[EMAIL PROTECTED] (Daniel Hooper) wrote:
Changing the mode will delete the vlan database off the switch.
* I don't think I've met a network admin yet who is a fan of VTP :)
Every network admin is until the first showdown of all their switches
(happened to me around 2000, I'm cured).
Elmar.
On Tue, Nov 06, 2007 at 03:38:21PM +1100, Kurt Bales wrote:
I am a big fan of VTP.
This will change over time :)
Yesterdaaay. VTP probs seemed so faaar awayy..
[..]
I guess my question is, can I simply change every switch to transparent
mode, and all will will operate happly, or will I
* I am a big fan of VTP.
Argh... It really isnt my day! That was meant to read NOT a big fan!
K.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
On Tue, Nov 06, 2007 at 04:39:52PM +0900, Daniel Hooper wrote:
Changing the mode will delete the vlan database off the switch.
not on all models - there are some you have to delete vlan.dat from
the filesystem.
Usually it's a good idea to set transparent mode on _all_ switches
and to set the
Changing the mode will NOT delete the vlan database on 2900XL (nor any other
Cisco switches I've encountered). For paranoia, I also change the vtp domain
and password to something unique on every switch to reduce the impact if it is
ever enabled again.
The one thing you will possibly want to do
That matches my Solaris experience exactly.
I can confirm RFC2348 support in 12.2SR and 12.4/12.4T (ie c3845) as well.
Ian
Clinton Work wrote:
Solaris 8 doesn't support blksize / RFC 2348 and there aren't any plans
for releasing a patch. Solaris 9/10 are fine and you can download the
On 11/6/07, Ian Dickinson [EMAIL PROTECTED] wrote:
I do agree though that VTP is horrible if you have more than a small office
network with half a dozen vlans or so. I've made it my mission to eradicate
it wherever I find it.
I have a network with a few dozen Cisco switches and ~ 50 VLANs. I
I was kind of wondering the same thing... a couple hundred VLAN's spread
across several 6500's and never had an issue in 7 years :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Raja Subramanian
Sent: Tuesday, November 06, 2007 6:36 AM
To:
Hi,
On Tue, Nov 06, 2007 at 05:06:28PM +0530, Raja Subramanian wrote:
This thread has got me thinking twice about my setup. What do you guys
recommend as an alternate to VTP?
no VTP - for a dozen switches, you should get by with manually configuring
VLANs on those switches where you need
Hi,
On Tue, Nov 06, 2007 at 06:39:45AM -0500, Paul Stewart wrote:
I was kind of wondering the same thing... a couple hundred VLAN's spread
across several 6500's and never had an issue in 7 years :)
If you want fun, try this:
- connect another switch, have it learn the VTP database, make
We'd never do that scenario so that's possibly one reason we've never gotten
bit. One master across our network is all we have and all we want ;)
Everything else is a client
Paul
-Original Message-
From: Gert Doering [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 06, 2007 7:18
Mike,
can you show your complete vtemplate config? What happens if you apply
service-policy output policy-256 manually to the vtemplate
interface, i.e. on the CLI? do you get any errors?
Can you do a session without this attribute and do a show int
virtual-access num conf to see what's applied on
Hi Rod,
You should do it to fix CSCef97738
From CCO:
Even though the benefits of MDT SAFI are for SSM tree building, MDT SAFI
must also be configured when using MVPN with the default MDT group in PIM
sparse-mode. From the multicast point of view, the new BGP AF does not need
to be configured for
Hi,
On Tue, Nov 06, 2007 at 06:39:45AM -0500, Paul Stewart wrote:
I was kind of wondering the same thing... a couple hundred VLAN's
spread
across several 6500's and never had an issue in 7 years :)
If you want fun, try this:
- connect another switch, have it learn the VTP
Hi,
On Tue, Nov 06, 2007 at 07:20:50AM -0500, Paul Stewart wrote:
We'd never do that scenario so that's possibly one reason we've never gotten
bit. One master across our network is all we have and all we want ;)
Everything else is a client
Sure, VTP *is* quite useful, and most VTP horror
Hi,
On Tue, Nov 06, 2007 at 06:01:42PM +0500, Junaid wrote:
i have messed up my router (3640) with a config-reg value of 0x3922
disabling the break sequence. Now, I am unable to get into ROMMON mode
to change IOS. The current IOS does not detect my Ethernet module.
Also, when I try to enter
I have some customers connected to a 6500, and already run stormcontrol
and portfast. I'll look into bpduguard as well, thanks.
However, most of my customers are connected to router platforms (the
one specifically affected is a 7200). As far as I know none of the
actual L2 features apply there.
I am building a router for a customer, a 3845, and the customer needs
a full routing table, how much RAM do I need?
They also have a remote location with a 2851 that they want to do the
same thing, is the 2851 capable of handling a full BGP feed?
Jonathan
I saw a presentation on it some time ago and it looked very cool.
Phil
On Nov 6, 2007, at 9:14 AM, Tim Durack wrote:
Documentation for the VS-S720-10G-3C is starting to show up on Cisco's
site. They are referring to it as Virtual Switching System 1440 by
virtue of it being a multi-chassis
I use tftpd32 for windows platforms and freebsd or sol9.
Aaron
On Nov 6, 2007 4:27 AM, Ian Dickinson [EMAIL PROTECTED] wrote:
That matches my Solaris experience exactly.
I can confirm RFC2348 support in 12.2SR and 12.4/12.4T (ie c3845) as well.
Ian
Clinton Work wrote:
Solaris 8 doesn't
On Tue, 2007-11-06 at 10:33 -0500, Phil Bedard wrote:
I saw a presentation on it some time ago and it looked very cool.
As did I, but what wasn't made clear at the time was that all the
linecards would need to be upgraded to DFC3C. In fact, I seem to recall
being *explicitly* told that only the
The homepage is here: http://www.cisco.com/go/vss
There is a very interesting white paper about how it works:
http://www.cisco.com/en/US/products/ps9336/products_white_paper0900aecd806ee2ed.shtml
From the above URL:
Additionally, note that no Cisco 7600 Series chassis will be
supported after
We use the Livingston PM2. One could hook a modem to it for either
incoming or outgoing, but we telnet to it and attach to the serial ports
for various devices.
For your couriers, make sure you use the autoanswer dip switch setting
rather than solely the autoanswer init string.
On Mon, Nov
I use tftpd32 for windows platforms and freebsd or sol9.
I'll second that, lightweight, easy to use, and just works. We've had no
problem working with a mélange of 87x, a 3640A, PIX 512e, and 3com 5500
series switches.
~JasonG
--
___
cisco-nsp
On (2007-11-06 09:05 -0600), Michael Malitsky wrote:
I have some customers connected to a 6500, and already run stormcontrol
and portfast. I'll look into bpduguard as well, thanks.
However, most of my customers are connected to router platforms (the
one specifically affected is a 7200).
Yes, the V-E chassis is the E version of the 6509-NEB-A. It has
front to back cooling but aside from that is essentially the same as
the horizontal 9 slot E chassis.
Tim
At 09:35 AM 11/6/2007 -0500, Tim Durack observed:
Some of the VSS1440 data sheets now refer to: WS-C6509-V-E E-Series
9-slot
Saku Ytti wrote:
In my opinion cisco is lacking some elementary L2 security features,
like not being able to limit MAC addresses per port, without also
having port-security on
I think the following config should limit the MAC addresses for you:
switchport port-security
switchport
Documentation for the VS-S720-10G-3C is starting to show up on Cisco's
site. They are referring to it as Virtual Switching System 1440 by
virtue of it being a multi-chassis solution. The Supervisor itself
looks to be a rev of the SUP720.
Here is a little write up a friend of mine did on my
Saku Ytti wrote:
On (2007-11-06 16:56 +), Sam Stickland wrote:
switchport port-security
switchport port-security maximum x
switchport port-security aging time 5
switchport port-security violation restrict
Port security doesn't permamently learn MAC addresses unless switchport
Apparently I forgot to click the Send button last night.
What process consumed the router's resources during the bcast storm? IP
Input? What's the router? The type of device will dictate our suggestions.
I'd take a number of steps to secure the interface and harden the
router. Assuming
On (2007-11-06 17:14 +), Sam Stickland wrote:
I'm sorry. I don't see how the configuration above would be different from
a configuration command that said limit the number of MAC addresses on
this port to x. Can you explain?
Consider topology:
A --- Switch B
In normal
Well, the good part is that the customers network being unusable took
away any heat from your device being unusable. Unless of course you had
multiple customers off that one router. You could front-end the router
with a hardware L3 switch (3550 or so) that can police stuff at
wire-rate. That
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
I run into issues where customers have ACLs on their network (that
they don't know about) and it is causing network failures...
UNIX: http://michael.toren.net/code/tcptraceroute/
Windows: http://tracetcp.sourceforge.net/
Regards,
Masood Ahmad Shah
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Charles
Sent: Wednesday, November 07, 2007 12:03 AM
To:
Jonathan,
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
Check out the man page for traceroute:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonathan Charles wrote:
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
TCPTraceroute:
Hey Michael.
Here is something you can try out. Instead of using CoPP to limit ARP use
the hardwarebased ratelimiters.
mls rate-limit unicast cef glean 2 60 - This limits the number of
ARP-packets punted to the RP of the type glean. This will occur when traffic
is sent to a connected host
The Linux tracepath utility should do what you need; it's effectively a
traceroute using UDP on an arbitrary port:
http://linux.die.net/man/8/tracepath
Stretch
Jonathan Charles wrote:
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port
http://traceproto.sourceforge.net/
Traceproto is a traceroute replacement written in c that allows the user to
specify the protocol and port to trace to. It currently supports tcp, udp,
and icmp traces with the possibility of others in the future.
On 11/6/07, Peter Fiers [EMAIL PROTECTED] wrote:
On Tue, Nov 06, 2007 at 02:30:10PM -0500, Aaron Daubman wrote:
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
Check out the man page for traceroute:
On Tue, Nov 06, 2007 at 01:02:52PM -0600, Jonathan Charles wrote:
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
http://michael.toren.net/code/tcptraceroute/
I run into
I am running the following with no problems:
5510s with 7.2(3) - static routing, NAT, stateful firewall, IPSEC
5505s with 8.0(2) - NAT, stateful firewall, IPSEC
PIX525s with 7.2(2)23 - static routing, NAT, stateful firewall, some
OSPF
Hope this helps,
Michael
Date: Mon, 5 Nov 2007 13:01:19
i have messed up my router (3640) with a config-reg value of 0x3922
disabling the break sequence. Now, I am unable to get into ROMMON mode
to change IOS. The current IOS does not detect my Ethernet module.
Also, when I try to enter config mode it says:
Routerenable
% No password set
Hi,
On Nov 6, 2007 9:52 AM, Clinton Work [EMAIL PROTECTED] wrote:
I'm trying to determine when blksize / rfc 2348 support was added to
several Cisco IOS releases. It might have been added with defect
CSCds46280, but the bug report doesn't provide any details. Support
for tftp RFC2348 is
Cliff,
Unless I am misunderstanding, this looks like a straightforward routed
networks behind PIX scenario. Depending on complexity and scale, this
could be as simple as a static route pointing back to the network(s) at
center B and appropriate NAT/ACL statements on the PIX.
Let me know if you
On (2007-11-06 15:53 -0500), Fred Reimer wrote:
If we can get a bunch of people to log the same issue then
there's a very slim chance to actually get this implemented in
some far-future version of code...
Thanks Fred, I guess I'm not only one wanting this then (to me
this really seems like
46 matches
Mail list logo