We are having a problem where routes originated by the customer because
of their backup paths are preventing the mpls bgp routes from being
installed and used on the PE.
Customer has an eigrp routed network.
We are hosting a bgp mpls network for the customer.
At the Customer's HQ PE router,
I am testing a turnkey CPE solution combining T1, SDSL, ADSL and PRI
handoff to customer PBX, with the 1751 transcoding SIP to PRI channels.
A CPE I am testing with a WIC-1SHDSL-V2 doesnt seem to be training
properly. The controller continues to report
DSL firmware download in progress,
Hi,
I am looking for a web caching and acceleration platform.
The Cisco Cache Engines were replaced by the Content Engines which has also
been replaced with the WAE running ACNS software.
The datasheets on ACNS seem to imply caching and acceleration of multimedia
traffic between branch offices
You might want to check this link out:
http://wiki.nil.com/Multihomed_MPLS_VPN_sites_running_EIGRP
Regards,
---
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
http://www.netcraftsmen.net
--
-Original Message-
From:
Raymond, Steven wrote:
Have found the least bugs in SRD1, but non-cisco bgp neighbors sometimes require the use
of hidden command neighbor x.x.x.x dont-capability-negotiate or the session
won't restore.
I recall being on the other end of that one. Good tip.
We're currently using a very dated version of Cisco's Secure ACS to
authenticate a relatively small group of PPPoE ADSL users. We have a
planned hardware upgrade for this system, but no funding for updated ACS
software. That said, I was wondering what open source alternatives folks on
the list
I got involved through a few channels and encouraged the teams
responsible for some of the Cisco.com Support tools to leverage this
forum directly for feedback. They were very interested in the idea.
Can those of you that care enough to give direct feedback based on the
past threads around
WAAS and ACNS are two different animals. WAAS is double-ended (there has to
be a device at both ends) and ACNS is single-ended, acting as a caching
device (though it can have information pushed to it from a central manager).
Typically - WAAS between remote site and central site; ACNS between
M Callahan wrote:
We're currently using a very dated version of Cisco's Secure ACS to
authenticate a relatively small group of PPPoE ADSL users. We have a
planned hardware upgrade for this system, but no funding for updated ACS
software. That said, I was wondering what open source alternatives
Hi Shiran,
I must say that I am NOT looking for a WAN optimization tool.
I want an Internet web proxy, caching and acceleration appliance.
Is that also covered by Expand Networks?
Many Thanks.
On Thu, Aug 13, 2009 at 2:10 PM, shiran guez shira...@gmail.com wrote:
I can suggest a better
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://freeradius.org/
Scott
On Aug 13, 2009, at 9:46 AM, M Callahan wrote:
We're currently using a very dated version of Cisco's Secure ACS to
authenticate a relatively small group of PPPoE ADSL users. We have a
planned hardware upgrade for
http://www.peerapp.com/
Regards,
John
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Felix Nkansah
Sent: Thursday, August 13, 2009 8:41 AM
To: Cisco certification; cisco-nsp@puck.nether.net
Subject: [c-nsp] OT:
Assuming you're using TACACS+ to handle this, since radius servers are
everywhere...
I've been using tac_plus from
http://www.pro-bono-publico.de/projects/tac_plus.html (there appear to be
several projects named tac_plus, this was the first one to work well for
me.) As an added bonus, the author
Hi all,
Can I configure event manager to be started when it gets notification from
another router. for example, I want router1 to be configured with policy based
routing on a specific interface once the bgp peer on router2 is down. I don't
want to permanently configure the PBR since it is
@Luan: Thanks for the link :))
@Joe: if you have EBGP sessions with the core MPLS VPN network, you're
losing the BGP cost community (resulting in the EIGRP-related redistribution
issues). It might be possible to tweak the WEIGHT attribute on the PE
routers (the routes redistributed into BGP have
On Aug 13, 2009, at 9:01 PM, Rodney Dunn wrote:
They are eager to listen so now is a good time to get involved.
Let's all keep in mind that *constructive, actionable, specific*
feedback is what's needed, and is what will have an impact.
Radiator RADIUS server. There are multiple versions of this software and
support is available for a reasonable fee runs on Windows/Solaris/Linux
Www open com au
-Original Message-
From: Phil Mayers p.may...@imperial.ac.uk
Subj: Re: [c-nsp] Open Source Substitute for Cisco's
Hi list
I know that this is a bit off topic, but can you know of any cheap
devices that can emulate STM-1 over ethernet (or mpls)? or a cheap box
that can do ATMoMPLS
Thanks in advance
MKS
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Quite gorgeous. Lots to think about.
Thanks,
Joe
Ivan Pepelnjak wrote:
@Luan: Thanks for the link :))
@Joe: if you have EBGP sessions with the core MPLS VPN network, you're
losing the BGP cost community (resulting in the EIGRP-related redistribution
issues). It might be possible to tweak the
Hey, you don't work at Cisco anymore! :)
tv
- Original Message -
From: Roland Dobbins rdobb...@arbor.net
To: Cisco-nsp cisco-nsp@puck.nether.net
Sent: Thursday, August 13, 2009 9:52 AM
Subject: Re: [c-nsp] Feedback on Bug Toolkit (BTK),IOS Software Download
Planner, etc...
On Aug
Rodney,
Do you have an official list of items/tools that feedback can be provided
on? Or, should we ping Wilson?
tv
- Original Message -
From: Rodney Dunn rod...@cisco.com
To: cisco-nsp@puck.nether.net
Sent: Thursday, August 13, 2009 9:01 AM
Subject: [c-nsp] Feedback on Bug Toolkit
Squid on a Linux/FreeBSD box
McAfee WebGateway (can be bought as an appliance)
ISA on Windows
Untangle
Pretty much any Web filtering package runs on a proxy/cache or includes
one.
I've run the first three with user loads in 300-400 range with no
issues.
Thanks,
Erik
-Original Message-
Hello,
We have recently deployed N7k's in our DC and want to enable
monitoring on them. The current ESM systems in Place are HPOV and
Concord ehealth.
I'd like to get feedback on whether anybody has had experience with
Monitoring the 7K chassis with either of the above ESM solutions
and/or are
Hi,
Radiator RADIUS server. There are multiple versions of this software and
support is available for a reasonable fee runs on Windows/Solaris/Linux
with fear of pouring petrol onto a RADIUS flamewar I'd say if
the original post aint got funding for ACS then free open source is
pushing the
On Aug 14, 2009, at 12:07 AM, Ash Net wrote:
We have recently deployed N7k's in our DC and want to enable
monitoring on them.
N7Ks have a dedicated management processor; they also have a
management software system which I believe ships with every N7K.
They also output operationally
Hi,
I've been using tac_plus from
http://www.pro-bono-publico.de/projects/tac_plus.html (there appear to be
several projects named tac_plus, this was the first one to work well for
me.) As an added bonus, the author was happy and eager to help squash a bug
I ran into.
It'll backend to ldap,
Hi there,
I have a customer hanging off of my edge router
(6509/Sup32/12.2.33SXI), doing a Point-to-Point wireless shot from the
DC to another site.
On myside, it's a L3 VLAN doing a /30 to a smaller Cisco router on the
other end. I am then statically routing some additional subnets to the
On Thu, 13 Aug 2009, Alan Buxey wrote:
Hi,
Radiator RADIUS server. There are multiple versions of this software and
support is available for a reasonable fee runs on Windows/Solaris/Linux
with fear of pouring petrol onto a RADIUS flamewar I'd say if
the original post aint got funding for
Not so much - we use ACS for TACACS services and proxy the TACACS via
RADIUS for some application but Cisco ACS is now an appliance and on the
close order of 8K + SmartNet so you are looking at 20K $US for a new
solution.
RADIATOR is open-source but not 'free' it has 200+ authenticators and
Hi,
Nothing wrong with FreeRADIUS it's just you need to 'roll your own' for
a lot of stuff, If your time is worth nothing or it's a hobby or
experimental setup FreeRADIUS may be the better choice. But if you want
someting with AD, LDAP, Kerberos, Unix, NTLM, SQL etc built in and
But he can still care (TM). ;)
Tony Varriale wrote:
Hey, you don't work at Cisco anymore! :)
tv
- Original Message - From: Roland Dobbins rdobb...@arbor.net
To: Cisco-nsp cisco-nsp@puck.nether.net
Sent: Thursday, August 13, 2009 9:52 AM
Subject: Re: [c-nsp] Feedback on Bug Toolkit
I'm getting that for clarity. I'll respond back.
Tony Varriale wrote:
Rodney,
Do you have an official list of items/tools that feedback can be
provided on? Or, should we ping Wilson?
tv
- Original Message - From: Rodney Dunn rod...@cisco.com
To: cisco-nsp@puck.nether.net
Sent:
Yep, RADIATOR is great; we use it over here :-)
Regards,
Ge Moua | Email: moua0...@umn.edu
Network Design Engineer
University of Minnesota | Networking Telecommunications Services
Scott McGrath wrote:
Not so much - we use ACS for TACACS services and proxy the TACACS via
RADIUS for some
I can't follow the problem.
The router should try to defend the mac address it owns but if another
device simply takes over for it the only way to resolve that is fix that
device.
How exactly is it taking over?
What is the topo (ascii diagram would work).
Rodney
Graham Wooden wrote:
Hi
Not so much - we use ACS for TACACS services and proxy the TACACS via
RADIUS for some application but Cisco ACS is now an appliance and on
the
close order of 8K + SmartNet so you are looking at 20K $US for a new
solution.
The newer version 5.0 of ACS is available only as an appliance, but
Absolutely, with EEM 3.0 an applet can be triggered with an SNMP trap or
inform. The details are here (although the article describes a slightly
different task):
http://wiki.nil.com/Trigger_EEM_applets_with_SNMP_Informs
However, are you absolutely positive there is no other way to get what you
It's interesting to note that this occurs at about the default ARP
timeout of 1800 seconds (Is that what the router is configured
for?). That implies that when the arp times out and the router arps
for the other end, it get an ARP REPLY from the wireless device. Is
that what you are
Yeah, kinda messy - sorry about that.
It's taking over as when I do a sh arp ip, instead of seeing the far end
router's MAC for the other end of the /30, I see the radio's.
c6509/sup32 - radio radio - c2621
Between the c6509 and c2621 is a routable /30.
I should note
I say 30 minutes ... But I just had it occur on less than 5 minutes from
having the far end router and radio rebooted. And apparently my attempt to
hardcode the MAC addresses on both ends didn't fix it. I am going to start
blaming the radios I think ...
On 8/13/09 2:55 PM, Jeff Fitzwater
Graham Wooden wrote:
Yeah, kinda messy - sorry about that.
It's taking over as when I do a sh arp ip, instead of seeing the far end
router's MAC for the other end of the /30, I see the radio's.
c6509/sup32 - radio radio - c2621
Between the c6509 and c2621 is a
Yep, we know that already. I'm finding that there isn't a lot of
management systems (OV/Concord atleast) that can natively monitor the
7k's since they haven't certified the platform yet.
Wondering how people are monitoring elements such as CPU Health, intf
utilization, topology change event traps
IF you hardcoded the ARP in both routers, then they should never
change. So what exactly breaks? Can you ping the other router? What
is the other routers ARP entry and visa versa? They better be the
ones you put in.
Jeff
On Aug 13, 2009, at 4:53 PM, Graham Wooden wrote:
I say 30
Cisco DCNM might give you the info you are looking for.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ash Net
Sent: Thursday, August 13, 2009 5:01 PM
To: Roland Dobbins; Cisco-nsp
Subject: Re: [c-nsp] Monitoring
From what I've seen on much of the new DC equipment, Cisco focused more on
XML than SNMP for the monitoring hook into the Nexus gear. I know many of
the features you're asking for were bolted on per customer requests but I
haven't seen any specific templates out there around this. I'd be
I've seen some funky things like this before, ie: with cable modems that
are supposed to be L1 only transparent but monkey up the stack.
If he hardcoded the mac's the adj should never change for CEF.
Verify it with 'sh adj detail' and sh ip arp.
Rodney
Jeff Fitzwater wrote:
IF you
We use DCNM for real-time monitoring here (e.g. we use it to
troubleshoot issues as they arise) - works great for this purpose,
though in my opinion the configuration interface is a little
over-complicated compared to just using the CLI, which is a bad sign. :)
The XML interface is very, very
Hello Ivan,
Thank you for your response.
In my design, I am load sharing the traffic by multihomed BGP with two ISPs
through two local 7600 routers. To avoid any single point of failure, we
have a backup link for each ISP connected to each local router. as below:
Router1 connected with
Given a customer with a 10mbps fiber connection into PE1 on a L3 MPLS VPN
and also a backup ADSL link to PE2 on the same provider's L3 MPLS VPN, what
is the best PE-CE protocol to use? I assume we could run eBGP over both
links and weight them from the provider's end, as well as the customer end.
Hello,
I have a Cisco 2960 running 12.2(50)SE3
(c2960-lanbasek9-mz.122-50.SE3.bin). Interface FA0/1 is an uplink to
the main network/DHCP server and has no restrictions. FA0/19 is
connected to a switch and that switch has a variety of wireless access
points. I want to restrict inbound
I know - the whole thing is bizarre. I was able to get access to that
remote C2621, and noticed that ip proxy-arp was disabled. I enabled to to
match my interface on the 6500. It's been up for close to an hour now with
no issues (hopefully I just didn't jinx myself).
I removed the hardcoded
Hi folks
I want to configure my ASA for remote access via outside however it
configuration do not work, IP are fake for reasons security. My
configuration is
In the outside interface I have
interface Vlan2
nameif outside
security-level 1
ip address 200.10.45.98 255.255.255.240
telnet
Hello all,
I've got a problem that I unfortunately don't know a heck of a lot about,
which I understand makes answering this question difficult. But I thought
I'd pick people's brains in the hopes of at least getting pointed in the
right direction.
Here's the deal. I run EIGRP for the
Your tcam is full. It may not log that, you likely need 12.2sxe or sxf
to see the logs on sup2. Cut down the number of routes you listen to
from your upstreams, having them send you just their customer routes
and use default for the rest.
In sup720 and sup1a when the tcam is full it would
On Aug 14, 2009, at 8:31 AM, Jared Mauch wrote:
Not sure on sup2 but I presume it's the same.
Yes, it is.
Whether or not one sees log messages depends upon one's logging level
(I think 3 or above should see it). sh fm sum will show if ACLs are
being processed in software due to the
On Thu, 13 Aug 2009, Jared Mauch wrote:
Your tcam is full. It may not log that, you likely need 12.2sxe or sxf to see
the logs on sup2. Cut down the number of routes you listen to from your
upstreams, having them send you just their customer routes and use default
for the rest.
In sup720
Thanks All for the feedback. The only issue with DCNM deployment is
its a new tool and there will be a learning curve for the ops team
plus will take time to customize the interfaces.
We were mainly hoping to get 6K level of monitoring in place for the
7K as well since SNMP is much more prevalent
What kind of boxes are you using for PE? How many VRFs do you have on
the box? What code is running?
There are limits to the number of OSPF processes (at least on some
platforms and code), so I tend to prefer eBGP, but OSPF has its
obvious advantages.
--William McCall
On Thu, Aug 13, 2009 at
hi Ash,
On 14/08/2009, at 7:01 AM, Ash Net wrote:
Yep, we know that already. I'm finding that there isn't a lot of
management systems (OV/Concord atleast) that can natively monitor the
7k's since they haven't certified the platform yet.
actually, there is quite a lot of management partners
For PPPoE, FreeRADIUS is very worthwhile. The options the software provides on
on-par with the best commercial RADIUS software. The downside? It is not GUI
based (though you can write your own and link it to SQL/LDAP/etc, we have and I
suspect most ISP's do) and also, it does involve a
Jack,
Several things can lead to the symptoms you describe. That is why it is
important you shed further light on the events that led to the problem. (i.e
what changed? Is this a lab or production device? sh captures? IOS
version??? etc)
When posting to public fora, it is always a good idea to
Thanks for the input all. It appears unanimous: My TCAM is stuffed. I'm
a little baffled by the EIGRP aspect (which I don't think anyone
addressed), but it makes sense that it would all be using the same
resources.
Is there not a simple command to show the used capacity of the TCAM?
On Aug 14, 2009, at 11:17 AM, Rick Kunkel wrote:
Is there not a simple command to show the used capacity of the TCAM?
sh tcam ?
---
Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com
Unfortunately,
That all looks pretty good though, unless I'm missing something...
UsedFreePercent Used Reserved
Labels: 4 5080
ACL_TCAM
Masks: 1040860
On Aug 14, 2009, at 12:24 PM, Rick Kunkel wrote:
That all looks pretty good though, unless I'm missing something...
Try sh mls cef maximum-routes sh platform hardware capacity pfc
I can tell you that as the global table topped 256K entries long ago,
you've been hurting for a while if
On Aug 14, 2009, at 12:32 PM, Roland Dobbins wrote:
Try sh mls cef maximum-routes sh platform hardware capacity pfc
And sh mls cef su
---
Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com
65 matches
Mail list logo