left. Console and aux ports on the front, and two removable AC power supplies in the back. I couldn't see the model number on the front, but it ends in 10GE. It says WS-4991 on the back, but Google doesn't know anything about that. Anyone know what this beast is? Probably an ME4924-10GE: http://www.cisco.com/en/US/prod/collateral/switches/ps6568/ps7009/product_data_sheet0900aecd8052f36b.html Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco support for ASNv4 (4 byte ASN)
Hi Skeeve 2008/5/5 Skeeve Stevens [EMAIL PROTECTED]: Can someone let me know if/when Cisco supports 4byte AS Numbers in BGP in the current IOS stream (not XR or XE). 12.5T late 2008 in the meantime use AS23456 ;) Cheers Marco PS: Good starting point for ASN32 compatiblity is my micro-site at: http://www.swissix.ch/asn32/doku.php ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Core to access links. Use single etherchannel?
If I remember correctly, whenever an Etherchannel changes from two or more members to one member (or vice versa), an STP reconvergence is triggered. Assuming that to be correct, you'll still have an STP blip during a link/card failure. :( No, an Etherchannel is a single link as far as STP is concerned, and members coming or going will happen 'below' the STP level. Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 vs. 7600 revisited again
Hi, There is a 3B - 3BXL upgrade, which used to cost exactly the same as the price difference between a Sup720/3B and a Sup720/3BXL (so it's not a we'll send you a new Sup720). Yup. The WS-F6K-PFC3BXL= is just that: a new -3BXL PFC and some memory to upgrade the Sup itself to 1GB RAM. Regards, Marco van den Bovenkamp. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] max-metric router-lsa never stops waiting
I have max-metric router-lsa on-startup wait-for-bgp configured on all of my routers, but on two of my 7200 it never exists the waiting state: Originating router-LSAs with maximum metric Condition: on startup while BGP is converging, State: active Cisco IOS Software, 7200 Software (C7200-K91P-M), Version 12.2(31)SB2, RELEASE SOFTWARE (fc1) Cisco IOS Software, 7200 Software (C7200-K91P-M), Version 12.2(31)SB6, RELEASE SOFTWARE (fc1) What could cause this? -- ciao, Marco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750 SVI vs Routed port
[EMAIL PROTECTED] wrote: Is there a difference in performance on the 3750 platform between a SVI (vLAN) interface and a routed port (no switchport in interface config), in terms of IP routing? No. A 'routed port' on a 3750 is mostly just an SVI on a internal VLAN with only one port in it. So there isn't really all that much difference between them. Regards, Marco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco have a metro ethernet ring standard 'REP'
2007/9/18, Will Hargrave [EMAIL PROTECTED]: ... not widely announced, but available in ME-series switches, from 12.2(40)SE. http://www.cisco.com/en/US/products/hw/switches/ps5532/products_configuration_guide_chapter09186a0080878947.html Hmm, what is the difference between REP and FLEX (which is available on the 3560 series switches)? http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a0080878d27.html M. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 32bit ASNs on 12.0S
Hi Folks 2007/8/31, Gert Doering [EMAIL PROTECTED]: It doesn't (and neither does any other IOS version publically available). Rumors say that 32 bit ASN support will appear early next year. (IOS XR *does* have 32-bit ASN, as far as I have been told). Status for ASN Integration in different hardware/software can be found on the experiment report from SwissIX ASN32 Project [1] IOS will support ist starting at 12.5.T Early to late 2008 [2] and IOS XR it's already implemented [3] Cheers Marco [1] http://www.swissix.ch/asn32/ [2] http://www.swissix.ch/asn32/doku.php?id=ios [3] http://www.swissix.ch/asn32/doku.php?id=ios_xr ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Larger scale router rollout tools?
2007/7/3, Phil Mayers [EMAIL PROTECTED]: Also, on recent IOS you can scp *to* the box and it works just like a scp config-fragment router:running-config We successfully use the archive command (on 12.4.x IOS): code archive path tftp://ip-of-your-tftp-server/$h write-memory time-period 1440 /code This command enables auto-archivement of your configuration within a time period (1440 = minutes, means all 24 hours) to a pre-configured path (path to local flash: is also available but we prefer an external copy). That's it! Just my 2 rappen* Marco * rappen = swiss cents ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/