Hi
We just implementing IPv6 in our network. As we operating Cisco
6500/Sup720 we also have to configure some IPv6 ACLs on these devices.
In ACLs we need to match tcp/udp port numbers so we will use 'mls ipv6
acl compress address unicast' mode (only match 112 bits of IPv6
address field).
My
The bits that are ignored are a little higher up.
:::::33xx:xx33:
The rules are a bit more complicated than that as
those bits are fixed in EUI-64 addresses.
A different set of bits is lost if the upper 64 bits are zero.
So you only lose those bits when a statically
We tried to make a pseudowire yesterday with the following setup:
Side A has a certain device connected to C3750 Switch on port 19.
Port 20 on C3750 Switch is set as trunk and it's connected to C7200VXR router
port g0/1
The xconnect is done on subinterface G0/1.200 (VLAN200 dot1q encapsulation
Not sure I understand your answer, Jefri...
-Original Message-
From: je...@grid.ui.edu [mailto:je...@grid.ui.edu]
Sent: Wednesday, December 08, 2010 3:13 PM
To: Ziv Leyes; cisco-nsp-boun...@puck.nether.net; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] L2TPv3 question
You have to
Dear Experts!
I have a need to configure L2L vpn to different clients. I have built the
vpns under a single crypto map, but an issue has come up.
One of my Client requires me to NAT my inside network to my public address
as he also had NAT his inside network to his public address.
How do I
Greetings, I'm looking to roll out a GPON deployment using the ISG as our BRAS
with DHCP-based sessions but we are experience some problems with session
restart. We're using an external DHCP server and RADIUS. Sessions come up
fine the first time, but if there is an existing session and the
Le 08/12/2010 14:00, Ziv Leyes a écrit :
We tried to make a pseudowire yesterday with the following setup:
Side A has a certain device connected to C3750 Switch on port 19.
Port 20 on C3750 Switch is set as trunk and it's connected to C7200VXR router
port g0/1
The xconnect is done on
Since you mentioned one subnet with static allocations from a portion of
that subnet I assume that you don't want the DHCP server handing out
your static allocations. You can configure exclusions (i.e. don't give
out these addresses) with ip dhcp excluded-address
Vijay Ramcharan
Alexey Lapkis wrote:
Hi,
I am wondering if it is possible to configure the ASR 1006 to perform L2TP
Tunnel Switching to himself.
I mean that both authentication processes (RADIUS) take place from the same
ASR 1006 but from different loopback addresses.
Tried to configure, but it does not
We experienced an odd issue recently where queries to a .gov site were timing
out. Upon further investigation, packet captures, etc., we noticed that the
return packet was fragmented and 1514 bytes. I increased the default value in
policy-map type inspect dns pol_name
parameters
Bill,
Default used to be 512, with the eDNS changes, it should be set to 4096 to
avoid issues.
-ryan
From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] on
behalf of Bill Blackford [bblackf...@nwresd.k12.or.us]
Sent: Wednesday,
One more point:
One set of ASA's places the maximum *before* client auto. This set is
exhibiting the odd behavior.
The other set of ASA's places it *after*. This set is running a newer code rev.
and the odd behavior not reproducible.
Someone offered the 'client auto' offlist as a fix as
Hi Bill,
The change (tracked by CSCta35563) re-ordered the message-length
maximum client auto command and also enabled it by default in the
preset and migrated dns_map.
This change went into Versions: 8.3(1), 8.2(2), 8.1(2.37), 8.0(5.2),
7.2(5)
Sincerely,
David.
Bill Blackford wrote:
I know from previous conversations that the architecture as well as some of
the defaults for the ME series are different than the traditional switching
platforms. I was curious if there were any reasons why I shouldn't use them
in a vanilla switching environment such as a LAN or a server farm. I
David,
-Original Message-
From: David White, Jr. (dwhitejr) [mailto:dwhit...@cisco.com]
Sent: Wednesday, December 08, 2010 2:38 PM
The change (tracked by CSCta35563) re-ordered the message-length maximum
client auto command and also enabled it by default in the preset and
migrated
Ryan West wrote:
David,
-Original Message-
From: David White, Jr. (dwhitejr) [mailto:dwhit...@cisco.com]
Sent: Wednesday, December 08, 2010 2:38 PM
The change (tracked by CSCta35563) re-ordered the message-length maximum
client auto command and also enabled it by default in
On (2010-12-08 09:41 +0100), Robert Hass wrote:
In ACLs we need to match tcp/udp port numbers so we will use 'mls ipv6
acl compress address unicast' mode (only match 112 bits of IPv6
address field).
Where did you arrive to 112? My understanding of the compressed mode is
Where did you arrive to 112? My understanding of the compressed mode is
128-src_port-dst_port-flags = 128-16-16 = 88 usable bits for addresses.
omitted -8 there,
flags = 8bits, so 128-16-16-8 = 88.
--
++ytti
___
cisco-nsp mailing list
One thing to watch for is that there is no local switching among UNI ports.
You could either set your port type to NNI or you could set the vlan as a
community vlan to enable local switching. What platforms were you looking
at? ME3400, 3750ME? You should take note that the ME3400
series doesn't
On Wed, Dec 8, 2010 at 16:50, Edward Salonia e...@edgeoc.net wrote:
One thing to watch for is that there is no local switching among UNI ports.
You could either set your port type to NNI or you could set the vlan as a
community vlan to enable local switching.
Double check the specs on these.
On 12/8/2010 1:44 PM, Keegan Holley wrote:
I know from previous conversations that the architecture as well as some of
the defaults for the ME series are different than the traditional switching
platforms. I was curious if there were any reasons why I shouldn't use them
in a vanilla switching
Correct. In older versions of the IOS you were limited to the number of nni
ports but that has changed.
-Original Message-
From: Andrew Koch andrew.k...@gawul.net
Sender: cisco-nsp-boun...@puck.nether.net
Date: Wed, 8 Dec 2010 17:19:07
To: Keegan Holleykeegan.hol...@sungard.com
Cc:
I'm looking at the new 3600X series it was just released in Sept. I noticed
the no local switching for UNI ports. Is there a way to disable the UNI/NNI
relationship completely or enable local switching for UNI ports?
On Wed, Dec 8, 2010 at 5:50 PM, Edward Salonia e...@edgeoc.net wrote:
One
On 9/12/2010 10:28 AM, Jeremy Bresley wrote:
On 12/8/2010 1:44 PM, Keegan Holley wrote:
I know from previous conversations that the architecture as well as some of
the defaults for the ME series are different than the traditional switching
platforms. I was curious if there were any reasons why
3600X might be an option, otherwise there are other vendors with cheaper
L2-switch-only products with 24+ SFP ports on them.
The Nexus 5548 has 1G support coming sometime in the near future, so if
you are looking to buy further down the line it might be an option. The
older 5010/5020 models
Hi,
I must be missing something obvious here, so please stay with me. I'm
currently devising config for the device.
We have a 4900M that will be connected over 2x10G to a customer. I
want to apply a very simple QoS in this scenario - mark packets on
input and act on that on output:
class-map
Hi,
I need a backup router for a 7206VXR/NPE-400/512MB RAM than can handle
full routes from a single eBGP peer. Router provides transit to an
end-user. Remaining configs on router are minimal, max throughput is
about 30-40Mbps.
Would a 2911/512MB RAM be sufficient? Or is the CPU too puny?
This is not correct.
The field is actually 288 bits (v4 uses 144 bits).
Some of these bits are used for protocol, flags and such, 2 bits are used for
IPv6 address type.
The remaining available for IPv6 addresses + ports is 256.
Source and destination are each allotted 128 bits.
The bits removed
Hi,
I suggest you to ask your client to do NAT for both traffic incoming and
traffic outgoing as client has PIX at his side. PIX has this intelligence
(bi-directional translation) to solve such private network overlapping issue
behind the VPN gateway.
On 12/8/2010 6:32 PM, Edward Salonia wrote:
Correct. In older versions of the IOS you were limited to the number of nni
ports but that has changed.
The limit is 4 NNIs in the METROBASE image and unlimited in the IPACCESS
image. There is an ACCESS image in between BASE and IPACCESS it may
On Wed, Dec 8, 2010 at 5:30 PM, Adam Greene maill...@webjogger.net wrote:
Hi,
I need a backup router for a 7206VXR/NPE-400/512MB RAM than can handle full
routes from a single eBGP peer. Router provides transit to an end-user.
Remaining configs on router are minimal, max throughput is about
On 09/12/2010 00:05, Phil Bedard wrote:
The Nexus 5548 has 1G support coming sometime in the near future, so if
you are looking to buy further down the line it might be an option. The
older 5010/5020 models have limited 1G support (only on first 16 ports if
I recall correctly)
ObWarning:
Hi
Anyone know if we can create a .MSI of the CIsco VPN IPsec software
that include all
parameter of the connexion ?
Thanks for your help
STephane
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
On Thursday, December 09, 2010 08:05:49 am Phil Bedard
wrote:
3600X might be an option,...
For the application the OP is looking at, the ME3600X/3800X
might be overkill. It's a very powerful switch, bordering on
a real router.
I'd keep things simple unless the OP needs all these
features.
I don't know about creating an .MSI, but the way I always did it was by surfing
to the Cisco VPN folder in program files, there is a folder with .pcf files
that you can save aside and then from within the VPN Client window you can
import those files and you get all the profile ready.
35 matches
Mail list logo
