On 6/26/2014 6:09 PM, a.l.m.bu...@lboro.ac.uk wrote:
on recent versions you can do the microcode update BEFORE the reload
(check the update-sw flag list!) which saves loads of down time(!)
First I've heard of that one (!).
The microcode update is pervasive across the 3560s/3750s. First time
Just breaking ground with some 4500X switches... and was curious...
With other Catalysts the switches are often oversubscribed... at least
the uplinks... but there were platform specific commands to determine
which ports were mapped to which ASICs and you could try to optimize
your loads across
On 5/5/2014 11:10 AM, Darren O'Connor wrote:
Never seen it myself, but googling around brings up a few things.
Did this recently start? Any other switch on the same code having the same
issues or not? Generally if five different devices all start having the same
issue an external issue is
After a deployment of EIGRP with the intent of providing link
utilization based load-sharing as opposed to round robin, I get the
rude awakening that the default k-values for EIGRP do NOT include link
utilization.
Any shortcuts / workarounds / etc to resetting k-values site-wide
without breaking
On 2/2/2014 5:49 PM, Murphy-Olson, Daniel E. wrote:
Most of the switch vendors have an official compatibility list, but I've
found that generally the most common compatibility issue is active vs passive
twinax.
Brocade edge switches and nics are normally active only, which seems to come
: domingo, 3 de Novembro de 2013 14:35
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] TAC hits a new record level of aggravation...
On Sun, 3 Nov 2013, Jeff Kell wrote:
Customer support died a decade ago.
For the front-end stuff, sure.
To be fair, and to give credit where credit is due
Just curious... has anyone had issues with memory leaks on 3750Gs? We
have had nightmares from a 4-switch stack of 3750G-48TS's (IP Services).
Runs for months, then you try to write mem and get memory allocation
errors and it fails. It progresses a bit further and you can no longer
get serial
For some hardware, especially the fixed-chassis Catalysts, there is a
limited lifetime warranty that is supposed to include software
updates, particularly those related to security defects and known
release defects.
However, the current TAC downloads will show releases, but requests a
login to
Quick question for someone that's been there, done that, as I'm a bit
rushed to try to lab test this...
We're adding some new routers (4500Xs) for an upgraded server farm
arrangement with a number of server-side vlans / VRFs. The plan was to
trunk it with the existing L3 router, and fire up HSRP
On 12/10/2013 8:45 PM, Jeff Kell wrote:
Follow-up... the secondary booted up OK. We're looking at a possible
RMA on the failing one (TAC case open) rather than cracking the case on
a virgin switch to mess with flash :).
Jeff
On 12/6/2013 11:25 PM, Jeff Kell wrote:
We received our first pair
Follow-up... the secondary booted up OK. We're looking at a possible
RMA on the failing one (TAC case open) rather than cracking the case on
a virgin switch to mess with flash :).
Jeff
On 12/6/2013 11:25 PM, Jeff Kell wrote:
We received our first pair of 4500X switches, and proceeded to try
We received our first pair of 4500X switches, and proceeded to try to
prepare them for deployment. They came up OK on console access, we got
a very basic configuration setup, linked them together, and did an
initial VSS pairing.
With that successful, we put in a management IP address for the
EIGRP metrics.
These are all Catalysts (6500 at A, various 3750 models at B-C-D) so
nothing new and bleeding edge here.
Jeff
On 11/26/2013 10:10 PM, Mark Tinka wrote:
On Monday, November 25, 2013 04:55:08 AM Jeff Kell wrote:
We have been using EIGRP in the most recent generation of
our
We have been using EIGRP in the most recent generation of our campus
network, a choice that was largely made on the fact that it could
load-share across equal-cost paths, and take the path of least
resistance to the target.
Recently we upgraded some core links to 10Gbps, with a couple remaining
On 11/19/2013 5:51 PM, Tim Durack wrote:
Second that. The more people buy 3rd party (coded if you want) the better.
Vendors only listen to sales.
+1 to that. We recently ran across some 3rd-party CODED DOM-supporting
optics that have worked (thus far) in both Ciscos and Brocades. When
you can
On 11/19/2013 9:40 PM, Mikael Abrahamsson wrote:
So complain to your account team and give feedback on their website.
Only by customers complaining will we see improvement.
Don't hold your breath. I've been bitching since they started the whole
Web 2.0 / HTML5 / Java nonsense migration, and
On 11/3/2013 1:41 AM, Dobbins, Roland wrote:
On Nov 3, 2013, at 12:08 PM, Jeff Kell jeff-k...@utc.edu wrote:
If enough of us complain... maybe.
Plenty of people inside and outside of Cisco have complained vociferously, to
no avail. It's unlikely to change.
Maybe we should all go back
On 11/3/2013 7:46 AM, Chuck Church wrote:
It's not just the TAC tool that has been suck-ified. The replacement for
the dynamic configuration tool sucks. Tried it a few days ago, first thing
it asks for is a whole bunch of customer info. I just wanted to verify if
there is a non-EOS OC-3 POS
I had the opportunity to open a TAC case last week... and was greeted
by the new website...
I use Firefox with NoScript, Ghostery, AdBlock, and some other plugins
that require their own unique whitelisting to get cisco.com to work at
all, and even more if you need to login to anything.
I have
Not having fun with TAC, let me ask the real experts :)
ASA-5585X running 8.4(7), recent upgrade in response to last month's
security advisories against the 8.4 code we were running...
Now getting a number of the %ASA-3-305006 regular translation creation
failed errors logged, typically for
:
Have you try using MS Explorer?
Sent from my iPhone
On 2013/11/03, at 7:53, Jeff Kell jeff-k...@utc.edu wrote:
I had the opportunity to open a TAC case last week... and was greeted
by the new website...
I use Firefox with NoScript, Ghostery, AdBlock, and some other plugins
On 11/2/2013 11:20 PM, Alex Presse wrote:
It's the new java update - unsigned code gets user verification windows.
Cisco (and everybody else) will need to update all their java delivered user
interfaces to avoid this annoyance.
And we need Java to submit a case, exactly why?
Plain old
On 11/3/2013 12:52 AM, Dobbins, Roland wrote:
On Nov 3, 2013, at 7:29 AM, Justin M. Streiner strei...@cluebyfour.org
wrote:
It would be great if Cisco focus-group tested these 'enhancements' before
rolling them out, and knock it off with the Java nonsense.
They've been going in this
Cheapest alternative is get an SC-to-SC coupler and an SC-to-LC jumper
and cross your fingers on the added loss.
Otherwise you're looking at re-termination and tolerating a Unicam quick
fix or a pigtail requiring a splice.
Jeff
On 10/14/2013 3:37 PM, Kenny Kant wrote:
I have an older
On 9/25/2013 9:32 PM, CiscoNSP List wrote:
Hi,
Is it possible to shape vlans on the ME3400E? (i.e. Multiple vlans on a trunk
port, shaping them at different speeds)?
And to hop someone else's thread... isn't there some simple way of
prioritizing a vlan over the others via CoS? It's
Over the years I've noticed the network monitors pointing out various of
our lower-end Catalyst switches (29xx, 35xx, 37xx) reporting transmit
discards or receive discards. Since we have some gig uplinks on some
10/100 switches, obviously some of this is to be expected.
As time has gone by, we
We have a fairly extensive access layer of smaller and mostly older
Catalysts (2950s, 2960s) with building distribution 3550s/3560s as
uplinks. We did some overhauls over the summer to get not only gig
uplinks to the buildings, but gig uplinks to each access layer switch
within the building.
Ran across a strange one with NTP [again, had seen it happen once
before, but thought it was a fluke...]
Have a 6500 core running 12.2(33)SXI that is setup to sync to an
external NTP source, and in turn provide NTP for our networked devices.
Basic NTP configuration, with ntp logging, ntp
On 8/28/2013 10:46 PM, Mikael Abrahamsson wrote:
Think of 15.x as 12.(5+x). There isn't that mcuh different when it
comes to commands, it's mostly under the hood and of course new
functionality.
Is that true on the 6500? I've already made the 15.x jump on our
lower-end Catalysts but the 6500
On 7/17/2013 7:30 PM, Muhammad Asim Hussain wrote:
Please use port-channel load-balance src-dest-IP command at global
config.
Hope after this implementation both links will be equally load balance.
Depending on platform, you may be able to randomize to a greater degree,
e.g., 6500 Sup720
On 6/26/2013 11:10 PM, Justin M. Streiner wrote:
It just seems like the new 6k is positioned to poach prospective
customers from the (arguably) higher-margin Nexus 7k product line.
Now that you mention the N-word I have to ask (as we're looking into a
deployment)... how much of it is ready for
On 6/4/2013 6:56 PM, Michael Sprouffske wrote:
I attached a new switch to the network and it took down our contact center
that doesn't touch this switch nor does the phone system. Is this spanning
tree doing this? I don't see anything in the logs that show a change in
spanning tree.
I
(1) Is it just me, or has cisco-nsp been spitting out ancient email
messages for the last couple of days? I've gotten emails dating back to
2010, and it's not just the current timestamps, the embedded On month
day, year, so-and-so wrote... is also old.
(2) As my equipment this week has started
On 4/29/2013 2:57 PM, Dan Benson wrote:
Looking today, I was surprised to see that two of my Sup720-3BXLs are showing
that I only have a MAX cef ability of 239K when all the docs I read show they
should be defaulting to 512K.
Try show platform hardware pfc mode and see if you're really
On 4/15/2013 2:07 AM, Andrew Miehs wrote:
I would like a pair of top-of-rack devices that can mirror one another if
possible too, like cisco's 6509-vss thing.or at least like nexus vpc
(multichassis link aggregation/bundling)
The Nexus 5Ks are pretty cheap and good if you only need L2.
I'm
On 4/9/2013 12:16 AM, Mike wrote:
It it helps. I do also have dot1q native vlan tagging enabled. I just
can't see inside of the switch and understand where my frames are
going. If I put it into switchport mode access, and switchport access
vlan 6, it all works fine and I see mac addresses in
Each time my patience wears thin with TAC, I come here; it's typically
more productive :)
February 2011: 3750G stack stops answering to telnet/ssh with timeouts,
serial console reports %% Low on memory; try again later.
Gets blamed on CSCsu27706, fixed in 12.2(44); but we're now on 15.0(2).
Anyone doing HSRP v2 on a 3750G (IP Services) ? Bonus points if on a
VRF SVI ?
Jeff
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
You can't do a CFC on a WS-X6716-10GE, can you?
Jeff
On 3/25/2013 1:46 PM, Phil Mayers wrote:
On 25/03/13 17:35, Olivier CALVANO wrote:
Hi
i have a Cisco 6504E with a VS-S2T-10G and a small problems with two
card:
*Mar 25 17:20:06.375: %C6KENV-2-DFCMISMATCH: Module 2 DFC incompatible
On 3/16/2013 8:34 PM, Andrew Miehs wrote:
The cisco documentation recommends static as the recovery times are
supposedly faster due to no negotiation. Not really sure if the downsides
make up for that though.
Yeah, you can screw up your network much faster that way :)
We had been doing PAgP
On 3/13/2013 11:09 PM, Pete Templin wrote:
I suspect a 'sh int status' might have shown this port in VLAN 1,
and/or 'sh int tru' might not have shown this port trunking.
Or if you're playing trunks, it's probably setup for native vlan 1.
Jeff
___
On 2/28/2013 11:14 PM, CiscoNSP List wrote:
Thanks Rick - How long have you been running your setup for?
Exactly what I did for my SAN network -- replaced a stack of two 3750s
with two 4500Xs using vss.
Works flawlessly.
How was the configuration migration? It was my understanding the
On 2/18/2013 6:25 PM, Garrett Skjelstad wrote:
Meh.
Everyone always complains when software changes. THAT is the universal
law. Change is constant.
Adapt and find the new cheese. =)
Well, yes, except this release I suspect that someone cut the cheese :)
Jeff
OK, now have ASA up on 8.4 software, and boy is it ever weird :)
We do NAT extensively (all 1918 addressing inside). For public-facing
servers, primarily web servers, we made a habit of translating them into
a public /24 network (say x.y.z.*). The firewall atrributes for this
was to simply
I have similar values on 6500 / VS720 / 6716-10G mostly just
transmit/receive power.
Have never seen anything on a lesser/smaller Catalyst with one
exception... we were trying some compatible optics on a link out of a
3750-12 stack. These particular compatibles show everything! All the
On 1/24/2013 3:24 PM, vinny_abe...@dell.com wrote:
Thanks Andrew... I should have elaborated further. The hosts aren't directly
connected to the 6500. The 6500 aggregates several TOR switches just doing
pure layer 2, no trunking or tagging or anything. The 6500 provides an SVI
for each VLAN
After a few IOS updates in our maintenance window tonight, I had some
port-channel trunks fail to come up *again* and this is becoming more
than an occasional nuisance... perhaps others have seen this...
We run a number of port-channel uplinks between Catalyst switches
(3560s, 3750s, 4500s,
But 4500X VSS isn't official yet either :)
Jeff
On 1/17/2013 11:43 PM, Blake Pfankuch wrote:
That's what it looks like to running IOS XE. I'm curious if they are
maintaining the 3750 style stacking or going more with the 4500X style
stacking...
-Original Message-
From: Andrew
On 12/26/2012 3:05 PM, Ryan West wrote:
On Wed, Dec 26, 2012 at 13:57:53, Blake Pfankuch wrote:
Subject: [c-nsp] Anyconnect ASA 5550
Int gi 0/1
Ip address 10.10.10.11 255.255.255.0 standby 10.10.10.12 Nameif
outside Secu 0
Without changing the actual interface IP, I cannot have my
Quick question...
I have a stacked pair of 3750X switches currently feeding 2 trunks
through some packet inspection devices and into ASA5540s.
We're upgrading to 5585s, and looking at doing etherchannel trunks out
of the 3750Xs and 5585s (now that ASAs support etherchannel).
If the ASAs are
On 11/28/2012 5:38 PM, Bernie wrote:
It's clearly highly relevant in some environments, but Dell is gaining
market share with the STP functioning as-is. While I can bring discussions
like this to management attention, the system is set up to listen to the
people making sales decisions at
If you seriously have 10G on the roadmap, 4500X looks sweet, you can get
it in a 16-port version, SFP / SFP+ you upgrade as you are ready. A
pair of them in a VSS deployment is going to be pretty steep however,
especially if you need smart layer-3 (Enterprise).
Otherwise perhaps a 4507E+R with a
On 11/19/2012 8:38 PM, Andrew Miehs wrote:
The OP seemed to be having an issue with bursty traffic, which is why
I would push him away from the 37xx product line.
Yes. I continue to be disappointed at 2960/3560/3570 buffer performance
(so much to the extent that we're currently deploying
On 11/18/2012 6:20 PM, Andrew Miehs wrote:
Although not a bad idea, it will be a little difficult to convince
management that we now want to replace the controllers.
The reason for MPLS is that we could just hang all the wireless gear off a
wireless only PE, rather than requiring an extra hop
On 11/1/2012 5:28 PM, Aaron wrote:
What is a clean/easy way to leak a couple routes between two vrf's ? if you
have links to docs or sites that explain this or you know how , lemme know
please.
Either an import route-map (filter imports), or route-map your
redistribution into BGP (filter
On 10/30/2012 10:37 AM, Gert Doering wrote:
Hi,
On Tue, Oct 30, 2012 at 09:00:25AM -0500, Ge Moua wrote:
+1 for:
* get a reasonable switch
maybe something like a 2960-X (or higher) will provide for deeper
buffers during micro-burst use case.
As far as I have been told, the new E and X
VRF-aware management functions are a pain... you want it everywhere,
except when you get it, e.g., recent ip helper-address suddenly
becoming vrf-aware caused us some major issues. Accepting VRFs at the
COPP level (e.g., vrf-also on vty access lists) can screw you as well.
I can see the
Have been noticing this for some time but did not consider it worth
pursuing at the time, then recently had to try some traceroutes and
nmaps from off-campus for testing purposes and now it's relevant...
Our internal infrastructure is on private addresses. We have dynamic
NAT enabled for the
On 10/13/2012 12:19 PM, Gregoire Huet wrote:
Hello
I've been told by Cisco that the feature would be available by 1st
half of 2013.
If it's added to existing hardware, I'd expect a new SDM profile and
even lower numbers for everything else once the IPv6/VRF allocation is
taken out :(
A
I'm looking for the 4500 (old SupIVs) equivalent of a switch load...
For Cats 3550/3560/3750 I have a load macro looking at show
controller utilization for active interfaces.
For the 6500, a show mls stat gives you a fair idea.
There doesn't seem to be a 4500 equivalent. There is the show
We did cross-chassis port channels on 3750s for years. However, the new
vCenter/ESX 5+ has this automatic link balancing thing. You setup the
trunks all the same, no need for port-channels, and the vCenter host
load-balances the vlans/hosts across the available links.
Kinda ugly from the switch
On 9/18/2012 10:16 AM, Antonio Soares wrote:
It's possible to extend the support for the non-E 6500s with something they
call Post Last Day of Support (Post-LDoS). Basically you have a price for
the service that is the double of a 6500-E. But you can have the non-E
supported until 31-Dec-2015.
Usually shows up (worse) on port channels. Drops are read as a single
binary counter, and are calculated as a delta from the previously read
values. Occasionally the port channel values are offset 2x the previous
values (individual ports versus the channel).
We've been dealing with the network
On 8/9/2012 4:32 AM, Luca Tortiglione wrote:
!
route-map PC_TO_VTC permit 1
match ip address 100
set vrf VTC
I suspect you need to complete your route map... you set vrf VTC for VRF
targeted
traffic, you need another level with set global on the return side.
At least that's what I've done
On 7/27/2012 5:38 PM, Oliver Garraux wrote:
Preventing duplicate VLAN numbers sounds like it could be better
solved through process changes rather than technical changes. Maybe a
wiki or a spreadsheet, or a single person that's in charge of
assigning new VLAN's.
(Not trying to be
On 5/20/2012 10:54 PM, Keegan Holley wrote:
Are you sure? The only release bulletin I could find was from 2010 and
that's the year the EOS'd the non-E chassis.
They dropped the non-Es for the -Es. Now they're dropping the -Es for
the +Es.
6500 non-Es were dropped even earlier (support runs
Just to provide another data point / opinion...
We have 3560, 3560X, 3750, 3750E, 3750X all deployed, typically as CE
routers. We are moving to 3750s to stack for redundancy.
Most are well-behaved with a few exceptions...
Any of the X-series with a microcode update can take 30 minutes or more
On 4/28/2012 4:10 PM, Robert Blayzor wrote:
Well the reality of the 720-3BXL in an IPv4/v6 world is that you get
about 500k IPv4 and half that in IPv6 (IIRC). The l3xl scale license
will get you 1M IPv4 routes and 128K IPv6. Of course you'll lose a lot
of your L2 scale. So if your considering
AFAIK there is just LAN Base, IP Base, and IP Services now, IPv6 was rolled
into IP
Services.
It was IP Services, 15.0(1).
On 4/26/2012 10:03 AM, Dale W. Carder wrote:
Was this on advanced ip services or a different license set?
Dale
Thus spake Jeff Kell (jeff-k...@utc.edu) on Wed, Apr 25
I've seen this on stacked 3750s when doing anything related to
configurations, it
would hang up hard enough to timeout EIGRP hellos from neighbors (and vice
versa)
causing general havoc everywhere.
The workaround was to include parser config cache interface.
During the hangs if you could get
After playing with a lab switch (3560X) today looking at some IPv6
features, we discovered you can't really do IPv6 VRFs on it.
The vrf definition configuration option doesn't like address-family
at all, so no IPv4/IPv6 bits there.
Is this an under consideration software function, or a
On 2/15/2012 3:09 AM, ar wrote:
I would like to setup a remote access IPSEC/SSL VPN then maps to MPLS
VPN/VRFs.
I'm thinking of using 7206VXR as the concentrator/PE for this.
Remote clients will use cisco/microsoft vpn clients.
Site-to-site vpn will be supported too.
I'm sure there are
Quick reality check...
Is the difference in the E-series chassis only in available power? Has nothing
to do
with backplane bandwidth?
Jeff
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
On 2/7/2012 3:00 PM, Nick Hilliard wrote:
Anyway, I don't really have an issue with this - the E chassis has been sold
more or
less exclusively since 2005 or so, so any remaining in deployment will be
well past
their accounting write off time.
Apparently Cisco support of the non-E chassis
import/export require BGP to actually work... or at least I've never had any
success w/o
at least defining the BGP process.
Jeff
On 2/3/2012 9:22 AM, harbor235 wrote:
Take a look into importing routes from one vrf into another using an import
map.
check out a previous thread:
Given the fact that if you have a switch running with such ACL
statements in place (and working), upgrading to 12.2(58) will break them
would seem to be something PSIRT would be interested in (but I received
no response after reporting it).
The bug may be tied to my case :)
Jeff
On 2/2/2012
Trying to break some new ground on ASA 8.4(2) VPN configuration (quite a number
of
changes)
Need to map AD group membership onto a group policy selection.
(1) Previous examples are using the Cisco name IETF-Radius-Class to map into
the
policy name, while 8.4(2) seems to want Group Policy
On 1/20/2012 10:19 AM, Alan Buxey wrote:
;-) there'll also be a deluge of sup720 blades for those people still on sup2
or sup32
from all the sup2t upgraders
Yeah, hopefully VS720s too...
Jeff
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Running into this on a 3560X IP Services (context is accepted by everything
else...)
Grote-Uplink(config-ext-nacl)#85 permit tcp any any eq 9100 log
% Ambiguous command: 85 permit tcp any any eq 9100 log
Grote-Uplink(config-ext-nacl)#85 permit tcp any any eq 9100 log ! log
% Ambiguous
On 1/18/2012 10:14 AM, Jeff Kell wrote:
Running into this on a 3560X IP Services (context is accepted by everything
else...)
Grote-Uplink(config-ext-nacl)#85 permit tcp any any eq 9100 log
% Ambiguous command: 85 permit tcp any any eq 9100 log
Grote-Uplink(config-ext-nacl)#85 permit tcp any
192.168.128.74 eq
smtp syslog log log
Corny, but if they're going to botch up a maintenance release like that...
Chuck
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeff Kell
Sent: Wednesday, January 18, 2012 4:47 PM
After checking some software revision data during the holiday break, I
noticed that the 29xx/35xx Catalyst IOS train has jumped 12.2(58)SE up
to 15.0(1)SE.
Is there really a significant difference, or is this just a marketing
numbers game to look more current ?
And if you've already made the
You can insert statics to an L3 interface with a next-hop of a second
router (very kludgy and inefficient, but required for the reason you
discovered).
You can use a FWSM or external box to handle the route [leak].
You can loop a cable between global and the target VRF.
You can do VRF Selection
Is it possible to run an RSPAN vlan through (not an endpoint, just
transport) an intermediate switch (specifically Foundry/Brocade FCX switch)?
I would suspect that mac address learning on the switch would
interfere with RSPAN, and I can't find a Brocade equivalent of the
mac-learn interface
On 11/22/2011 5:15 PM, Peter Rathlev wrote:
On Tue, 2011-11-22 at 12:59 -0700, Dave wrote:
I was wondering if anyone has used the 3560X-48T switches and would be
kind enough to give me the good/bad/ugly on them ?
We have a couple of WS-C3560X-48T-Ls in use. They seem to function just
as well
On 10/12/2011 8:56 AM, Jeffrey G. Fitzwater wrote:
Does anybody know that absolute answer, if a 3750X can or cannot stack with a
3750 or 3750E ?
A 3750X LAN Base image cannot stack with anything (other than another
3750X LAN Base image switch).
A 3750X IP Base or IP Services will stack with
I have been running standard VPN client profiles for VPN access for quite a few
years,
on PIX and now on ASA. I'm working on our next generation prototype now, and
the number
of VPN groups are growing a bit out of hand.
Up to this point we have been distributing groups/roles by providing a
We have a few 2960Cs as well as 3560Cs. They are almost cool, except...
-- there's no PoE 2960C
-- and the 3560C is IPBase only
Jeff
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
On 9/6/2011 12:03 PM, Dave Weis wrote:
Does anyone have a suggestion on how to implement VRF selection based on
incoming IP on a 7200?
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/vrfselec.html
This is listed as only being supported on the 12000 series.
I don't know about the
On 9/6/2011 8:09 PM, Chris Evans wrote:
Checked the 5585 limits? It's supposed to blow a 5580 out of the water...
On paper.
I don't think anyone has mentioned it yet, but there is also ASA VPN
Load Balancing clusters. You can combine a number of boxes together,
configure the cluster
On 7/27/2011 4:52 PM, Scott Granados wrote:
How does this differ from what Foundry did? :) The CLI in the fast
iron or
server iron gear for example is pretty damn similar. The router bgp
commands were absolutely the same and the only difference was the way
that
foundry named interfaces.
I have some remote sites running off of ASA 5505s, and an existing VPN cluster
running
8.4(2).
For consistency's sake, I was trying to update the 5505s to 8.4(2) -- had one
on 7.2 and
one on 8.1.
Everything appears to be working on them except management sessions (ssh or
https or
ASDM), they
On 7/26/2011 10:58 AM, Ryan West wrote:
On Tue, Jul 26, 2011 at 10:44:19, Jeff Kell wrote:
Subject: [c-nsp] ASA 8.3/8.4 management issues...
I have some remote sites running off of ASA 5505s, and an existing VPN
cluster running 8.4(2).
I've rolled everything back to 8.4.1 interim. I have
On 7/19/2011 8:22 PM, Keegan Holley wrote:
The being said the other algorithms are just as unpredictable for just
the same reasons. It depends completely on your traffic patterns.
Adding TCP/UDP port may even this out a bit but I don't believe it is
supported on the 3560.
3550:
On 7/18/2011 3:12 PM, Gert Doering wrote:
Hi,
On Mon, Jul 18, 2011 at 08:17:56PM +0200, Asbjorn Hojmark - Lists wrote:
Sup2T will have IOS-XE Sometime Later(TM).
There will be modular IOS for 6500!!
Call me unconvinced.
... I'll go and play Duke Nukem Forever in the meantime...
You can
The ASA VPN in 8.x has an IPsec Client Update feature built-in that I was
looking over.
Basically it will do a version check and you can provide a URL to download new
software,
for Windows (general), Win 95/98/ME, WinNT/2000/XP, MacOS, and LInux.
There appear to be no provisions for WIndows
Yes, another PIX migration question ('tis the season...).
Our legacy VPN has several groups / profiles for different access types. I
have been
able to move these to the ASA successfully (users have VPN client, and get a
matching
profile .pcf for their respective access).
The legacy used
On 7/5/2011 8:48 PM, Timothy Riendeau wrote:
Have you actually done it with the 3750? I cannot find anything on cco
about 3750 mlacp.
Yes. It will do multi-chassis blind trunking (mode on) or LACP (mode
active). It will not do PAgP multi-chassis.
Switch Ports Model SW Version
On 7/5/2011 9:12 PM, Quinn Snyder wrote:
2960-s.
stacking was afflicted with serious bugs up until a few months ago.
seems to be stable with current code.
There is the 3750/3750G/3750E which can stack / multi-chassis, and you
can add 3750X IPBase/IPServices to that mix.
There is the 3750X LAN
I'm working on replacing an old PIX VPN setup with a new ASA, and having a bear
of a
time with a full tunnel setup.
The PIX (old 6.x software) has setups for both split-tunnel and full-tunnel
profiles.
It is *not* the outbound gateway for internet-destined traffic.
Our internet traffic goes
1 - 100 of 252 matches
Mail list logo
