Re: [c-nsp] ASR9001 AIP license
First: Request an AM/SE who can get you the information you need to make an educated purchase. Second: From memory (and its been a year) the ASR 9001 was treated as a single line card with regard to licensing, similar to a MOD-80 or MOD-160 in a larger chassis. Feel free to correct me here Cisco reps. The only license enforcement I can remember was throughput on the -S model and the feature licenses for G709, VRFs, BNG etc. If I was signing a purchase order however, I would ask Cisco for guarantees. On Wed, Mar 25, 2015 at 12:50 AM, CiscoNSP List cisconsp_l...@hotmail.com wrote: Hi Everyone, Am looking at getting a couple of the ASR9001's in the next few months, but our Cisco AM cannot clearly tell me what the AIP license is for (Other than providing L3VPN functionality...but not how many instances, or if an AIP is required per line card in each bay?) i.e. ASR-9001-S - ASR 9001 Chassis with 60G Bandwidth ASR-9001-FAN - ASR 9001 Fan Tray XR-A9K-PXK9-05.03 - Cisco IOS XR IP/MPLS Core Software 3DES A9K-750W-AC - ASR 9000 Series 750W AC Power Supply for ASR-9001 Will give us 64Gb ASR9001, with 2 x 10Gb(onboard ports), and bay 1 unlocked, so we could install something like A9K-MPA-20X1GE to give us 20x1GB SFP ports? But the box wont support VRFs? Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9001 AIP license
Hello, A9K-9001-AIP-LIC license used to activate on ASR9001 on full box. On ASR9001 you need only one license for all bays. On Wed, 25 Mar 2015 18:50:41 +1100 CiscoNSP List cisconsp_l...@hotmail.com wrote: Hi Everyone, Am looking at getting a couple of the ASR9001's in the next few months, but our Cisco AM cannot clearly tell me what the AIP license is for (Other than providing L3VPN functionality...but not how many instances, or if an AIP is required per line card in each bay?) i.e. ASR-9001-S - ASR 9001 Chassis with 60G Bandwidth ASR-9001-FAN - ASR 9001 Fan Tray XR-A9K-PXK9-05.03 - Cisco IOS XR IP/MPLS Core Software 3DES A9K-750W-AC - ASR 9000 Series 750W AC Power Supply for ASR-9001 Will give us 64Gb ASR9001, with 2 x 10Gb(onboard ports), and bay 1 unlocked, so we could install something like A9K-MPA-20X1GE to give us 20x1GB SFP ports? But the box wont support VRFs? Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Alexandr Gurbo ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
The issue is that the customer is connected to a switch connected to the 7613 and i Have a trunk to transport all Vlans for other customers with different services Date: Tue, 24 Mar 2015 11:02:52 +0200 From: mihaigabr...@gmail.com To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM Use a subinterfate (MUX-UNI) on 7600 instead of VLAN. On Tue, Mar 24, 2015 at 9:49 AM, Mohammad Khalil eng_m...@hotmail.com wrote: Hi all I am trying to establish AToM between 7613 and 3600 The module from the 7613 side is 7600 ES+ 20xGE SFP 3600#sh run int vlan 183 interface Vlan183 no ip address xconnect 172.20.40.7 7232183 encapsulation mpls 7613#sh run int vlan 183 interface Vlan183 no ip address load-interval 30 xconnect 172.20.40.232 7232183 encapsulation mpls 7613#sh mpls l2transport vc 7232183 Local intf Local circuit Dest addressVC ID Status - -- --- -- -- Vl183 Eth VLAN 183 172.20.40.232 7232183UP 3600#sh mpls l2transport vc 7232183 Local intf Local circuit Dest addressVC ID Status - -- --- -- -- Vl183 Eth VLAN 183 172.20.40.7 7232183DOWN I have tried to configure L3VPN (VRF on both routers and test loopback interfaces) and it worked fine Any ideas? BR, Mohammad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
AFAIk, you cannot create AToM using SVI's in 7600 (we are using lan cards) On Wed, Mar 25, 2015 at 10:10 AM, Mohammad Khalil eng_m...@hotmail.com wrote: The issue is that the customer is connected to a switch connected to the 7613 and i Have a trunk to transport all Vlans for other customers with different services Date: Tue, 24 Mar 2015 11:02:52 +0200 From: mihaigabr...@gmail.com To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM Use a subinterfate (MUX-UNI) on 7600 instead of VLAN. On Tue, Mar 24, 2015 at 9:49 AM, Mohammad Khalil eng_m...@hotmail.com wrote: Hi all I am trying to establish AToM between 7613 and 3600 The module from the 7613 side is 7600 ES+ 20xGE SFP 3600#sh run int vlan 183 interface Vlan183 no ip address xconnect 172.20.40.7 7232183 encapsulation mpls 7613#sh run int vlan 183 interface Vlan183 no ip address load-interval 30 xconnect 172.20.40.232 7232183 encapsulation mpls 7613#sh mpls l2transport vc 7232183 Local intf Local circuit Dest address VC ID Status - -- --- -- -- Vl183 Eth VLAN 183 172.20.40.232 7232183 UP 3600#sh mpls l2transport vc 7232183 Local intf Local circuit Dest address VC ID Status - -- --- -- -- Vl183 Eth VLAN 183 172.20.40.7 7232183 DOWN I have tried to configure L3VPN (VRF on both routers and test loopback interfaces) and it worked fine Any ideas? BR, Mohammad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR903 dir Error
Hi Adam Thanks for the reply Yes i installed the functioning RSP in the lower slot , but actually i did not wait for 45 minutes :) I will give it a last try Thanks again BR, Mohammad From: adam.vitkov...@gamma.co.uk To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ASR903 dir Error Date: Tue, 24 Mar 2015 10:17:59 + Hi Mohammad, If you try to boot the box with just that one RSP in it, the RSP should be in the bottom slot I guess. Do you have another RSP you could use to boot the box? If the box is fully booted with the spare RSP you could try to insert this faulty RSP to see if it will sync up successfully or it’s dead indeed. Please not the sync up process may take even 45 minutes these CPUs are very very slow. adam From: Mohammad Khalil [mailto:eng_m...@hotmail.com] Sent: 24 March 2015 07:31 To: Adam Vitkovsky; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ASR903 dir Error Hi Adam I have tried to do what you proposed but the same happened , I got the log message below when I tried WARNING: Peer RP not present, will not check peer installation state. % Error connecting to RP 1 BR, Mohammad From: adam.vitkov...@gamma.co.uk To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ASR903 dir Error Date: Thu, 19 Mar 2015 00:31:59 + Hi Mohammad, Try to remove all line-cards and possibly backup RSP as well leaving just the primary RSP in the chases and start the box. Once the RSP is booted try to insert the second one. And do the SW upgrade before you insert the interface cards - or you can upgrade just the primary RSP and then you can insert additional HW. I recall this happened with the early versions of the code for A903s. adam -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mohammad Khalil Sent: 18 March 2015 07:16 To: cisco-nsp@puck.nether.net Subject: [c-nsp] ASR903 dir Error Hi I have Cisco ASR 903 with two RSPs When I console to one for the RSPs , i am in the rommon mode When I try to browse for the bootflash , I get the below message rommon 1 dir bootflash: ERROR:: PRSSTAT.BREN is NOT set. Data xfr incomplete FAILURE prsstat ff8d0206 not ESDHC_PRSSTAT_BREN i= 0esdhc_wait_for_status_clr(556) ERR: bitmask=0x0002 not clr PRSSTAT = 0xff8d0206 i=10 sd_read_sector(1464) failed Disk Error : Unable to read the drive'spartition table From the other RSP , when I issue the show platform command , the same RSP show as unknown Any ideas? BR, Mohammad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
ooh , so I have to create sub interface in order to make the setup ? Date: Wed, 25 Mar 2015 10:24:50 +0200 From: mihaigabr...@gmail.com To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM AFAIk, you cannot create AToM using SVI's in 7600 (we are using lan cards) On Wed, Mar 25, 2015 at 10:10 AM, Mohammad Khalil eng_m...@hotmail.com wrote: The issue is that the customer is connected to a switch connected to the 7613 and i Have a trunk to transport all Vlans for other customers with different services Date: Tue, 24 Mar 2015 11:02:52 +0200 From: mihaigabr...@gmail.com To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM Use a subinterfate (MUX-UNI) on 7600 instead of VLAN. On Tue, Mar 24, 2015 at 9:49 AM, Mohammad Khalil eng_m...@hotmail.com wrote: Hi all I am trying to establish AToM between 7613 and 3600 The module from the 7613 side is 7600 ES+ 20xGE SFP 3600#sh run int vlan 183 interface Vlan183 no ip address xconnect 172.20.40.7 7232183 encapsulation mpls 7613#sh run int vlan 183 interface Vlan183 no ip address load-interval 30 xconnect 172.20.40.232 7232183 encapsulation mpls 7613#sh mpls l2transport vc 7232183 Local intf Local circuit Dest address VC ID Status - -- --- -- -- Vl183 Eth VLAN 183 172.20.40.232 7232183 UP 3600#sh mpls l2transport vc 7232183 Local intf Local circuit Dest address VC ID Status - -- --- -- -- Vl183 Eth VLAN 183 172.20.40.7 7232183 DOWN I have tried to configure L3VPN (VRF on both routers and test loopback interfaces) and it worked fine Any ideas? BR, Mohammad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
Hi, On Wed, Mar 25, 2015 at 10:10:17AM +0200, Mohammad Khalil wrote: The issue is that the customer is connected to a switch connected to the 7613 and i Have a trunk to transport all Vlans for other customers with different services Google for MUX-UNI. Then just do so. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpoUfg9orCX8.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR9001 AIP license
Hi Everyone, Am looking at getting a couple of the ASR9001's in the next few months, but our Cisco AM cannot clearly tell me what the AIP license is for (Other than providing L3VPN functionality...but not how many instances, or if an AIP is required per line card in each bay?) i.e. ASR-9001-S - ASR 9001 Chassis with 60G Bandwidth ASR-9001-FAN - ASR 9001 Fan Tray XR-A9K-PXK9-05.03 - Cisco IOS XR IP/MPLS Core Software 3DES A9K-750W-AC - ASR 9000 Series 750W AC Power Supply for ASR-9001 Will give us 64Gb ASR9001, with 2 x 10Gb(onboard ports), and bay 1 unlocked, so we could install something like A9K-MPA-20X1GE to give us 20x1GB SFP ports? But the box wont support VRFs? Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
Am using c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRE10 The module of concern is ES+ 10 7600 ES+ DFC LITE 7600-ES+3C SAL1644R89R 1.3Ok 10 7600 ES+ 20xGE SFP 7600-ES+20GSAL1644RA2X 1.2Ok Date: Wed, 25 Mar 2015 09:58:11 +0100 From: g...@greenie.muc.de To: eng_m...@hotmail.com CC: mihaigabr...@gmail.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM Hi, On Wed, Mar 25, 2015 at 10:10:17AM +0200, Mohammad Khalil wrote: The issue is that the customer is connected to a switch connected to the 7613 and i Have a trunk to transport all Vlans for other customers with different services Google for MUX-UNI. Then just do so. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
Hi, On Wed, Mar 25, 2015 at 11:11:18AM +0200, Mohammad Khalil wrote: Am using c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRE10 The module of concern is ES+ 10 7600 ES+ DFC LITE 7600-ES+3C SAL1644R89R 1.3Ok 10 7600 ES+ 20xGE SFP 7600-ES+20GSAL1644RA2X 1.2Ok And this does hinder you from using Google to lookup MUX-UNI exactly why? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp1_Il_mpXCj.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
No , I already tried it and the sub interface was not created according to the templates I found on google.com !! Date: Wed, 25 Mar 2015 10:18:48 +0100 From: g...@greenie.muc.de To: eng_m...@hotmail.com CC: g...@greenie.muc.de; mihaigabr...@gmail.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM Hi, On Wed, Mar 25, 2015 at 11:11:18AM +0200, Mohammad Khalil wrote: Am using c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRE10 The module of concern is ES+ 10 7600 ES+ DFC LITE 7600-ES+3C SAL1644R89R 1.3Ok 10 7600 ES+ 20xGE SFP 7600-ES+20GSAL1644RA2X 1.2Ok And this does hinder you from using Google to lookup MUX-UNI exactly why? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
On 24 March 2015 at 07:49, Mohammad Khalil eng_m...@hotmail.com wrote: Hi all I am trying to establish AToM between 7613 and 3600 The module from the 7613 side is 7600 ES+ 20xGE SFP Do you mean the port facing the ME3600 is on the ES+ line card or the port facing the customer is on the ES+ line card? If the ES+ line card is not the card that faces the 3600 what card does face the 3600? If that is a basic LAN card there will be a problem in that the LAN card on the egress part of the link is unable to impose (push) the requried labels. James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
Hi, On Wed, Mar 25, 2015 at 09:27:45AM +, James Bensley wrote: If the ES+ line card is not the card that faces the 3600 what card does face the 3600? If that is a basic LAN card there will be a problem in that the LAN card on the egress part of the link is unable to impose (push) the requried labels. Basic EoMPLS works perfectly fine with LAN cards, both edge-facing and customer-facing. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp2jPkATYd7m.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
The ES+ card is connected to the other PE side , from customer side it is connected to module 7 7 Policy Feature Card 3 WS-F6K-PFC3B SAL1126SR6Y 2.3Ok 7 MSFC3 Daughterboard WS-SUP720 SAL1126T2AG 3.0Ok From: jwbens...@gmail.com Date: Wed, 25 Mar 2015 09:27:45 + To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] AToM On 24 March 2015 at 07:49, Mohammad Khalil eng_m...@hotmail.com wrote: Hi all I am trying to establish AToM between 7613 and 3600 The module from the 7613 side is 7600 ES+ 20xGE SFP Do you mean the port facing the ME3600 is on the ES+ line card or the port facing the customer is on the ES+ line card? If the ES+ line card is not the card that faces the 3600 what card does face the 3600? If that is a basic LAN card there will be a problem in that the LAN card on the egress part of the link is unable to impose (push) the requried labels. James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
On 25 March 2015 at 09:45, Gert Doering g...@greenie.muc.de wrote: Hi, On Wed, Mar 25, 2015 at 09:27:45AM +, James Bensley wrote: If the ES+ line card is not the card that faces the 3600 what card does face the 3600? If that is a basic LAN card there will be a problem in that the LAN card on the egress part of the link is unable to impose (push) the requried labels. Basic EoMPLS works perfectly fine with LAN cards, both edge-facing and customer-facing. gert True, sorry I could have ben more specifc. The OP requires an SVI as the PWE3 A/C on the 7600 which isn't supported on those line cards. Yes basic port to port is fine. As others have suggested MUX-UNI is the way to go probably. Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities Advisory ID: cisco-sa-20150325-ikev2 Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. these vulnerabilities can be triggered only by sending malformed IKEv2 packets. There are no workarounds for the vulnerabilities described in this advisory. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2 Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEtQfAAoJEIpI1I6i1Mx3cC4QAKmoyPEnSiWyCB/TmzivfNls 2cSx2Xs2sa9KNNhqZ69hW9Q5GYhMeR89fwbNEdp/+rh3g79lE1wh/YlPwai8IJl9 t1pLC15TVky5xiEwFbmhEuqpTQ7QbdODsXR+dAVStRun8l/pnxM/r3yFRwtpeTDO vNsJNoIlIK+Wk3onNlMVdrPaSOkMhFZysuVB8hhCdF1kow5FCoMElZONU25+Tb5u 3+S32WC/L3jyDaWbQvDKTnNeHBp6M3+8Y7eXHg74CQzWLrCXN+CN6dPFaI7aR8oY P4a6lqSrkrPRXHUgxAqGKtDgzw8UDaxWdf3RX5z1r54syKzuUyuqNSnAwhZ9+pyW lhKv6Ai5ic4tyNEL++QFoZxnRg8xSopuD8yJzuyC5ZhP48tfGdZ1IIBBwxo4vKd5 9PfOlw3+oMvZrxzLL8ajGi/Vfk4LMayqe0jfmBWVMLMdBe0Dhz0Wxihyt7l+FNLS 2ovubZhBCtmhHSy+cyEgyXEjIG+5KFFJ35Wrm/U0LwXXyPIR2vgp6xn7MT1mKONi w9hWjuxFV4EAHAERvHvNR1fq6HZV+y+0vhG+GZR65XNEGrynxqBd8Dh5VpgAoX+i z8rvo9oSK/OsfbDA/qdSiNNRKAYQaKMFUy8MTFR7i2rwNduosPD36HvE4BAwhsox NgLDi9f/QtXaABCuBLeG =YsTm -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure Advisory ID: cisco-sa-20150325-ani Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device. Autonomic Networking Registration Authority Spoofing Vulnerability Autonomic Networking Infrastructure Spoofed Autonomic Networking Messages Denial of Service Vulnerability Autonomic Networking Infrastructure Device Reload Denial of Service Vulnerability Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3D4kP/RHXNWflKJAGDDZwOfPHgPTu 3ILcyxaURs0troplCPwsJg94U8NZaeRiOQ8Xsu1s4ajquVEXLRFcdw5WKP/Yulir V7M106xpoemlQGMiw/MNEpAzzP4UNQBCO8A66gLrSGQVFI37C0ysH6yE/307d7Qz LX+aEF7nrOtOw6+ZbVF7irebyMGjaqfblOwDeuXzcyDfHp8hEKuIPfQEh7FaBooQ TnnySenNnhbfu6x0px7gTJteEMcOhDTOaW5m2MuF9STKRRGjauhng1IxJirJPC6k tyIJ+1VOop3Ps49E3czgWUtciFufCjgcl6SbmdYx97KCTQIyt7Mmel2cE37il7wR MzgSyuuIgI4METMdDWwxfTpujXXxdM5iRJNXpoSRzD40NFk9q57QvslwSSO6+1Yf ycnAGDVY+n9ahO3boZdMNne9V9dbCYIbVXES5VXxjaiHvCcRWIDUSJ+JeuX5s+em dMGGIqO8xz3Orl1i77kwWpo22V6txXX6YM07Bg52L+8xbbo7ChKDal5R6UAXsgRB vcA7ckhp28SDtlfy0aJHZHzvHNeOqCD55O8HaSdFoh94mkzBlFVxMkaKHnyeZWyA nWJtC8jHgu+VuyLien930AcUtY4NzO9ZT78c98FePuqkZbqKSvnRqYz69Dgaqu7i aqAAKX2qj2R18xzrUBya =yOgs -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability Advisory ID: cisco-sa-20150325-mdns Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3FAAoJEIpI1I6i1Mx3h30P/3gJw08jXsXrVu8KO7L3kqLR vKTMc5BYxLQPoLO3SjI2p6uNKn5iMM6oOsKSZt+mehlDZUUe1JBVricFa07bNQmh jW9mCwVrsMMfOF7NL47vJm6GtGZurhc5WlCRp0uE1PNJs6NmMyRgszTxDz1F5Tjh fq6/2SiKnZW0w+MuxZnrck9rPZ+fzjcpe7sKOUr3htAi/Z0cfhadQrEcVXFuRhn9 bSk0D71zzfXt1VazqOIZiciRJOu/cEN5Tq+NZWTUKqFPFlepjT1G/Ho3WPtQWxbp UwZyeh2InlFnc7DWuNCqW+eZ1CFDPWVNGmWcQq3oxNHkvAAvQsn7vsOgNJRr+yNi S8emKrm94iyIaD2ouOMDgof4MireHLNKNnVecsnuJqUui89zZiT6ZIXg5S8eM5sx rkkfoGjTALePenydwM7eAPjUxI4vFzGPwk1ikQrT49a8fZTJ0/p/S6X8BbybJJXK JHiBdOw88ppa7ixOHgSubHH86KKqm5tCqRI13RpTTtDXQpv4Ev0spiDGeTTKtWEA lGmZldoLHO5Tkk+HUwlUMobluwnt1kGKkAFA+wSRukArAt8i52OUziDmQ4WYBf7a CKw+f6WU9YjGxP2jpp/Xy3u9kKkHHXb8R9y009yXLg1ShZS8eiqQhh6O7O7NuiNL k43tGb1gB+D+0SPS3w/x =DuB0 -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability Advisory ID: cisco-sa-20150325-tcpleak Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device. The vulnerability is due to improper handling of certain crafted packet sequences used in establishing a TCP three-way handshake. An attacker could exploit this vulnerability by sending a crafted sequence of TCP packets while establishing a three-way handshake. A successful exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3FAAoJEIpI1I6i1Mx3s7EP/35lG2sxSOAqj5WWow1L0VbB eCYn6sQTavKyg5pXtFKUyUfF8AUHPrySGpcjy77+s+4uDNswIAXplYQrr8r8OifE xJ8OzuvCXOgvyQEAc8H6l7zLLYOkBv6cFAyYPepl0tPac15iOqX6Xv8l2+gnvi6p puKJYc/81bYmqeE0qRvPDzT9rWiccp1pbWUqUu1ZX31zJ86e/mERHFWOTOBA/qC3 Xd/36ljl4sTR8IPOE7Zoq8jfedlc9Bg3cz7aBrFgx8M9jB/V47MPe6eyfLKHHAEI oXPUu8uJBQsrnYa9/MbN3/wmI9weq3mGhaaStmV9JL0oYn/4gsgY+r4f9euXDMqW b/kIkHxtYHrShckox708oHCjCCTdKiTJcGy+GgTagq49c+A7UCzc8XEwgCOyFFbL 5E2AZ6PJUyUEfbPWhPlCj9H/t3G8mfcmH/FZLpwbEGTtfBCb5b1WRdXd0ARqJqD3 ZXy7M9gKGlifenvs9s9rElO+GuIVvmaAZ2anHgH7aLXCxoc7mIQfTxcjV9whXfD2 TBwHhsR7FMrgtqWbBokq/aNrs/ull9RXsubVFLSToj1BAuJlZpyvjbzQw10bPm5b ZL80JvOffzmf2711jIJCoOiVHGdO/jvb518JMY4XoPyBBKSxtTYpKdKXfBQjQgIv L3q5mEH18S0YiHC8yQAz =W7nK -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability Advisory ID: cisco-sa-20150325-wedge Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to properly process malicious ICMP version 4 (ICMPv4) messages received on a VRF-enabled interface. An attacker could exploit this vulnerability by submitting ICMPv4 messages designed to trigger the vulnerability on an affected device. When the ICMPv4 messages are processed, the packet queue of the affected interface may not be cleared, leading to a queue wedge. When a wedge occurs, the affected device will stop processing any additional packets received on the wedged interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3FAAoJEIpI1I6i1Mx3DKAQAKh0z1Us2roV3ahSr8fiIDVW /veWzUDTFiGdlGS4xWExyHL92srs+DoT3wRDwX1UqvmkdRUTfQPGIQl1LAyWujMA TkP6xhTBRTYVtQVQVb4Ubya966QlykNs4jEcmlcep/mGWddLDfF0cOpqDAREAc+Y A8FBn946o3m1Ds/zTkRtvuwc2MOEOglZS6A7fc0a/iDCsnD/FaBlaxHjukgt6xbY OShTjGzJZ7IMsbBizCvlVRYiogCED3EGJ4unM+LvjMRSX2JOu1t5CUJmcXmWIP3u KDQQRB/flmhIUkcaBOMxn4FdBc6ISVLRGPLFSyYJBxz3YE05JqER9QPdK+c2wjKl uyVjCa9Iljuxoqn4TYYFR1X5Gxzt3YZgNJIhy6DTZP6O0OI4U4OaJsiBNDrs3ZMo C9Khl63TlzPG0NfbKXaiPc/2ZakUqty1sKkrFagQ1NcyyzRMJL13uhRIm6G8PPhB Kh1K2GBqGuligoHLVSC0r2NR015iTNobmV+54RCb0RuU+LKl2XFQKYWc3UmNRuQG 36Kf5cZT0gJrF4rryaeCfaSA/LkQsBxEUaMci/APLSR/+qGADTR7EHfIW5kkFlZ7 t/Xi7LON6q3KVBavi3Lo1P+wYV9iNHqy1aeRzAGdC4+FKe0rCdU5cgMZrO1Oc+r6 POD7hEJjIhAb4hRZTjqN =qckG -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers Advisory ID: cisco-sa-20150325-iosxe Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contains the following vulnerabilities: Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability Cisco IOS XE Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco IOS XE Software Layer 4 Redirect Crafted Packet Denial of Service Vulnerability Cisco IOS XE Software Common Flow Table Crafted Packet Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the forwarding plane, causing an interruption of services. Repeated exploitation could result in a sustained denial of service (DoS) condition. Successful exploitation of Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability could allow an unauthenticated remote attacker to execute malicious code on the affected device. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3VW8QAL2oALHAprX3uic7IXrFPW95 Cb4bqya2PjrAzZmGlDFCGr2Mko0j+Q9zgX/AGjrtQkaZaHHp7KhpdLGNrnpyEpgj Da9TYL5k/JW/xxWmh3u9q62tUjlgHRHAUqsWAKq7jgJuftqS6u5BdTIIuBhTZeqo yy9QrHTnKtiDwjW4pyvEXft+2OaRZ2u5w+9jdRk6YO41OEHdeiPBQwzOZNQUPi6C n60N1DsvPm8V+u/3i1h1ApENv8iqm/5PxF4pqPC3QgBAzI0JoV6qUokts3U15B6W 1M1cd+lBBze2ztgP8tMhYbwFcbx8WjydYdNjHpaWhv9S+eCWW63nUmlpU4x0Vx9X bVwsooTAtf+j+bfxxq2Agm14n/mjTb/+7Fwh9idoA3UVC1JfMpXuXwKAPXr7Sumz 00kXL2A44thnrEYB+sZmo24XiC/Y+QC0rILr6S1GBy7t/h6qRA4MzITIu0T54jle lwYwwI1RPmo0QL4XFXUUmtowlfvpH3lu5PFD/BwbV5cdsiDrs/ahqcwBVNnReQQe cUUYGBuYz2t3UOuYLQCyaNrd3OzLOn5wYrGk3veODzpYkNOH23fM1YiTVj/5qdV+ l22QBt/wgcrEN42YroCJxK1hxAMO7sB2qCJO/sCGirxN4AEYmp3xqTPb6T76a8jf lcPMb9mmEb9Mc8shvJmS =j74G -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol Advisory ID: cisco-sa-20150325-cip Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === The Cisco IOS Software implementation of the Common Industrial Protocol (CIP) feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition: Cisco IOS Software UDP CIP Denial of Service Vulnerability Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability Cisco IOS Software TCP CIP Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the forwarding plane, resulting in an interruption of services on an affected device. Repeated exploitation could result in a sustained DoS condition. Additionally, successful exploitation of Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3gQoQAMgga/GDsaG87OcxdBDP3PS0 VWVup8SutEuU6I0Gb+L/PmUYPTNCq7Tc25Cumoqy6z5K7jqNsmsrjzoFeUR86Ksr GYY1hFEc9M4nOapTzoiNFQAxg8bGxh5u4PemCCg9CbEfqP51ItKUmKKcsmT45YpJ M2uidBLWkPum0bcfAvD7JMox/luzMFyAiLnb0IJj217hMVr1OmZou66V8cQfWZZl He+pT5WcPKd116GAB3Gb7B0lcEHduTQAb2psSrPOPJLE4bOwBtyuC17wjCoblQKh W1SLIddEDTUHIkvKt71ZKjvARIiwdEFnZWd9QoH9DygSvTPoooN168Ub5S9rqVDy E84p7pJf0FSyAFrXqTdl0vZHIFmZlDwGZnablle1+E878im49dDY2mSLVEQs21Pr V1iu6R9o+affi4MLFPAQSf1zTx6r6zotCO0Rnp33QfFo97UdLyL7I2qtpZhSczGU 4wTySD8qvM/02rUvszWg/YoJ12A7IU5YMjCXb/Lfkd6UYK/go4BA3BuqZAqSuvAN AWq6MEdOsV4uuchVm0ha1YgdQzt9vNveR4twYpSiQZ0MnzcB9020nLlHmVAB3+lY d04mKF1SMQ568mfes8/lNt0fefc6XkVvrZeIk+9uNn+irAynRRBZR2wpnvQT/Xev qc1FbxmTWdixlVg1kZL6 =b7Xz -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco portable datasheet
Hi Just wondering cisco no longer maintaining the portable data sheets ? Looking for the nexus and ASR routers . http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf Thanks and RegardsGireesh ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
On 3/24/2015 3:06 PM, James Bensley wrote: Its 12MBs shared. James. Pardon my ignorance once again, but is this showstopper bad? The me3800x appears to have 352MB, so clearly a lot more, but IIRC older switches like the 3560 had something like 2MB per ASIC. I'm assuming one of the main reasons for buffers on a unit like this is the speed disparity between 10ge and 1ge ports, unless you're planning to do a lot of shaping (rather than policing) - is this correct? Significant difference to the ME3600 (Which is 44Mb?) - Would like some real-world feedback from anyones thats used these(ASR920s)any issues with micro-bursts/drops?(You would have to assume yes?) Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
I'm assuming one of the main reasons for buffers on a unit like this is the speed disparity between 10ge and 1ge ports, unless you're planning to do a lot of shaping (rather than policing) - is this correct? Not sure if I understood what you meant exactly, but speed mismatch and shaping both leads to output queuing in the end, the only difference being that a speed mismatch is a hard physical limit, while shaping is a artificial limit. In other words both a speed mismatch and a shaper needs buffers. On the other hand, a policer doesn't need any buffers/queues (because it doesn't queue packets). Whether a specific buffer sizeis enough depends on the services you want to provide, therefor the answer is it depends. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
On 3/24/2015 3:06 PM, James Bensley wrote: Its 12MBs shared. James. Pardon my ignorance once again, but is this showstopper bad? The me3800x appears to have 352MB, so clearly a lot more, but IIRC older switches like the 3560 had something like 2MB per ASIC. I'm assuming one of the main reasons for buffers on a unit like this is the speed disparity between 10ge and 1ge ports, unless you're planning to do a lot of shaping (rather than policing) - is this correct? Thanks, Tim Densmore ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: NTP windows servers
restarting the NTP service might fix the problem, although if I'm reading this right, you restarted the Windows Servers after changing the NTP source. I'm assuming that you changed the C:\Program Files (x86)\NTP\etc\ntp.conf file to use the new address AND removed the old one. Directions from there are to stop and start the NTP service. On Mon, Mar 16, 2015 at 12:54 PM, Scott Voll svoll.v...@gmail.com wrote: I am migrating NTP from one router to another (and changing IP addresses). All our servers were pointing to the old router for NTP. I have changed the NTP source on those servers to the new one. restarted and if I log an ACL for NTP, I'm still seeing the servers connect to the old router. Any ideas on how to fix that? I'm not a windows server guy. TIA Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] AToM
The ES+ card is connected to the other PE side , from customer side it is connected to module 7 7 Policy Feature Card 3 WS-F6K-PFC3B SAL1126SR6Y 2.3 Ok 7 MSFC3 Daughterboard WS-SUP720 SAL1126T2AG 3.0 Ok Which is what the guys here are saying all along: If you core (MPLS) facing module is a LAN linecard or the SUP itself, you have to use PFC based EoMPLS (which means subinterfaces, not SVI's). Take a look at the docs, its all there. No, I already tried it and the sub interface was not created according to the templates I found on google.com !!Take a look at the real documentation: http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/pfc3mpls.html#pgfId-1416838 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/