Re: [c-nsp] IPv6 VPC Port channel Nexus -- 2951

Hi, On Wed, Oct 26, 2016 at 9:06 PM, Scott Voll wrote: > So I have a 2951 setup with a Port-channel to a set of L3 Nexus 5548's on a > VPC. > > Well, I don't know specifically about IPv6, but in general, connectivity between a router and nexus using vPC is not recommended,

Re: [c-nsp] L2 over L3 scenario

Hi, On Fri, Oct 23, 2015 at 10:37 AM, james list wrote: > > I’d like to share experience, receive suggestions if any, alternatives if > any, recommendations, scalability numbers if any, etc. > Make sure to handle the MTU appropriately or your routers will start

Re: [c-nsp] LACP Fast/ ISSU

Hi, perhaps here: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/upgrade/521_N1_8/n5k_upgrade_downgrade_521.html#pgfId-641259 or here: http://www.mostlynetworks.com/2013/07/no-issu-for-you/ Regards, John On Mon, Sep 28, 2015 at 2:35 PM, Harry Hambi - Atos

Re: [c-nsp] asa 5510, remote access vpn, resources across lan-to-lan

Hi, it could be nat but this depends on your routing config. It could also be that this command is required: same-security-traffic permit intra-interface Regards, John On Mon, Sep 1, 2014 at 4:57 PM, ryanL ryan.lan...@gmail.com wrote: hi, i'm hopefully going to find someone who's done this

Re: [c-nsp] Multicast group but no traffic

Hi, just a few debugging ideas: You could put an ACL on 2911 outbound interface to 2960 an ACL like permit ip any host 239.xxx.xx.xx (the multicast group) permit ip any any and check if you get counters increasing on the first line you could also enable ip flow and then with show ip cache flow

Re: [c-nsp] 6500 HSRP unicast flooding

Hi, Did you issue clear arp after changing the mac aging on both switches so that they update their mac tables? Other than that, are there any eg trunk ports flapping without portfast configured that could cause a lot of TCNs ? When you see the traffic from the span, does the destination mac

Re: [c-nsp] 6500 HSRP unicast flooding

The interesting thing, is that SOME macs are learned and some are not. Increasing the mac aging helped quite a bit, but there's still a problem. I'm curious if my copp default is limiting ARP. http://www.gossamer-threads.com/lists/cisco/nsp/125236 I don't know if copp would prevent the

Re: [c-nsp] ASA5520 latency OSPF drops

Hi, since you don't lose the OSPF session between 5520 and 2921, I would say that this is not related to ASA CPU, DoS from Internet etc. This would also suggest that 2950G in general works ok. The vlan that connects 3750 to 5520 exists only in 2950G and only these 2 devices are connected? Would

Re: [c-nsp] Cisco ScanSafe, aka Cisco Cloud Web Security

On Wed, Dec 4, 2013 at 6:18 PM, Eugeniu Patrascu eu...@imacandi.net wrote: On Wed, Dec 4, 2013 at 5:53 PM, Herro91 herr...@gmail.com wrote: Has anyone on the lists explored Cisco's ScanSafe SaaS offering, now called Cisco Cloud Web Security - as a means of providing protection in the

Re: [c-nsp] Firewall/UTM

h.. maybe you could adjust ips throughput to 8Gbps so that you'll get the 3240C model... the model number could apply to juniper, cisco, hp, xtreme ...etc John On Sat, Nov 30, 2013 at 6:13 PM, madu...@gmail.com madu...@gmail.comwrote: Dear Experts, I am in the process to acquire and

Re: [c-nsp] maintaining 'interesting' traffic on a pvlan isolated port

Hi, to be honest, I don't understand why losing the arp entry (btw in 5 minutes?) would make the device unreachable. Perhaps you block somewhere the broadcasts? So if you put a static arp on the device, everything works fine? Regards, John On Thu, Oct 24, 2013 at 12:18 AM, Jason Lixfeld

Re: [c-nsp] New Catalyst 6k chassis

hmmm The Cisco 4451-X data plane uses an emulated Quantum Flow Processor (QFP) that delivers application-specific integrated circuit (ASIC)-like performance that does not degrade as services are added. --koug On Fri, 28 Jun 2013, Antoine Monnier wrote: but does that new 4400 have

Re: [c-nsp] Cisco VPN intermittent disconnects

It looks a bit strange that it takes 40 seconds to respond to the DPD requests and then they all come together? Is there any kind of QoS / wan accelerators in the path? Is this Ipsec over TCP? have you tried UDP? Regards, John On Thu, 25 Oct 2012, Joseph Mays wrote: We have a client on a

Re: [c-nsp] GBIC requires restart after link loss

On Tue, 4 Oct 2011, Martin T wrote: WS-C2960G-24TC-L[Gi0/22] - [Gi3/4]WS-C4506 SFP in WS-C2960G-24TC-L is a noname 1000BASE-LX10 transceiver working thanks to service unsupported-transceiver. GBIC in WS-C4506 is an Avago AFCT-5611Z 1000BASE-LX10. Linecard model in WS-C4506 is WS-X4306-GB. I

Re: [c-nsp] Cisco UCS Rack servers - C2xxx or C4xxx

Martin, have a look also at the posts by Brad Hedlund: http://bradhedlund.com/topics/cisco-ucs/ Regards, John On Fri, 22 Jul 2011, Martin T wrote: 2011/7/22 Pete Templin peteli...@templin.org: On 7/21/2011 4:25 PM, Martin T wrote: Chris, I have no hands-on experience with those servers,

Re: [c-nsp] Maximum number of VRF-Lite instances in ISR G2 routers

On Wed, 13 Jul 2011, Peter Rathlev wrote: On Wed, 2011-07-13 at 10:01 +0200, Matteo Castelli ML wrote: I am starting a project to implement VRF-lite for some customers, does anybody know (or have a link to some Cisco documentation) the maximum number of VRF-lite instances in the different

Re: [c-nsp] Cisco IAD 2431, auto dial on pick up of handset?

Been googling but haven't found a good example to work with. Does anyone have an example configuration for a Cisco IAD device so that when a user picks up an attached handset it auto dials a number. This is for a outside office phone to ring in to the building type arrangement. Any

Re: [c-nsp] FWSM problems with one website only

On Fri, 8 Apr 2011, Arne Larsen / Region Nordjylland wrote: When I did the tracing on the FWSM I could se that it was sending traffic in both direction on the connection and on the wireshark I could se that both ends ended up asking for each other, and after a while retransmitting the

Re: [c-nsp] cisco nat breaks sonicwall

On Wed, 16 Feb 2011, Adam Greene wrote: Anyone seen this behavior before? We have set MTU to 1404 on all interfaces of the 1841 ... does not help. Is there some feature I should enable on the 1841? Stumped ... have you tried ip tcp adjust-mss 1360 on the interfaces? Regards, John

Re: [c-nsp] Multiple VRFs over site-to-site VPN? Possible?

I believe that you can use ASA for the IPsec part and create GRE tunnels between the PE and CE (one for each VRF). You would need though something like ISR on both ends or switches that support GRE in hardware, so 3560/3750 should change. Regards, John On Tue, 1 Feb 2011, Jeff Kell wrote:

Re: [c-nsp] Multiple VRFs over site-to-site VPN? Possible?

Hello, On Thu, 3 Feb 2011, Ge Moua wrote: If there were ISR on both end then I'd just do vrf-aware IPSec and plumb L2TPv3 inside of this to transport the vlan; of course this doesn't answer the original question of doing this with ASA I believe that you can use ASA for the IPsec part and

Re: [c-nsp] Cisco ASA - LDAP Attribute map - IETF-Radius-Class - map-value

On Thu, 25 Nov 2010, Jason Charlton wrote: I am trying to setup my ASA to do authentication for VPN useres, where specific group-policy will be assigned based on the AD group membership. I know this can be achieved though the below commands: ldap attribute-map CISCOMAP map-name memberOf

Re: [c-nsp] Untagged native VLAN...

Hello, On Tue, 23 Nov 2010, Elmar K. Bins wrote: I am trying to set up a test port - for an IP phone actually - with the office WS VLAN (402) native untagged, and the Voice VLAN (498) tagged on this 3560-48 (12.2(25)SEE4). My config looks like this: #sh run int f0/44 interface

Re: [c-nsp] IPSec problems

Hello, you can use show crypto ipsec sa detail and check the counters. Maybe you need to increase the replay window-size. see: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_iarwe.html If you can't find what is wrong, try also to switch to tunnel mode, just in case this

Re: [c-nsp] Router 2 factor authentication

we are using Cisco ACS with RSA ACE integration for these devices. You will get a standard prompt like: TACACS+ Username: myuser Password: token-pin+token-one-time-password The login is fast, and from what I hear the ACS+ACE setup is stable enough to not being punished by your server

Re: [c-nsp] pvlan (Private Vlan) setup question

pvlans do not work only local. just configure the uplink to 6509 as regular trunk, and allow 810,666. And you should configure the vlans on 6509 as private also (as you configure them on 3750) John On Fri, 9 Jul 2010, Erik Witkop wrote: So I have two 3750 (no stackwise) that uplink to a

Re: [c-nsp] pvlan (Private Vlan) setup question

Thanks John. That seems viable. My only concern is if I have more and more customers coming into distribution, the config could get hairy. I was hoping I could make a different isolated vlan on the second 3750 switch. And then I was hoping that a ping from isolated vlan to isolated vlan

Re: [c-nsp] issue with basic access-list reordering

On Wed, 7 Jul 2010, Pete Lumbis wrote: This is part of standard ACL optimization. This optimization completely disregards comments. It's annoying and a bug was filed eons ago about this and it was junked as part of expected behavior. See CSCdu55701. -Pete On Wed, Jul 7, 2010 at 2:58 PM, Ruben

Re: [c-nsp] Same MAC address on PPPoE CPE

On Tue, 6 Jul 2010, Rin wrote: I have two questions here: 1. Is there any method that the router does not additional configuration on port configured with port-security MAC sticky? 2. Anyone has other idea rather than configure port-security to detect same MAC address on CPE?

Re: [c-nsp] Web TV Streaming Solution?

On Tue, 11 May 2010, Felix Nkansah wrote: To informally permit employees to watch the upcoming soccer world cup without consuming all the bandwidth through the use of web TV, one of my customers came up with this requirement: What would you recommend? Thanks. Get the stream using eg VLC

Re: [c-nsp] MTU issue on a GRE tunnel

Config example. The remote end is the same. Tunnel73 ip address yy.yy.yy.yy 255.255.255.252 ip mtu 1476 ip tcp adjust-mss 1460 tunnel source x tunnel destination z tunnel path-mtu-discovery The two tunnel endpoints are ME3400s. I expected that this configuration would reduce the

Re: [c-nsp] Problems downloading from ftp.cisco.com

On Fri, 23 Apr 2010, Geert Nijs wrote: A customer of us has a really strange problem. He can't download anything from ftp.cisco.com He is sitting behind a Checkpoint Firewall. The Firewall admin says that everything is configured correctly (we can download from other FTP sites). Did you try to

Re: [c-nsp] www.cisco.com Login Woes

On Thu, 1 Apr 2010, Mark Tinka wrote: Anyone else experiencing login troubles to www.cisco.com ? Have you tried clearing the cookies from *cisco* ? usually this works for me... John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] SNMP irregularities.

164 dec == A4 hex it seems that all your macs on other vlans start with 00 On Fri, 12 Mar 2010, Drew Weaver wrote: Sorry, I promise this will be my last odd-ball question for awhile. [r...@nessie html]# snmpwalk -v2c -c st...@511 10.1.0.1 .1.3.6.1.2.1.17.4.3.1.1

Re: [c-nsp] IPSec crypto map on MPLS enabled interface?

On Thu, 11 Mar 2010, Peter Rathlev wrote: On Thu, 2010-03-11 at 08:39 -0500, David Prall wrote: I specifically tested if the router would MPLS tag the packets correctly, and could see that it would. And I also tested the whole stack (IP/GRE/IPSec/MPLS), but only with traffic originated by the

Re: [c-nsp] IPSec crypto map on MPLS enabled interface?

On Mon, 8 Mar 2010, Peter Rathlev wrote: crypto isakmp profile Crypto-Profile-TEST vrf INSIDE-VRF keyring Crypto-Keyring-TEST match identity address 172.16.0.1 255.255.255.255 OUTSIDE-VRF initiate mode aggressive ! not sure, but maybe you should put this profile in vrf OUTSIDE-VRF ?

Re: [c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?

Hello, somewhere in an old document (CatOS) it states the problem: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml Known Limitations of VACLs and PVLANs Unicast Reverse Path Forwarding (uRPF) does not work well with PVLAN host ports, so uRPF must

Re: [c-nsp] firewalling authenticated wireless traffic

We offer wireless connectivity to about 500 to 1000 user/devices that authenticate with machine domain credentials via WPA2. My thought is that our wireless traffic is likely more secure that our plain wired networks - at this point without 802.1x on lan. but the wireless signal

Re: [c-nsp] firewalling authenticated wireless traffic

Hello, User credentials are not cached, machine ones are - of course. I think windows caches users credentials, so that you can logon to a PC when there is no network connectivity. I really don't know how WPA2/802.1x uses domain authentication. Is it Kerberos enabled EAP? They really

Re: [c-nsp] Cisco 6506 ACL problem

On Mon, 8 Feb 2010, Muhammad Jawwad Paracha wrote: Dear All, We are facing problem in Cisco 6506 equipment regarding ACL's. It has occured 3 times that ACL's that are being implement on device stops working for 1,2 minute. Hello, I think that I recently saw somewhere to prefer named ACLs

Re: [c-nsp] MPLS VPN with lot of PPP interfaces and central firewall

On Thu, 21 Jan 2010, Gerald Krause wrote: For now I see 3 options for us: a) implement dedicated VRFs for each branch and map VRFn-VLANn on the RTRs b) build a brigded L2 LAN from the CPE Dialer-Interfaces up to the Firewall-Ethernet Interface (how? bad idea?) c) some other brilliant

Re: [c-nsp] Nat Issues With cisco Routers

On Tue, 24 Nov 2009, Lin wrote: I tried to do a no ip nat service sip tcp port 5060 command. This removes the 482 Loop Detected Error and allows the client ip phone to register. However, outgoing calls fail, because the SBC on the other end responds with an 403 error. Apparently, the header

Re: [c-nsp] mlppp dot1q question

Is there any way to run subinterfaces across a MLPPP bundle in IOS? maybe you could also use eg l2tpv3 over mlppp or frame-relay with frf.16.1 and DLCIs? Haven't tried it though... John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] Coax E1 over IP

Is it as easy as that? Can we just insert an adapter cable to convert from coax to RJ45 and then use e.g. the NM-CEM-4TE1? Yes. Cisco also has such cables eg. I think CAB-ADPT-75-120 was the part number, but I guess it will be much cheaper if you get a eg. Krone

Re: [c-nsp] Fiber

it's useful if you want 10G to the desk. Otherwise, it's too fragile and sensitive for the average office environment. Maybe plastic optical fibers are not so fragile/sensitive, but I haven't seen them in production John ___ cisco-nsp mailing

Re: [c-nsp] Router logs going to dmesg

Hello, somewhere at the start of syslog.conf you will see something like: *.err /dev/sysmsg *err;kern.debug/var/adm/messages *.alert;kern.err operator etc. change it to something like: *.err;local0.none /dev/sysmsg

Re: [c-nsp] Cisco Security Advisory: TCP State Manipulation Denial ofService Vulnerabilities in Multiple Cisco Products

On Thu, 17 Sep 2009, David Hughes wrote: On 16/09/2009, at 6:06 PM, Gert Doering wrote: Just imagine how much functionality NX-OS could get if they would stop wasting effort on 17 different software trains for classic IOS and instead focus on getting NX-OS on all hardware platforms, and

Re: [c-nsp] VPN Auditing

have you enabled crypto logging session ? On Thu, 27 Aug 2009, Paul Stewart wrote: Hi folks... We have a site that runs a Cisco 2800 with a IOS VPN server. Users connect via their Cisco VPN clients to gain access to an internal network there... I would like to start auditing it a bit

Re: [c-nsp] Counters for null0?

I think it will also show Null when it is forwarded but goes through a permit ACL with log keyword John On Wed, 5 Aug 2009, Rodney Dunn wrote: There are scenarios (nat, acl drops, etc.) where the dst in the netflow will show null. For a transit packet that is forwarded out will not

Re: [c-nsp] ASA v8 , VPN, and time-range access-lists

Hello, The standard approach is to send at authentication via a eg. radius attribute a session timeout calculated to the end of the work-day. ACLs may not work because the sessions are already established. You could experiment with stateless ACLs on a router somewhere above your ASA, but I

Re: [c-nsp] SNMP ENGINE consuming CPU

Hello, I remember cisco boxes having CPU problems with retrieving arp / route table entries via SNMP more than ten years ago. Maybe someone must create some kind of snmp proxy that retrieves those tables from cli Regards, John On Fri, 24 Jul 2009, Jeff Fitzwater wrote: Hello Bill,

Re: [c-nsp] FWSM access permissions confusion between interfaces

Hello, I had once tried to use the NAT controls on the interfaces on a PIX and I was dissappointed because things didn't work as expected, but I don't remember the exact details. What I remember is that if you want to be safe, you must put access-list everywhere. So I use now no nat-control

Re: [c-nsp] How to improve C3750G switch uplink speed?

On Fri, 22 May 2009, Jon Lewis wrote: On Fri, 22 May 2009, Benny Amorsen wrote: Jonathan Brashear jonathan.brash...@hq.speakeasy.net writes: As an aside, PVST can become an issue when you're scaling up into dozens/hundreds of VLANs. The 3560/3750 series supports only 128 PVST instances. I

Re: [c-nsp] Wireless Splash Screen Cisco AP Aironet

Hello, have a look at consent feature for routers http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/auth_fw.html you can also setup something like chillispot: http://www.chillispot.info/ Regards, John On Wed, 6 May 2009, Johnny Ramirez Colmenares wrote: We have a guest network and I would

Re: [c-nsp] Wireless Splash Screen Cisco AP Aironet

terms. On Wed, May 6, 2009 at 9:41 AM, John Kougoulos k...@intracom.gr wrote: Hello, have a look at consent feature for routers http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/auth_fw.html you can also setup something like chillispot: http://www.chillispot.info/ Regards, John On Wed, 6 May

Re: [c-nsp] Lightstream freeze

Hi, do you run 12.0 mainline? perhaps you are affected by: CSCdw36579 Regards, John On Fri, 27 Mar 2009, Sebastian Ganschow wrote: Hi, as far as i know and cisco says, a lightstream should be hot-swap capable. Does anyone know which reason could be, that a lightstream freezes, if you pull

Re: [c-nsp] Interesting NAToverload issue

Hello, you could split the usage of nat pools based on statistics of the source IP addresses eg use 1 ip/overloaded nat pool for even source IPs and another IP for the odd source IPs Best Regards, John On Wed, 25 Feb 2009, nasir.sha...@bt.com wrote: Hi, I have a client who has moved

Re: [c-nsp] wireless access-controll feature in ios software

Hello, perhaps you are looking for this: Consent Feature for Cisco IOS Routers 12.4(15)T http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/auth_fw.html However you can also use the embedded captive portal when you use Cisco WLC controllers or you can also try Chillispot --koug On Tue, 25

Re: [c-nsp] VPN Question - IOS

Hello, try removing the following lines: acl 100 include-local-lan netmask 255.255.255.0 The IP address that will be used is the one assigned by the pool VPNPool1, unless you configure some kind of NAT translation BR, John On Tue, 22 Jul 2008, Paul Stewart wrote: Hi there... We have a

Re: [c-nsp] DMVPN Rollout -- MTU questions

On Thu, 22 May 2008, Eric Cables wrote: The above, however, doesn't seem to work in some cases. Users as these sites complain of intermittent connectivity problems, which seem to be solved rather quickly by reducing the IP MTU, and configuring TCP adjust-mss. I do have concern as to why

Re: [c-nsp] 6500 vs. 7600 revisited again

Certainly Cisco must (should) have had numbers demonstrating the split was reasonable, and it's possible the group of people on this list, myself included, who dislike the split are a self-selecting minority. It doesn't mean I have to like it though. Time and customers will show if this

Re: [c-nsp] Catalyst 3750 failure - marsupial interference

On Wed, 2 Apr 2008, Tim Franklin wrote: On Wed, April 2, 2008 10:47 am, Dale Shaw wrote: From the same people responsible for the VMS wombats? Did Cisco hire a bunch of ex-DEC folks? ... It was founded by ex-DEC folks http://en.wikipedia.org/wiki/Len_Bosack :)

Re: [c-nsp] Multicast tryout

Hello, mgen was very useful in some tests I have done in the past: http://cs.itd.nrl.navy.mil/work/mgen/index.php John On Tue, 1 Apr 2008, Robert Hass wrote: Hi I'm currently looking for some software which can help us test new Multicast configuration in our network. Is any free software

Re: [c-nsp] Large File Transfers

You could use also https with some kind of authentication (you can even integrate something like SecurID) and of course you may use PGP encrypted files. WebDAV would be a candidate also... John On Wed, 5 Mar 2008, Mike wrote: Not 100% Cisco related, but supported by Cisco technology

Re: [c-nsp] ACL Filtering for Passive FTP Server..

if you use cbac you need to permit only port 21. The rest will be handled by cbac. if you use extended only acls (no reflexive, no cbac) you need to permit a lot more: example: active (port) outacl (to server) client gt 1023 - server eq 21 client gt 1023 - server eq 20 established

Re: [c-nsp] How to easily and securely pull configuration from a PIX/ASA

The only option I can think of here if for you to grant access to a userid that is allowed to run 'copy running-config tftp://aaa.bbb.ccc.ddd/upload/pix.cfg' where aaa.bbb.ccc.ddd is the IP of the authorized TFTP server on a secured portion of your LAN. That I think that you could also use

Re: [c-nsp] dual cbac

Hello, Based on what I remember from some tests a few years ago, IOS will use the use the CBAC configuration that it will match first, but the first packet must be permitted through all the ACLs. So in case on Vlan1 you have ip inspect fw in and on Dialer1 you have ip inspect fw2 out, in case

Re: [c-nsp] Multicast routing table and snmp visualization tool ?

check out this url, it has some tools, I don't know if they do what you want: http://www.caida.org/tools/measurement/Mantra/other-tools/other-tools.html --koug On Thu, 27 Sep 2007, Xavier Beaudouin wrote: Hello, I am looking for a good tool to use and see what multicast groups I have

Re: [c-nsp] ACS and ASA VPN user authentication

Hello, I've done this in vpn concentrators with radius: Locking Users into a VPN 3000 Concentrator Group Using a RADIUS Server http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml It applies to VPN concentrators using Radius, but I guess that it will

Re: [c-nsp] Qos pre-classify

Ian MacKinnon wrote: On Thu, Jun 07, 2007 at 02:50:14PM +0100, Ian MacKinnon wrote: Hi All, Given the config below for a vpn tunnel, when I add the command qos pre-classify to the crypto map and the tunnel interface, I get really bad slowdown of traffic. 2. Questions, is anybody using

Re: [c-nsp] Applying ACL

my preferred method is to upload the acl with tftp, ofcourse with the first line permit tcp any any established also I have created a script on the tftp server (which works only with non-named access-lists), which extracts the acls from a router configuration file, and places each acl on a

Re: [c-nsp] display last lines of logging

I will enhance this with show logging | begin ^000699:) Ed Ravin wrote: On Thu, May 24, 2007 at 05:26:01PM +0300, Tassos Chatzithomaoglou wrote: I was wondering Is there a way to display the x last lines of the log of a router (through the cli) ? Like the CatOS sh logging buffer -x

Re: [c-nsp] Cisco 1811 DNS Server overload

it to 12.4(11)Txx to try to fix it. ...Skeeve -Original Message- From: John Kougoulos [mailto:[EMAIL PROTECTED] Sent: Tuesday, 17 April 2007 2:19 AM To: [EMAIL PROTECTED] Cc: 'Cisco-nsp' Subject: Re: [c-nsp] Cisco 1811 DNS Server overload also if you are using 12.4(11)Txx

Re: [c-nsp] Cisco 1811 DNS Server overload

also if you are using 12.4(11)Txx, consider moving back to 12.4(6)Tyy. Skeeve Stevens wrote: I have an 1811 temporarily doing NAT for about 200 clients and at the moment and while it generally is working ok, the DNS facility of the router is freaking out. Some show logging: *Apr 16