Supported in IOS-XE. VASI on the GSR has been long gone. IOS-XR had it at one
point as well.
David
--
http://dcp.dcptech.com
On 9/3/19, 4:32 AM, "James Bensley" wrote:
On Tue, 3 Sep 2019 at 00:39, David Prall wrote:
>
> Have you looked at VASI confi
Have you looked at VASI configuration.
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html
David
--
http://dcp.dcptech.com
On 8/19/19, 8:58 AM, "cisco-nsp on behalf of Aaron Gould"
wrote:
We have lots of
This is how much memory has been assigned to iosd. Show version will display
memory allocated to iosd and the total memory installed.
David
--
http://dcp.dcptech.com
On 11/21/17, 5:56 AM, "cisco-nsp on behalf of caroyy via cisco-nsp"
NVI isn’t supported within XE as you’ve stated. Have you tested with
match-in-vrf on the ip nat command.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-2/nat-xe-2-book/iadnat-match-vrf.html
As well your pool does not include the VRF that the pool belongs to.
In the header is the following:
List-Unsubscribe: https://puck.nether.net/mailman/options/cisco-nsp,
mailto:cisco-nsp-requ...@puck.nether.net?subject=unsubscribe
List-Archive: https://puck.nether.net/pipermail/cisco-nsp/
List-Post: mailto:cisco-nsp@puck.nether.net
List-Help:
ef, and your egress policy will then prioritize ef.
David
--
http://dcp.dcptech.com
-Original Message-
From: false [mailto:jct...@yahoo.com]
Sent: Friday, April 05, 2013 10:05 AM
To: 'cisco mailing list'; David Prall
Subject: RE: [c-nsp] QoS not working - VPN acl conflicting
Need to turn on Pre-Classify in the ipsec crypto map. Otherwise all you are
seeing is the ipsec traffic.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of false
Sent: Thursday, April
From: John Neiberger [mailto:jneiber...@gmail.com]
Sent: Wednesday, January 30, 2013 6:16 PM
To: David Prall
Cc: Adam Vitkovsky; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] MPLS VPN over mGRE
That's exactly right. The part I can't figure out is what triggers the
proper
Sounds like you are using BGP Signaled MPLS VPN over mGRE which uses a
Route-Map on the neighbor relationship to provide the tunnel information.
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir
-mpls-vpnomgre-xe.html
David
--
http://dcp.dcptech.com
-Original
What does show mls rate-limit usage show for GLEAN
What does show mls qos protocol show for ARP
mls qos protocol police arp is what you want to be using to rate limit ARP
requests at L2.
This white paper goes into the hardware rate-limiters, as well as CoPP on
the 6500:
-By
-Original Message-
From: David Prall [mailto:d...@dcptech.com]
Sent: Thursday, January 24, 2013 3:14 PM
To: 'Andrew Miehs'; Abello, Vinny
Cc: cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cat6500 odd arp behavior
What does show
What happens if you install a static /32. I believe that multi-hop requires
a /32 for the neighbor.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Jason Lixfeld
Sent: Friday,
This is why it is called Any Source Multicast (ASM). A number of
applications use the same group for discussions. Cisco's old IP/TV
distributed over one group, then had a second group for feedback. So as you
typed in a question it was sent to everyone.
David
--
http://dcp.dcptech.com
factor.
David
--
http://dcp.dcptech.com
-Original Message-
From: Riccardo S [mailto:dim0...@hotmail.com]
Sent: Monday, December 17, 2012 12:52 PM
To: David Prall; cisco-nsp@puck.nether.net
Subject: R: RE: [c-nsp] Same multicast flow with multiple source
But as you see it seems
Show tcp brief
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Samol
Sent: Wednesday, December 12, 2012 9:47 PM
To: Andrew Jones
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco command
-Original Message-
From: Tom Lanyon [mailto:tom+c-...@oneshoeco.com]
I'm glad a iBGP session between the ASRs over a GRE tunnel was mentioned, as
that's exactly what we have running and I was questioning whether this was a
bad practice or not...
Thanks,
Tom
[dprall] It's the Duct Tape
, September 27, 2012 4:41 AM
To: 'Tom Lanyon'; 'David Prall'; 'cisco-nsp'
Subject: RE: [c-nsp] Change BGP default-originate to IGP?
So if I understood it correctly you are concerned that the router will start
to originate the default prior to receiving full BGP table from its upstream
right?
The simplest
Why not use selective advertisement of the default based on receiving a
specific route from your carrier or an upstream you know to be stable.
http://www.cisco.com/en/US/docs/ios/12_3/iproute/command/reference/ip2_n1g.h
tml#wp1037042
David
--
http://dcp.dcptech.com
-Original Message-
You're using a GLOP group, so you are AS number 57370?
You do have ip pim rp-address 192.168.1.2 configured? I am assuming the
192.168.1.2 is the MSDP source-address and the BGP source-address.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Of course, how else would you run HSRP for dual-stacked servers.
--
http://dcp.dcptech.com
-Original Message-
From: Gmail [mailto:jstuxuhu0...@gmail.com]
Sent: Friday, August 17, 2012 9:20 PM
To: David Prall
Cc: Nsp
Subject: Re: [c-nsp] HSRPv1 and HSRPv2
Thanks for your replay.
So
Just turn on v2, v4 and v6 will require distinct id's. When you first turn
on v2 on a single router, the two will stop talking so be prepared for the
outage on v4.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
The PBR performance on the 3K is wonderful if you only need it for a few
Mbps. I would always recommend routing over PBR, unless there is just no
other way. My house I use PBR so that certain servers return to the correct
Internet Connection Symmetrically and are NAT'd and Firewalled correctly. I
DHCP servers could care less about who you are. They will give out an
address to just about anyone. Now MBA or 802.1x authentication can be used
to block this. With MBA or 802.1x you could place the authenticated users in
to a different vlan, where all of your domain related information resides.
MDT didn't come around till later. Upgrade the code to a 124T release for
MDT support. Need MDT support for SSM support of the Data groups, otherwise
you don't need MDT. But, then you are stuck with ASM or the default group
only.
David
--
http://dcp.dcptech.com
-Original Message-
Frank,
Might try http://www-v6.cisco.com as well.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Frank Bulk
Sent: Saturday, January 07, 2012 4:00 PM
To: cisco-nsp@puck.nether.net
Is QoS configured? Have to configure qos inconsistency, no mls qos
channel-consistency
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chuck Church
Sent: Thursday, January 05, 2012 1:13
Peter,
The 6513E can't support Fabric Enabled Modules in the secondary Supervisor
slot, so you only get 11 6748/6848's.
The 4640-CSFP-E is not supported in the 4510. So you would get 5 per 4506/7,
using the CSFP optics 80 ports per slot.
David
--
http://dcp.dcptech.com
-Original
Which CCIE Lab book is this?
Have you looked at the PfR doc-wiki page?
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of M K
Sent: Tuesday, December 06, 2011 7:00 PM
To:
Found this via a quick search:
http://www.cisco.com/en/US/docs/ios/12_4t/ip_mcast/configuration/guide/mctls
plt.html
I was thinking about 2 distinct RP addresses, using spt-threshold infinity
so it stays on the shared tree, and having the route to the RP preferred
over one link. Hopefully the
...@autempspourmoi.be]
Sent: Wednesday, November 30, 2011 4:11 AM
To: 'David Prall'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Conditionnal routing based on OSPF / IP SLA
Hi David,
Actually I do not want to track the interface status but ensure that a ping
is working.
This is because the router
be advertised.
ip route 17.4.240.40 255.255.255.240 Se0/1:0 10.0.1.2 tag 1755
David
--
http://dcp.dcptech.com
-Original Message-
From: Henry-Nicolas Tourneur [mailto:hntourn...@autempspourmoi.be]
Sent: Tuesday, November 29, 2011 3:30 AM
To: 'David Prall'; cisco-nsp@puck.nether.net
Subject: RE: [c
You can do this with track objects and static routing, then redistribute the
static into ospf. You could use a conditional route-map like they do in the
example for default as well. But I think putting a static in and
redistributing it will be much easier.
David
--
http://dcp.dcptech.com
To: David Prall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] MPLS - MP-BPG with multiple OSPF areas
You're right David. There are out of order no packets, only
asynchronous traffic. Sorry about that...
I don't think that only the supression would do the job, since the
loopbacks
Frank,
I just played with this and it appears to be working for me:
ip route vrf C1 172.16.1.0 255.255.255.128 GigabitEthernet 0/0 0.0.0.0
I do not have a default route in the table with my configuration.
David
--
http://dcp.dcptech.com
-Original Message-
From:
Livio,
Where are you getting out of order packets? You do have asymmetric hop
counts, which most likely means asymmetric latency. But all the packets
should be in order. Could use DWDM so that each router isn't directly
connected and everything looks the same number of hops away, of course more
To minimize the input drops you can increase the hold-queue. Another issue
to look at is the buffers as well, most likely have misses and failures
there. The flushes are caused by SPD, which are control plane packets that
need to make it to the processor so they are put ahead of everything else in
I'd say you have a lot of traffic with TTL 1 or a link-local multicast
address on the interface, if everything else is working correctly. Otherwise
you are process switching a lot of traffic.
Here are some pointers:
http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186
You can write to it with tftp config location.
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_examp
le09186a0080094aa6.shtml#copying_startup
It appears you can only do this to the startup, so it will still need to be
reloaded at some point.
David
--
]
Sent: Friday, August 19, 2011 6:16 PM
To: David Prall
Cc: NSP - Cisco
Subject: Re: RE: [c-nsp] ARP oddness
The ARP request would have had to have been spoofed then. I'll have to
check Monday. I've got no reason to believe its malicious. It's
factory gear, I would believe anything
Are you just getting Unicast flooding because the switch doesn't know where
the destination is?
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note0918
6a00801d0808.shtml
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Correct. All uRPF has to be configured the same.
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide
/secure.pdf
Page 4 - Note - The most recently configured mode is automatically applied
to all ports configured for Unicast RPF check.
--
http://dcp.dcptech.com
What versions of code? There is a place, much older code 12.3(4)T, where ip
inspect would add entries to the top of the defined interface acl, you would
use show access-list to see the entries. Then there is more recent code
where the entries are dynamically created, you use show ip inspect
]
Sent: Wednesday, July 20, 2011 9:11 AM
To: David Prall; 'Keegan Holley'
Cc: cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] etherchannel load-balancing and unpredictability
Yes, that's correct. Either content filter should be able to handle all
of the load if it needed to. The goal was mainly
Keegan,
I think he isn't worried about it being unpredictable load wise. He's more
interested in it being predictable that a source .1 to .2 on the inside
switch goes over link 1, and that the .2 to .1 on the outside switch returns
over link 1.
This link has a discussion of this:
Since GRE isn't supported on the 3750, it seems like a non-starter. While
you can configure GRE, it is all done in software thus impacting all control
plane traffic. As well bridging isn't supported over GRE.
If you have Dark Fiber, I would recommend using it.
David
--
http://dcp.dcptech.com
It is service unsupported-transceiver it is hidden so tab completion won't
help you.
cat3560-1(config)#service unsupported-transceiver
Warning: When Cisco determines that a fault or defect can be traced to
the use of third-party transceivers installed by a customer or reseller,
then, at Cisco's
Looks like Router A is an ASR1000. The gi0 Mgmt-intf isn't in the
data-plane. It is only there for out of band management. No connection
between it and the ESP.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
8:26 AM
To: David Prall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] CDP Query
Hi David
GET VPN neighbor are via service provider. Any work around to it?. We
have a customer whose devices are not visible in LMS due to this issue.
Regards
Jawwad Paracha
IBM
On Tue, Feb 15
Your neighbor in GET VPN is the Service Provider / MPLS Carrier. You won't
find the remote spokes via CDP.
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Aaron Riemer
Sent: Tuesday,
This goes over the majority of L2TPv3 configuration
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html
--
http://dcp.dcptech.com
-Original Message-
From: roger.wikl...@gmail.com [mailto:roger.wikl...@gmail.com] On
Behalf Of Roger Wiklund
Sent: Friday,
And L2TPv3 is supported. Recent code doesn't allow a bridge-group to be
defined on a tunnel.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Ian Henderson
Sent: Thursday, January
http://www9.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/releas
e/notes/hardware.pdf
Looks like you might need to upgrade the ROMMON.
On page 45:
Note
. Use with Release 12.2(33)SXH or later and a DFC requires DFC ROMMON
version 12.2(18r)S1 or
later. To display the switching module
The second port on the RSP720 is user selectable. Media-type rj45
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of jack daniels
Sent: Thursday, January 13, 2011 3:39 PM
To: Nick
John,
Which cards and which version of IOS-XR is running on the RP's. Typical are
the cards supported by the IOS. Show diag is always a good place to start.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
FPD Field Programmable Device. Typically WAN Interface firmware updates.
Typically you'll have upgrade fpd auto in the configuration.
A quick search:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/conf
iguration/7600series/76fpd.html
David
--
http://dcp.dcptech.com
You'll need to do an HQoS shaper on the inside fastethernet interface in
order to shape remote traffic so that they fall back. You're giving 50
percent priority to a 4.6Mbps link, on a 100Mbps interface or have you
configured the correct bandwidth statement on it. I've found using HQoS
tends to
://dcp.dcptech.com
-Original Message-
From: Ray Davis [mailto:ray-li...@carpe.net]
Sent: Friday, December 17, 2010 9:40 AM
To: David Prall
Cc: 'Cisco-nsp'
Subject: Re: [c-nsp] Simple src/dst IP QoS
The DSL side is the Dialer interface which has bandwidth 4608 in it's
config. I
What exact Adva gear are you using. Typically CWDM is passive and requires
CWDM optics. SR are Short Reach Multimode. You say that CDP is up and happy
over the link, what does DOM say? It works as L3 but not as L2? What traffic
was traversing it at L3? At L2 you mention that OSPF seems to be
Tunnel Health Monitoring:
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/gu
ide/sec_dmvpn_tun_mon.html
NHRP MIB
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/gu
ide/sec_dmvpn_nhrp_mib.html
I just know they exist, haven't dug deep into them
I would monitor nhrp registrations and routing protocol neighbors on the
hubs. If you need to go to the spokes then the same thing from there, they
at least will have a smaller count so it will be easier to determine what is
happening from their perspective.
David
--
http://dcp.dcptech.com
On a 48 port 3560E, 24 ports per ASIC
cat3560-2#sh platform pm if-numbers
interface gid gpn lpn port slot unit slun port-type lpn-idb gpn-idb
--
Gi0/1 1111/1 111local Yes Yes
Gi0/2 2
Has to be configured as trusted, which it isn't.
dual-active detection pagp trust channel-group 114
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configu
ration/guide/vss.html#wp1063913
David
--
http://dcp.dcptech.com
-Original Message-
From:
Carlos,
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/product_da
ta_sheet0900aecd8017a72e.html
Layer 2 Features
Jumbo frames on all ports (up to 9216 bytes)
Layer 3 Features
Jumbo frames on all ports (up to 9216 bytes)
David
--
http://dcp.dcptech.com
-Original
TCAM Memory would appear to be corrupt from the POST. Time for an RMA.
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Bayasgalan Bayantur
Sent: Sunday, August 22, 2010 8:56 PM
To:
http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m2.htm
l#wp1058956
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Jason Lixfeld
Sent: Saturday, August 21, 2010 8:20
NAT
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of venkat
Sent: Thursday, July 29, 2010 9:28 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Cisco Console access server
Hi,
Not
I even attempted to reproduce the problem with an XP (SP2)
workstation
on a .255 myself, no success. Initiating and receiving connections
from other XP workstations worked just fine, on- and off-net.
Try connecting from a XP workstation to a .255 target address that is
on a
class C
4948E
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Benny Amorsen
Sent: Sunday, June 27, 2010 12:13 PM
To: Gert Doering
Cc: cisco-nsp@puck.nether.net; Paul
Subject: Re: [c-nsp] Centos
Exec-timeout is actively sending information on the vty so the 60 minute
timer is not kicking in it would appear. Do you have service
tcp-keepalives-in and service tcp-keepalives-out configured. This will
disconnect a session that isn't doing keepalives anymore. Of course it would
have to have
Should be clear line 3
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of bha Qaqish
Sent: Tuesday, June 22, 2010 2:48 PM
To: Jeff Wojciechowski; cisco-nsp@puck.nether.net
Subject:
-Original Message-
From: bha Qaqish [mailto:bha.qaq...@nitc.gov.jo]
Sent: Tuesday, June 22, 2010 3:17 PM
To: David Prall; 'Jeff Wojciechowski'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] VTY PROBLEM
It's the same , not cleared
Eng. Bha Qaqish
-Original Message
What is the SDM Template that you are using? What version of code?
Just tried this on 12.2(46)SE
The current template is desktop IPv4 and IPv6 routing template.
Without any issue.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
I'd say long fat pipe issues.
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Mohammad Khalil
Sent: Tuesday, April 27, 2010 9:31 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] WiMAX
Jeff,
This is an old document. But it gives the numbers.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_
paper0900aecd800c9589.pdf
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
I'd guess a spanning tree loop. The HULC process is what updates the pretty
lights on the switch. So much is happening that it is having to change all
the colors constantly.
What other messages are you seeing.
--
http://dcp.dcptech.com
-Original Message-
From:
My consfusin is handling inbound connections to the customer servers.
I can define inbound static mappings but how do the packets that the
server sends in response make it way through the router and avoid
going out the wrong interface.
Although it is a bit of a hack, one way of doing
) ,,, then Primary
PE route traffic to secondary CE .
Regards
On 3/28/10, David Prall d...@dcptech.com wrote:
PfR takes care of the rerouting on a site basis. The site is monitoring
reachability to a particular prefix. The key issue with a single cloud, is
that you don't control the end
for
a particular prefix or traffic type.
--
http://dcp.dcptech.com
-Original Message-
From: jack daniels [mailto:jckdaniel...@gmail.com]
Sent: Friday, March 26, 2010 10:20 PM
To: David Prall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PFR Question
IN SCENARIO BOTH LINKS
PfR is a unidirectional feature. The router on the other end needs to be
configured with PfR as well in order to have bidirectional visibility.
Typically the master controller will be local to the site.
--
http://dcp.dcptech.com
-Original Message-
From:
To: David Prall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PFR Question
But if you have --
|CE1PE1
PE3CE3
X.X.X.X-| MPLS DOMAIN-
--
| CE2PE2
PE4
This is where PfR is involved to route around the primary carrier to the
secondary.
--
http://dcp.dcptech.com
-Original Message-
From: jack daniels [mailto:jckdaniel...@gmail.com]
Sent: Thursday, March 25, 2010 8:50 PM
To: David Prall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c
Rodney,
Just span the RP traffic.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper
_c11_553261.html
For ISIS you need to create a class that matches all ip traffic, then use
the class-default for everything that isn't ip.
David
--
http://dcp.dcptech.com
encryption.
David
--
http://dcp.dcptech.com
-Original Message-
From: Phil Mayers [mailto:p.may...@imperial.ac.uk]
Sent: Thursday, March 11, 2010 4:48 AM
To: David Prall
Cc: 'Peter Rathlev'; 'cisco-nsp'
Subject: Re: [c-nsp] IPSec crypto map on MPLS enabled interface?
On 03/10/2010
You could do MPLSoGREoIPSec
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Peter Rathlev
Sent: Wednesday, March 10, 2010 12:07 PM
To: Phil Mayers
Cc: cisco-nsp
Subject: Re: [c-nsp]
IOS SLB is on the 6500 and 7200. Not on the 3560-E / 3750-E.
Could always use Anycast via a loopback on the servers and let CEF ECMP take
care of it. But this is typically only done for UDP applications. Not sure
if EOT is on the 3560-E for Static Routes, or you could use BGP from the
servers.
Object
Tracking to monitor that the server is alive.
David
--
http://dcp.dcptech.com
-Original Message-
From: Matthew Huff [mailto:mh...@ox.com]
Sent: Wednesday, February 10, 2010 11:20 AM
To: 'David Prall'; 'cisco-nsp'
Subject: RE: [c-nsp] IOS Server Load Balancing on C3560-E switches
Match protocol is nbar, I can never remember which require ip nbar
protocol-discovery on the interface.
Why not use an access-list denying dhcp
deny udp any eq bootpc any eq bootps
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Andy,
By excluding 0.00 your excluding those that have had 0.00 anywhere in the
time list. Just use sort and look at the top few. Although most likely the
same.
If you have a number of large Ethernet subnets with few systems on them,
then sh ip arp will contain a number of incompletes. If it is
Your drops and flushes counts are the same. A flush is a control plane
packet that pushed to CPU even though the input queue was filled. I don't
believe these two numbers should be the same unless all of the input queue
was filled with these packets.
David
--
http://dcp.dcptech.com
capture it.
Moved to an 881 at home, so I don't have my 871W anymore.
David
--
http://dcp.dcptech.com
-Original Message-
From: Garry [mailto:g...@gmx.de]
Sent: Wednesday, February 10, 2010 2:06 PM
To: c-nsp
Cc: David Prall
Subject: Re: [c-nsp] Limiting DHCP on a Bridge Group
: Garry [mailto:g...@gmx.de]
Sent: Wednesday, February 10, 2010 2:39 PM
To: David Prall
Cc: 'c-nsp'
Subject: Re: [c-nsp] Limiting DHCP on a Bridge Group
On 10.02.2010 20:30, David Prall wrote:
I think the match interface is looking at where the policy is
assigned. I
know the policy isn't
So XP doesn't support IPv6 DHCP, nor do they support IPv6 DNS. Not sure
about the macintosh.
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Michael Robson
Sent: Friday, January 29, 2010
What does sh diag give you for the module.
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Renelson Panosky
Sent: Tuesday, January 12, 2010 2:36 PM
To: cisco-nsp@puck.nether.net
Subject:
That's the status, which shows one is currently running. But what does sh
diag tell us is wrong.
David
--
http://dcp.dcptech.com
-Original Message-
From: Renelson Panosky [mailto:panocisc...@gmail.com]
Sent: Tuesday, January 12, 2010 3:03 PM
To: David Prall
Cc: cisco-nsp
It is my experience that 6 of the 7 will randomly be chosen, each time an
SPF run is done a different 6th could be installed. With enough CPU power it
shouldn't cause issues, but in the past I've seen routers running close to
the limit that cause traffic loss. This was with the default
-
From: Scott Granados [mailto:gsgrana...@comcast.net]
Sent: Thursday, January 07, 2010 7:06 PM
To: David Prall; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] am I being bitten by this bug .CSCsw37419 (can't
connect using certificates with VPN client)
The version I'm using is
5.0.06.0160-k9
CSCei52413 is the ASA/PIX issue. Should be in 7.0(4) and beyond.
CSCsw37419 is the client issue. It is fixed in code beyond 5.0.6.110, don't
know exactly what you are running with 5.x.160
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Do it from a dedicated loopback per tunnel. Advertise an aggregate only of
the loopbacks. Now doing this from VSS I'm not so sure about though.
David
--
http://dcp.dcptech.com
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On
Turn on PIC-Core
cef table output-chain build favor convergence-speed ! please be wary of
platform specific caveats
ip routing protocol purge interface ! purges interface routes and not routes
that followed the interface, this will leave the BGP routes untouched.
This is the only thing I could
Is it dumping to rommon. If so just boot imagelocation:imagename
Most likely have a corrupt config register on the switch processor.
Sh boot ! for the RP
Remote command switch sh boot ! for the SP
Conf t
Config-register 0x2102
End
Now confirm that they are correct on both the RP
1 - 100 of 178 matches
Mail list logo