After doing basic configuration of a 5510 w/CSC20 for a customer
network, our customer has come up with some wishes about specific
filtering options that I don't see any way of implementing with the
CSC's rather limited filtering options. Even with the most current 6.2
(1599) version of the
Hi folks! We're trying to determine a low cost solution to bridge
802.11Q vlans over the internet between two locations. We are thinking
of using IOS with bridge groups and a IPIP or GRE tunnel between the
two locations. Encryption is not required.
Peak traffic is about 50Mbps and will be on
try to look at the output of 'show sdm prefer', especially at the
line 'number of indirect IPv4 routes'. it looks like your BGP
prefixes can't fit into the routing part of TCAM and some packets are
beeing software switched.
ivan
On Wednesday 12 September 2007, christian wrote:
whats the
All,
We had an outage yesterday and initial analysis looks like a SUP going
bad. I've currently got the card in the spare chassis running
diagnostics and this has reminded me I've got some questions about GOLD
that I've never had answered (Cisco: the IOS docs for GOLD in 12.2SX are
awful)
1.
On Tuesday 11 September 2007 22:04, Justin Shore wrote:
I'd recommend a 7201 or a short-stack 7600.
Skipping off a bit... considering that the 7600 uses the
same Supervisor (say, in this case, SUP720-3BXL) across all
supported chassis', I'd be careful in making sure I get a
chassis that will
Many thanks for your reply Joel, we will have to see if this is
possible.
-Original Message-
From: Joel M Snyder [mailto:[EMAIL PROTECTED]
Sent: 11 September 2007 02:29
To: Nick Kassel
Cc: cisco-nsp@puck.nether.net; Abdus Hamid; Darren Holden
Subject: Re: [c-nsp] Nokia Firewall
On Tuesday 11 September 2007 21:28, Justin Shore wrote:
In particular I want
to confirm support for the...
Uncertain about the rest, but...
ACE,...
We looked into this a couple of weeks back. It turns out the
ACE (well, at least the ACE20-MOD-K9) will only be
supported on the RSP720 when
On Tue, 11 Sep 2007 23:14:45 -0700, Hal Epstien wrote
Hi folks! We're trying to determine a low cost solution to bridge
802.11Q vlans over the internet between two locations. We are
thinking of using IOS with bridge groups and a IPIP or GRE tunnel
between the two locations. Encryption is not
Greetings,
I have a client that's run into some trouble with IPSec-over-GRE and
I'm trying to help debug. The problem sounds very familiar, however I
haven't come up with a solution yet in my searches...
The basic setup is:
7206(GigE)--(GigE)6500
The IPSec (preshared) setup is pretty much
Our 3845s are pulling under 2.5a per chassis. On all 3 of our chassis
one PSU pulled approximately 1a and the other was around 1.5a @ -48VDC
(54.36VDC is what our chargers are tuned to). One is loaded (full BGP
feeds, ACLs, 30Mbps of traffic); the other 2 are essentially idle.
We've added an
Hello .
Does anyone has already use a software to simulate Man in the middle
Attacks and Mac-adress attacks ?
The goal here is to test DHCP Snooping , Dynamic Arp Inspection and
Port-security on a Lan base environment .
Thanks
D.
David Ponsdesserre
+44 207 762 4877
Whoops. I forget to click send last night.
Without checking the load in person I can say for certain that we aren't
powering them with my than 15a -48VDC circuits. Anything bigger than
15a and we add a set of dedicated breakers on one of the main bus bars
in the distribution frame. 15a or
David,
Have a look at arp-sk, it may be what You are looking for wrt MAC attacks
http://www.darknet.org.uk/2006/10/arp-sk-arp-swiss-army-knife-tool/
Rgds
Alex
- Original Message -
From: [EMAIL PROTECTED]
To: cisco-nsp@puck.nether.net; [EMAIL PROTECTED]
Sent: Wednesday, September 12, 2007
I've not used it, but I believe dsniff will do L2 MITM stuff.
Tim:
On 9/12/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello .
Does anyone has already use a software to simulate Man in the middle
Attacks and Mac-adress attacks ?
The goal here is to test DHCP Snooping , Dynamic Arp
Hi,
On Wed, Sep 12, 2007 at 09:10:52AM -0400, Aaron Daubman wrote:
I have a client that's run into some trouble with IPSec-over-GRE and
I'm trying to help debug. The problem sounds very familiar, however I
haven't come up with a solution yet in my searches...
The basic setup is:
Hello,
We have an MGX and BPX network, could anyone tell me if there is a document
that lists the outcome of not having a synchronized clock source on the
network.
Thanks,
Kim
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Steve Bertrand wrote:
Hi everyone,
We run a small ISP, with approximately 2500 dialup clients, 50 SDSL
clients, and with about 300 domain hosting clients.
We currently have a Cisco 2651 router that is underpowered for our
environment.
(C2600-ADVENTERPRISEK9-M) -- Cisco 2651XM (MPC860P)
Hey all
I know BGP on switches has been discussed a lot, and how, yes it is unwise
from number of routes perspective.
But what I am looking for is setting up a 3550 with about a dozen ISP's
connected to it.
The ISP's would BGP peer and announce their own routes into it (100) and
basically just
I was under the impression that it was software-based unless you hard
the IPSEC SPA module.
I haven't heard of an issue like that though. Although i have
experienced similar issues like wccp would not redirect unless i
enabled netflow on the interface. I guess it kicked it into software
and
On Thu, Sep 13, 2007, Skeeve Stevens wrote:
Hey all
I know BGP on switches has been discussed a lot, and how, yes it is unwise
from number of routes perspective.
But what I am looking for is setting up a 3550 with about a dozen ISP's
connected to it.
The ISP's would BGP peer and
Thanks everyone for all the replies !
David Ponsdesserre
+44 207 762 4877
-
London Telecom and Network
Societe Generale Corporate and Investment Banking
Justin:
Can you explain where you found the 256 Mbps number?
Regards,
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Justin Shore
Sent: Tuesday, September 11, 2007 9:05 AM
To: [EMAIL PROTECTED]
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp]
On Thu, 13 Sep 2007, Adrian Chadd wrote:
The ISP's would BGP peer and announce their own routes into it (100) and
basically just take each others routes for a neutral peering situation.
Would the 3550 handle that? Number of routes here isn't an issue. but the
number of BGP sessions. what
BGP requires memory to store routes. The 2610 maxes out at 64 meg. The
3550 is hardwired with 64 meg. They're equivalent in terms of storage space
and I think roughly equivalent in processing power. I think a 64 meg box
starts to have trouble around 50k routes if I'm recall correctly. If all the
There should be no problem. We had 3550-12G with ~70 BGP sessions on it
in the past (it was used as router for internet exchange).
Regards,
Daniel
On 09/12/2007 05:51 PM, Skeeve Stevens wrote:
Hey all
I know BGP on switches has been discussed a lot, and how, yes it is unwise
from number of
On Wed, 12 Sep 2007, neal rauhauser wrote:
BGP requires memory to store routes. The 2610 maxes out at 64 meg. The
3550 is hardwired with 64 meg. They're equivalent in terms of storage space
and I think roughly equivalent in processing power. I think a 64 meg box
starts to have trouble around
I can't seem to find anything real world as to how much 3des throughput
these can do, if anyone has experience please post. Also interested in
1841 throughput in case the 851 can't do 10mb/s. Looking at one of
these for a dmvpn spoke router. Thanks.
Jason
Hi,
On Wed, Sep 12, 2007 at 11:21:34AM -0400, Aaron Daubman wrote:
As far as I understand the architecture, a basic 6500 won't do IPSEC...
Maybe this needs to be qualified: it will do it in software, but if the
hardware grabs the packet and sends it away before the software gets to
see it, no
Actually that shows the 850 as 5.12mb/s with 64 byte packets, not
ipsec. I know it offloads, but I don't know how much it really can do.
They show the 1841 as 38.4mb/s so that might be the safe way to go since
I already have one.
Jason Gurtz wrote:
I can't seem to find anything real world
I have 6506 with sup720bxl3, and configure bridge between two
SVI.
bridge irb
IRB is not supported in 12.2SX. See http://tinyurl.com/2ef8nw
You can bridge non-routable protocols (A.K.A fallback-bridging)
between SVIs (A.K.A. VLAN interfaces), but it's done in software
on the MSFC, it
Can anyone point me to a list of 7600 linecards that are
supported (or not) by the RSP720 line?
First, see http://tinyurl.com/ysovqg for a list of hardware not
supported with 12.2 SR (which the RSP runs).
Then check out the RSP720 section (http://tinyurl.com/2fbtlg),
which says that *no*
Interestingly enough, the same (exact, VLANs and all) setup
is working between the 7200 and a 2600, with the only major
difference I can see being the hardware platform and the IOS
release.
IPSec on the 6500 is only supported for mangement traffic,
*unless* you have hardware assist for IPSec
Hello Kim:
-Original Message-
From: [EMAIL PROTECTED] [mailto:cisco-nsp-
[EMAIL PROTECTED] On Behalf Of Kim Onnel
Sent: Wednesday, September 12, 2007 7:16 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Clock Synchronization
Hello,
We have an MGX and BPX network, could
on 09/12/2007 06:31 PM Daniel Suchy said the following:
There should be no problem. We had 3550-12G with ~70 BGP sessions on it
in the past (it was used as router for internet exchange).
Ditto that. Some output below from a 3550-24 with couple of BGP peers +
RIP + some PBR.
#sh ip route
Is there some QOS magic to limit each host behind an interface to a max
bandwidth? Something such that no particular user could use more than
5Mbps ?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
According to:
http://www.cisco.com/warp/public/473/153-2.gif
It appears that there are limitations on the number of policers that you can
use. What isn't clear is how these apply -- in a nutshell, what we want to be
able to do is define a policer that limits ingress/egress traffic to 10M (we
36 matches
Mail list logo