Then mark all your and your customers prefixes with community and
announce only these marked.
On 15/11/13 09:49, Mikael Abrahamsson wrote:
Just using prefix-lists has drawbacks as well, since customers who are
no longer customers can end up being transited to your network because
you now
Hi,
On Fri, Nov 15, 2013 at 06:49:43AM +0100, Mikael Abrahamsson wrote:
On Thu, 14 Nov 2013, Gert Doering wrote:
Easier on CPU load but more maintenance if prefixes keep being added is
to filter by prefix-list... so it depends a bit on how fast your
router's CPU is, how often prefixes
Hi Folks
That is right even with padding disabled the several first hellos (i.e.
until adj-comes up) are padded to full interface MTU -3.
Though with A9K and ME3600 the use of CLNS MTU is a bit funky.
I'm glad to hear that the ancient bug is finally fixed in .S1a and the CLAN
MTU is computed
Javier == Javier Henderson (javier) jav...@cisco.com writes:
Javier On Nov 13, 2013, at 9:15 AM, Pierfrancesco Caci p...@caci.it
wrote:
Hi,
I have an ACS 5.4 with two interfaces, one where we get the tacacs
queries, and one for management. Trying to get UCP (using the
Has anyone else seen this? Our N7k CoPP policy seems to be letting
packets through which are arriving MPLS-labelled. In particular, this
means it's completely ineffective at protecting the CPU in an L3VPN,
since all packets inside the VPN arrive labelled.
Presumably the class-map isn't
Any Ideas ???
On Fri, Nov 15, 2013 at 10:23 AM, Methsri Wickramarathna
mmethw2...@gmail.com wrote:
Hi all,
Yesterday we had a strange behavior on one of our Cisco 1841 router. Which
was suddenly unreachable and after when we troubleshoot the issue and found
out router has missing it's
Hi Experts
I am working on migrating existing GGSN radius post charging process to a
diameter quota services
we dont have a CGS, so is there a way to skip this. radius need to authenticate
users and diameter provides the charring
quota for all the users
our base is a Cisco GGSN on MWAM module
On 15/11/2013 10:44, Methsri Wickramarathna wrote:
Any Ideas ???
most likely to be someone's typo. Best idea to enable logging and tacacs+
AAA on the device so that you can see what's going on and who did it. AAA
logging is an invaluable tool for follow-up problem diagnosis.
Nick
On (2013-11-15 09:48 +), Phil Mayers wrote:
Has anyone else seen this? Our N7k CoPP policy seems to be letting
packets through which are arriving MPLS-labelled. In particular,
this means it's completely ineffective at protecting the CPU in an
L3VPN, since all packets inside the VPN arrive
Yes, explicitly filtering prefixes outbound if you're an edge site and
inbound if you're a service provider is the right way to do it, whether
it's v4 or v6.
For BGP particularly, IPv6 is really nothing special at all; just mirror
your configurations and policies.
Depending on your OS, you may
On 15/11/13 12:02, Saku Ytti wrote:
On (2013-11-15 09:48 +), Phil Mayers wrote:
Has anyone else seen this? Our N7k CoPP policy seems to be letting
packets through which are arriving MPLS-labelled. In particular,
this means it's completely ineffective at protecting the CPU in an
L3VPN,
Hi Guys,
If we have two active/active DataCenters on different geographical
locations and going to peer with the same provider for internet. What are
the pros and cons of having same Autonomous Number on both data centers. In
other word which is more scalable and practical, having both data
I can’t think of any reason to use more than 1. If you have a meshed network
and announce space to the public network then you need a real AS. For your
application if you’re using provider space and just looking for redundancy with
in the DC you could get away with using a private AS. I
Is it possible the static default was in the running config, but not the
startup, and the router rebooted?
Chuck
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Methsri
Wickramarathna
Sent: Thursday, November 14, 2013 11:54 PM
To:
Nick Router is enabled with tacas+ AAA ... I can see all the commands
entered with the usernames...
Chuck Router isn't rebooted .. uptime was 30 weeks :(
Harold Router statement missing from both running and startup configs
... When I enter *show ip route 0.0.0.0* it says network not
Is there an IP address on the interface the default is using, or is it using
DHCP? DHCP can add a default route to the table, but wouldn't show up in
either config.
Chuck
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Methsri
Chuck default route config
ip route 0.0.0.0 0.0.0.0 X.X.X.X # directed to next hop IP no DHCP
configured
On Fri, Nov 15, 2013 at 8:31 PM, Chuck Church chuckchu...@gmail.com wrote:
Is there an IP address on the interface the default is using, or is it
using DHCP? DHCP can add a default
My first thought was that it rebooted and wasn¹t in the saved config. IS
the route statement missing or just the route from the table?
Luck,
Buz
On 11/15/13, 6:42 AM, Nick Hilliard n...@foobar.org wrote:
On 15/11/2013 10:44, Methsri Wickramarathna wrote:
Any Ideas ???
most likely to be
This is the line that was missing then?
ip route 0.0.0.0 0.0.0.0 X.X.X.X
From: Methsri Wickramarathna mmethw2...@gmail.commailto:mmethw2...@gmail.com
Date: Friday, November 15, 2013 at 10:03 AM
To: Chuck Church chuckchu...@gmail.commailto:chuckchu...@gmail.com
Cc: Buz Dale
On Tuesday, November 12, 2013 09:31:34 PM c...@marenda.net
wrote:
But that extra Gig port is shared hardware with the FAS
Management Port, (which could be Gig...). it's another
chipset than the other three CPU?-Ports,
and it's not performing very well :-(
You can't expect to run any of
Jon yes it's only the ip route command was missing , if configurations
was rolled back is there a way to identify it ???
On Fri, Nov 15, 2013 at 9:11 PM, Methsri Wickramarathna
mmethw2...@gmail.com wrote:
Harold yes that was the line
On Fri, Nov 15, 2013 at 8:50 PM, Harold 'Buz' Dale
Harold yes that was the line
On Fri, Nov 15, 2013 at 8:50 PM, Harold 'Buz' Dale buz.d...@usg.edu wrote:
This is the line that was missing then?
ip route 0.0.0.0 0.0.0.0 X.X.X.X
From: Methsri Wickramarathna mmethw2...@gmail.com
Date: Friday, November 15, 2013 at 10:03 AM
To: Chuck
Syslogs to see when someone exited from config mode.
On Fri, Nov 15, 2013 at 10:44 AM, Methsri Wickramarathna
mmethw2...@gmail.com wrote:
Jon yes it's only the ip route command was missing , if configurations
was rolled back is there a way to identify it ???
On Fri, Nov 15, 2013 at 9:11
There is a match protocol mpls to match labeled traffic.
http://puck.nether.net/pipermail/cisco-nsp/2013-March/089936.html
On Fri, Nov 15, 2013 at 4:48 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
Has anyone else seen this? Our N7k CoPP policy seems to be letting packets
through which are
On 15/11/13 16:08, Pete Lumbis wrote:
There is a match protocol mpls to match labeled traffic.
Not sure what use that is in the context of selectively
dropping/permitting traffic, the standard use-case for CoPP.
I could block all L3VPN traffic, but I might as well turn the box off if
I'm
Does it make any difference if you run label-allocation-mode per-vrf?
On Fri, Nov 15, 2013 at 4:48 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
Has anyone else seen this? Our N7k CoPP policy seems to be letting packets
through which are arriving MPLS-labelled. In particular, this means it's
Why do we want labeled traffic to punt at all? Anything destined locally
should be imp-null or would have the exp-null label stripped in hardware.
So my bigger question would be why are we punting? Beyond that what CoPP
class should it match if it does punt? Are you staying there is a class to
On 15/11/13 16:54, Pete Lumbis wrote:
Why do we want labeled traffic to punt at all? Anything destined locally
Er, no. Think management in VRF, in which case traffic for the
management loopback arrives labelled with the VRF label.
should be imp-null or would have the exp-null label
Pete I didn't get that clearly
On Fri, Nov 15, 2013 at 9:25 PM, Pete Lumbis alum...@gmail.com wrote:
Syslogs to see when someone exited from config mode.
On Fri, Nov 15, 2013 at 10:44 AM, Methsri Wickramarathna
mmethw2...@gmail.com wrote:
Jon yes it's only the ip route command was
29 matches
Mail list logo