Re: [c-nsp] MACSec Stages

802.1AE Look that up for how it works alan On Wed, 4 Apr 2018, 00:32 Alex K., wrote: > Hello everyone, > > After a few implementations of MACSec, I began wondering is there a > complete documentation of that technology out there? > > For example, I have quite an

Re: [c-nsp] Syslog timezone

just to check - do you mean the events are coming through to syslog with wrong timezone - or do you mean the syslog server is showing the wrong timzene in its events - both are unique/seperate alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] LACP between router VMs

I thought STP passed over a linux bridge interface unless you used brctl to change its behaviour? been a little while since I last looked alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp

Re: [c-nsp] ISIS/BFD Monitoring

RouteExplorer is a nice tool (Commercial, from Packet Design) On 15 Sep 2017 10:50 am, "Alex K." wrote: > Hello everyone, > > A customer of mine, ran into interesting problem - his monitoring software > unable to provide him with a meaningful alert, in case a link goes

Re: [c-nsp] stange vlan 1 output

>I have two equal trunk configuration ports False assertion. They have different vlan allow lists and one has a 'udld port' setting (which might be the cause of difference rather than the allow list) alan ___ cisco-nsp mailing list

Re: [c-nsp] 2960X SDM Template

Yes. Tell me about it. The values for the routing SDM are worse across the board so why would you use that profile instead??? One day I'll get a nice explanation ;) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] Level 2 switch 1U, 4 x 10GE

Nexus 3k series? What l2 performance are you after? Required buffer size etc? A stack of 2 2960x would give you 4x10GSFP+ for example alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp

Re: [c-nsp] Link encryption and scalability kit etc

Slightly larger frames and a bit more config. In terms of throughput its line speed or near enough to not distinguishwe're doing it on 10Gb links. Be aware though that any WAN carriers that might be doing tagged MPLS stuff have to support the protocol our initial circuit was such and

Re: [c-nsp] Poor speed through GRE tunnel

What hardware for a Gig connection? :) (Currently its looking like a pair of Linux boxes) alan On 16 July 2015 10:54:45 BST, Nick Cutting ncutt...@edgetg.co.uk wrote: Buy cheap 1921's with sec licences - In every case I've deployed these as DMVPN / VTI can get GREoIPsec to hit the 85Megabit

Re: [c-nsp] Mixing 2960S and X in stack

Gert has given the answer. Yes, you can mix them but there are so many caveats... I've advised our team to just not think about mixing them ever. Better to swap out 2960s elsewhere with a 2960x to get a 2960s stack member! ;) alan ___ cisco-nsp

Re: [c-nsp] 3850?

Cisco have been dumping quite a lot of features into their 38xx stores. .. and even 2960x!! The netflow features on both is far far ahead of their historical investments into 'edge switching'. They might even now compare to the options that HP offer ;) alan

Re: [c-nsp] Restoring switch config to floating spare

There are many ways of doing this, either using commercial switch provisioning tools or using ciscos native switch provisioning toolkit (which then usually gets config from tftp server by default). Either way will get you the 'plug in and go' result that you desire alan

Re: [c-nsp] Cisco console port to USB

This is the best USB to serial adapter ever. +1 ♡ :) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ios aaa

' If I put them into radius then they can access all of our devices, not good.' Huh? Yes. It's not good which is why RADIUS servers have the abilities to define policies. Configure the RADIUS server so that people can only log in from the NAS they are authorised to do so from the locations

Re: [c-nsp] ASA

Going from 0 to 100 . That's a default block on the ASA platform isn't it? alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT: Wireless 2.4ghz

;) I guess the answer quotidian be 'when you want to' . There will always be legacy devices out there that people want to keep and won't do 5GHz It will be down to you when you turn of 2.4GHz support.a decision bases in support costs/overhead. I guess you already disable 802.11b? Are

Re: [c-nsp] How can I increase Ethernet MTU?

35min??? :) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] End-of-Life

Is access to cisco.com or Google blocked at your workplace? alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] WLC5700 and Unparalleled scalable wireless solution

I would suggest taking a look at the 8500 series WLCs if that sort of scale is what you need Yep. +1 It can do the numbers you are taking about... but your decision might be based on other requirements Ps wism2 with 1000 APs - yes. But the licencing is stupid. It's astronomical and a

Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS

IS-IS is still an excellent alternative. +1 for that! ;) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] UDLD enabling port prematurely?

Very useful with optical links alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] Need suggestion on cisco 3560 sw IOS

It's the fact that all the fan control stuff is STOPPED when doing the update. That's how noisy the things would always be if there was no fan control (its actually how noisy they can get if in a really bad environment ;) ). A bit like servers before you enable all the sensible stuff 8) alan

Re: [c-nsp] 6880-X XL vs. ASR

Obviously no love here for VSS etc But how is any of this any different not only to other virtual technologies (be they VLAN, MPLS, OTV etc) but to the code that you all rely on from cisco for the other things that keep the network running (spanning tree, EIGRP, OSPF, FIBs etc) ? Surely if

Re: [c-nsp] 802.1x radius

depends on your implementation and architecturebut FreeRADIUS is probably what you're looking for. alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] 802.1x radius

What are you trying to do? This is now out of scope of this mailing list - suggest you use the freeradius mailing lists. Alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] RAM thing

I passed this info to our team this AM. They've known about this since at least Dec 2010 too :( we have items from that list .. so far our stuff seems to have died after power cycle sure to the faulty capacitor problem instead! :/ Alan -- Sent from my Android device with K-9 Mail. Please

Re: [c-nsp] NTP DDoS

Something I can point customers to for testing their own set ups. ;) On a Linux or mac ntpdc -c monlist xxx.xxx.xxx.xxx If you get a reply (which will consist of a list of IP addresses that have sync'd with the daemon) then the server has a non optimal config. ... and if it's already been

Re: [c-nsp] Cisco autonomous AP - 802.11n / ac ?

You can get autonomous image on to the new APs but the future is not certain. However. .. with controller based APs (either local like cisco or cloud based like meraki or aerohive) you don't need to hit single APs in this manner. .. You just add profile to the APs or join APs to a profile and

Re: [c-nsp] NTP DDoS

Yep. Had a system on one of our ranges that was involved in yesterday's cloudfare ddos. It's not anymore and won't be anymore. Open to all NTP queries types from the world :/ Alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] NTP DDoS

+1 yep. Use any of these NTP resources to find issues within your ASNs/remit . As network admins it's our duty/responsibility to look after each other and try to keep the Internet free of such 'filth' :) Alan ___ cisco-nsp mailing list

Re: [c-nsp] ASA5520 latency OSPF drops

The ASA can be brought to its knees by small packets with not a very large PPS... its the ring buffer system it uses. Which brings to mind the current flavour du jour of ddos, that of NTP amplification. I'd do a span of your 2950G links to eg a Linux box with tcpdump and get a pretty picture

Re: [c-nsp] ASA5520 latency OSPF drops

and because it's wrong to make statements without documentation: http://geant3.archive.geant.net/service/edupert/Resources/Documents/Firewall_Performance_TIP2013.pdf that's a 'highend' 5585x dying with just 1Mpps Alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [c-nsp] 3750G memory leak?

Similar issue with 3750e in stacks... eventually you cannot have remote access. Latest IOS doesn't help (so other stacks are on older IOS) . Chatting to someone last week mixed mode 3750/3750e or x = even worse. Alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [c-nsp] 3750G memory leak?

Good to know about that 15.2 release sorting out the SNMP... Maybe I'll be able to remove all the OID filters that I currently have to stop SNMP polling causing an issue on these switches Alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [c-nsp] Weird problem with 2960S and desktop switch

Sounds like you've got bpduguard enabled. .. This will stop random switches being plugged into portfast access ports. If you don't want that then turn off the bpdugard Alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___

Re: [c-nsp] *** GMX Spamverdacht *** Re: Weird problem with 2960S and desktop switch

You've turned off protection and control. ... which means that the downstream switch had the chance to mess you up. Especially as your switch is in flat mode and thus very susceptible for vlan 1 to be messed up. ... which I'm guessing you use for management. The downstream switch might be

Re: [c-nsp] Re-licensing secondhand Cisco equipment

What about support with Cisco (eg TAC) and software updates, security patches, bug fixes etc? alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] DHCPv6

... It's almost as if the people that wrote the specs didn't run client networks.Anyway, back to normal service now (and I am keeping my eye on when the RA extensions appear in our IOS) Alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [c-nsp] DHCPv6

There's finally discussion and documentation for DHCPv6 to provide more than just a client address and on the flip side ( and the other stupidity) extensions so that SLAAC can provide eg DNS servers and NTP server details which will finally make it more auto config and mean no more dual

Re: [c-nsp] DHCPv6

The requester wants DHCPv6 not SLAAC for the clients . Wonder if there's an interface setting missing here for this platform? alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] Configuring Multiple Cisco Devices

Since when was that free? -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] VSS and just one 10GE link

What link are you going to use for your heartbeat? VSS will work with one link otherwise those sites that only use 2 10G links would be hosed if one of those links failed ;) -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___

Re: [c-nsp] Cisco 6500 mounting with cables

We use cable management bars and route all cables to the left and right thus ensuring that we don't have cables blocking the removal of a failed module or a module that needs swapping out for upgrade. Would recommend wider racks for such locations . You have more space to each side and often

Re: [c-nsp] Cisco 6500 mounting with cables

Interesting kit. Regarding fan unit - have had plenty of blade/sup swaps and failures. .. no fan tray (now I've said that. ..) the only time we had a fan swap was for a wholesale upgrade to e-series so ALL kit got taken out. alan ___ cisco-nsp

Re: [c-nsp] Finding source of ISIS authentication failure

Hi Odd. Unless the 7600 is missing a whole load of things then you shouldn't have any issues running the standard debug commands for ISIS...I certainly did to find source of an issue onour 6500. This was on SXI release of 12.2(18) or such.. we're on 15.x now alan

Re: [c-nsp] ASA 5515-X self power on (Vladimir Horak)

I'm guessing that there's some 'wait' algorithm to ensure that the power is back and 'stable' rather than coming straight back up when the juice arrives. .. otherwise things could get interesting if the power is wibbling up/down alan ___ cisco-nsp

Re: [c-nsp] Rancid causing reload SUP2T 12.2.50-SY3

Yes I've known several non priv show commands to crash their routers alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Old C2950 Strangness..

Yes, that date was too early for 2.6 kernel IIRC and BSD != Linux :) just do a password recovery on it alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] Confirmation of Gigabit Ethernet autonegotiation behavior

Probably better looking at the RFC ...however , duplex? Gigabit requires full duplex. You can't have half duplex... alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] WS-X6708-10G-3CXL usable with SUP2T?

Yep, unfortunately. Have done the DFC4 daughter board upgrade on the other cards (you get some more memory to swap-in on the base card too). Easy job but frustrating that the 6708 couldn't be part of it. alan ___ cisco-nsp mailing list

Re: [c-nsp] ASA VPN Tunnels

Given that same setup elsewhere is working then this problem is local. The world isn't ideal. I would suggest its an L1 or L2 issue with this customers line or broadband modem. Maybe line issues and renegotiation of the link or faulty modem. Get the line checked/measured/conditioned and/or the

Re: [c-nsp] enable secret 'password'

Hi, Warning: The CLI will be deprecated soon 'enable secret 5 $x/' Please move to 'enable secret password' CLI Any suggestions on how to get around this - I don't really want the password lying around in plain text... the password shouldnt be lying around in

Re: [c-nsp] RIPE 554, availability of required IPv6 features

Hi, Are my assumptions wrong? We're (in part politically) not allowed to require anything that only one or two vendors would be able to fulfill, i'm afraid that you may find only a couple of vondors who actually care about IPv6 - at least in such a way that they do eg RA gaurd, MLDv2

Re: [c-nsp] vlan limit hit...but havent?

24 port with couple of SFP ports? I've got a sneaking suspicion that this is one of those cases where resources are reserved for physical ports alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] Wireless Controllers, SVIs and WCCP

Hi, I am still waiting on the VSS support for the 4500s, but it looks like the first version won't be available until the start of next year - and I don't really want to use bleeding edge software for this application. So it looks as if I am left with the 6500 VSS Sup2T solution

Re: [c-nsp] Wireless Controllers, SVIs and WCCP

With latest code you can run them in hotstandby modeties up licences though. Have you looked at just swapping the 5508s with just a pair of the really big wireless controllers? Ideal WCCP functionality would just be present...might talk to our contacts about that. Have you looked at 4500

Re: [c-nsp] Config management

Sssh. they'd ditch it all for a java front end using proprietary signed and encrypted XML format that would end up being the PRIME way of doing INFRATRUCTURE control and management ;) alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart.

Re: [c-nsp] Config management

Thousands of switches...we use our own local scripts to put config/verify/audit alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Traffic shaping does not work (and is not supported) on Port-Channel interfaces on Software based routers

Of all things Cisco is good at, pissing of its users ranks #1 on the list. I'm hoping that their move to concentrate on switching and core business rather than eg digital cameras (what were they thinking with that? Did John Chambers ask his PA to buy a flip video and it was misheard?) will

Re: [c-nsp] N7K NX-OS SCP config

Hi, Does RANCID not support NXOS? yes 'cisco-nx' with nxrancid alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Experience with Chineese manufacturer of Optical transceivers

Hi, Do any of you have experience with a Chinese manufacturer of optical transceivers named: Yoranco - www.yoranco.comhttp://www.yoranco.com/ They have quite a broad product portfolio and a very low price compared to other manufacturers. got one of their emails today like I did? ;-) all

Re: [c-nsp] Aruba AP70

This is a Cisco mailing list. There are aruba resources out there...I guess the wireless installation guide would help too...I'd also guess that they are work in a similar way to Cisco wifi you either have a DNS entry for the controller or give the info to the APs VIA DHCP alan

Re: [c-nsp] IOS 15.0 ipv6-related weirdness (fails to fallback to ipv4)

Hi, int voip-null0 no ipv6 enable yes, i have - no such command. I'm looking for whats needed - the same thing happens on IOS 15 on 2960s/3750x etc - its nice to see some IPv6 stuff in the system at last (for example, you can assign IPv6 addresses for the domain servers etc - and IPv6

Re: [c-nsp] Rancid use without level 15 access?

We use TACACS+ (shrubbery) to give the rancid user the rights to only the commands it needs. As for silently failing, you can eg run the login command and scripts manually (it was through checking those scripts we knew what commands to allow) alan -- This smartphone uses free WiFi around the

Re: [c-nsp] C6k power reserved for redundant sup?

Hi, We'll have to consider if we try to find new PSUs (we have some 6000W in some remote boxes that could cope with 3000W) or move the module. We prefer to use slot 8 for aesthetic reasons but nobody really looks that these boxes that much. choosing a slot due to aesthetic reasons is not the

Re: [c-nsp] C6k power reserved for redundant sup?

Hi, As Andy points out the 6509-V-E does not have special slots (apart from the supervisor ones of course). And by aesthetic reasons I mean things like cable management. It's probably not a big thing since we seldomly change anything (it's all supposed to cabled at deployment time) but we

Re: [c-nsp] Shutting down a switch port automatically after a specific time

Hi, I would like to shutdown certain switch ports in my cisco 3550 switch automatically after a specific time. I tried configuring Time range with access list.But that only denies the ip traffic to the port while the port remains UP. I need the port to be down and then get the intimation

Re: [c-nsp] NTP Servers

Hi, Agreed - but there are also the political issues to consider - server (hosting team) vs. appliance (network team). I work in a network team. and we run servers - DNS, DHCP, NTP, RADIUS, SYSLOG, SNMP - basically all the network related things and bits that ensure a client can use the

Re: [c-nsp] NTP Servers

Hi, If that was the case then I'd have to provide mgmt the case, costs, best practice etc for things to change ;) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] single static ip address for customer(s)

Hi, I think may I deleted the original post(s) in this thread, but has anyone mentioned LISP. one possibility is to have a big NAT box on the edge of the network, then their address can be changed to whatever you need internally but they are seen on the same address externally. messy and

Re: [c-nsp] Rapid-PVST and RSTP compatibility

The cisco kit should fall back to the lower method. alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] StackWise Plus performance

Hi, I found in documentation that StackWise Plus is providing up to 64 Gbps of throughput. But is it full-duplex (then 128 Gbps half-duplex) or half-duplex (then 32Gbps full-duplex) ? Is it per one port ? Or both stack ports ? just wondering why your company blocks access to google? ;-)

Re: [c-nsp] 2960S IOS

12.2.58 is not going anywhere, we're halfway through upgrading to 15.0 (first versions had some show stoppers but latest version okay..so far! ;) ) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] SNMP monitoring routing table over time

Hi, some years ago I thought about this myself - coupled with SNMPtraps etc you can build a map of the routing across your network. the trouble was, i went into planning it and all the required features...and it just grew and grew... i had a couple of quagga boxes joined into the IGP and EGP

Re: [c-nsp] Recommended IPv6 Resources

Hi, I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. there are a few IPv6 books out there - from the cisco offerings to third party and usual stalwart publishers. they should get you well versed on

Re: [c-nsp] port channel numbering schemes

As I said, we TRY . The vendors will do their best to scupper us, other things will come up to b0rk it. But as a rule of thumb its a starting point (i'm more concerned that other things change such as the MIB value between different platforms) alan

Re: [c-nsp] port channel numbering schemes

Hi, We try not to match interface numbers to VLAN ID's. That works out alright when you're starting out, but as the network grows, many face-palm and hair-pulling moments :-). Agreed. Clever numbering schemes can just be misleading when they don't line up. another 'agreed' - however,

Re: [c-nsp] WS-X6704-10GE, WS-X6708-10GE

without DFC cards, some work/decisions still have to go to the supervisor. DFC (distributed) is what gives your modules autonomy alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] Config Backups

RANCID and a couple of home-made scripts for custom jobs alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Config Backups

Can do SSH. Use read-only account though, no need for a powerful account to read the config. Also stores the config with revision control/history and the file stored has obfuscated passwords/credentials. alan ___ cisco-nsp mailing list

Re: [c-nsp] Cisco Asset Management and Discovery Toll

netdisco is my favourite. Then there's Cisco tools and other offerings such as Orion NPM..most of the kiwisoft things are now on Orion products (they had some great tools) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] high CPU usage when coyping to flash

hi, its not just your 4900 device - somethings gone a little wierd in cisco land since around the introduction of 3750 or 2960 devices too - as doing an eg 'archive download-sw ' command kills the switch performance for end user connected devices... this never used to be the case with eg the

Re: [c-nsp] Cisco Switch (2960G-48TC-L) CPU Utilization

hi, 12.2(52)SE ? hideously old and full of wierd little bugs - really, check the IOS release notes and the closed/resolved caveats for every release since that version... you might be suprised how it even worked at all... ;-) alan ___ cisco-nsp

Re: [c-nsp] Fibre link flapping

Unidirectional optic link. Check out udld for detection/protection alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches

Hi, What type of mtrie stride could possibly do this? IPv4 8-8-8-8 and IPV6 16-16-16-16-16-16-16-16, this would make IPv6 mtrie depth and width 2x of IPV4. For them to be same depth IPv6 stride would need to be 4294967296-4294967296-4294967296-4294967296 if you could have that wide stride,

Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches

Hi, Physics. typical engineer...always blaming the scientists and their methods 8-) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] Feedback on terminal exec prompt timestamp

Hi, Hell, how about turning proxy arp off by default? seconded (I see a future method for cisco feedback here ;-) ) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] Feedback on terminal exec prompt timestamp

Hi, No thanks. When I want that info I'll ask for it or I'll turn this feature on. Plus it could break or confuse scripts and programs that interact with Cisco routers. I agree - have no need of this detail whenever i run a commandor if any of our polling scripts collect data. IF I want

Re: [c-nsp] When do you upgrade IOS?

Hi, 1.What drives you to upgrade code on critical routers switches? new features + bug fixes. keeping the firmware up to date should be part of the planning process - whatever network mgmt method you follow (FCAPS, ITIL, TMN, etc) upgrading should be part of planned actions - or one day

Re: [c-nsp] sup2 lead times/costs

Hi, I've got two-month lead times on my sup2t orders. aye. we had to fight hard to get ours...and they went into service pretty quick! What I'm seeing is a lack of discounting, so to speak. And so much demandso why reduce the price? the early people wanting access to the platform will

Re: [c-nsp] Flow tools

Hi, Second: I'm curious if people are seeing prices that make sense for the DFC4 upgrade parts for 67xx linecards. They were about 50% more than the equivalent DFC3 parts. When we costed out the upgrade of our main core routers to sup2T, the DFC parts made it quite pricey, and pushed us

Re: [c-nsp] Flow tools

Hi, I'm finding it slightly ironing that the subject of this email is about netflow...and yet people are dissing the Sup2T - the Sup2T is a netflow beast! :-) I'm just suprised that they took the opportunity to ditch the old PFC/DFC mixing but kept the old inter-module communication link...

Re: [c-nsp] Loopback IP set to .255 - 6500 responds to ICMP echo-request from wrong interface

Hi, been using .0 and .255 addresses (in the proper class-less places eg in middle of a /23 ) for years now. any kit or system that cannot handlesuch addresses as being client/end-station addresses should be dumped onto the recycling pile and got rid of (its likely that such kit cannot do IPv6

Re: [c-nsp] Catalyst 2950 freezing

Hi, Hello, Switch configuration for customer ports is below. If you have any recommendations, they are welcome :-) Current configuration : 190 bytes ! interface FastEthernet0/1 description #customer: CUST01i_L2 [4M] switchport access vlan 115 load-interval 30 speed 10 duplex

Re: [c-nsp] Anyconnect force upgrade

Hi, easy question I'm sure. How do you turn off the feature on the ASA that forces the upgrade of anyconnect? Q. Is there a way to prevent the Adaptive Security Appliance (ASA) from automatically upgrading to a new AnyConnect version? A. Not prior to AnyConnect version 2.3.0.185 .With

Re: [c-nsp] Anyconnect force upgrade

Hi, Alan and Mike-- thanks, but that is the same stuff i've found. �I'm looking for the Commands or ASDM steps to make it happen. �I found client-update enable, but is that the command? �It still updated the anyconnect client after i removed it. �(ASA 8.4.2 and anyconnect

Re: [c-nsp] IS-IS advertise passive-only for ipv6?

Do you want me to be added to your feature request? I'm getting a little frustrated, all I want is feature parity for ipv6 , it seems like completely separate teams did the work on this platform and didn't see how things worked in the v4 world alan -- Message may be brief as it has been sent

Re: [c-nsp] sup2t/15.0(1) guidance

Hi, Is there a handy changes from 12 to 15 for dummies guide? Or, don't worry about it, it's really not a big deal? Mostly care about cat6k mgmt, MPLS VPN and MVPN, BGP, OSPF, IPv4 environment. Anyone using sup2t in anger yet, and opinions on 12 vs 15? (Though clearly 12.2(50) doesn't

Re: [c-nsp] ASA 5550 url-filtering capacity

Hi, We are running into slow web sites and random/incorrect 403's on a 5550 as an internet gateway doing NAT for an enterprise with upwards of 40,000 users. I killed a 5580 doing URL REGEX'ing - and that was without any NAT - just a pure /16 going straight through are you also logging these

Re: [c-nsp] negative effects of jumbos on cat6500?

Hi, This is specifically talking about cat6500 with sup2 or sup720 architecture, but the general questions why do vendors not ship large-mtu on L2-ports by default, what is the drawback? remains. some do TP-Link and netgear gig unmanaged switches, for example, just have it on... in fact,

  1   2   3   >