Re: [c-nsp] Inter-VRF with NAT

Supported in IOS-XE. VASI on the GSR has been long gone. IOS-XR had it at one point as well. David -- http://dcp.dcptech.com On 9/3/19, 4:32 AM, "James Bensley" wrote: On Tue, 3 Sep 2019 at 00:39, David Prall wrote: > > Have you looked at VASI confi

Re: [c-nsp] Inter-VRF with NAT

Have you looked at VASI configuration. https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html David -- http://dcp.dcptech.com On 8/19/19, 8:58 AM, "cisco-nsp on behalf of Aaron Gould" wrote: We have lots of

Re: [c-nsp] memory issue asr1002-x

This is how much memory has been assigned to iosd. Show version will display memory allocated to iosd and the total memory installed. David -- http://dcp.dcptech.com On 11/21/17, 5:56 AM, "cisco-nsp on behalf of caroyy via cisco-nsp"

Re: [c-nsp] NAT problem on ISR 4331

NVI isn’t supported within XE as you’ve stated. Have you tested with match-in-vrf on the ip nat command. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-2/nat-xe-2-book/iadnat-match-vrf.html As well your pool does not include the VRF that the pool belongs to.

Re: [c-nsp] remove giles.cooc...@williamhill.com

In the header is the following: List-Unsubscribe: https://puck.nether.net/mailman/options/cisco-nsp, mailto:cisco-nsp-requ...@puck.nether.net?subject=unsubscribe List-Archive: https://puck.nether.net/pipermail/cisco-nsp/ List-Post: mailto:cisco-nsp@puck.nether.net List-Help:

Re: [c-nsp] QoS not working - VPN acl conflicting???

ef, and your egress policy will then prioritize ef. David -- http://dcp.dcptech.com -Original Message- From: false [mailto:jct...@yahoo.com] Sent: Friday, April 05, 2013 10:05 AM To: 'cisco mailing list'; David Prall Subject: RE: [c-nsp] QoS not working - VPN acl conflicting

Re: [c-nsp] QoS not working - VPN acl conflicting???

Need to turn on Pre-Classify in the ipsec crypto map. Otherwise all you are seeing is the ipsec traffic. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of false Sent: Thursday, April

Re: [c-nsp] MPLS VPN over mGRE

From: John Neiberger [mailto:jneiber...@gmail.com] Sent: Wednesday, January 30, 2013 6:16 PM To: David Prall Cc: Adam Vitkovsky; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS VPN over mGRE That's exactly right. The part I can't figure out is what triggers the proper

Re: [c-nsp] MPLS VPN over mGRE

Sounds like you are using BGP Signaled MPLS VPN over mGRE which uses a Route-Map on the neighbor relationship to provide the tunnel information. http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir -mpls-vpnomgre-xe.html David -- http://dcp.dcptech.com -Original

Re: [c-nsp] Cat6500 odd arp behavior

What does show mls rate-limit usage show for GLEAN What does show mls qos protocol show for ARP mls qos protocol police arp is what you want to be using to rate limit ARP requests at L2. This white paper goes into the hardware rate-limiters, as well as CoPP on the 6500:

Re: [c-nsp] Cat6500 odd arp behavior

-By -Original Message- From: David Prall [mailto:d...@dcptech.com] Sent: Thursday, January 24, 2013 3:14 PM To: 'Andrew Miehs'; Abello, Vinny Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cat6500 odd arp behavior What does show

Re: [c-nsp] ASR9k: BGP state = Idle (No route to multi-hop neighbor)

What happens if you install a static /32. I believe that multi-hop requires a /32 for the neighbor. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Jason Lixfeld Sent: Friday,

Re: [c-nsp] Same multicast flow with multiple source

This is why it is called Any Source Multicast (ASM). A number of applications use the same group for discussions. Cisco's old IP/TV distributed over one group, then had a second group for feedback. So as you typed in a question it was sent to everyone. David -- http://dcp.dcptech.com

Re: [c-nsp] Same multicast flow with multiple source

factor. David -- http://dcp.dcptech.com -Original Message- From: Riccardo S [mailto:dim0...@hotmail.com] Sent: Monday, December 17, 2012 12:52 PM To: David Prall; cisco-nsp@puck.nether.net Subject: R: RE: [c-nsp] Same multicast flow with multiple source But as you see it seems

Re: [c-nsp] Cisco command to see active session on cisco WS-C6503-E (R7000)

Show tcp brief -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Samol Sent: Wednesday, December 12, 2012 9:47 PM To: Andrew Jones Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco command

Re: [c-nsp] Change BGP default-originate to IGP?

-Original Message- From: Tom Lanyon [mailto:tom+c-...@oneshoeco.com] I'm glad a iBGP session between the ASRs over a GRE tunnel was mentioned, as that's exactly what we have running and I was questioning whether this was a bad practice or not... Thanks, Tom [dprall] It's the Duct Tape

Re: [c-nsp] Change BGP default-originate to IGP?

, September 27, 2012 4:41 AM To: 'Tom Lanyon'; 'David Prall'; 'cisco-nsp' Subject: RE: [c-nsp] Change BGP default-originate to IGP? So if I understood it correctly you are concerned that the router will start to originate the default prior to receiving full BGP table from its upstream right? The simplest

Re: [c-nsp] Change BGP default-originate to IGP?

Why not use selective advertisement of the default based on receiving a specific route from your carrier or an upstream you know to be stable. http://www.cisco.com/en/US/docs/ios/12_3/iproute/command/reference/ip2_n1g.h tml#wp1037042 David -- http://dcp.dcptech.com -Original Message-

Re: [c-nsp] MSDP and my limited knowledge question

You're using a GLOP group, so you are AS number 57370? You do have ip pim rp-address 192.168.1.2 configured? I am assuming the 192.168.1.2 is the MSDP source-address and the BGP source-address. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] HSRPv1 and HSRPv2

Of course, how else would you run HSRP for dual-stacked servers. -- http://dcp.dcptech.com -Original Message- From: Gmail [mailto:jstuxuhu0...@gmail.com] Sent: Friday, August 17, 2012 9:20 PM To: David Prall Cc: Nsp Subject: Re: [c-nsp] HSRPv1 and HSRPv2 Thanks for your replay. So

Re: [c-nsp] HSRPv1 and HSRPv2

Just turn on v2, v4 and v6 will require distinct id's. When you first turn on v2 on a single router, the two will stop talking so be prepared for the outage on v4. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] Question on the Use of Policy Based Routing

The PBR performance on the 3K is wonderful if you only need it for a few Mbps. I would always recommend routing over PBR, unless there is just no other way. My house I use PBR so that certain servers return to the correct Internet Connection Symmetrically and are NAT'd and Firewalled correctly. I

Re: [c-nsp] Network Security.

DHCP servers could care less about who you are. They will give out an address to just about anyone. Now MBA or 802.1x authentication can be used to block this. With MBA or 802.1x you could place the authenticated users in to a different vlan, where all of your domain related information resides.

Re: [c-nsp] mVPN with 2811PE

MDT didn't come around till later. Upgrade the code to a 124T release for MDT support. Need MDT support for SSM support of the Data groups, otherwise you don't need MDT. But, then you are stuck with ASM or the default group only. David -- http://dcp.dcptech.com -Original Message-

Re: [c-nsp] www.ipv6.cisco.com down for 5+ days

Frank, Might try http://www-v6.cisco.com as well. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Frank Bulk Sent: Saturday, January 07, 2012 4:00 PM To: cisco-nsp@puck.nether.net

Re: [c-nsp] channel fails when using sup 10g port ?

Is QoS configured? Have to configure qos inconsistency, no mls qos channel-consistency David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chuck Church Sent: Thursday, January 05, 2012 1:13

Re: [c-nsp] 1G (SFP) single-mode aggregation

Peter, The 6513E can't support Fabric Enabled Modules in the secondary Supervisor slot, so you only get 11 6748/6848's. The 4640-CSFP-E is not supported in the 4510. So you would get 5 per 4506/7, using the CSFP optics 80 ports per slot. David -- http://dcp.dcptech.com -Original

Re: [c-nsp] OER Question

Which CCIE Lab book is this? Have you looked at the PfR doc-wiki page? -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of M K Sent: Tuesday, December 06, 2011 7:00 PM To:

Re: [c-nsp] Multicast question

Found this via a quick search: http://www.cisco.com/en/US/docs/ios/12_4t/ip_mcast/configuration/guide/mctls plt.html I was thinking about 2 distinct RP addresses, using spt-threshold infinity so it stays on the shared tree, and having the route to the RP preferred over one link. Hopefully the

Re: [c-nsp] Conditionnal routing based on OSPF / IP SLA

...@autempspourmoi.be] Sent: Wednesday, November 30, 2011 4:11 AM To: 'David Prall'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Conditionnal routing based on OSPF / IP SLA Hi David, Actually I do not want to track the interface status but ensure that a ping is working. This is because the router

Re: [c-nsp] Conditionnal routing based on OSPF / IP SLA

be advertised. ip route 17.4.240.40 255.255.255.240 Se0/1:0 10.0.1.2 tag 1755 David -- http://dcp.dcptech.com -Original Message- From: Henry-Nicolas Tourneur [mailto:hntourn...@autempspourmoi.be] Sent: Tuesday, November 29, 2011 3:30 AM To: 'David Prall'; cisco-nsp@puck.nether.net Subject: RE: [c

Re: [c-nsp] Conditionnal routing based on OSPF / IP SLA

You can do this with track objects and static routing, then redistribute the static into ospf. You could use a conditional route-map like they do in the example for default as well. But I think putting a static in and redistributing it will be much easier. David -- http://dcp.dcptech.com

Re: [c-nsp] MPLS - MP-BPG with multiple OSPF areas

To: David Prall Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS - MP-BPG with multiple OSPF areas You're right David. There are out of order no packets, only asynchronous traffic. Sorry about that... I don't think that only the supression would do the job, since the loopbacks

Re: [c-nsp] Advertising connected subnet in BGP (more specific) - design advise needed

Frank, I just played with this and it appears to be working for me: ip route vrf C1 172.16.1.0 255.255.255.128 GigabitEthernet 0/0 0.0.0.0 I do not have a default route in the table with my configuration. David -- http://dcp.dcptech.com -Original Message- From:

Re: [c-nsp] MPLS - MP-BPG with multiple OSPF areas

Livio, Where are you getting out of order packets? You do have asymmetric hop counts, which most likely means asymmetric latency. But all the packets should be in order. Could use DWDM so that each router isn't directly connected and everything looks the same number of hops away, of course more

Re: [c-nsp] Input errors, overrun unknown protocols drops on LAN interface

To minimize the input drops you can increase the hold-queue. Another issue to look at is the buffers as well, most likely have misses and failures there. The flushes are caused by SPD, which are control plane packets that need to make it to the processor so they are put ahead of everything else in

Re: [c-nsp] Input errors, overrun unknown protocols drops on LAN interface

I'd say you have a lot of traffic with TTL 1 or a link-local multicast address on the interface, if everything else is working correctly. Otherwise you are process switching a lot of traffic. Here are some pointers: http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186

Re: [c-nsp] Regain CLI access with snmp sets?

You can write to it with tftp config location. http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_examp le09186a0080094aa6.shtml#copying_startup It appears you can only do this to the startup, so it will still need to be reloaded at some point. David --

Re: [c-nsp] ARP oddness

] Sent: Friday, August 19, 2011 6:16 PM To: David Prall Cc: NSP - Cisco Subject: Re: RE: [c-nsp] ARP oddness The ARP request would have had to have been spoofed then. I'll have to check Monday. I've got no reason to believe its malicious. It's factory gear, I would believe anything

Re: [c-nsp] ARP oddness

Are you just getting Unicast flooding because the switch doesn't know where the destination is? http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note0918 6a00801d0808.shtml -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] Common uRPF setting on all interfaces

Correct. All uRPF has to be configured the same. http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide /secure.pdf Page 4 - Note - The most recently configured mode is automatically applied to all ports configured for Unicast RPF check. -- http://dcp.dcptech.com

Re: [c-nsp] Problem with IP Inspect

What versions of code? There is a place, much older code 12.3(4)T, where ip inspect would add entries to the top of the defined interface acl, you would use show access-list to see the entries. Then there is more recent code where the entries are dynamically created, you use show ip inspect

Re: [c-nsp] etherchannel load-balancing and unpredictability

] Sent: Wednesday, July 20, 2011 9:11 AM To: David Prall; 'Keegan Holley' Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] etherchannel load-balancing and unpredictability Yes, that's correct. Either content filter should be able to handle all of the load if it needed to. The goal was mainly

Re: [c-nsp] etherchannel load-balancing and unpredictability

Keegan, I think he isn't worried about it being unpredictable load wise. He's more interested in it being predictable that a source .1 to .2 on the inside switch goes over link 1, and that the .2 to .1 on the outside switch returns over link 1. This link has a discussion of this:

Re: [c-nsp] GRE tunnel to do span vlan across two datacenters?

Since GRE isn't supported on the 3750, it seems like a non-starter. While you can configure GRE, it is all done in software thus impacting all control plane traffic. As well bridging isn't supported over GRE. If you have Dark Fiber, I would recommend using it. David -- http://dcp.dcptech.com

Re: [c-nsp] Fwd: GBIC_SECURITY_CRYPT-4-ID_MISMATCH: Identification check failed for GBIC in port [dec]

It is service unsupported-transceiver it is hidden so tab completion won't help you. cat3560-1(config)#service unsupported-transceiver Warning: When Cisco determines that a fault or defect can be traced to the use of third-party transceivers installed by a customer or reseller, then, at Cisco's

Re: [c-nsp] Cant Ping Tunnel Originating from VRF Instance

Looks like Router A is an ASR1000. The gi0 Mgmt-intf isn't in the data-plane. It is only there for out of band management. No connection between it and the ESP. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-

Re: [c-nsp] CDP Query

8:26 AM To: David Prall Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] CDP Query Hi David GET VPN neighbor are via service provider. Any work around to it?. We have a customer whose devices are not visible in LMS due to this issue. Regards Jawwad Paracha IBM On Tue, Feb 15

Re: [c-nsp] CDP Query

Your neighbor in GET VPN is the Service Provider / MPLS Carrier. You won't find the remote spokes via CDP. -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Aaron Riemer Sent: Tuesday,

Re: [c-nsp] L2 Ethernet bridging over GRE issues

This goes over the majority of L2TPv3 configuration http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html -- http://dcp.dcptech.com -Original Message- From: roger.wikl...@gmail.com [mailto:roger.wikl...@gmail.com] On Behalf Of Roger Wiklund Sent: Friday,

Re: [c-nsp] L2 Ethernet bridging over GRE issues

And L2TPv3 is supported. Recent code doesn't allow a bridge-group to be defined on a tunnel. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Ian Henderson Sent: Thursday, January

Re: [c-nsp] 6500/Sup720 won't run a WS-X6516-GBIC?

http://www9.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/releas e/notes/hardware.pdf Looks like you might need to upgrade the ROMMON. On page 45: Note . Use with Release 12.2(33)SXH or later and a DFC requires DFC ROMMON version 12.2(18r)S1 or later. To display the switching module

Re: [c-nsp] SFP-GE-T

The second port on the RSP720 is user selectable. Media-type rj45 David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of jack daniels Sent: Thursday, January 13, 2011 3:39 PM To: Nick

Re: [c-nsp] ASR 9000 Newbie question

John, Which cards and which version of IOS-XR is running on the RP's. Typical are the cards supported by the IOS. Show diag is always a good place to start. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-

Re: [c-nsp] What is the fpd package used for in newer IOS releases?

FPD Field Programmable Device. Typically WAN Interface firmware updates. Typically you'll have upgrade fpd auto in the configuration. A quick search: http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/conf iguration/7600series/76fpd.html David -- http://dcp.dcptech.com

Re: [c-nsp] Simple src/dst IP QoS

You'll need to do an HQoS shaper on the inside fastethernet interface in order to shape remote traffic so that they fall back. You're giving 50 percent priority to a 4.6Mbps link, on a 100Mbps interface or have you configured the correct bandwidth statement on it. I've found using HQoS tends to

Re: [c-nsp] Simple src/dst IP QoS

://dcp.dcptech.com -Original Message- From: Ray Davis [mailto:ray-li...@carpe.net] Sent: Friday, December 17, 2010 9:40 AM To: David Prall Cc: 'Cisco-nsp' Subject: Re: [c-nsp] Simple src/dst IP QoS The DSL side is the Dialer interface which has bandwidth 4608 in it's config. I

Re: [c-nsp] memory problem with sr modules not with zr

What exact Adva gear are you using. Typically CWDM is passive and requires CWDM optics. SR are Short Reach Multimode. You say that CDP is up and happy over the link, what does DOM say? It works as L3 but not as L2? What traffic was traversing it at L3? At L2 you mention that OSPF seems to be

Re: [c-nsp] SNMP-Check of DMVPN Tunnels?

Tunnel Health Monitoring: http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/gu ide/sec_dmvpn_tun_mon.html NHRP MIB http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/gu ide/sec_dmvpn_nhrp_mib.html I just know they exist, haven't dug deep into them

Re: [c-nsp] SNMP-Check of DMVPN Tunnels?

I would monitor nhrp registrations and routing protocol neighbors on the hubs. If you need to go to the spokes then the same thing from there, they at least will have a smaller count so it will be easier to determine what is happening from their perspective. David -- http://dcp.dcptech.com

Re: [c-nsp] ASIC to switch port mapping

On a 48 port 3560E, 24 ports per ASIC cat3560-2#sh platform pm if-numbers interface gid gpn lpn port slot unit slun port-type lpn-idb gpn-idb -- Gi0/1 1111/1 111local Yes Yes Gi0/2 2

Re: [c-nsp] Enhanced PAgP for VSS

Has to be configured as trusted, which it isn't. dual-active detection pagp trust channel-group 114 http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configu ration/guide/vss.html#wp1063913 David -- http://dcp.dcptech.com -Original Message- From:

Re: [c-nsp] Jumbo Frames Support on Datacenter Switches

Carlos, http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/product_da ta_sheet0900aecd8017a72e.html Layer 2 Features Jumbo frames on all ports (up to 9216 bytes) Layer 3 Features Jumbo frames on all ports (up to 9216 bytes) David -- http://dcp.dcptech.com -Original

Re: [c-nsp] Cisco 2960 Switch !!! WARNING: The switch is not usable !!!

TCAM Memory would appear to be corrupt from the POST. Time for an RMA. -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Bayasgalan Bayantur Sent: Sunday, August 22, 2010 8:56 PM To:

Re: [c-nsp] Hiding MPLS L3VPN hops from the CE

http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m2.htm l#wp1058956 -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Jason Lixfeld Sent: Saturday, August 21, 2010 8:20

Re: [c-nsp] Cisco Console access server

NAT -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of venkat Sent: Thursday, July 29, 2010 9:28 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco Console access server Hi, Not

Re: [c-nsp] using the first and last ip address of a range /24 in a local pool

I even attempted to reproduce the problem with an XP (SP2) workstation on a .255 myself, no success. Initiating and receiving connections from other XP workstations worked just fine, on- and off-net. Try connecting from a XP workstation to a .255 target address that is on a class C

Re: [c-nsp] Centos upload speed slower on 1000m than 100m over WAN links

4948E -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Benny Amorsen Sent: Sunday, June 27, 2010 12:13 PM To: Gert Doering Cc: cisco-nsp@puck.nether.net; Paul Subject: Re: [c-nsp] Centos

Re: [c-nsp] VTY PROBLEM

Exec-timeout is actively sending information on the vty so the 60 minute timer is not kicking in it would appear. Do you have service tcp-keepalives-in and service tcp-keepalives-out configured. This will disconnect a session that isn't doing keepalives anymore. Of course it would have to have

Re: [c-nsp] VTY PROBLEM

Should be clear line 3 David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of bha Qaqish Sent: Tuesday, June 22, 2010 2:48 PM To: Jeff Wojciechowski; cisco-nsp@puck.nether.net Subject:

Re: [c-nsp] VTY PROBLEM

-Original Message- From: bha Qaqish [mailto:bha.qaq...@nitc.gov.jo] Sent: Tuesday, June 22, 2010 3:17 PM To: David Prall; 'Jeff Wojciechowski'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] VTY PROBLEM It's the same , not cleared Eng. Bha Qaqish -Original Message

Re: [c-nsp] Why doesn't this IPv6 ACL work?

What is the SDM Template that you are using? What version of code? Just tried this on 12.2(46)SE The current template is desktop IPv4 and IPv6 routing template. Without any issue. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] WiMAX Download

I'd say long fat pipe issues. -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Mohammad Khalil Sent: Tuesday, April 27, 2010 9:31 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WiMAX

Re: [c-nsp] 6500 latency

Jeff, This is an old document. But it gives the numbers. http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_ paper0900aecd800c9589.pdf David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-

Re: [c-nsp] Cisco 3750 High CPU

I'd guess a spanning tree loop. The HULC process is what updates the pretty lights on the switch. So much is happening that it is having to change all the colors constantly. What other messages are you seeing. -- http://dcp.dcptech.com -Original Message- From:

Re: [c-nsp] Using NAT with servers and dual ISP

My consfusin is handling inbound connections to the customer servers. I can define inbound static mappings but how do the packets that the server sends in response make it way through the router and avoid going out the wrong interface. Although it is a bit of a hack, one way of doing

Re: [c-nsp] PFR Question

) ,,, then Primary PE route traffic to secondary CE . Regards On 3/28/10, David Prall d...@dcptech.com wrote: PfR takes care of the rerouting on a site basis. The site is monitoring reachability to a particular prefix. The key issue with a single cloud, is that you don't control the end

Re: [c-nsp] PFR Question

for a particular prefix or traffic type. -- http://dcp.dcptech.com -Original Message- From: jack daniels [mailto:jckdaniel...@gmail.com] Sent: Friday, March 26, 2010 10:20 PM To: David Prall Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] PFR Question IN SCENARIO BOTH LINKS

Re: [c-nsp] PFR Question

PfR is a unidirectional feature. The router on the other end needs to be configured with PfR as well in order to have bidirectional visibility. Typically the master controller will be local to the site. -- http://dcp.dcptech.com -Original Message- From:

Re: [c-nsp] PFR Question

To: David Prall Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] PFR Question But if you have -- |CE1PE1 PE3CE3 X.X.X.X-| MPLS DOMAIN- -- | CE2PE2 PE4

Re: [c-nsp] PFR Question

This is where PfR is involved to route around the primary carrier to the secondary. -- http://dcp.dcptech.com -Original Message- From: jack daniels [mailto:jckdaniel...@gmail.com] Sent: Thursday, March 25, 2010 8:50 PM To: David Prall Cc: cisco-nsp@puck.nether.net Subject: Re: [c

Re: [c-nsp] Sup720 CoPP, limits on CPU performance

Rodney, Just span the RP traffic. http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper _c11_553261.html For ISIS you need to create a class that matches all ip traffic, then use the class-default for everything that isn't ip. David -- http://dcp.dcptech.com

Re: [c-nsp] IPSec crypto map on MPLS enabled interface?

encryption. David -- http://dcp.dcptech.com -Original Message- From: Phil Mayers [mailto:p.may...@imperial.ac.uk] Sent: Thursday, March 11, 2010 4:48 AM To: David Prall Cc: 'Peter Rathlev'; 'cisco-nsp' Subject: Re: [c-nsp] IPSec crypto map on MPLS enabled interface? On 03/10/2010

Re: [c-nsp] IPSec crypto map on MPLS enabled interface?

You could do MPLSoGREoIPSec -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Peter Rathlev Sent: Wednesday, March 10, 2010 12:07 PM To: Phil Mayers Cc: cisco-nsp Subject: Re: [c-nsp]

Re: [c-nsp] IOS Server Load Balancing on C3560-E switches ??

IOS SLB is on the 6500 and 7200. Not on the 3560-E / 3750-E. Could always use Anycast via a loopback on the servers and let CEF ECMP take care of it. But this is typically only done for UDP applications. Not sure if EOT is on the 3560-E for Static Routes, or you could use BGP from the servers.

Re: [c-nsp] IOS Server Load Balancing on C3560-E switches ??

Object Tracking to monitor that the server is alive. David -- http://dcp.dcptech.com -Original Message- From: Matthew Huff [mailto:mh...@ox.com] Sent: Wednesday, February 10, 2010 11:20 AM To: 'David Prall'; 'cisco-nsp' Subject: RE: [c-nsp] IOS Server Load Balancing on C3560-E switches

Re: [c-nsp] Limiting DHCP on a Bridge Group

Match protocol is nbar, I can never remember which require ip nbar protocol-discovery on the interface. Why not use an access-list denying dhcp deny udp any eq bootpc any eq bootps David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] Best practice - Core vs Access Router

Andy, By excluding 0.00 your excluding those that have had 0.00 anywhere in the time list. Just use sort and look at the top few. Although most likely the same. If you have a number of large Ethernet subnets with few systems on them, then sh ip arp will contain a number of incompletes. If it is

Re: [c-nsp] Best practice - Core vs Access Router

Your drops and flushes counts are the same. A flush is a control plane packet that pushed to CPU even though the input queue was filled. I don't believe these two numbers should be the same unless all of the input queue was filled with these packets. David -- http://dcp.dcptech.com

Re: [c-nsp] Limiting DHCP on a Bridge Group

capture it. Moved to an 881 at home, so I don't have my 871W anymore. David -- http://dcp.dcptech.com -Original Message- From: Garry [mailto:g...@gmx.de] Sent: Wednesday, February 10, 2010 2:06 PM To: c-nsp Cc: David Prall Subject: Re: [c-nsp] Limiting DHCP on a Bridge Group

Re: [c-nsp] Limiting DHCP on a Bridge Group

: Garry [mailto:g...@gmx.de] Sent: Wednesday, February 10, 2010 2:39 PM To: David Prall Cc: 'c-nsp' Subject: Re: [c-nsp] Limiting DHCP on a Bridge Group On 10.02.2010 20:30, David Prall wrote: I think the match interface is looking at where the policy is assigned. I know the policy isn't

Re: [c-nsp] IPV6 again

So XP doesn't support IPv6 DHCP, nor do they support IPv6 DNS. Not sure about the macintosh. -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Michael Robson Sent: Friday, January 29, 2010

Re: [c-nsp] 6509-E with WS-X6148A-GE-45A

What does sh diag give you for the module. -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Renelson Panosky Sent: Tuesday, January 12, 2010 2:36 PM To: cisco-nsp@puck.nether.net Subject:

Re: [c-nsp] 6509-E with WS-X6148A-GE-45A

That's the status, which shows one is currently running. But what does sh diag tell us is wrong. David -- http://dcp.dcptech.com -Original Message- From: Renelson Panosky [mailto:panocisc...@gmail.com] Sent: Tuesday, January 12, 2010 3:03 PM To: David Prall Cc: cisco-nsp

Re: [c-nsp] Difference in OSPF maximum-paths - operational problem?

It is my experience that 6 of the 7 will randomly be chosen, each time an SPF run is done a different 6th could be installed. With enough CPU power it shouldn't cause issues, but in the past I've seen routers running close to the limit that cause traffic loss. This was with the default

Re: [c-nsp] am I being bitten by this bug .CSCsw37419 (can't connect using certificates with VPN client)

- From: Scott Granados [mailto:gsgrana...@comcast.net] Sent: Thursday, January 07, 2010 7:06 PM To: David Prall; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] am I being bitten by this bug .CSCsw37419 (can't connect using certificates with VPN client) The version I'm using is 5.0.06.0160-k9

Re: [c-nsp] am I being bitten by this bug .CSCsw37419 (can't connect using certificates with VPN client)

CSCei52413 is the ASA/PIX issue. Should be in 7.0(4) and beyond. CSCsw37419 is the client issue. It is fixed in code beyond 5.0.6.110, don't know exactly what you are running with 5.x.160 -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] 6500 mGRE/DMVPN on VSS

Do it from a dedicated loopback per tunnel. Advertise an aggregate only of the loopbacks. Now doing this from VSS I'm not so sure about though. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On

Re: [c-nsp] eBGP multihop, link failure, and multi-path IGP (OSPF)

Turn on PIC-Core cef table output-chain build favor convergence-speed ! please be wary of platform specific caveats ip routing protocol purge interface ! purges interface routes and not routes that followed the interface, this will leave the BGP routes untouched. This is the only thing I could

Re: [c-nsp] 6509-E with sup720

Is it dumping to rommon. If so just boot imagelocation:imagename Most likely have a corrupt config register on the switch processor. Sh boot ! for the RP Remote command switch sh boot ! for the SP Conf t Config-register 0x2102 End Now confirm that they are correct on both the RP

  1   2   >