Hi List,
has anybody experienced doing port isolation / port-security using the cisco
4503?
I can't seem to find the best way to do it since the IOS doesn't have
port-security option in the CLI.
regards,
Chris
___
cisco-nsp mailing list
Chris,
This is the latest config guide:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/52sg/conf
iguration/guide/port_sec.html
Could be some older IOS or low end SUP?
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
All,
When we deployed our MPLS core, we made the minor mistake of setting the
RD the same on every router.
On the platform we're using (6500/sup720, 12.2(33)SXI) you don't seem to
be able to change the rd of a defined VRF; you have to no rd which
promptly blows away the router bgp / address
Hi there
have u managed to figure out what was causing that?
Did you see that your clns filter references
49.0001...0100.00
where as your R1 router's Sys ID is
49.0001...0001.00
Regards,
Dave
Ibrahim Abo Zaid wrote:
Hi All
I was testing ISIS Adj-filter option , R1,R2
Could look at Q1 Labs as well. They now offer a Free VM version:
http://www.q1labs.com/qradar-slim-fe/
-Original Message-
From: Mario Spinthiras [mailto:spinthiras.ma...@gmail.com]
Sent: Monday, September 07, 2009 10:52 AM
To: Cisco Network Service Providers
Subject: Re: [c-nsp]
Hi,
Did you tried the same command but not on the DIS?? On a LAN, one of the
routers elects itself the DIS, based on interface priority (the default is
64). If all interface priorities are the same, the router with the highest
subnetwork point of attachment (SNPA) is selected
I did your same
Do the same commands work e.g. 'service-policy input/output FooPolicy' at the
virtual interface level the same as they do on a physical port, both in and
out?
I'm trying to set up rate limiting 'further up the line' rather than at the
network edge, so we can pool customer bandwidth and keep
Hi Randy,
What platform?
On 6500/7600 the answer is yes, you need mls qos vlan-based on the physical
interfaces and then you can police on the SVI.
Ian
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Randy McAnally
6500 platform.
Last time we had 'mls qos' enabled we had massive speed/packet loss issues
with interfaces over 40% utilization since we don't classify traffic.
Is there any possible issues you might see?
--
Randy
-- Original Message ---
From: Ian MacKinnon
On Tue, 2009-09-08 at 11:30 +0100, Phil Mayers wrote:
When we deployed our MPLS core, we made the minor mistake of setting the
RD the same on every router.
On the platform we're using (6500/sup720, 12.2(33)SXI) you don't seem to
be able to change the rd of a defined VRF; you have to no rd
Not seen problems turning on mls qos.
We have on the physicals :-
Int gi1/1
mls qos vlan-based
mls qos trust dscp
and a typical service policy looks like :-
policy-map 10MegPolice
class class-default
police 1000 26000 32000conform-action transmit exceed-action
transmit
I think it is required, not 100% sure.
Our policers are just using the default class, but I think by default it will
then use different queues on the actual hardware.
In my understanding the policing and queuing is completely separate.
Ian
-Original Message-
From: Randy McAnally
Thanks, I don't want to enable global QOS (queuing) which 'mls qos' will
enable. The default queues cause all kinds of trouble with our traffic (you
can see details in another topic I created couple months back).
--
Randy
www.FastServ.com
-- Original Message ---
From: Randy
On Tue, 2009-09-08 at 07:29 -0400, Randy McAnally wrote:
Thanks, I don't want to enable global QOS (queuing) which 'mls qos'
will enable. The default queues cause all kinds of trouble with our
traffic (you can see details in another topic I created couple months
back).
Why not enable mls qos
Hello
I'm experimenting with MPLS-TE and have a question about reservation of
the bandwidth on an interface. It's more or less clear that each tunnel
can receive the necessary bandwidth and that it is consequently subtracted
from the overall bandwidth configured for the interface.
Phil,
Why don't you just create a new VRF, with a new RD, then prepare all the
import/export policies (no need to change RT's). You can also prepare
any relevant PE-CE routing config in advance.
This can be done offline.
Then when you want to migrate the customer, you just change the ip vrf
By 'not classify' I meant all of our traffic is in the same default class.
Could you verify that 'mls qos' is not needed globally before you can do 'mls
qos vlan-based' on an interface?
Cheers
--
Randy
-- Original Message ---
From: Ian MacKinnon ian.mackin...@lumison.net
To:
Does anybody know of an open source alternative to Websense or Secure Computing
Smartfilter? Transparent proxying with Squid works but we would like something
like url filtering through a Websense equivalent box.
Thanks in advance.
Nick
___
cisco-nsp
Thanks for all the emails, we have created some code here with
success :-D
Thanks agains to everyone for the time and attention.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
http://www.ks-soft.net/hostmon.eng/mibbrowser/index.htm
is what I use. It's a windows program, but it works fine in wine.
On Mon, Sep 07, 2009 at 11:36:23AM +0300, Mohammad Khalil wrote:
hey all
what is the way to transform the MIBs to OIDs ?
hey all
I have to create authorization shell and define the
commands I want to match or unmacth
Then I have to assign this set to a group , for example 1
and assign a user to that group
and i have to configure on the device the command aaa authorization
config-command
From:
I am studying for my CCNA Voice and i am having a lot of trouble with the
call leg set up arrow, if anybody here can help i will greatly appreciate
it.
1) Phone 1234 dials a PSTN Destination 405-555-0103
2) Provide call setup in both directions
Panocisco
I am actually verifying if any new features have been released, that might
allow tunnel setups and re-optimization to work based on actual available
bandwidth, based on actual load, but assuming you are using OSPF or IS-IS CSPF
during the set up and optimization, it will take all the
Thanks Victor
but why applying the filter on all routers except DIS solves the problem ?
is there any explainsion
best regards
--Ibrahim
On Tue, Sep 8, 2009 at 3:56 PM, Victor Cappuccio vcapp...@cisco.com wrote:
Hi,
Did you tried the same command but not on the DIS?? On a LAN, one of the
Thanks to all who replied, will give it a try.
Sincerely,
Michael
-Original Message-
From: Peter Rathlev [mailto:pe...@rathlev.dk]
Sent: Wednesday, September 02, 2009 5:05 PM
To: Michael Malitsky
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Geographically dispersed ASA
Hello,
I am working on the first 10Gig deployment in a small data center. Main
driver is a SQL database, so there will be a bunch of SQL servers
virtualized using VMware, running against a SAN over iSCSI.
I've done some research and it looks like I can build the network using
a Catalyst 4900M
Other than FCoE, the major difference is L3 switching. The 5010 is a
Layer2-only device and the 4900M can do routing. If you're trying to
shave off microseconds, the 5010 will beat the 4900M in switching
latency. On the other hand, the 4900M is modular and well suited for
mixed, low-density
That would be Untangle: http://www.untangle.com
Frank
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of nm...@guesswho.com
Sent: Tuesday, September 08, 2009 3:40 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Opensource
I have the following setup in place for remote access to an exchange
point in Toronto:
juniper J2320 router
|
cisco bridge 1
|
| ) telco-provided
---|--- ) layer-2
| ) transport
|
cisco bridge 2
|
Hello Joe:
snip
Is there something fundamental I'm missing, here? Why should a
transparent bridge behave differently with IPv4 than it does with
IPv6?
Joe
! cisco bridge 1
cisco 2620 (MPC860) processor (revision 0x102) with 61440K/4096K bytes
of memory.
System image file is
I'm trying to figure out of the Catalyst 4500s running Sup5 with IOS
12.2SG support the carrier-delay command. The interface capabilities
show that the old Catalyst link debounce feature isn't supported on
WS-X4306 GigE interfaces , however the switch allows you to configure
carrier-delay.
Hi,
--- On Tue, 8/9/09, Phil Mayers p.may...@imperial.ac.uk wrote:
When we deployed our MPLS core, we made the minor mistake
of setting the RD the same on every router.
I'm curious, I thought setting the RD the same on each PE router (obviously per
VPN) was the way to do things ?
Most of
The Nexus 5K does not support VTP. That may or may not be a issue for you.
Patrick.
Darrin Machay wrote:
Other than FCoE, the major difference is L3 switching. The 5010 is a
Layer2-only device and the 4900M can do routing. If you're trying to
shave off microseconds, the 5010 will beat the
On Tue, 2009-09-08 at 16:05 -0700, Tony wrote:
I'm curious, I thought setting the RD the same on each PE router
(obviously per VPN) was the way to do things ?
...
When do/should you set the RD to be different ? I'm guessing it's
going to be for larger installations and to allow more
The main benefit of having a different RD per VRF per PE is for IBGP multipath
in the core. If you don't need or ever foresee using/benefiting from multipath,
then you can use the same RD for a given VRF on all PE's.
Thanks,
Solutions Architect
SP Mobility Advanced Services
CCIE RS
Cisco
Frank,
Thanks for the link though this is an inline solution which would be
problematic.
Thank you for the suggestion though.
Nick
From: Frank Bulk [frnk...@iname.com]
Sent: Tuesday, September 08, 2009 5:42 PM
To: Nicholas Maio;
Hi Randy,
I remember the previous topic because I was the one who suggested that you
disable QOS globally (if you didn't need it) when you were seeing throughput
issues. I stand by this as the easiest solution at the time, but now that you
need to use QOS for something else, you'll have to
37 matches
Mail list logo
