Re: [c-nsp] 12.4(20)T oddities
I had the same issues with scrt and 20T, resolved it with the latest SCRT (some 6.1. beta) and a manual change to an .ini file. After this change SCRT works fine again with 20T. I have seen issues with trace backs as well, I do not have the exact text at hand, but each time I do a write after a config change I get a trace back. (2801) It definitely looks like 20T is not ready for a life outside the test lab... Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Baker Sent: Sunday, 31 August, 2008 22:04 To: Justin Shore; Cisco-nsp Subject: Re: [c-nsp] 12.4(20)T oddities Hi The problem with SecurtCRT and 20T seems to be around the Key exchange. What I did to solve this for me was to move diffie-hellman to be the first key which fixed it. I'm still not 100% confidant of 20T as well. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Shore Sent: Saturday, 30 August 2008 9:04 p.m. To: 'Cisco-nsp' Subject: [c-nsp] 12.4(20)T oddities I upgraded a 2811 to 20T the other night. I did another 2811 tonight after a different maintenance window. The routers are basically identical, except for the quantity of modules installed in them. I noticed the first night that I was seeing a number of tracebacks. Nothing was a show-stopper though. One happened on boot and I don't have it handy at the moment. Here are 2 that I still have in the log: 000435: Aug 27 00:47:47 CDT: %SCHED-7-WATCH: Attempt to enqueue uninitialized watched queue (address 0). -Process= Call Manager XML client, ipl= 0, pid= 342, -Traceback= 0x41774928 0x42DF4DF8 0x42B15C58 0x42B54260 000440: Aug 27 00:49:20 CDT: %SCHED-7-WATCH: Attempt to enqueue uninitialized watched queue (address 0). -Process= SSH Process, ipl= 0, pid= 317, -Traceback= 0x41774928 0x42DF4DF8 0x42B15C58 0x42B54260 Another odd thing that I noticed was that SSH from SecureCRT broke after the upgrade. SSH from a Linux command line (OpenSSH) still works though. This error is logged on the router: 000552: Aug 30 03:45:26.430 CDT: SSH2 0: Invalid modulus length I wiped the router's RSA keys and regenerated them first at with a 2048 bit modulus and then 1024 bit. Neither solved the problem. I even removed the local SecureCRT known_hosts key for that host (though that shouldn't have matter because SCRT will prompt you if the key has changed). Below is the output from debug ip ssh packet/detail: 001258: Aug 30 03:53:11.320 CDT: SSH0: starting SSH control process 001259: Aug 30 03:53:11.320 CDT: SSH0: sent protocol version id SSH-2.0-Cisco-1.25 001260: Aug 30 03:53:11.324 CDT: SSH0: protocol version id is - SSH-2.0-SecureCRT_6.0.0 (build 183) SecureCRT 001261: Aug 30 03:53:11.324 CDT: SSH2 0: send:packet of length 344 (length also includes padlen of 5) 001262: Aug 30 03:53:11.324 CDT: SSH2 0: SSH2_MSG_KEXINIT sent 001263: Aug 30 03:53:11.324 CDT: SSH2 0: ssh_receive: 424 bytes received 001264: Aug 30 03:53:11.324 CDT: SSH2 0: input: total packet length of 424 bytes 001265: Aug 30 03:53:11.324 CDT: SSH2 0: partial packet length(block size)8 bytes,needed 416 bytes, maclen 0 001266: Aug 30 03:53:11.324 CDT: SSH2 0: input: padlength 7 bytes 001267: Aug 30 03:53:11.324 CDT: SSH2 0: SSH2_MSG_KEXINIT received 001268: Aug 30 03:53:11.324 CDT: SSH2:kex: client-server enc:aes128-cbc mac:hmac-md5 001269: Aug 30 03:53:11.328 CDT: SSH2:kex: server-client enc:aes128-cbc mac:hmac-md5 001270: Aug 30 03:53:11.328 CDT: SSH2 0: ssh_receive: 24 bytes received 001271: Aug 30 03:53:11.328 CDT: SSH2 0: input: total packet length of 24 bytes 001272: Aug 30 03:53:11.328 CDT: SSH2 0: partial packet length(block size)8 bytes,needed 16 bytes, maclen 0 001273: Aug 30 03:53:11.328 CDT: SSH2 0: input: padlength 6 bytes 001274: Aug 30 03:53:11.328 CDT: SSH2 0: SSH2_MSG_KEX_DH_GEX_REQUEST received 001275: Aug 30 03:53:11.328 CDT: SSH2 0: Range sent by client is - 1024 2046 2046 001276: Aug 30 03:53:11.328 CDT: SSH2 0: Invalid modulus length 001277: Aug 30 03:53:11.428 CDT: SSH0: Session disconnected - error 0x00 Any thoughts? I'm holding off on any more 20T upgrades until this can be resolved. While I do have a local NOC server that I can SSH from if needed I'm not inclined to hinder my management abilities like that. As I was writing the config and disconnecting this 3rd traceback popped up: 001301: Aug 30 03:59:06 CDT: %SCHED-7-WATCH: Attempt to enqueue uninitialized watched queue (address 0). -Process= Virtual Exec, ipl= 0, pid= 354, -Traceback= 0x41774928 0x42DF4DF8 0x42B15C58 0x42B54260[OK] Does anyone have any thoughts on any of this? So far this has been the most problematic T release I've used. They are generally more reliable. So far I haven't
Re: [c-nsp] GEIP or PA-GE
Tried Ebay? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sridhar Ayengar Sent: Thursday, 13 November, 2008 22:35 To: Cisco NSPs Subject: [c-nsp] GEIP or PA-GE Anyone know where I can GEIP, GEIP+ or PA-GE cards cheap? I'm running a 7505 at home, and I'm not made of money. 8-) Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7600-RSP720-10GE - which IOS ?
Hi list, I will problably receive a rsp720-3CXL 10G to replace an rsp720-3C-GE later this week, and I am curious if any of of you can give me advice on which IOS version to go for.. I see I can choose from SRC,SRC1,SRC2 and SRD versions. Anyone has good/bad experiences with one of the above? Tnx, Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 TCAM overflows; certain hosts unreachable?
Nate Carlson wrote: We're having some really odd issues with a pair of 6500's. We know that our TCAM table is overflowed, but it's worked fine up until now (new pair of SUP720-10GE's on order, but not here yet, of course.) Here's the TCAM errors we are getting, which are pretty typical: Dec 3 10:29:18: %MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception, Some entries will be software switched Dec 3 10:31:49: %MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception, Some entries will be software switched Dec 3 10:38:10: %MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception, Some entries will be software switched I had exactly the same situation with a rsp720-3c for a NPE-G2. After that, we started having intermittent connectivity issues to various IP's on the internet. When we saw those issues, we swapped the G1 back in, with the same config (verified via Rancid.) From our hosts connected to the 6500's, some remote IP's work fine, Sounds very familiar ;-) Now, the real odd part, is that from the same 6509, coming from the .14 address, I can hit those IP's without any issues: Same here Are these the type of issues expected with TCAM overflows? It seems odd to me that our CPU utilization would be low, but we'd be having these, unless 'sh proc cpu' isn't the right place to look for that? Yes. Appreciate any thoughts. If we can definitively say that TCAM is the issue, we'll filter our BGP routes (get rid of the /24's).. my understanding is that to get hardware-switched routes again, though, we'd have to reboot the 6500 - is that also correct? Thanks much! -Nate I solved my problem by requesting my upstreams to provide me with a default route, and only have my IX sessions unfiltered. This brought the number of routes back to ~60K which was ok after a reboot. Beginning this week the 3c was replaced with a 3cxl, everything works again as it should. Reboot was really needed btw. Good luck Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Non-Israeli E1-over-IP products
NM-CEM-4TE1 4 Port T1/E1 Circuit Emulation over IP NM cisco-nsp-boun...@puck.nether.net wrote on 12/12/2008 11:24: Hi Team, I recommended RAD products for a client looking to accomplish TDM over IP. However, they say they cannot accept any products from Israel. :-) I was wondering if any of you have used other good E1 over IP products from a company that is not Israeli. Would appreciate your suggestions on this matter. Regards, Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 32 bit ASN
My Cisco SE told me lat week 32b ASN will be supported in: 12.2(33)SRE for 7600 and 7200, due Q3 2009 :-( 12.4(24)T for ISR 28xx/38xx and 7200, due april 2009 Martin cisco-nsp-boun...@puck.nether.net wrote on 17/12/2008 17:32: Thanks Brian. IOS-XR and NX-OS seem the only OS's in the Cisco family that support this. IOS-XR since release 3.4.0 and NX-OS since 4.0(1). By the way, i found this document written by Jeff Doyle about this subject: http://www.networkworld.com/community/node/35767 Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Brian Raaen Sent: quarta-feira, 17 de Dezembro de 2008 12:43 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 32 bit ASN I recently brought up the same question on NANOG. Here is the thread http://mailman.nanog.org/pipermail/nanog/2008-August/003347.html As far as I can tell Cisco is really dragging their feet on this one, unless you are buying one of their Super-Deluxe model devices that runs on a different IOS. -- Brian Raaen Network Engineer bra...@zcorum.com On Wednesday 17 December 2008, Antonio Soares wrote: Hello group, Anybody knows if the 32-bit ASN feature is already available on Cisco IOS ? I didn't find this feature on Feature Navigator. It's quite strange the fact no information seems to be available. RIPE will start assigning 32-bit ASN's in 1/1/2009. Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Any good filters for syslog output
Eric Van Tol wrote: -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Tuc at T-B-O-H Sent: Wednesday, December 17, 2008 3:54 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Any good filters for syslog output Hi, We are going to be monitoring the syslog output (We already have a product (Zenoss)). Does anyone know of a repository of the Watch for these regular expressions to decide what is worth looking into, and whats worth ignoring. Thanks, Tuc If you're looking for a supported, proprietary product, check out Solarwinds Orion - much more than just a syslog repository, though. You are able to store syslogs in a SQL database, create rules for syslogs based upon source IP, source hostname, message type (%LINK-4-ERROR, etc.), and message contents. You can also do fancy things like forward the syslog to another syslog server, send an email/page, modify the message, and do time-of-day rules. On the downside, if all you need is a syslog server, you have to pay for the entire Orion suite, which is pretty expensive. -evt For those using a windows server for syslog, sl4nt (http://www.netal.com/sl4nt.htm) is a very flexible (and not expensive) option. It as well has al above mentioned options. Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Small IAD - Voip to PRI
1841 doesn't do voice. (It has no DSP's) 28xx surely will do the trick, and also 2600XM with NM-HDV2-1T1/E1. Martin On Wednesday, 24 December, 2008 22:17 L'argent wrote: I'm looking for a small box, pref Cisco, that will take 23 channels of VOIP and hand it off as a PRI suitable for use in a Norstar/Meridian phone system. [transparent SIP gateway basically -- pass through caller id/name/etc] I believe a ISR 1841 can do it, but I'm not 100%. Anyone been here/done that? thanks, LA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Small IAD - Voip to PRI
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/voiceden sity.pdf On Wednesday, 24 December, 2008 22:17 L'argent wrote: I'm looking for a small box, pref Cisco, that will take 23 channels of VOIP and hand it off as a PRI suitable for use in a Norstar/Meridian phone system. [transparent SIP gateway basically -- pass through caller id/name/etc] I believe a ISR 1841 can do it, but I'm not 100%. Anyone been here/done that? thanks, LA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS Trains differnces
On Friday, 20 February, 2009 00:50 Justin Shore wrote: Jared Mauch wrote: another 'new' download area? as bad as the rejig they gave it last time? :-( Worse You now have to navigate a tree that may or may not tell you anything useful. Yeah, it's awful. And you can't sort by mainline release for all platforms anymore. I can't find many of the cross-over types of devices. I'm really not a fan of it. I sure hope that one can still download directly without having to use the messy GUI. It's bad enough having to agree to the crypto export form every single time you download any file. PITA. Justin Just had a look at that 'wonderfull' new interface... OMG! Cisco, ***PLEASE*** don't do this to us! Leave the original interface intact! Apart from Justin's remarks, it is so very slow Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-X6748-SFP temperature sensor
Do a snmpwalk on 1.3.6.1.4.1.9.9.13.1.3.1, this gives info on all the temp sensors in the box. Martin On Wednesday, 15 April, 2009 07:10 Engelhard Labiro wrote: Couldn`t find doco on cisco that state it has a temp.sensor..but sh env of the module indicates that the chassis is able to show the temp. of the card. sh module Mod Ports Card Type Mode --- - -- -- 18 CEF720 8 port 10GE with DFCWS-X6708-10GE 28 CEF720 8 port 10GE with DFCWS-X6708-10GE 3 48 CEF720 48 port 1000mb SFP WS-X6748-SFP 4 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX 52 Supervisor Engine 720 (Active) WS-SUP720-3B xsh environment temperature module 3 module 3 outlet temperature: 50C module 3 inlet temperature: 36C module 3 device-1 temperature: 36C module 3 device-2 temperature: 46C 2009/4/15 Hiromasa Sekiguchi hiromasa.sekigu...@ctc-g.co.jp: Hi all, Does WS-X6748-SFP have temperature sensor? Can we confirm it on cisco web site? Regards, Hiromasa ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] E1 packet loss
E1 errors are often caused by clocking issues - are you shure you should provide clocking on the A-end? Often clocking is provided by the network. Tried to switch on crc4? Martin On Friday, 11 June, 2010 14:18 Rens wrote: Hi all, I have 2 routers that are connected via a 3rd party E1 circuit. When I ping between my routers I have packet loss. I have done a BER test on the E1 circuit which comes out clean. Already replaced both E1 cards and my cabling, but still having packet loss (between 30 10% depending on size) I have followed the E1 error events troubleshooting for the line code violations path code violations but line code is configured correctly... What are the next steps that I can take? Below is my config + the show controller output Side A: controller E1 0/1 framing NO-CRC4 clock source internal channel-group 0 timeslots 1-31 interface Serial0/1:0 ip address x.x.x.1 255.255.255.252 show controllers E1 0/1 E1 0/1 is up. Applique type is Channelized E1 - balanced No alarms detected. alarm-trigger is not set Version info Firmware: 20040108, FPGA: 11 Framing is NO-CRC4, Line Code is HDB3, Clock Source is Internal. CRC Threshold is 320. Reported from firmware is 0. Data in current interval (24 seconds elapsed): 0 Line Code Violations, 0 Path Code Violations 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Side B: controller E1 0 framing NO-CRC4 channel-group 0 timeslots 1-31 interface Serial0:0 ip address x.x.x.2 255.255.255.252 sh controllers E1 0 E1 0 is up. Applique type is Channelized E1 - balanced No alarms detected. alarm-trigger is not set Version info Firmware: 20040928, FPGA: 11, spm_count = 0 Framing is NO-CRC4, Line Code is HDB3, Clock Source is Line. CRC Threshold is 320. Reported from firmware is 320. Data in current interval (20 seconds elapsed): 2689 Line Code Violations, 53 Path Code Violations 0 Slip Secs, 0 Fr Loss Secs, 20 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 20 Unavail Secs Regards, Rens ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] H-VPLS BGP autodiscovery
Hi Andrey, I have the same problem, but did not find the time yet to dive into this problem. Martin -Original Message- From: cisco-nsp-boun...@puck.nether.net on behalf of Anrey Teslenko Sent: Tue 15-Jun-10 11:43 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] H-VPLS BGP autodiscovery Whether somebody can answer my question? Help me please, If you had the same problem 2010/6/11 Anrey Teslenko teslenko.and...@gmail.com Hello all, Does anyone have the experience in configuration of H-VPLS, using BGP as discovery mechanism? I try to implement this in my network. Everything works fine, but there are some problems. I tune H-VPLS on cisco 7600 series with SIP-400 as uplink and downlink interfaces. I have trouble, when router has two uplinks interfaces - the first on Sip 400 and the second on a LAN card Detailed output is as follows for my VFI Local interface: VFI test VFI up MPLS VC type is VFI, interworking type is Ethernet Destination address: xx.xx.xx.xx, VC ID: 500, VC status: up Output interface: none, imposed label stack {302 295} Preferred path: not configured Default path: active Next hop: Invalid ADDR As result LDP signaling works fine, BGP autodiscovery works fine, however pseudo wire has not found outgoing interface Manual configuration of VFI allows to apply pseudoware-class with preferred-path, but this configuration is poorly scalable However in autodiscovery mode I couldn't apply preferred-path (Cisco say: Tunnel selection is not supported with autodiscovered neighbors.) So my question is: How to properly select output interface (SIP 400 instead WS-X6704-10GE), configuring of H-VPLS and using BGP autodiscovery? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco L2tp class with password and rancid
Hi lists, I have an issue when I configure a l2tp-class with a password in it, every time I do a sho run the level 7 encrypted password is shown differently. When using Rancid for config backups, every time Rancid runs I receive a complaint my config has changed. According to Cisco's TAC this is expected behavior Apart from the option to not-encrypt passwords any ideas how to solve this? Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [rancid] Cisco L2tp class with password and rancid
Thanks guys... I was afraid I would hear your solutions I think I will try to persuade Cisco to solve this issue, and in the mean time have Rancid ignore the level 7's :-( Martin -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alan Buxey Sent: 05/07/2010 19:49 To: David Freedman Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] [rancid] Cisco L2tp class with password and rancid Hi, I have an issue when I configure a l2tp-class with a password in it, every time I do a sho run the level 7 encrypted password is shown differently. When using Rancid for config backups, every time Rancid runs I receive a complaint my config has changed. I've had this issue with several devices and its been fixed by cisco. recently, however, have had the same with the level 7 password for energywise. the 'fix' is to not have it encrypted in the config and save it as plain text (level 0) - thats not acceptable. you'll have to do what i did - reconfigure rancid to ignore that value. alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [rancid] Cisco L2tp class with password and rancid
Hi John, My piece of l2tp config: l2tp-class class-name authentication more config lines password 7 level-7-encrypted-pass more config lines Martin cisco-nsp-boun...@puck.nether.net wrote on 07/07/2010 07:14: Mon, Jul 05, 2010 at 06:49:04PM +0100, Alan Buxey: Hi, I have an issue when I configure a l2tp-class with a password in it, every time I do a sho run the level 7 encrypted password is shown differently. When using Rancid for config backups, every time Rancid runs I receive a complaint my config has changed. I've had this issue with several devices and its been fixed by cisco. recently, however, have had the same with the level 7 password for energywise. the 'fix' is to not have it encrypted in the config and save it as plain text (level 0) - thats not acceptable. you'll have to do what i did - reconfigure rancid to ignore that value. if you provide examples of these config lines, l2tp and energywise, i'll provide a hack to filter them within rancid. they should, however, not change in the config and you should complain to cisco to get it fixed so that you can have them archived by rancid without the oscillating. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CRC fixing
2 options, Faulty serial port or issue with the link (have the provider check it) You see the crc's on both sides? - more likely link issue First check is ask the provider to loop the link facing your equipment and see if you still have the errors cisco-nsp-boun...@puck.nether.net wrote on 09/07/2010 08:57: hi, heavy CRC error generating on serial link, anyone can tell me reason ?? solution ?? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] show interface summary cisco
See http://lmgtfy.com/?q=show+interface+summary+cisco cisco-nsp-boun...@puck.nether.net wrote on 09/07/2010 08:59: show interface summary cisco need description ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hughes v iDirect
We host around 10 iDirect hubs for several customers, after quite a lot of issues with previous sw versions I don't hear a lot of complaints from the customers on stability, as far as I know the iDirect product has matured. An issue with bigger hubs could be the large number of servers needed for Protocol processors and NMS producing a lot of heat and consuming a lot of power. We run ourselves a Viasat Linkstar hub, this could also be good candidate for the needs of th OP. We are very happy with the performance of this hub. No experience with Hughes. Martin -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ryan Wilkins Sent: 21/07/2010 19:12 To: Cisco Mailing list Subject: Re: [c-nsp] Hughes v iDirect I maintain an iDirect hub for one of our customers, and while it runs pretty well I have one beef that I wish they'd fix. The only dynamic routing protocol they provide is RIP. I've asked about OSPF support and was told that they'd never support it. Otherwise, it has its quirks just like any other system. No real show stoppers though for our use. Our customer makes extensive use of VoIP (capable of 115 simultaneous calls at G.729) and also makes extensive use of both sending and receiving live streaming video. Be careful of how much traffic you want to run through each remote, though. The remotes, and hub line cards for that matter, are ARMv5 powered so they're not packet pushing power houses. I think the hub line cards can push anywhere from 11 to 22 Mbps depending on software version and other options. The remotes can push traffic back to the hub at significantly less though. We had an event a couple years ago where the customer was trying to push 5-6 Mbps worth of voice and video out of the remote location to the hub and had the CPU pegged at 100% around 4.2 Mbps as I recall with V7 software. V8 software supposedly increases the bandwidth limit by double. If you want to make use of a lot of VoIP on the system with small packets, you run the risk of killing your available horsepower quickly. I've never seen a published packet per second figure for the 7350 remotes that we use but unofficially that answer is somewhere around 1800 PPS as stated by a senior member of the iDirect engineering team. To support the large call volume and still have processing power left over, we had to employ packet aggregators from DTech Labs. To touch on training, they offer training the US as well as some other popular locations worldwide. London and Dubai come to mind. Overall, I think the iDirect solution is pretty solid. Ryan Wilkins On 15/07/2010 10:16 PM, Felix Nkansah wrote: Hi, I am evaluating which of these satellite offerings provide the best IPoVSAT technology. The network would heavily use IP Voice and IP Video conferencing among the VSAT connected locations in a hub/spoke fashion. My client (a government agency) intends on installing/managing their own VSAT hub based on either Hughes or iDirect. I wanted to know which of these providers ensure the best performance of IP? Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Erspan on 7600
Hi list, Does someone have experience with erspan on a 7600? Is this loading the CPU (rsp720 / ws-x6748-ge-tx) or is it handled in hardware? Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Erspan on 7600
Thanks Tim, Exactly what I wanted to hear :-) Martin Tim Stevenson mailto:tstev...@cisco.com wrote on 10/08/2010 16:59: Hi Martin, ERSPAN is handled by the hardware, either the central replication engine on the sup, or by the REs on the linecards themselves (depends on which sup LCs you have). In no case do we use the sup CPU to perform ERSPAN encap/decap. Tim At 07:10 AM 8/10/2010, Martin Moens averred: Hi list, Does someone have experience with erspan on a 7600? Is this loading the CPU (rsp720 / ws-x6748-ge-tx) or is it handled in hardware? Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsphttps://p uck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/http://puck.neth er.net/pipermail/cisco-nsp/ Tim Stevenson, tstev...@cisco.com Routing Switching CCIE #5561 Distinguished Technical Marketing Engineer, Cisco Nexus 7000 Cisco - http://www.cisco.com IP Phone: 408-526-6759 The contents of this message may be *Cisco Confidential* and are intended for the specified recipients only. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cellular Modem on Aux
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Gert Doering Sent: 23/10/2010 11:09 To: Peder Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cellular Modem on Aux Hi, On Fri, Oct 22, 2010 at 04:40:19PM -0500, Peder wrote: router croaks too. I've googled around and didn't really find anything. Siemens builds something called the MC35/MC35i/TC35 - basically a GSM phone without display and keyboard, and with a RS232 serial instead. We use those for monitoring gear to send out SMS if the network fails - but as far as I understand, it should work for HSCSD/V.110 dial-in as well (if the network provider doesn't block data calls, some of them do on normal voice SIM cards). I have not tested this yet, but it might give you some more food for googling. gert We are using the Siemens box for dial-in to the aux port - it works fine for this purpose. Be aware of bad GSM reception in a lot of datacenters Someone else mentioned the Cisco 3G card - that one is dial-out only afaik. Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Smaller MPLS/EoMPLS capable router
-Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Andrew K. Subject: [c-nsp] Smaller MPLS/EoMPLS capable router From my digging around the smallest device I can see supporting these features would be a 2811. Anyone use anything smaller? You could have a look at the ISR-G2 1921, it can handle much more traffic, is more recent (not nearing EoS as the 28xx), and cheaper ($1800 inc Data lic vs $3000 inc spservices GPL) Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPN over satellite
Hi Rens, It depends of course largely on the transmission speed you need, but most cisco device up from say an 1841 for low speed links will do quite well. The only thing you should keep in mind that the majority of the TCP enhancers cannot optimize encrypted traffic very efficiently, so you should put hem in the unencrypted part of the link, or let the optimizers do the encryption. If you want some more info on how we are doing things like you need, you can contact me off-list (In Dutch if you wish). Regards, Martin -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Rens Sent: 30/04/2012 12:00 To: cisco-nsp@puck.nether.net Subject: [c-nsp] VPN over satellite Dear, Could anybody recommend any cisco hardware that can build a VPN that works well over satellite connections? (TCP enhancements) I want to setup a L3 VPN between 2 satellite connections Even additionally if it would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN Regards, Rens ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF Over FR
It would be helpfull if you make your posts a bit more readable... From: cisco-nsp cisco-nsp-boun...@puck.nether.net on behalf of M K gunner_...@live.com Sent: 06 October 2013 17:08 To: cisco-nsp@puck.nether.net Subject: [c-nsp] OSPF Over FR Hi , I have three routers R1 , R2 and R3R1 is the hub and is configured as below R1#sh run int s0/0.123Building configuration... Current configuration : 201 bytes!interface Serial0/0.123 multipoint ip address 192.168.123.1 255.255.255.0 snmp trap link-status frame-relay map ip 192.168.123.3 103 broadcast frame-relay map ip 192.168.123.2 102 broadcast R1#sh run | sec router ospfrouter ospf 1 router-id 1.1.1.1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 192.168.14.1 0.0.0.0 area 0 network 192.168.123.1 0.0.0.0 area 0 neighbor 192.168.123.2 neighbor 192.168.123.3 R2#sh run int s0/0 Building configuration... Current configuration : 190 bytes!interface Serial0/0 ip address 192.168.123.2 255.255.255.0 encapsulation frame-relay clock rate 200 frame-relay map ip 192.168.123.1 201 broadcast no frame-relay inverse-arpend R2#R2#R2#sh run | sec router ospfrouter ospf 1 router-id 2.2.2.2 log-adjacency-changes network 2.2.2.2 0.0.0.0 area 0 network 192.168.123.2 0.0.0.0 area 0 neighbor 192.168.123.1 R3#sh run int s0/0Building configuration... Current configuration : 190 bytes!interface Serial0/0 ip address 192.168.123.3 255.255.255.0 encapsulation frame-relay clock rate 200 frame-relay map ip 192.168.123.1 301 broadcast no frame-relay inverse-arpend R3#sh run | sec router ospfrouter ospf 1 router-id 3.3.3.3 log-adjacency-changes network 3.3.3.3 0.0.0.0 area 0 network 192.168.123.3 0.0.0.0 area 0 neighbor 192.168.123.1 Why on R1 i cannot receive anything from R2 ? R1#sh ip route ospf 3.0.0.0/24 is subnetted, 1 subnetsO 3.3.3.0 [110/65] via 192.168.123.3, 00:06:21, Serial0/0.123 Even though the neighborship is up ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] %BGP-6-MSGDUMP_LIMIT: unsupported or mal-formatted message
Looks like the want to be *_very_* sure there traffic flows through as174 :-) M -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark Tinka Sent: 27 November 2013 04:26 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] %BGP-6-MSGDUMP_LIMIT: unsupported or mal-formatted message On Tuesday, November 26, 2013 10:11:20 PM Saku Ytti wrote: Interestingly, I don't believe this behaviour could be seen in IOS-XR or JunOS or such, since it's quite untypical for userland process to start processing packet before it's received. But IOS specifically has dedicated TCP/IP implementation for BGP and another implementation for rest of the system. While we're on the subject: tinka@hmmh# run show route 193.105.15.0 inet.0: 466528 destinations, 467107 routes (466496 active, 31 holddown, 1 hidden) Restart Complete + = Active Route, - = Last Active, * = Both 193.105.15.0/24*[BGP/170] 4d 21:28:09, MED 90, localpref 110 AS path: 3257 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 50404 I to a.b.c.d via xe-0/0/2.0 [edit] tinka@hmmh# Reeks of Mikrotik to me. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] snmp monitoring me3600 mpls pseudowire bytes xmit/rcv
Stop.. my mistake, below are for service policy's Martin -Original Message- From: Martin Moens Sent: 15 January 2014 18:47 To: 'Aaron'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] snmp monitoring me3600 mpls pseudowire bytes xmit/rcv Aaron, receive oid should be 1.3.6.1.4.1.9.9.166.1.15.1.1.11.x.y transmit oid should be 1.3.6.1.4.1.9.9.166.1.15.1.1.18.x.y The x and y likely will change between reboots... gl... Martin -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: 15 January 2014 18:35 To: cisco-nsp@puck.nether.net Subject: [c-nsp] snmp monitoring me3600 mpls pseudowire bytes xmit/rcv I need to monitor (graph) via snmp, bytes in bytes out of an mpls pw on a me3600... I think I've found the snmp oid that corresponds to the received bytes on that pw, but I'm unable to find the snmp oid that is for the sent bytes. Does anyone know what that would be or how could I find out what it is? Aaron me3600... 3600#sh mpl l2 vc destination 1.2.3.4 vcid 101 det | in byte transit byte totals: receive 3741234101, send 700102209 snmp manager... [root@noc-kvm-host ~]# snmpget -c snmpcommunity -v 2c 2.4.6.8 SNMPv2-SMI::transmission.166.2.1.5.1.5.4.0.0.1.39 SNMPv2-SMI::transmission.166.2.1.5.1.5.4.0.0.1.39 = Counter64: 3741234101 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] snmp monitoring me3600 mpls pseudowire bytes xmit/rcv
Aaron, receive oid should be 1.3.6.1.4.1.9.9.166.1.15.1.1.11.x.y transmit oid should be 1.3.6.1.4.1.9.9.166.1.15.1.1.18.x.y The x and y likely will change between reboots... gl... Martin -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: 15 January 2014 18:35 To: cisco-nsp@puck.nether.net Subject: [c-nsp] snmp monitoring me3600 mpls pseudowire bytes xmit/rcv I need to monitor (graph) via snmp, bytes in bytes out of an mpls pw on a me3600... I think I've found the snmp oid that corresponds to the received bytes on that pw, but I'm unable to find the snmp oid that is for the sent bytes. Does anyone know what that would be or how could I find out what it is? Aaron me3600... 3600#sh mpl l2 vc destination 1.2.3.4 vcid 101 det | in byte transit byte totals: receive 3741234101, send 700102209 snmp manager... [root@noc-kvm-host ~]# snmpget -c snmpcommunity -v 2c 2.4.6.8 SNMPv2-SMI::transmission.166.2.1.5.1.5.4.0.0.1.39 SNMPv2-SMI::transmission.166.2.1.5.1.5.4.0.0.1.39 = Counter64: 3741234101 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/