Do you need to do this via ACLs? For the inbound case, strict unicast RPF would
handle this (and more) implicitly. For the outbound, do you have any 1918
routes? If not, just add statics to Null0.
[sent from my mobile]
On Jun 23, 2012, at 3:37 PM, Randy randy_94...@yahoo.com wrote:
--- On
This would either require a severely broken client (that isn't discarding 0
timestamps), or a server that is setting them prior to being initialized. Most
likely it'd be due to erroneous configuration (as earlier cited), declaring the
local clock to be authoritative.
I'd place a far higher
Never played with it (and it may be a dead-end feature), but 12.3T got some
acceleration functionality with RBSCP tunnels along with the VSAT HWICs. Wrap
this in IPSec and you should have a single-device footprint for each remote
site. (You then also have a readonable place to do ECMP rather
On Apr 30, 2012, at 7:42 AM, Dave dcostell-cisco...@torzo.com wrote:
CEF is showing enabled and running on all interfaces, however I am seeing a
large number of packets that are process switched. ( I assume due to NAT
Translation)
I had thought NAT entry creation was moved into the CEF path
If you're going to the effort of chopping up that /16, kill the cross-building
VLANs. You've already got local redundancy in the stack, no need to involve
both buildings in duplicate STP, ARP, etc.
Let each building be its own L2 domain and turn those 10GbE hauls into PtP L3
links (worst case,
From the limited details, it sounds like what you really want is vrf-lite.
Assuming the application traffic can be split into its own subnetwork, stick
them in a VRF whose normal routing table matches what you're forcing via PBR.
On Mar 6, 2012, at 6:55 PM, Zach Williams
On Oct 13, 2011, at 10:55 AM, Tim Durack tdur...@gmail.com wrote:
OT: I do wish Ethernet had a means of establishing link and sending
test frames without having to commit to full L2/L3. Would make
commissioning links much easier.
Park the new interface (and a host port for load generation) in
On Oct 14, 2011, at 12:25 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
At least on the 6500 (which is closely related to 7600) LAN cards, DOM is
absent - for example on 6748-SFP. No convincing explanation has ever been
given AFAIK; it just doesn't do it, with ANY transceiver.
Later hwrevs
Assuming you're stuck with lanbase (since this is trivial with an igp) on the
3560's, why not make the 1921's point-to-points and statics on each 3560
pointing down those interfaces (with 2 statics on the 1921)?
With a FHRP on the 3560 SVI's towards the interior network, pulling the plug on
The log ACE's force bypass hardware forwarding and CEF altogether, so your
speculation on FIB programming is right on. (...and the failure mode matches as
well).
What does sh plat hard cap show? Over-capacity TCAM FIB supposedly got much
better circa 12.2(33), but is still squirrely.
...except that 68xx is now overloaded to also mean 67xx with DFC4.
[sent from my mobile]
On Jul 22, 2011, at 6:52 AM, Matyas Koszik kos...@atw.hu wrote:
Hello Osama,
Since you don't want to search google nor cisco, I will not do that
either, so you have to accept my answer which comes
On Jul 22, 2011, at 1:23 PM, Joseph Mays m...@win.net wrote:
There is no way turning on ip inspection should break communications
anywhere in the absence of an ACL list, is there?
IIRC, ip inspect is creating a pseudo-acl, so you're being bitten by the
default deny. You should apply a
On Jul 19, 2011, at 1:38 PM, Nick Hilliard n...@foobar.org wrote:
Have you considered the monumental task of making NX-OS or XR work with older
linecards? Or even IOS-XE?
Absolutely -- that's my point. I'm surprised by bringing a new software model
to the 2T given that it's game over for
On Jul 19, 2011, at 8:07 AM, Adil Mansoor a.mans...@mmu.ac.uk wrote:
Just need an advice if I should issue the command to get around the problem
or is there an issue with the firmware version and that it needs upgrading.
Likely neither. You only mentioned the one box - are the other L2 and L3
On Jul 18, 2011, at 11:17 AM, Asbjorn Hojmark - Lists li...@hojmark.org
wrote:
It is IOS.
Sup2T will have IOS-XE Sometime Later(TM).
Because on a 6500, commonality with ASR's makes a lot more sense than with the
Nexii that share use cases and (some) forwarding hardware? At every turn where
What's in the middle? That you never saw the far side go down after getting
err-disabled is fishy.
[sent from my mobile]
On Jul 14, 2011, at 10:35 AM, Leonardo Gama Souza leonardo.so...@nec.com.br
wrote:
No, It didnt seem to be an intermittent issue.
One of the sides didn't show any
vty access lists along with login max-failure? (guessing somewhat blindly
without visibility into what the active tcb's were)
[sent from my mobile]
On May 11, 2011, at 7:47 AM, Joe Freeman j...@netbyjoe.com wrote:
I have a customer with an 1841 doing webvpn, running advsecurity-12.4-24.T5.
Microbursts, see the archives (though it would be so much nicer if these
platforms reported them properly as output buffer failures).
Nice counter bug there on broadcast packets, it made it hard to concentrate on
the real problem.
[sent from my mobile]
On Feb 12, 2011, at 11:58 AM, Jose
See the rest of the thread -- don't bother with those GBICs; if they were a
problem, it would manifest itself as input/output errors or link flaps. An
output drop means the packets was dropped before ever being transmitted, not
mangled by crappy transceivers in-flight.
[sent from my mobile]
Absolutely go LACP. One-way, misconfigured or otherwise broken interfaces in a
bundle are handled implicitly and done with explicit signaling to each side
(i.e. Both will see it as an independent or broken port rather than just
shutdown).
This is can also trivially monitored via the LAG-MIB,
At least for normal (non-VSS), mixed modular/monolithic is unsupported, even
for basic RPR. Failure mode is really inelegant -- secondary will just go into
a constant crash/reboot cycle. Tried about a year ago to get the DDTS reopened
for this to get reported sanely and ran into the no, it's
Rather than speculate, do you have an actual example of a
crash that IOS reported as 'SegV exception' that was caused
by failed hardware?
Yes, I've had a failing VAM manifest itself with SegV crashes.
Eventually it died completely and wasn't recognized on boot;
once replaced, router was
On a similar note, does anyone know if OSPF passive interfaces can be
identified via SNMP? It's been awhile since I (fruitlessly) combed the MIBs and
am hoping it's changed.
I'd love to be able to enforce a monitoring check that all non-passive
interfaces have at least one adjacency
What's the STP state for this interface on the VLAN in question? There's not
much information to go on but this would be both expected and correct if it's
blocking.
[sent from my mobile]
On May 6, 2010, at 7:46 AM, Christian Schuler cschu...@pironet-ndh.com
wrote:
Hi,
I'm debugging for some
This is exactly the *only* situation, where classic flow control makes sense
and
does really help, since it properly triggers output queueing at the sending
side
when the real data-path speed is reached.
OK, the vitriol towards .3x in this thread was so strong I was concerned I had
[...taking this from nanog to c-nsp...]
Essentially, for all of the MEC connections, the VSS has created a clone
of the configured port-channel to bind the actual physical connections,
rather than binding them under the configured port-channel (and suffixed
the port-channel number with A or
Similar to Gert's question on on delayed eBGP startup, is there a good way
to delay IGP default-route generation?
Since our DFZ routers have a 0/0 nailed down to Null0, OSPF begins
generating the default right away, irrespective of BGP state (namely
before the router is actually prepared to
The answer is very simple: if someone thinks that ethernet flow
control is the answer, the burden of proof is on them to answer
difficult questions about what the actual problem is, what flow
control is going to solve, and why they think that it won't cause more
problems than its worth. At
so you have one ingress port (the NAS), 20 egress ports (the clients).
Egress port 1 fills up.
What are you going to do? Flow-control (- slow down 19 other ports)
or drop?
Agreed, egress queuing and flowcontrol send seems logically flawed, but
the NAS case I see cited is flowcontrol
router ospf
max-metric router-lsa on-startup wait-for-bgp
[...]
not only do you not want to generate a default route during initial BGP
convergence, you don't even want to be in the path (to a valid BGP NH) during
that period, for the same reasons.
Yep, looks like that's it, thanks!
Problem also with SNMP ACL bypass with SXI3 on VSS setup. If you configure
ACL
to protect access to SNMP RO or RW, the ACL is not filtering and access is
granted to anyone (if you know the community string of course).
Ouch, will want to track this before moving off of SXH rebuilds and
Does not say anything about what may trigger it, eg: mtu,
packet fragmentation, etc..
Though that one is higher profile, still not as bad as:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/release/notes/ol_6897.html#wp274407
...listed as a Limitation and
problem still exists that IOS is monolithic based and has a horrible time
making good use of SMP
Agreed. Its particularly curious on the ISR, since its still a software-based
platform and not positioned for heavy IGP/EGP workloads. SMP for NX-OS/XE/XR
where its just the control-plane is a lot
I was just reading the 3925/3945 announcements and notice they're plugging
multicore processors. Given brief and violent life of MPF on the NPE-G1,
this seems surprising. Does anyone know what the plans are to actually
utilize these?
___
cisco-nsp
I assume that even though the 6509-V-E is available, until the 80gig
line cards and Sup are available, you'd be stuck at 40gig/slot?
Correct (nothing special about the 09-V-E in this respect compared to
any other the -E's as far as I know). This is the same as how the
traditional (pre-E) 6500
You could do 8 if you use four VWIC-2MFT-T1 cards, which is pretty much
as high as you'd ever want to go with MLPPP.
With the major caveat that the clock is shared between both ports on a the
VWIC. Even knowing this, it has still bitten us when originally identical
T1's got groomed onto
As a side issue, there are electrical limitations imposed by the physical
cross-bar unit inside the actual chassis, but I don't know how much of a
problem
these limitations are in practice.
6500E was the key for this. Besides nutty amounts of POE capacity, it also
picked up
improved
I could have sworn this had been covered on the list before, but I can't
find it in archives.
We need to get a switch w/ Sup720-3B's upgraded to a Sup720-3BXL's. Though
I'm sure its not supported, does anyone know if a (same generation but
larger) PFC can come up as a standby? SSO seems too much
Are you saying a 6513-E chassis exists? I can't find any reference to it.
Apparently not yet. (I had never paid attention to availability, as any
places we might use it would depend on full fabric connectivity).
Quick search turned up (the rather depressing):
We were considering pushing out monitoring templates watching for broken
devices doing slow-path switching seeing high (10%?) utilization of the
IP Input process. In ION, presumably this lumped in with lots of other
stuff in ios-base. Is there a good way to get at this data, or am I
not
just wondered what folk did out there to monitor switch stacks
(eg stackwise+ switch stacks like 3750e, 2975gs etc (not the older
gigastack ones) ) - using the basic methods such as ICMP will
only show the presence of connectivity to the stack but not the
actual health of the stack - eg
My doubt are 1. whether these cwan1/0-disk0: and cwan1/1-disk0: are builtin
flash modules on Flexwan module?
Yes.
2. if so can i upload my IOS in those modules
No. FlexWAN (as with all linecards) boots after the MSFC/Sup. Its devices
are inaccessible from either Sup or MSFC ROMMON.
However, good firewalls are doing a lot more than that.
You may remember last year's the Internet is falling and only Dan Kaminsky
can
explain it flap around DNS. Well, a lot of the discussion around this
bug/problem/issue ignored the truth that a good firewall prevented the attack
The problem I'm running into today is that the 'access-group peer' statements
on
the NTP servers are matching local clients with ACL 6 as well as configured
stratum-1 peers (successfully matching the peers at that). The local clients
should be matched with the 'access-group serve-only'
Also, bear in mind that not all c65k ports support reading DDM info from
SFPs.
SUP720 cards will, as will later hardware revisions of the 6724sfp blades.
Earlier hardware revisions won't.
Yeah. I really wish this had gone under a new part number (WS-X6724A-SFP?). It
hasn't happened yet,
I think this is really the thing that annoys me most - they know how
to do it right, and conciously decided to go the other way.
Yep. The single biggest reason I'm not advocating Nexus 5000/7000's today
is the lack of NX-OS on the Sup720. If there was roadmap for it to also
include existing
If I blackhole/sinkhole an external-to-my-ARIN-block IP that is
attacking my network, I'm deathly afraid that I may accidentally
advertise it to a peer.
Hadn't thought about it, but yeah, requiring a very long prefix
length before appending RTBH prefixes would be a good safety
measure.
I
My initial thoughts are to BGP peer between POPs with a higher local-pref
for the local outbound traffic and to prepend between the POPs so inbound
traffic is more likely to take the shortest path inbound.
Is this too simplistic? Prone to trouble? What gotchas should I be looking
at, or
This wouldnt be such a problem if folks in the know could use nice
standardized
methods such as FTP or lynx compatible HTTP to download what they want,
regardless of which download method of the day is currently in effect.
Indeed. I have several of these odd network devices (they don't
On the other hand, do you remember how long did it take to run native IOS on
65xx with the majority (not all) of the CatOS features?
Considering IOS Feature Parity was an SXI objective, quite a bit. It took a
long time, but the fundamental difference is that eventual convergence was
always
I'm unsure if it's working or not, but since the nulled routes don't
appear to be advertised to the transit peer, I'm assuming not.
Does a 'sh ip route' for the /32 indicate that its being redistributed?
If you do a 'sh ip bgp nei nei adver' does it show it being advertised?
It's sad when you see all the effort that went into the modular over the
years
being thrown away/ignored then keep having devices crash with more
catastrophic
outcomes and no usable debugging information.
Indeed, that too and the (much anticipated) promise of hot-patching never seemed
that is not feasible, completely abandon IOS and provide XE or NX-OS
on *all* platforms)
NX-OS on all platforms? nothanks - some of us want functionality ;-)
No, that's exactly the problem. The balkanization of the OS platforms
only amplifies this; non-core functionality such as IOS's
TAC was pretty responsive, they have identified this as CSCtb27643.
It happens in SXI2, both modular and monolithic, and whether in VSS
or not, just when DFCs are in place. The ddts is not public so ask
your local team.
FWIW we just ran into this; TAC told me SXI2a would be released
Sorry for the late response, had to dig through some old cases...
But anyway - my routers are lying to me. They list *.179 just fine (BGP),
but all the other interesting stuff (telnet, ssh, ldp) is not there...
Last dug into this 2.5y ago (while looking into PSIRT cisco-sa-20070131-sip)
and
We had a Sup720B (non-redundant, running modular SXI) crash, due to what looks
like was due to a CPU_MONITOR watchdog event. What was nasty though was that
rather than reload, it hung (dead and unresponsive console) and required a
power cycle.
The RP crashinfo made it out fine, however SP
Aug 18 2009
addr=0x0, pc=0x74C7D940, ra=0x74C7D86C, sp=0x389EBC8
On Aug 18, 2009, at 11:04 PM, Kevin Graham
wrote:
We had a Sup720B (non-redundant, running modular SXI) crash, due to what
looks
like was due to a CPU_MONITOR watchdog event. What was nasty though was that
rather than
Cisco TAC swore up and down that it SHOULD balance between the 2
types of WICs but more traffic was being sent over the WIC T1-DSU.
Replacing the WIC 1-DSU with the controller did the trick.
Ran into a similar problem mixing the T1 VWIC's (when they were new)
and WIC-1DSU-T1's. One type of
Have a bizarre NTP issue with 877 routers running 12.4(T) train.
- Only seems to affect a small percentage of 877 routers,
878s, 1800s , 2800s seem to be fine
A coworker reported the exact same behavior a couple of weeks ago. They
got 87x routers with a new hardware revision,
There's no way I'm downloading 250MB+ images just to re-upload them over
whatever slow internet access I happen to have at my desktop/laptop to our
staging system.
Also a critical habit for archiving. Finding an interim build that you got 6
months ago and now have to re-use is only
Stumbled across this when reading SXI release notes, which is the only mention
I'd seen of it. As of SXI, 2gb of DRAM is supported on both RP and SP of
Sup720BXL. Not sure what the motivation was to take SP up, but MSFC3 w/ 2gb
takes some of the sting out of MSFC4 getting blocked on 6500...
The only thing I can see as a difference is if I trunk the iSCSI vlan,
then the traffic never hits the 6509's routing module. Maybe that helps
performance?
No. Assuming the 6500 isn't a relic with an MSM or Sup1/Sup1A, there
should be no difference in L2 and L3 forwarding performance
Hmm. I'm more familiar with the sup720/PFC3 hardware than the earlier stuff.
Sup2/MSFC2 is same switching paths as 720, only major difference is the common
lack of a switch fabric.
What IOS version are you running? Can you show mod?
Are the servers backup kit on the same linecard? If
You are correct. That only applies to the 6148. Originally it also
applied to the 6548 as well, but that limitation was removed later by
s/w optimizations in the LTL programming scheme. So you *can* get
more than 1G thru an etherchannel with 6548s, but of course, you
still can only get
The first shows the Z1 socket in the background with the fuzzy loop in the
foreground. The second shows the heat fin loop in the foregraound with the
socket in the background. The loop is supposed to be in the Z1 socket.
Just unpacked a WS-X6748-GE-TX and found a loose jumped in the
Was the original intention of this thread not to find out exactly what *is*
the best tool for the above scenario? :)
GSR w/E3 or E5 LCs, ASR 1K, CRS-1, or N7K, depending upon the circumstances
Probably none of them -- N7K seems squarely targeted at enterprise DC, so given
BU turf wars,
Hah, keep drinking the cool aid! I have a pair of 6500s ready to fall
over at about 150kpps. All WS-67xx LAN cards with DFCs. CPU averages
60% and often maxes.
No netflow, no uRPF, no multicast, no IPv6, no BFD, no MPLS, no ACLs
in the forwarding plane. Very basic OSPF, BGP, and MSTP.
7200s have three places where code is stored, ROMMON, Bootflash, and the main
image.
ROMMON is a physical Yank this chip out of its socket and replace it with
another chip so not flashable. Not DIY unless you have an EPROM burner and
a
factory chip with newer code to dump.
Depends
Do a search for c2lc-rm2.srec.122-18r.S1
Yep, thanks for the pointer. Wonderful that they made the site
spider-friendly enough that:
http://www.google.com/search?q=site%3Acisco.com+c2lc-rm2
...returns 1 result. I was mostly trying to confirm that (18r)S1 was
still the most current option
With the new and not so improved software download and documentation
sites, does anyone know where to find rommon images and release notes
for 6500 line cards? RP/SP images are linked under the 6500 download
pages, but the only DFC-related link is for c6dfc3 (65xx/68xx DFC3,
I believe).
Thanks.
1. For reflexive ACLs, I believe (never used them on this platform) that the
opening closing packets are punted to CPU, so that the reverse flow can
be
installed into and removed from the netflow table.
Agreed and is entirely expected for reflexive entries. Documentation indicated
The Understanding ACL on Catalyst 6500 Switches[1] white paper indicates that:
All TCP session traffic, except for the TCP
three-way handshake (SYN,
SYN/ACK, ACK) and session close (FIN/RST), is
handled in hardware
...which makes sense for reflexive ACL's, but is that also true for
we are now required to disable SSL 2.0 on all SSL proxies.
Looking at the command reference there does not seem to be an option to do
this.
It's a trick question; SSLv2 isn't supported (at most, you can configure a
destination to shunt v2 traffic to):
Your original concern was redundancy, so I'd personally go with two L3
interfaces per ASR over a static GEC. You may end up with more traffic over the
VSL (as I don't believe there's a ECMP enhancement to prefer same-chassis ports
as there is for MEC), but you'll avoid having to depend on
Is possible to disable enable command for users at privilege 0?
With a parser view you can exclude-command enable; then just assign
those users that view (ie. username noc view LIMITED passsword 0 test).
This works under 12.4T, there is a (still undetermined) bug that prevents
it from
I add port 53 in csm.
How can I do the health check for this port53
Assuming by adding port 53 you mean added a DNS server listening on port 53:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/helthmon.html#wp1025212
The one foot cables that come with the switches are great. They are
short and light enough that the crappy connectors don't cause a
problem.
I have a suspicion that Cisco wanted to fix this. The 3750E's were
initially a 3780, and were renamed late enough that several product
photos had the
Is there a way to (safely) force any of the FHRP's into a multiple-active setup
such that the first router to see a packet can route it? Namely, I'm frustrated
by instances w/ L3 switches where the L2 topology (via STP) doesn't match the
L3 topology (via a FHRP) resulting in cases where traffic
Runs IOS XR, while the recent ASR 1000 series runs IOS XE? Consistency
would be nice.
...or atleast call this a CRS-2 or something. I'm still crossing my fingers
that there's a master plan for consistency (or alternatively, clear
differentiation) between XR/XE/12.2SX/12.2SR/NX-OS.
On a related note, we are seeing input overruns on almost all native GigaE
ports on the NPE-G1. Example on 12.4(21):
On the other side, of those NPE-G1 ports, do you see any flow control from
them? I've never seen a G1's counters show pause frame that it sends, but
even watching them
Funny, we look at it exactly the opposite way. We're a service provider,
and a large majority of the Ethernet links where we run an IGP are point
to point links. So we have the point to point configuration as part of
our standard config template, nothing extra to keep track of.
I agree that
Does anyone know what the formal name for the 'HD' end of an CAB-HD8-ASYNC (for
the HWIC-8A/16A)? Ideally I'd like to do an extended runbefore fanning out into
RJ45's.
Also, given the async line definition of:
line 0/0/0 0/1/15
...is it proper to infer that 0/0 has 16 ports? Namely, if 0/0
The connector on the cards are (Micro)D68F (also used by SCSI-3
devices). You would be looking for a D68M-D68F cable to extend the
connection.
[...oops. sorry Brian, you were right...]
Thanks, I didn't have one on hand to check. Do you happen to know if the
pinout is consistent w/ the
My plan is to collapse my core switch(3750), pix, and css devices into
two 6509's with the fwsm/ace/Gig-e modules. I am just trying to decide
the best way to segregate the internal lan and middle tier dmz's.
Our experience with 6500/7600 and IOS support makes this look like a bad
Doesn't look like my 2960 will do service compress-config. Shall have to
configure it to boot using config on flash :)
For simulated-nvram platforms, you can't compress the config, though boot
buffersize will allow you to increase the size. You'll need to get your
config back down below 64k,
Assuming budget is not a hindrance. So should I go for the advance
enterprise? Advance enterprise is different from advanced-ip series?
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/prod_bulletin0900aecd80281b17.html
___
cisco-nsp
Maybe it's the fact that these are sup720-3cxl-10ge , with X2 modules
installed (which also seem to get hot, 41C), and this packed in a small
chassis
Check CISCO-ENTITY-SENSOR-MIB::entSensorThresholdTable. Looking at some
720C-10GE's, the minor threshhold for the 'asic-#' sensors are
Does anybody know how to detect a stack member down within a 3750 stack
through SNMP ?
You could count how many interfaces are available.
It'd be a lot more effective to just watch the IF-MIB::ifOperStatus of the
stack ports. I haven't checked, but I would think that counting interfaces
has anyone used /31 network instead of /30? I believe this is recommended to
use /31 network? Need expert comments.
Support still seems very limited, but on a similar thread, has anyone toyed
with the 'ip unnumbered for Ethernet' feature? Initially it was just option-82
magic, but I noticed
We're setting up a WAN connecting 12 main sites and maybe 100
smaller sites. Each of the main sites will have 1Gbps links and
the smaller will have on the order of 100Mbps
[...]
All traffic over this WAN must be encrypted.
Is the WAN all direct PtP? Based on link speeds you cited,
We have a 6509 with 2 x 1300W power supplies? rephrase we had :) - anyway,
one of the power supplies has died, we are sourcing a replacement however,
in the meantime I have another 6509 sitting next to me however it has 1800W
power supplies.
Does 'sh mod' say they're 1800W's, or are you just
Can anyone confirm whether the HWIC-1GE-SFP will do 100Base-FX? The only
option that appears to be supported on the ISR's is the NM-1FE-FX-V2, which
with a nearly identical list price seems is obviously far less desirable
assuming that the HWIC can do the job.
(21252 unread) Yahoo! Mail, cepbc
The answer I have heard from Cisco is that doing so would place a
runtime dependancy on the storage.
[...]
You could put the keys into the config but the config could get messy.
RSA crypto keyrings are a little noisy, but well organized, hardly anything
new,
As much as I'm disappointed to see /univercd become deprecated, the new
documentation site at least looks OK once you can find the right navigation
links to it.
What's far worse is what was just done to the old release navigator pages. Now,
instead of searching by release, we get to search
There seems to be some confusion between 7301 and 7304.
Cisco has never known what to call the 1RU 7200 -- 7401, 7301, 7201;
given their own confusion, its only to be expected elsewhere. I guess
the only reprieve is there won't ever be another one.
7304 (either NSE or NPE) has been on its
Does anyone know of a way to identify passive (either OSPF or EIGRP
being my interest) interfaces via SNMP? With OSPF-MIB restricting
ospfIfHelloInterval to a lower bound of 1s, a '0' hello interval
isn't possible, and I believe EIGRP has a similar limitation.
I'd like to have a
For bus utilization per module, I think you're going to have to infer it based
on interface activity.
According to an old TAC case, SXH was supposed to include
'CISCO-SWITCH-HARDWARE-CAPACITY-MIB', which would be an SNMP equivalent to 'sh
plat hard cap'; this would at least get you a view of
It doesn't appear that you have BVI associated w/ a bridge group. What I
typically do its .1q tag for the wireless traffic and leave BVI1 on the
native VLAN (effectively making no reference to the 'maangement' VLAN on
the AP), and then configure the switchport w/ the port's native vlan as
Doing a bridge on the 2851 is an option, but if the 3750's are
part of a single stack, then just use a multi-chassis etherchannel.
Otherwise, put up /31's between the 3750's and 2851; at that point,
either terminate connectivity on a loopback, or use two tunnels for
each of the ISP's (in separate
The thing is the cef is load-balancing packets across equal-cost links
on a per-destination which is how its suppose to be which I get it. The
issue is my tunnel traffic is destined to a single core router on the
far end of the links consuming the majority of the BW for any single
link.
1 - 100 of 139 matches
Mail list logo
