hey all
i have 2 CPEs and 2 trendnet routers
im trying to establish ipsec vpn but i cannot
the setup is like below:
PC (172.16.5.2) connected to router (172.16.5.1) (172.16.0.101) connected to
CPE (172.16.0.138) connected to internet (x.x.x.x)
PC (192.168.10.2) connected to router
On 04/08/2009 01:51, Clayton Zekelman wrote:
Looks like Cisco went and removed a bunch of IOS release from the
website in May. Not sure if this has already been discussed here.
http://www.cisco.com/web/software/SPRIT/swretirement/IOSRetirementTable.html
Anyone with older production equipment
I've got a 7507 with dual RSP8's attempting to use rsp-jsv-mz.124-8.bin
configured for rpr-plus, but keep getting this around every 10 minutes
or so. It results in a loss of connectivity for end-users of course,
until the system recovers.
My initial guess is something is wrong with the
Yeah, tried that... empty directory.
ftp pwd
257 /cisco/ios/12.3/12.3.9e/6400 is current directory
ftp ls
200 PORT: Command successful
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp
That was the most recent release for the 6400.
At 05:38 AM 8/4/2009, Nick
It wouldn't let me to do that. It would say overlapping subnet
Michael
On Monday 03 August 2009 05:13:20 pm Tomas Daniska wrote:
Michail,
you can use a different 10.10.10.x IP for f0/0.1 and have 10.10.10.1/32
on the loopback if this helps you. Proxy-ARP might be needed as well.
--
Hi,
I have an issue with unequal multipath BGP loadbalancing
It is a 6500 / SUP720-3BXL running 12.2.18SXF16
There are four eBGP sessions to a transit carriers ASN, all with full table
However one out of four interfaces sends about 2Gbps less than the other three.
RTR-HV7#sh int ten 2/2 | i
We have several customers setup with T1's multilinked. We are running into
a problem with a single multilink member bouncing causing routing issues.
When a single T1 member of a multilink group bounces, traffic to the overall
multilink interface stops and we have to manually shut and no shut the
It's been awhile since I've had one but The MD error is a memory parity error.
2w5d: %RSP-3-ERROR: Cybus1 parity error (bytes 0:7) 04 -Traceback=
0x40588CDC 0x405891CC 0x405892F0 0x4058A978 0x404CFA54
Means that it was received on cybus1 ( slots5-7)
This comes from the VIP, so I don't think
I've never been brave enough to try a 7500 for dsl aggregation:)
And while a memory parity error is probably hardware,
I have this vague recollection that someone from
Cisco (Rodney Dunn?) has on a couple of occasions
recommended against using a 7500 for broadband
aggregation, since the platform
That should never happen and is possibly a bug.
Can you ping directly over the bundle to the ip address on the other
side when it's broke? If not, go to the latest code and see if it's
fixed...or do some debugging: 'sh ip cef for other side of bundle, debug
ip packet, etc...
Rodney
Todd
Probably me. ;)
There were some issues around DSL termination in to a VRF that would not
work.
The platform was never targeted for that market space so I wouldn't use it.
72xx, 10k, or ASR would be the pick.
The ISR's on really really low end side.
Rodney
Buhrmaster, Gary wrote:
I've
That's usually caused by routes not being the same on the paths.
This is a hard problem to solve.
Is there any way we could prove the prefix distribution is the exact
same over the paths?
I don't know of a way other than dumping the output for every route in
the RIB looking for the next hop.
When it happens, I can ping the remote end from the 7513, but nothing
outside of the 7513.
For Example
SERVER --ethernet--- 7513 ---multilink (2 T1's)--- END USER
1 multilink T1 bounces.
After the T1 comes up, the multilink interface and both T1's show as up/up
and 7513 can ping END
It does. I've seen it before years ago.
get 'sh ppp multilink' from the RSP and VIP console (if-con slot)
and sh contr cbus.
Make sure you are in dCEF mode, all links are on the same PA, and on
later(est) 12.4 mainline (12.4(25) or 12.0(32)S(latest)) on Cisco.com.
We had bugs in how we
On Tue, 4 Aug 2009, Rodney Dunn wrote:
That should never happen and is possibly a bug.
On the 7500 platform, lots of things that should never happen do.
Another thing that may be worth trying is to flip dCEF off and back on
(I'm assuming Todd normally has is on)...or depending on traffic
Yes, I believe it was you. We are trying to migrate from a 7200 to a
7500 to gain route processor redundancy. Our traffic is typically
20mbit peak from this site between 2 atm ds3's. Using radius, pppoa,
and some dsl subs are behind NAT, but we're slowly weeding them out into
having a
http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/nf_lay2_sec_mon_exp.html#wp1059924
describes Application-aware Netflow.
Being able to correlate NBAR and Netflow information is something I am
very interested in. The article implies that this feature is only
available on the
On Tue, 4 Aug 2009, Rodney Dunn wrote:
That's usually caused by routes not being the same on the paths.
It was my understanding that this usually was caused by not having enough
L4 flows to loadshare on...? Ie if you have 100 TCP flows and 4 paths,
then it's not enough flows to get good
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Tuesday 04 August 2009 19:57:57 Jim Brunetti wrote:
http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/nf_lay2_sec
_mon_exp.html#wp1059924 describes Application-aware Netflow.
Being able to correlate NBAR and Netflow
Currently running Version 12.4(23). I may upgrade to (25) to see if that
helps at all.
VIP Console:
VIP-Slot5sh ppp multilink
dmlp_ipc_config_count 210
dmlp_bundle_count 4
Bundle Multilink75, 2 members
bundle 0x61B1C3A0, frag_mode 0
tag vectors 0x6053A4A0 0x60514CBC
Bundle hwidb vector
thanks - glad to know that this model is in use
what keeps on buzzing at the back of my mind is that I have a layer2
connection (actually a number of them) from my switch to many switches (of
customers) that i have no control over.
so not only is this a large L2 network (and best practise says
On Tue, 4 Aug 2009, vince anton wrote:
what keeps on buzzing at the back of my mind is that I have a layer2
connection (actually a number of them) from my switch to many switches (of
customers) that i have no control over.
If each vlan only goes custport - routerport and not custport1 -
I view the rpr feature as completely useless in the real world.
Cold spare are way more effective.
The last time I had a rp failure, it was fixed by yanking one and
leaving the other.
In other words, odds are it causes more issues than it resolves.
Just added complexity for a box where its
I'm having a little trouble doing something that should be simple. I'm
using a 3560 as a CPE to break up multiple services and bind them to
unique switchports. I don't normally use 3560s for this. The port in
question is for a 10Mbp PtP with no SLA across our backbone.
What I currently
While it may not be ideal, I've run into some cases where match any was
not available and matching an access list(that matched anything) was my
only viable option.
Justin Shore wrote:
I'm having a little trouble doing something that should be simple.
I'm using a 3560 as a CPE to break up
On Mon, 2009-08-03 at 21:06 -0700, snort bsd wrote:
But I did almost exactly you suggested and still not working. BTW, the
command bridge 10 route ip doesn't work since only command bridge 1
route ip works.
That almost might be critical. ;-)
What does it say if you type bridge ? when
We're looking at replacing a 4507R at the core of our network with a 6500
series. Currently, the 4507R has a supervisor engine IV, 3 48-port copper
blades, and 2 6-port fiber blades. We're hoping to include in the 6500 series
replacement the firewall module (to replace a PIX 525), vpn (to
On Tue, 2009-08-04 at 16:32 -0400, Steven Pfister wrote:
A couple of questions:
- if I have two FWSMs installed, they would load balance, and if one
failed, the other would take over all traffic, correct?
AFAIK they can only load balance in active/active mode if you create two
contexts and
Never used the VPN services so I can't answer for that. The FWSMs behave
just like an ASA/PIX. There is no load-balancing, it's active/standby
failover.
You can achieve active/active by having multiple contexts and spreading the
active/standby pairs, for example
ContextFWSM 1 FWSM 2
A
Hi,
Since TCP works the way it does a passive observer is able to see packet
loss by looking for e.g. duplicate ACKs. For some time I've had a
dumpcap process picking out traffic to/from specific destinations and
running it through tshark to get the wireshark Expert Info output.
This turns out to
Why not use class-default?
Kind regards,
Sibbi
On 4.8.2009 20:36, Walter Keen walter.k...@rainierconnect.net wrote:
While it may not be ideal, I've run into some cases where match any was
not available and matching an access list(that matched anything) was my
only viable option.
Justin
Iam trying to apply Hierarchical policymap under a inter vlan it gives an
error:
it is 7606 with RSP 720 and ES 40 cards.
PE4(config)#int vlan 299
PE4(config-if)#service-policy output testce
Hierarchical policymap is not supported for this interface. Configuration
failed!
here is the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Both Netscout and Fluke make products that do this. Plus, you can buy
probes to insert into your links directly (as opposed to span-port) if
you want to do some sniffing on something other than an Ethernet
switch. Be ready to fork out some
On Monday 03 August 2009 05:05:03 pm Ольга Ружанская wrote:
We are using 7206VXR-G1/G2 platform as edge router (PE)
in our MPLS network. When traffic volume grows, we
replace NPE-G1 processor with NPE-G2. But in future we'll
need something more powerfull. General requirements:
- OSPF, BGP
34 matches
Mail list logo
