On 04/08/2010 01:21 AM, D W wrote:
All,
I have a query regarding NAT/VPN on a Netscreen 550 running screenOS 6.0/6.1
Suggest you subscribe to the juniper-nsp list and ask there.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Dears
Is it possible to make the dot1x and the ACS server set a bandwidth limit on
per user basis, and is that depend on the IOS version ?
Thank You
Samir A. Alkadhumi
IT Department.
Shorsh St. 15 - Bldg. No. 3
Sulaymaniah - Kurdistan - Iraq
Tel: +964-53-5111 000
Fax:
I've been reading up about uRPF on Cisco's website, at:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
I've heard many people suggest that having uRPF filtering on in an ISP
environment is a good idea (and best practice).
However I'm grappling with the idea in
On Apr 8, 2010, at 5:46 PM, Reuben Farrelly wrote:
1. Given the global routing table is increasing and there is not all
that much unallocated/non-routed IP networks left (and thus fewer
invalid source addresses to draw from), is uRPF much of an advantage in
todays ISP/IPv4 networks?
It
Reuben,
In my opinion, the major gain is when deployed uRPF Loose Mode on
border routers is the possibility to drop traffic based on blackhole
for source address or source network flows. You may point local static
route to null or use a router-server to feed this. Depending of you
creativity you
Hi,
I'm not sure if you have seen this beauty...
Labbing SXH7 before upgrading production machines, I configured a port
from its default state on the lab box (switchport) to test EoMPLS here,
and after the test was done, I wanted to configure the port back.
- default interface gi5/2, then put
On Apr 8, 2010, at 8:24 AM, Gert Doering wrote:
Hi,
I'm not sure if you have seen this beauty...
Labbing SXH7 before upgrading production machines, I configured a port
from its default state on the lab box (switchport) to test EoMPLS here,
and after the test was done, I wanted to
As mentioned before, it still can be useful and necessary if you want to
deploy some central filtering mechanism RTBH or variant.
More detailed here (As a start):
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
After having activated uRPF in loose mode you can verify if
This sounds like CSCsu69951 which is an internal bug, so won't be
viewable on CCO.
Details of same:
+++
Symptom and Conditions:
-
On any interface if xconnect ipaddress VC id encapsulation mpls
On 2010.04.08 06:46, Reuben Farrelly wrote:
I've been reading up about uRPF on Cisco's website, at:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
I've heard many people suggest that having uRPF filtering on in an ISP
environment is a good idea (and best
Reloading a device is not really a viable workaround.
It's sad that developers seem to think that's ok on a production device.
- Jared
On Apr 8, 2010, at 8:41 AM, Shimol Shah wrote:
Workaround:
---
Reload the box, after removing the command xconnect IP - addr VC encap
mpls
Thanks for the feedback guys. I forgot to mention that we will possibly be
moving to at least VRF-lite but possibly a full-blown MPLS network. and
i'll need this to possibly do Netflow. It looks like the ASR would be a
better fit since I dont need this to be a call gateway, IPS, and all of the
Hi,
On Thu, Apr 08, 2010 at 08:41:37AM -0400, Shimol Shah wrote:
This sounds like CSCsu69951 which is an internal bug, so won't be
viewable on CCO.
Thanks. It very much sounds like it (grrr).
I'll go and open a TAC case...
gert
--
USENET is *not* the non-clickable part of WWW!
The bug was an internal dev-test bug, hence the recovery/workaround. Am
surprised why no one in the field had hit this in SXH till now. Now that
it is, it is time to make it external and get the fix in SXH.
Shimol
On 4/8/10 8:53 AM, Jared Mauch wrote:
Reloading a device is not really a
On 8-4-2010 15:01, Shimol Shah wrote:
The bug was an internal dev-test bug, hence the recovery/workaround. Am
surprised why no one in the field had hit this in SXH till now. Now that
it is, it is time to make it external and get the fix in SXH.
Is it normal to hide all the bugs at Cisco?
--
If a bug is found in dev-test it is marked as internal and fix is put
in. Later if someone in the field hit the same bug, then it is made
external.
Is it normal to hide all the bugs at Cisco?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Phil I agree; Dave, I will hit you up over at juniper-nsp
Billy
- Original Message -
From: Phil Mayers p.may...@imperial.ac.uk
To: cisco-nsp@puck.nether.net
Sent: Thursday, April 08, 2010 1:16 AM
Subject: Re: [c-nsp] OT: Juniper SSG Policy-based VPN and NAT
On 04/08/2010 01:21 AM, D
On Thu, Apr 8, 2010 at 8:53 AM, Jared Mauch ja...@puck.nether.net wrote:
Reloading a device is not really a viable workaround.
It's sad that developers seem to think that's ok on a production device.
They probably run Windows for their dev environment...
--
Tim:
Depending on the level of QoS you need, sounds like something most any
L3 switch would handle fine, assuming it's an Ethernet handoff (which it
sounds like). If you don't care about an occasional buffer overrun, even
a 3560G will do you. Get really fancy and use a 6524, and it's prolly
still
Is it true that the when subsequent layers of labels are added to MPLS
traffic, the EXP field is copied to the top most label from the next
one downward (this is on a 6500 using LAN-based cards)?
Thanks,
Michael.
--
___
cisco-nsp mailing list
Word I keep running across is that Cisco is basically out of everything
that matters:
- there are no 6503 or 6504 chassis to be had without significant
waiting - it took a month and change for my guy to find 2 6504s, and I'm
very tempted to swap out a pair of 6503s (which would be foolish on my
On Apr 8, 2010, at 9:35 PM, Jeff Bacon wrote:
If you don't care about an occasional buffer overrun, even a 3560G will do
you.
Note that these boxes won't do NetFlow, which is essential for traffic
visibility and security situational awareness. ASR 1K supports NetFlow.
For any hopeful purveyor of network equipment or any others who
belive that seeing my email address in this forum constitutes permission
for you to send me information about your products or services, think
again. I reject unsolicited commercial email advertising as a valid or
legitimate
I have two notes to Shimol post:
- sometimes I saw, that there's bug ID referenced in some release notes,
but there're no detailed informations available in bug tool (for example
CSCsk67395 referenced in 12.2(53)SG release notes from end of March, but
marked as cisco-employee only to these
On Thu, 8 Apr 2010, Michael Robson wrote:
Is it true that the when subsequent layers of labels are added to MPLS
traffic, the EXP field is copied to the top most label from the next one
downward (this is on a 6500 using LAN-based cards)?
Yes, that is generally the default when doing
We did see very long lead times on a 4900M order made last October (took 4
months), but a recent order is showing 4 weeks. We will see if it starts
getting bumped as the time to ship grows near :-)
Tnx
Chris
On Apr 8, 2010, at 10:39 AM, Jeff Bacon wrote:
Word I keep running across is that
Is it normal to hide all the bugs at Cisco?
If a bug is found in dev-test it is marked as internal and fix is put
in. Later if someone in the field hit the same bug, then it is made
external.
And while security bugs might be justified to use that
approach, the default should be on openness,
On an ME-3400EG-12CS, I can force the speed of a port to 10Mb and leave the
duplex set for auto. If I connect a 10/100 or 10/100/1000 device to this
10/Auto port, both ends negotiate to 10/Full Duplex. The world is a happy
place. I can do the same thing on an ME-3400-24TS, a WS-X3550-24, a
They've had this problem across many product lines for over a year now
(4900, 6500, ASA, Nexus, 3560s, etc). We keep hearing that management is
working on it.
Unfortunately, we've already had a few customers that can't tolerate 4
months lead time, canceled orders and went with the
On Thu, Apr 8, 2010 at 1:38 PM, Buhrmaster, Gary g...@slac.stanford.edu wrote:
Is it normal to hide all the bugs at Cisco?
If a bug is found in dev-test it is marked as internal and fix is put
in. Later if someone in the field hit the same bug, then it is made
external.
And while security
On 2010.04.08 08:48, Steve Bertrand wrote:
On 2010.04.08 06:46, Reuben Farrelly wrote:
I've been reading up about uRPF on Cisco's website, at:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
I've heard many people suggest that having uRPF filtering on in an ISP
We had the same issue, even for RMA (NBD replacements), where we had to
wait for 2 months for an ES+ card.
2 months is the average lead time we usually get for new orders.
--
Tassos
Tony Varriale wrote on 08/04/2010 19:50:
They've had this problem across many product lines for over a year now
We've also been seeing large delays with various Cisco ASA models and ended
buying up as many as we could from any vendor that could get them in stock.
We were being told it was due to a materials shortage on Cisco's end.
Vinny Abello
Network Engineer
Physician Services
Dell Perot Systems
Phone:
We are 4 months on ASA's and nearly 6 on the 4500 bundles.
Michael Balasko
CCSP, MCSE
Network Specialist II
City of Henderson, Nevada
240 Water St.
Henderson, Nevada 89015
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
We dot try to make public any bug that goes out in shipping code.
We don't catch 100%.
The idea is that all the bugs we find in internal testing before code
ships should not show up outside as it would just dilute the ones that do.
Rodney
On 4/8/10 12:38 PM, Buhrmaster, Gary wrote:
Is it
The testers view the workaround section in their world as a way to clear
the condition.
That's where when it gets exposed outside it needs to be verified for
customer consumption.
I mean, does anyone notice when we get it right? ;)
Rodney
On 4/8/10 8:53 AM, Jared Mauch wrote:
Reloading
Word I keep running across is that Cisco is basically out of everything
that matters:
I have heard the same thing, but only in regard to ASA hardware. A Cisco
competitor sent me an email last week saying that they had won a big deal in
part because Cisco screwed the pooch by being unable to
I have an old Pix which I need to configure with a previously saved txt
file from an identical machine. I must use HyperTerminal. I tried to
use the copy paste aspects of the HyperTerminal but the configuration
seems to append rather than overwriting. Can someone help me out who
knows what
copy paste puts data into the running-configuration, and that is a
'merge'.
If you start with a blank config on the PIX (from clear config all),
then pasting in your old config should yield your old conf (other than
the fact that interfaces will be shutdown).
The other option is to take the
On Apr 8, 2010, at 11:00 AM, Joel Snyder wrote:
Word I keep running across is that Cisco is basically out of everything
that matters:
I have heard the same thing, but only in regard to ASA hardware. A Cisco
competitor sent me an email last week saying that they had won a big deal in
I have been informed that the ASA Shortage is due to a chipset change on all
ASA products. and that availability is pushed back until end of June, at
least for me, its June.
On Thu, Apr 8, 2010 at 1:47 PM, Patrick Muldoon doon.b...@inoc.net wrote:
On Apr 8, 2010, at 11:00 AM, Joel Snyder
They wonder why people buy used gear, overnight shipping???
-Drew
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Charles Mills
Sent: Thursday, April 08, 2010 2:59 PM
To: Joel Snyder
Cc: cisco-nsp@puck.nether.net
On Apr 8, 2010, at 2:21 PM, Rodney Dunn wrote:
I mean, does anyone notice when we get it right? ;)
...I do notice, trust me. SXF17a is nice and mature now, and I thank customers
of cisco for using enough of the product to justify keeping it alive this long.
I think Safe Harbor testing and
Sorry...too many emails going out at once.
Clarification.
We do try to make public any bug that goes out in shipping code.
...
The idea is that all the bugs we find *and fix before the code is
shipped* should not show up on the outside as it would just dilute the
ones that do make it out in
Probably depends on how much we're paying for gear vs how long it takes to fix
issues vs expectations that Cisco is the best.
-Drew
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rodney Dunn
Sent: Thursday, April 08,
To erase the existing configuration run the write erase command
then, reload.
Message: 6
Date: Thu, 08 Apr 2010 14:46:26 -0400
From: David White, Jr. (dwhitejr) dwhit...@cisco.com
To: Fancher, William wfanc...@inventionmachine.com
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Old Pix
- James Edmondson biged7...@gmail.com wrote:
| I have been informed that the ASA Shortage is due to a chipset change
| on all ASA products. and that availability is pushed back until end of June,
| at least for me, its June.
The shortage also extends to RAM if our reseller is to believed.
http://docs.google.com/viewer?url=http://www.loud-fat-bloke.co.uk/obeseus2.pdf
The other problem these commercial tools is their fixation with flows as
a means of
rationalising the measurement of traffic. I think this derived from the
use of netflow and
s-flow, which are a means of
Hello,
We currently have a DS3 with an outbound service policy prioritizing voice
traffic, some of this voice is not marked correctly (a different issue we
are working on) and it ends up on the class-default queue. The problem is
that we drop packets from that class-default queue even if our
Hi,
I have 7600-S module as follows:
7600-s#sh module
Mod Ports Card Type Model
Serial No.
--- - -- --
---
12 ESM20G 7600-ES20-10G3CXL
22 ESM20G
50 matches
Mail list logo
