Dave,
Have you checked out the logs. I think you should see your answer there. Even
if the tunnel came up properly, the ASA would still detect that it's coming
from the DMZ VLAN and drop the connections. The only option is connections
from the inside or outside VLANs into the DMZ VLAN.
Hello
I have an 877W with IOS 12.4(22)T1 here, and I am writing some code to
interpret ATM and ADSL stats from the router.
IF-MIB::ifTable shows ATM0 as being of type adsl(94), ATM0-atm layer
as being of type atm(37) and ATM0-adsl as being of type adsl(94).
ATM-MIB::atmVclTable has entries
Observing starnge problem in WS-C2950G-24-EI switches.
The link goes down and does not comes up .
Link cames up only , when the switch is rebooted manually.
change patch cord and change Gibic module does not help
UDLD messages are observed . but after the reboot , the switch becomes OK.
Thanks,
Hi,
On Mon, Sep 14, 2009 at 02:02:05PM -0500, Doug McIntyre wrote:
So, don't go searching for switches that support NAT, the Cat6500 is it.
But there are caveats - not all IP protocols are supported in the hardware
path. I seem to remember postings on this lists that had somewhat unusual
-Original Message-
From: Jared Mauch [mailto:ja...@puck.nether.net]
Sent: Tuesday, September 15, 2009 12:27 AM
I have a long laundry list of bugs in SXI2, including one that I've
not quite yet isolated when you have several levels of recursion on
routes causing it to take quite
Hi,
On Mon, Sep 14, 2009 at 10:47:17AM -0400, Jared Mauch wrote:
On Sep 14, 2009, at 10:36 AM, Gert Doering wrote:
On Mon, Sep 14, 2009 at 09:52:36AM -0400, Jared Mauch wrote:
While you're at it, ask for protected memory in the software. It's
not like ram/flash are expensive these days...
Hi,
On Mon, Sep 14, 2009 at 05:30:11PM +0100, Alan Buxey wrote:
that is not feasible, completely abandon IOS and provide XE or NX-OS
on *all* platforms)
NX-OS on all platforms? nothanks - some of us want functionality ;-)
The problem with the multitude of different operating systems in
I've been looking through the Cisco doc but didn't found what I was
looking for, therefor this question :
I transformed a 2801 router which we used as a dialin server to a
console server. The config seems to work, I can do a
telnet xxx 2018 to get access to serial port 0/1/1, also ssh -l
Hi Wim,
On Wed, 16 Sep 2009, Holemans Wim wrote:
-Is there a way to access the async line from within the router
itself ? So just a telnet/ssh to the router and then something like
'connect line XXX' ? The connect command on the router seems an
equivalent of telnet for outgoing tcp
-Is there a way to access the async line from within the router
itself ? So just a telnet/ssh to the router and then something like
'connect line XXX' ? The connect command on the router seems an
equivalent of telnet for outgoing tcp sessions and I don't see
another
command that could
I am running with
_
Save time by using Hotmail to access your other email accounts.
http://clk.atdmt.com/UKM/go/167688463/direct/01/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
I am running with a project at the moment with regards to getting Inter-AS
mvpns working ALL hardware is Cisco. If I read all the material correctly and I
would like some clarification, I cannot use non MDT SAFI capable router as
Route-Reflectors, as type 2 RDs are non-transitive. The
We're trying to do a custom bgp setup for one of our customers but I'm
not sure if it's even possible with IOS. Our network has its primary
upstream connection in a different city from where this customer will
connect. However each city has its own local internet connection as
well for
Lobo wrote:
We're trying to do a custom bgp setup for one of our customers but I'm
not sure if it's even possible with IOS. Our network has its primary
upstream connection in a different city from where this customer will
connect. However each city has its own local internet connection as
Lobo wrote:
This customer's requirements for bandwidth can be met if they use the
local connection only but should the connection go down, they would most
likely saturate the intercity connection and impact everyone else. What
has been proposed is that they will use the local connection to
Lobo wrote:
We're trying to do a custom bgp setup for one of our customers but I'm
not sure if it's even possible with IOS. Our network has its primary
upstream connection in a different city from where this customer will
connect. However each city has its own local internet connection as
Does anybody know if it is possible to run the AnyConnect Essentials license
and a small 10 user ssl license to allow only 10 people access to the webportal
but all the rest to use the AnyConnect client.
___
cisco-nsp mailing list
That is not currently possible. Once AnyConnect Essentials is enabled,
Clientless (webportal) VPN will be disabled, along with CSD. Users
accessing the ASA via the web page will automatically be sent to the
AnyConnect Web launch after successful authentication.
Sincerely,
David.
Thank you. Exactly what I was looking for.
-Original Message-
From: David White, Jr. (dwhitejr) [mailto:dwhit...@cisco.com]
Sent: Wednesday, September 16, 2009 10:04 AM
To: Nicholas Maio
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA Licensing
That is not currently possible.
David,
Does this mean that DAP policies that may leverage CSD returned registry values
will not work with Essentials?
-ryan
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of David White, Jr.
(dwhitejr)
Sent: Wednesday,
I have an issue where after setting up a BGP peer on one side, then issuing a
'sh run | b router bgp' to check my config before going to the adjacent peer
and setting that side up, the command hung. As it turns out the active sup (I
suppose the RP) crashed and failed over to the hot spare.
Hi Ryan,
Yes, that is correct. Since CSD is disabled, DAP cannot obtain any
host/registry values to make it's decisions. However, AAA attributes
for DAP will still work.
Sincerely,
David.
Ryan West wrote:
David,
Does this mean that DAP policies that may leverage CSD returned registry
I have a 3750 running 12.2.44
I have one or two units that I cannot https into because the
certificate cannot be trusted.
Everything seems to point to the keys on the switch and even after
generating new keys it still fails https.
I can ssh in to CLI, just can't https.
I have zeroized
Hi List,
Presently I have two foundry FI400 switches in the core that provide layer 3
functionality as well. I'm serving about 20 access switches and a few
virtual machine hosts in an enterprise environment with approximately 50
VLANS. We're outgrowing this and also since it's older hardware
Hello,
I have a pair of 7606s running single SUP 720 – 3BXLs with Version
12.2(18)SXF7 (IP Services)
What I saw last night is perplexing and mind you I’m not the greatest with
these devices.
Sep 15 18:39:04: %LINK-3-UPDOWN: Interface GigabitEthernet4/41, changed
state to up
Sep 15 18:39:04:
Hi Jeff,
On Wed, 2009-09-16 at 11:48 -0400, Jeff Fitzwater wrote:
I have a 3750 running 12.2.44
I have one or two units that I cannot https into because the
certificate cannot be trusted.
Everything seems to point to the keys on the switch and even after
generating new keys it still
Lobo wrote:
We're trying to do a custom bgp setup for one of our customers but I'm
not sure if it's even possible with IOS. Our network has its primary
upstream connection in a different city from where this customer will
connect. However each city has its own local internet connection as
I don't know how often you got the snmp traps, but maybe there was some micro flapping happening and the logging process
didn't catch it.
I have seen many down/up snmp traps at the same time (*), while there where only a few of logging events (and no drops
due to rate-limit). Besides checking
Thanks for the responses everyone. I like the idea of conditional
advertisement and will likely work with something like that. The
session does not necessarily need to go down but advertising them
nothing could work good.
Zoe, I like your method as well and will look at seeing if I can work
Hi,
Does anybody know if there's some way to configure the MAC flapping
settings on a 3560/3750?
I would like to be able to specify how many changes with a certain time
period should make the switch log a flapping issue.
--
Peter
___
cisco-nsp
If you use the 6018 instead of 2018 you should find the control characters
escape characters etc work.
2xxx are 7 bit connections
4xxx give echo - you don't want that
6xxx are 8 bit connections.
Don't remember trying it with ssh but the 6xxx are certainly better for
connecting to Cisco devices
Well it looks like the key storage, which is in NVRAM by default (from
what I have read) was not there or corrupted. So doing a crypto key
storage nvram fixed it.
No sure why but it works now.
Jeff
On Sep 16, 2009, at 12:44 PM, Peter Rathlev wrote:
Hi Jeff,
On Wed, 2009-09-16 at 11:48
I'm pretty sure either I'm not understanding something architecuture-wise
or we've enabled something globally that halves this. The marketing sheet
says this will do 1M ipv4 routes. My show commands lead me to believe our
systems will only do 512k. Not a problem today (for full internet) but
What exact flavor of ES card are you using ? 'sh mod '
Putting a ES20-3C in to a chassis with RSP720-3CXL lowers the
effective table capacity of the system to the level of 3C
Brandon Applegate said the following on 9/16/2009 2:19 PM:
I'm pretty sure either I'm not understanding something
On Wed, Sep 16, 2009 at 8:19 PM, Brandon Applegate bran...@burn.net wrote:
I'm pretty sure either I'm not understanding something architecuture-wise
or we've enabled something globally that halves this. The marketing sheet
says this will do 1M ipv4 routes.
Hi,
It supports 1M ipv4 routes
I'm looking for an option to redirect some traffic from a web server that can
not handle it's current load.
For example, can I send traffic bound for hosta.domain.com/images to one NAT
destination while traffic bound for hosta.domain.com/anythingelse to another
NAT destination?
This is a
Hi Brandon,
On Wed, 2009-09-16 at 14:19 -0400, Brandon Applegate wrote:
I'm pretty sure either I'm not understanding something
architecuture-wise or we've enabled something globally that halves
this. The marketing sheet says this will do 1M ipv4 routes.
It has 1M 72-bit TCAM slots. Default
All,
I've taken over a 3560 around 10 months ago, and it's been performing
well until last night. With no warning, no log output or anything to
indicate trouble, it stopped processing one of my ACL rules. I have
about 100 rules in the ACL and this one is near the beginning. It
stopped
On Wed, 16 Sep 2009, Sidney Boumendil wrote:
It supports 1M ipv4 routes *only*. Default setup is 512K ipv4 and mpls + 256
ipv6 and mcast.
Use mls cef max in conf mode to reconfigure this.
HTH
Sidney
This is exactly what I was looking for, thanks.
On 16/09/2009, at 6:06 PM, Gert Doering wrote:
Just imagine how much functionality NX-OS could get if they would stop
wasting effort on 17 different software trains for classic IOS and
instead focus on getting NX-OS on all hardware platforms, and getting
feature parity for it.
Totally agree.
On Wed, Sep 16, 2009 at 7:43 PM, David Hughes da...@hughes.com.au wrote:
On 16/09/2009, at 6:06 PM, Gert Doering wrote:
Just imagine how much functionality NX-OS could get if they would stop
wasting effort on 17 different software trains for classic IOS and
instead focus on getting NX-OS
Hi
I am running with a project at the moment with regards to getting Inter-AS
mvpns working ALL hardware is Cisco. If I read all the material correctly and I
would like some clarification, I cannot use non MDT SAFI capable router as
Route-Reflectors, as type 2 RDs are non-transitive. The
I have a central side 2600 with an ISDN BRI card in it, and a remote site
with a 2600 and ISDN BRI card in it. I have the ISDN lines working, and I
have the remote site calling into the central site (I can see the calls on
the console) and RADIUS appears to be authenticating the call. Then
43 matches
Mail list logo