Hi all,
Did anyone get this to work on XR 4.3.2.
vrf TEST
address-family ipv4 unicast
export to default-vrf route-policy default_policy_pass_all
route-policy default_policy_pass_all
pass
end-policy
router bgp
vrf TEST
rd 1:1
address-family ipv4 unicast
redistribute connected
Hi all,
Did anyone get this to work on XR 4.3.2.
vrf TEST
address-family ipv4 unicast
export to default-vrf route-policy default_policy_pass_all
route-policy default_policy_pass_all
pass
end-policy
[...]
RP/0/RSP1/CPU0:#sh route vrf TEST
B99.99.99.1/32 [200/10] via 11.11.11.11
Hi Nick,
Many thanks for the info, that is very useful :)
I shall continue to research and include the Ws-X7604-10GE.
Kind regards,
James.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
hi Oliver,
In this case it's a iBGP route but i've tested with connected static and
ospf and it's the same.
vrf RO_CASA
address-family ipv4 unicast
import route-target
1:1
!
export to default-vrf route-policy default_policy_pass_all
export route-target
1:1
!
RP/0/RSP1/CPU0:#sh
So if I understand this correctly, with two tests running, each test
only manages about 50% of the bandwidth of the link?
Are these tests sending data in only one direction, or both?
If they are sending data in both directions, would it not make sense
that each can only use about half the link?
Hi,
i need to prevent users to open Facebook https traffic from my router cisco
1841
you will need to invest in other technology that can achieve this...and wonder
why you dont get the best people working for your company. blocking facebook
isnt
a technical issue...its a human resource
On Thu, Nov 14, 2013 at 01:43:33PM +, a.l.m.bu...@lboro.ac.uk wrote:
i need to prevent users to open Facebook https traffic from my router cisco
1841
you will need to invest in other technology that can achieve this...
I agree about the technology part. Run a box built to do this sort
Thx Oliver .
router bgp xx
address-family ipv4 unicast this was missing
vrf TEST
address-family ipv4 unicast
redistribute connected metric 10
redistribute static metric 10
as the leak route is know via bgp ( in default vrf) and not
connected/static ( as in vrf )
Regards,
Catalin
fuck! The faulty behavior disappears. Just rebooting the nexus-switch. Two days
to view a lots of logg-messages, error discovery, tests... For what? For
nothing. And now I'm not absolutely sure that the fault will not raise up
again. That does not inspire me with confidence.
^^°-°^^
+1
dansguardian
Regards,
Ge Moua
moua0...@umn.edu
University of Minnesota Alumnus
--
On 11/13/13, 9:58 PM, mohamed nagy wrote:
archive athttp://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Thx Oliver .
router bgp xx
address-family ipv4 unicast this was missing
vrf TEST
address-family ipv4 unicast
redistribute connected metric 10
redistribute static metric 10
as the leak route is know via bgp ( in default vrf) and not connected/static
( as in vrf )
yes, this is
+1
dansguardian
Regards,
Ge Moua
moua0...@umn.edu
University of Minnesota Alumnus
--
On 11/13/13, 9:58 PM, mohamed nagy wrote:
Hello ,
i need to prevent users to open Facebook https traffic from my router cisco
1841
i can put it as ip but is there any thing else because the ip way not
You can do something like this on a 1841:
class-map match-any BLOCKED-WEBSITES
match access-group name BLOCKED-WEBSITES-ACL
match protocol http host *facebook*
policy-map BLOCK_WEB
class BLOCKED-WEBSITES
drop
int f0/0
service-policy input BLOCK_WEB
The ACL can also be used to match on
Another +1
Open DNS is a great work around and allows for easy management in the event you
wish to block further sites.
On Nov 14, 2013, at 10:40 AM, Pablo Lucena pluc...@coopergeneral.com wrote:
You can do something like this on a 1841:
class-map match-any BLOCKED-WEBSITES
match
Right, if you read my first response it says that it will *NOT *work for
HTTPS. It will work however for HTTP traffic. I've tested it and it does
work.
On Thu, Nov 14, 2013 at 10:59 AM, Hari bamsha Sapkota
sapkota.hari...@gmail.com wrote:
Hi Pablo,
The first option won't work for the HTTPs.
Hi all,
I got an answer on this and thought I'd share. It bit me in the ass and I'd
hate for it to bite anyone else.
The root cause was due to a fix implemented in 15.3(3)S1a for CSCtl54835.
Essentially, the CLNS mtu is now properly calculated from the L3 interface MTU
whereas before, the
i need to prevent users to open Facebook https traffic from my router cisco
1841
i can put it as ip but is there any thing else because the ip way not
efficient
What about null-routing all advertised prefixes (32) from Facebook AS?
$ whois -h asn.shadowserver.org prefix 32934 | awk -F
Hi Pablo,
The first option won't work for the HTTPs. Correct me if i'm wrong :)
I had tried for the second option before some months ago but I couldn't
accomplish it by blocking the IP found by nslookup since there are lots of
addresses for the site like Facebook its not scalable as well.
If
New to IPv6 so sorry if this is a very basic question:
I currently am dual homed with ipv4
I'm currently using a filter list:
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*
to make sure I'm not a transit provider.
in my googleing around I'm not seeing that done in IPv6
On 14/11/2013 15:58, Scott Voll wrote:
in my googleing around I'm not seeing that done in IPv6
You shouldn't use them for ipv4 either. You should use ip prefix lists (or
non regexp-based bgp communities if your bgp policy is anything more than
trivially complicated) for controlling prefix
How about setting up a squid proxy for http and https and disallow all
port 80/443 traffic except via the proxy. In the proxy, you can control
exactly what websites are accessible then.
On 11/14/13 12:45 PM, Pierre Emeriaud petrus...@gmail.com wrote:
i need to prevent users to open Facebook
Hi,
On Thu, Nov 14, 2013 at 07:58:26AM -0800, Scott Voll wrote:
I'm currently using a filter list:
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*
to make sure I'm not a transit provider.
in my googleing around I'm not seeing that done in IPv6
Besides the CPU
I can't check right now but what are the defaults for ISIS hello
padding on ME3600x?
kind regards
Pshem
On 15 November 2013 06:39, Jason Lixfeld ja...@lixfeld.ca wrote:
Hi all,
I got an answer on this and thought I'd share. It bit me in the ass and I'd
hate for it to bite anyone else.
Docs seem to indicate that it's still enabled by default, padded all the way up
to the full MTU size.
On Nov 14, 2013, at 6:51 PM, Pshem Kowalczyk pshe...@gmail.com wrote:
I can't check right now but what are the defaults for ISIS hello
padding on ME3600x?
kind regards
Pshem
On 15
On Nov 13, 2013, at 9:15 AM, Pierfrancesco Caci p...@caci.it wrote:
Hi,
I have an ACS 5.4 with two interfaces, one where we get the tacacs
queries, and one for management. Trying to get UCP (using the java
thingie) to work, I can't figure which of the two interfaces it's
listening on, and
Hi all,
Yesterday we had a strange behavior on one of our Cisco 1841 router. Which
was suddenly unreachable and after when we troubleshoot the issue and found
out router has missing it's default-route. Initially we thought that
someone may accidentally removed it. TAC logs enabled on router so I
On Thu, 14 Nov 2013, Gert Doering wrote:
Easier on CPU load but more maintenance if prefixes keep being added is
to filter by prefix-list... so it depends a bit on how fast your
router's CPU is, how often prefixes change, etc.
Just using prefix-lists has drawbacks as well, since customers
27 matches
Mail list logo
