Re: [c-nsp] CSRv & VXLAN

While we are on this... Is OTV still Cisco Proprietary? And still ASR1K and Nexus 7K support from Cisco side? Wouldn't it better to use L2TPv3 - and MACSEC if need to? On Thu, Sep 24, 2015 at 2:40 PM, Luis Anzola wrote: > Find below a very handy guide for the CSR1Kv and OTV:

Re: [c-nsp] Cisco IOS XRv (Virtual ASR9k)

Nice...thanks 5.3.1 is nice. though i don't think people will have access to the file exchange? the public link only has 5.1.2 On Mon, Aug 17, 2015 at 2:00 PM, Tim Densmore tdensm...@tarpit.cybermesa.com wrote: https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=Cisco-IOS-XRv On

Re: [c-nsp] Cisco IOS XRv (Virtual ASR9k)

To: cisco-nsp@puck.nether.net Cc: Date: Tue, 18 Aug 2015 01:37:48 +0700 Subject: Re: [c-nsp] Cisco IOS XRv (Virtual ASR9k) On 18 Aug 2015, at 1:36, Luan Nguyen wrote: Thanks Harold...but from the link that Roland sent...there's nothing there... Don't know what to tell you, it works

Re: [c-nsp] Cisco IOS XRv (Virtual ASR9k)

, « cisco-nsp on behalf of Luan Nguyen » cisco-nsp-boun...@puck.nether.net on behalf of lngu...@opsource.net a écrit : Nice...thanks 5.3.1 is nice. though i don't think people will have access to the file exchange? the public link only has 5.1.2 On Mon, Aug 17, 2015 at 2:00 PM, Tim Densmore

[c-nsp] CCIE Party pickup line

In the Washington DC area, there's the HOV slug-lines where you can pick up people for HOV, is there one for CCIE Party? :) We have a big team going this year and not enough CCIEs to get all in...anyone going solo, kindly drop me an email offlist? :) Thanks. Regards, -lmn

[c-nsp] ASR1000v Loopback interface

Hello, anyone use the loopback interface on the ASR 1000v to terminate VPN/DMVPN tunnel? How does the loopback interface on the ASR1000v related to the VMWare resources? say if i already have the max 10 vnics mapped to 10 gigethernet interfaces on the asr1000v, how does the loopback interface come

Re: [c-nsp] Packet Fragmentation

If you're lucky to have a provider like NTT, who supports 5000 MTU within their backbone, for site to site vpn, you could just jack up your MTU setting on all tunnel-related interfaces to say 5000 MTU and avoid fragmentation altogether. On Thu, Feb 12, 2015 at 2:15 PM, Roland Dobbins

Re: [c-nsp] Primer for IOS-XR

Best place to be: https://supportforums.cisco.com/community/5996/xr-os-and-platforms Document tab as well as Blog tab will get you expert at IOS-XR in no time. On Tue, Dec 16, 2014 at 10:49 AM, Scott Granados sc...@granados-llc.net wrote: Good morning, I have recently been exposed to some of

[c-nsp] QSFP 40G breakout cable

Hi folks, Anyone from the northern VA area has a couple extra of these? I'd like to borrow for a couple days to see if they work in other vendors' equipment? Believe it or not, Cisco' s one is much cheaper. Thanks! rg/lmn ___ cisco-nsp mailing list

[c-nsp] Using Cisco Learning Credits for ccie lab

Hi folks, Can you use Cisco Learning Credits for ccie lab payment? seems like you can't but not sure if your Cisco Account Manager can do something about that? Also, where do people get exam voucher from? Is that something your Cisco Account team can provide? We have some Cisco Learning Credits,

Re: [c-nsp] DMVPN/mGRE on L3VPN - anyone experience issues with encapsulation overhead/MTU?

People do this all the time: GRE/IPSEC back up to MPLS VPN. Lots of service providers have managed service that does this for you. With modern hardware, fragmentation shouldn't be a big deal. Most providers have end to end jumbo frame so just need to be mindful of who does and who don't. Good

[c-nsp] Cisco ASA 8.4.7

Hi folks, With the newest advisory for the ASA: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa We are thinking of going uniform with Cisco ASA 8.4.7. Looking at the Resolved Caveats, lots of them got fixed:

Re: [c-nsp] XRv (xr on a server)

Did someone get a chance to download whatever under XRv? it's page not available currently. If i remember correctly, my SE said you have to pay for it. Beta is going right now and the list is long i was told. You have a better chance of getting it from being leaked out then get on the beta. Was

Re: [c-nsp] XRv (xr on a server)

Seriously doubt that it would be free. On Thu, Oct 3, 2013 at 11:02 AM, Jason Lixfeld ja...@lixfeld.ca wrote: This should be free. On 2013-10-03, at 10:55 AM, Oliver Garraux oli...@g.garraux.net wrote: I will be really really interested to see what they do pricing wise on VIRL. Hope

Re: [c-nsp] asr1001 4 full bgp feed

Do you know if you can do IPSEC with that as well? Or you would need additional $10K IPSEC license? Can it also do limited NAT? If so, what is the number before you add the 2M license? Can you run 1 RP2 with XE while the other IOS? Assuming they do have IOS for ASR and features compatible (bug

[c-nsp] Bad console port - Cisco ASA 5540

Hi folks, I have a couple of ASA 5540s that I couldn't console into: the cursor just blinks. I tried all the baud rates listed but still no joy. These, I won't be able to RMA them. Any tricks to get the console to work? Thanks in advance. Regards, -lmn

Re: [c-nsp] Sup2T rate limit

-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Luan Nguyen Sent: Sunday, April 21, 2013 10:04 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Sup2T rate limit Hi folks, From what I've been reading, I could do the following to rate limit a vlan to 100M class-map match-all

[c-nsp] Sup2T rate limit

Hi folks, From what I've been reading, I could do the following to rate limit a vlan to 100M class-map match-all rate match any policy-map rate class rate police 1 3200 conform transmit exceed drop int vlan99 service-policy input rate But show policy-map interface vlan99 detail doesn't

Re: [c-nsp] GRE tunnel over Internet

People run all sorts of routing protocols over the IPSEC/GRE tunnel successfully (yeah, IPSEC to be more secure)...must be some configuration errors then... r/g -lmn On Thu, Dec 6, 2012 at 12:46 PM, Chris Lane clane1...@gmail.com wrote: We are working on setting up a test where we run a GRE

[c-nsp] FDDI card for 7200 VXR

Hi folks, Anyone has a FDDI PA VIP2 card for the 7200VXR series router that I can buy? Thanks. -Luan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at

Re: [c-nsp] FDDI card for 7200 VXR

Thanks guys. I guess I have to look into buying a 7200 as well. Regards, -Luan On Thu, Oct 28, 2010 at 2:25 PM, Mikael Abrahamsson swm...@swm.pp.sewrote: On Thu, 28 Oct 2010, Luan Nguyen wrote: Hi folks, Anyone has a FDDI PA VIP2 card for the 7200VXR series router that I can buy

Re: [c-nsp] FDDI card for 7200 VXR

28, 2010 at 3:19 PM, Justin M. Streiner strei...@cluebyfour.org wrote: On Thu, 28 Oct 2010, Luan Nguyen wrote: I guess I have to look into buying a 7200 as well. Not knowing your situation or needs, would it make more sense to replace the FDDI gear with something that speaks Ethernet

Re: [c-nsp] Mysterious tunnel interfaces

I have those ISR2 (M1) as well as ASR1002 running DMVPN and don't have those ghost tunnels. Must be for some other services such as multicast. Try to remove them with no interface tunnel 0, and I think the router will tell you why you couldn't. Regards, -Luan -Original Message- From:

Re: [c-nsp] Network mapping...again

If money is not an issue, then I would suggest OPNET NetMapper. We had them come in and did a demo. We like it. Regards, -lmn -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of John Neiberger Sent: Thursday, August 12,

Re: [c-nsp] Zone Based Firewall default-class

Maybe class-default only allow traffic initiate from the zone and not return traffic? Check your log again... Try your Or, and try upgrade to T3 see if that makes a different. -- Luan Nguyen Chesapeake NetCraftsmen, LLC. -- -Original

Re: [c-nsp] Redistributing External EIGRP routes through MPLS vpn

configuration to see if you have thing like eigrp stub connected :) - Luan Nguyen Chesapeake NetCraftsmen, LLC. - -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf

Re: [c-nsp] DMVPN scalability question on the 28XX ISR's

Like someone else said, if you don't have to run dynamic routing protocol, then ODR or static would do wonder. In this case, a dual hub (loadshare/backup) for 1000+ spokes would be just fine. With EIGRP, you could safely do 500+ spokes per ASR. A few years back, either Cisco did some tests and

Re: [c-nsp] DMVPN scalability question on the 28XX ISR's

: Wednesday, April 21, 2010 2:04 PM To: Luan Nguyen; 'Engelhard'; rod...@cisco.com; Erik Witkop Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] DMVPN scalability question on the 28XX ISR's On Wed, 21 Apr 2010 06:35:37 -0700, Luan Nguyen l...@netcraftsmen.net wrote: In this case, a dual hub

Re: [c-nsp] cost community alternatives

Try using the offset list command. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Pan

Re: [c-nsp] Cisco 3750 High CPU

This link should provide some guidance regarding HULC running process. http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note091 86a00807213f5.shtml -Luan -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf

Re: [c-nsp] VAM2+ Performance

/IPSEC with ~90%CPU The VSA has much better performance BTW. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. - -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf

Re: [c-nsp] MPLS VPN Running BGP w/ failover IPSec VPN Over Internet

/Dynagen, you could probably test this whole thing out in your labtop. --- Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net --- -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] MPLS VPN Running BGP w/ failover IPSec VPN Over Internet

. - Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net [AIM/YIM/GTalk] luancnc - -Original Message- From: Jason LeBlanc [mailto:jasonlebl...@gmail.com] Sent: Tuesday, January 26, 2010 7:48 PM To: Luan Nguyen Cc: 'Cisco

Re: [c-nsp] Cisco NAC - SSO Issues

I would suggest opening a TAC case. Also, for NAC related problem, the cleanacc...@listserv.muohio.edu would be a better place to ask questions. Regards, -- Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net

Re: [c-nsp] NAT Global to FVRF

I think the problem is because your VRF Red doesn't have route to the LAN. If [LAN] is switch, then you could try to create a route in VRF Red for the LAN network with the next hop is the IP address of the switch. Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC

Re: [c-nsp] Route redistribution and selection

You might want to check this link out: http://wiki.nil.com/Multihomed_MPLS_VPN_sites_running_EIGRP Regards, --- Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net -- -Original Message- From: cisco-nsp-boun

Re: [c-nsp] OT: Internet Web Caching Solution

remote site and the Internet, or as a push client receiving content from a central site. Hope that help. Regards, -- Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net - -Original Message- From: cisco-nsp

Re: [c-nsp] GRE/NAT ?

No? I remember doing overlapping RFC1918 sites for GRE/IPSEC VPN. Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net --- -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] GRE/NAT ?

So you are talking about NAT after GRE? You certainly could NAT and then GRE-encapsulated the NATTED traffic? Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net -Original Message- From

Re: [c-nsp] DMVPN and OSPF

, --- Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jay Nakamura Sent: Thursday, July 30, 2009 1:55 PM

Re: [c-nsp] 7206VXRG2 performance question

with DMVPN/EIGRP. You could do direct spoke-spoke communication as well. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] ASA Static Translations / DNS Doctoring

, --- Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net - -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Clue Store Sent: Friday, July 17, 2009 12:47 PM To: cisco-nsp

Re: [c-nsp] ASA Static Translations / DNS Doctoring

Very creative use of secondary addresses! :) Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun

Re: [c-nsp] Global Route Leaking on same PE

You could also use a GRE tunnel for the connection as well. Jeff is right that this topic keeps coming up every so often. I wonder why Cisco won't just make this easier for people. -- Luan Nguyen Chesapeake NetCraftsmen, LLC. http

Re: [c-nsp] Dual WAN on Cisco IOS 12.4(24)T

You could put Fa0 into a VLAN and use that for the cable modem connection. There's no option for no switchport and turn it into a layer 3 interface. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web

Re: [c-nsp] Dual WAN on Cisco IOS 12.4(24)T

300 ip route 0.0.0.0 0.0.0.0 y.y.y.y 250 ! HTH. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net

Re: [c-nsp] cisco AnyConnect - cisco 877

There's a configuration guide here: http://www.cisco.com/en/US/products/ps6496/products_configuration_example091 86a0080720346.shtml According to, 877 should be supported. Regards, - Luan Nguyen Chesapeake

Re: [c-nsp] 7206 NON VXR

NPE-225 I think is the max you could go. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net

Re: [c-nsp] VRF and STATIC ROUTE to GLOBAL

, Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net [Blog] http://cnc-networksecurity.blogspot.com/ [Mobile] 703-953-9116 + -Original Message- From: cisco-nsp-boun...@puck.nether.net

[c-nsp] AIM-SSL-3 card on 2811

Hi folks, Anyone tried the SSL-3 VPN encryption card on a 2800 series before? Thanks. Luan Nguyen Chesapeake NetCraftsmen, LLC. [W] http://www.netcraftsmen.net http://www.netcraftsmen.net/ [M] l...@netcraftsmen.net [Blog] http://cnc-networksecurity.blogspot.com

Re: [c-nsp] Acceptance Test Procedure for New Cisco Devices

Going a bit further...how's about looking at those benchmarking RFCs http://www.ietf.org/html.charters/bmwg-charter.html In particular http://www.ietf.org/rfc/rfc2544.txt for the 1861 and http://www.ietf.org/rfc/rfc3511.txt for the ASA Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. [W] http

Re: [c-nsp] Forcing dhcp lease renewal

Things point to Cradlepoint don't they? I've used Digi ConnectPort with lots of success. Or go with the 3G-Wireless HWIC card or ask VzW for a static IP address. The last thing would be to use object tracking in conjunction with EEM to solve your problem. Regards, Luan Nguyen Chesapeake

Re: [c-nsp] site-to-site vpn, ipsec-gre, 2811/HSEC

, Luan Nguyen Chesapeake NetCraftsmen, LLC. [W] http://www.netcraftsmen.net [M] l...@netcraftsmen.net [Blog] http://cnc-networksecurity.blogspot.com/ -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark Kent Sent: Tuesday

Re: [c-nsp] Cisco Software Client - Router VPN issue.

Create ACL 101 permit 10.0.0.0 0.0.0.255 any Then under the crypto isakmp client configuration group SomeVPN Add ACL 101 Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. [W] http://www.netcraftsmen.net [M] l...@netcraftsmen.net [Blog] http://cnc-networksecurity.blogspot.com/ -Original

Re: [c-nsp] Cisco Software Client - Router VPN issue.

Uhm, that's split-tunneling. If you want to use internet at the router site then follow this guide: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration _example09186a008073b06b.shtml Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. [W] http://www.netcraftsmen.net [M] l

Re: [c-nsp] HWIC-4T1/E1

, but it looks like any other serial T1/E1 interfaces. Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin Shore Sent: Friday, December 19, 2008 11:27

Re: [c-nsp] 32 bit ASN

Here's an old post on this topic: http://puck.nether.net/pipermail/cisco-nsp/2008-August/053334.html Also, I heard it's going to be implemented beginning 12.5T Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: cisco-nsp-boun

Re: [c-nsp] Rate limiting but on packet count not bandwidth

Maybe give storm-control with pps keyword a try. http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/1 2.2_25_see/configuration/guide/swtrafc.html#wp1241484 Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: cisco-nsp

Re: [c-nsp] MPLS-VPN migration

destination x.x.x.x If you have a lot of customers (a lot of VRFs), then maybe try DMVPN configuration with the global being the hub and each spokes in their own unique VRF...just a thought :) Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From

Re: [c-nsp] MPLS-VPN migration

[tunnel interface ip network] area 0 ! router bgp 65535 address-family ipv4 vrf CUSTOMER1 redistribute ospf 1 vrf CUSTOMER1 route-map redis-ospf-to-bgp-vrf Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: Tim Durack [mailto:tdur...@gmail.com

Re: [c-nsp] VSS SRND

/solutions/Enterprise/Data_Center/DC_Infra2_5 /DCI_SRND.pdf Which give lots of design guides on VSS. Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pavel Skovajsa Sent: Monday

Re: [c-nsp] DMVPN - HUB VRF Aware - Spokes no VRFs

customers and want to consolidate them into a single hub router, then I would just add the tunnels into their own VRFs, the spokes can be left alone. Depends on the routing protocol you use, and what access you want to give, you need to route inter/intra VRFs accordingly at the hub. Regards, Luan

Re: [c-nsp] BGP Question

Neighbor allowas-in Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephens, Jamie A Sent: Thursday, November 06, 2008 9:18 AM To: cisco-nsp Subject: [c-nsp] BGP Question

Re: [c-nsp] Cisco 881 3G Router Experiences

tunnel mode without DMVPN as well, just make sure the other side configured for dynamic crypto map. Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday

Re: [c-nsp] PIX 6.x Site2Site with dynamic IP?

Just change your A end to use dynamic map. http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration _example09186a0080094680.shtml Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED

Re: [c-nsp] IPSec Remote Access VPN getting Addresses from the DHCP

Maybe try using the global commands no vpn-addr-assign local no vpn-addr-assign aaa vpn-addr-assign dhcp And under tunnel-group COMPANY-TUNNEL-GROUP general-attributes Add: default-group-policy COMPANY-REMOTE-ACCESS Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net

Re: [c-nsp] ipsec over gre with nhrp

-aes 256 esp-sha-hmac mode transport ! crypto ipsec profile foo set transform-set TEST set pfs group5 ! Int tun202 No crypto map tunnel protection ipsec profile foo Then route over the tunnel accordingly...intstead of using ACL to match traffic. Regards, Luan Nguyen Chesapeake NetCraftsmen, LLC

Re: [c-nsp] HWIC-3G-* experience?

directly from the MPLS cloud, they still have to route around and around in their networks since Internet and MPLS are from Verizon Business. Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

Re: [c-nsp] Order-of-operations question about adjust-mss and crypto...

/US/tech/tk827/tk369/technologies_white_paper09186a00 800d6979.shtml#t3 Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net (blog) http://ccie-security.blogspot.com/ (e) [EMAIL PROTECTED] (aim/yahoo): luancnc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

Re: [c-nsp] ctr+break sequence and Cisco 3500

http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_reco very09186a0080094184.shtml Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net (e) [EMAIL PROTECTED] (aim/yahoo): luancnc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED

Re: [c-nsp] OK, what is a cheap and dirty hack to test a port

. They swapped one smart jack, but that didn't help, so they will swap the other today. Hopefully that will do it. Good information here about troubleshooting T1 http://www.informit.com/library/content.aspx?b=Troubleshooting_Remote_Access seqNum=61 Luan Nguyen Chesapeake NetCraftsmen, LLC

Re: [c-nsp] OK, what is a cheap and dirty hack to test a port

It's on fiber. I asked if we could get network timing from them, but they said no, not on this type of circuit. Also, this circuit has been working for years with the same setting :) Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL

Re: [c-nsp] OK, what is a cheap and dirty hack to test a port

they break in the circuit for testing. Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lamar Owen Sent: Wednesday, October 15, 2008 10:37 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OK, what

Re: [c-nsp] OK, what is a cheap and dirty hack to test a port

and they are cross connected by the DACS at the central office. Verizon said they have to be in sync. Something must have happen for them to be out of sync after all these years. Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: Paul G. Timmins [mailto:[EMAIL

Re: [c-nsp] OK, what is a cheap and dirty hack to test a port

-Original Message- From: Ted Mittelstaedt [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2008 12:01 PM To: Luan Nguyen; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] OK, what is a cheap and dirty hack to test a port -Original Message- From: Luan Nguyen [mailto:[EMAIL

Re: [c-nsp] Fwd: NAT in VRF

Yes you can. I used to do that with 2 VRF-Lites on 2 DMVPN tunnels. Platform doesn't make any different. Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Roberton Sent: Thursday

Re: [c-nsp] MPLS and IPSEC co-working (reviving an old thread)

/ps6586/ps6635/ps7 180/product_data_sheet0900aecd80582067.html. The CE-to-CE routing remains the same, with added security. - Luan Nguyen Chesapeake

Re: [c-nsp] SA-VAM2+ usage problem?

. - Luan Nguyen Senior Network Engineer Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net

Re: [c-nsp] IP-VPN CE-PE local pref problem

- Luan Nguyen Senior Network Engineer Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net

Re: [c-nsp] SA-VAM2+ usage problem?

- Luan Nguyen Senior Network Engineer Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net - -Original Message- From: [EMAIL

Re: [c-nsp] Propagating a default route...

Perhaps set a static route for xx.xx.xx.xx (where you get your default route) in your server? - Luan Nguyen Senior Network Engineer Mobile: 703-953

Re: [c-nsp] Debugging Cisco VPN Client Software ... Is it even possible ?

- Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

Re: [c-nsp] GRE over IPSec

is the ASA address and z.z.z.z is your router behind it. -Luan - Luan Nguyen Chesapeake NetCraftsmen, LLC. www.NetCraftsmen.net

Re: [c-nsp] Cisco NAC

First try Cisco: http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home. html http://cisconac.blogspot.com/ One of my coworker's blog - he's excellent with NAC deployment. http://cnc-networksecurity.blogspot.com/ Mailing list:

Re: [c-nsp] Using CA certificates and pre-shared keys on the same box

You could try to configure 2 ISAKMP profiles: one use CA, one use pre-shared. Then configure 2 IPSEC profiles accordingly. -Luan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, September 10, 2008 10:07 AM To:

[c-nsp] Advertising NAT pool using OSPF on the ASA

Hello, According to this document: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgna t.html#wp1042725 If you NAT to a pool of address, then this pool of address will be advertise to the upstream router automatically. I have the set up:

[c-nsp] Analog Dial backup AND dialin management using the same external modem

Hello, Anyone using an analog modem connected to an AUX port for dial backup? In case your T1 primary link fails? The hard part is: Can you use that modem for dialin to manage your router when not using the Dial backup? Thanks. Luan Nguyen http

Re: [c-nsp] ACL making me insane

Rey [EMAIL PROTECTED] wrote: Hi, On Tue, Jun 03, 2008 at 01:37:30PM -0400, Luan Nguyen wrote: The problem is when someone contacted your protectedserver, you need to allow the counter flow of that. For example, you need to have: permit tcp host PROTECTEDSERVER eq 80 any gt 1024 so

Re: [c-nsp] EIGRP vs BGP route selection

You have to have EIGRP redistribute into BGP as well? Once in the BGP table, local redistribute routes will have a weight of 32768 which will be prefered over the EBGP weight of 0. I remember reading over at the Netpro forum and someone said that it's a racing condition: EIGRP converge faster

Re: [c-nsp] BGP with yourself...

Very interesting. I have a problem with having an ethernet in global doing NAT over a VRF, and the vrf doesn't know how to get to the ethernet LAN segment in the global. I was thinking of just doing: ip route vrf whatever 1.1.1.0 255.255.255.0 3.3.3.3 global, where 3.3.3.3 is just some bogus

Re: [c-nsp] 2801 bandwidth limiting

I would say you need to use CBWFQ for this. Create an ACL match everything or whatever interested you out of your network and assigned to a class-map, then create a policy map policy-map out class out bandwidth 10M shape peak 13M interface WAN service out out -lmn On Thu, Apr 24, 2008 at 6:48

Re: [c-nsp] BFD state remains in AdminDown

Don't think that 12.4.15T3 has VRF support for BFD. Maybe try 12.2.33SRC (depends on what kind of routers you have) I had a configuration like that and didn't work for me. Mine isn't a PE-CE kind so didn't bother with SRC code. -lmn On Wed, Feb 27, 2008 at 11:34 PM, Stephen Fulton [EMAIL

Re: [c-nsp] What is pv in show ip arp?

My guess would be private-vlan Can you do a show vlan private-vlan and see? -lmn On Thu, Feb 21, 2008 at 10:30 AM, Christian Bering [EMAIL PROTECTED] wrote: Hi all, When a show ip arp shows the following: Protocol Address Age (min) Hardware Addr Type Interface Internet

Re: [c-nsp] redundant VPNs

1800/2800 should have no problem handling T1 VPN. Use AIM-SSL1/SSL2 encryption cards for them. Tag on Zone-base FW and IOS IPS and your customer should feel safe :) -lmn On Feb 20, 2008 11:48 AM, Adam Greene [EMAIL PROTECTED] wrote: Hi, A customer of ours has two sites, one with an 1800

Re: [c-nsp] EIGRP redistribution between 2 VRFs

, Luan Nguyen wrote: Say i have VRF RED one one of the interface, and VRF BLUE on another interface. And i need to run EIGRP on both of them. They have their own ASN and don't want to change them. How do i send routes learned from RED into BLUE and vice versa? Import the proper

[c-nsp] EIGRP redistribution between 2 VRFs

Hello, Say i have VRF RED one one of the interface, and VRF BLUE on another interface. And i need to run EIGRP on both of them. They have their own ASN and don't want to change them. How do i send routes learned from RED into BLUE and vice versa? From the command line, EIGRP doesn't allow

Re: [c-nsp] BFD aware VRF

I have bgp running between PE and CE. So on the PE, you do: router bgp address-family ipv4 vrf whatever neighbor y.y.y.y fall-over bfd Do the same for the CE under bgp. Then on the link between CE and PE, configured the bfd interval...etc. That should work. The problem is my CE is a 1841

Re: [c-nsp] c7600 and VPLS

Anyone knows when can the 7200VXR support VPLS? thanks. -lmn On Jan 29, 2008 9:22 AM, Dennis Dubbelman [EMAIL PROTECTED] wrote: For supporting VPLS on a 7600, OSM or ES20 linecards are needed on the Core facing interfacces. Those cards will handle the label push and pop for SVI based

Re: [c-nsp] c7600 and VPLS

Not ever? Thanks. -lmn On Jan 29, 2008 11:32 AM, Mohacsi Janos [EMAIL PROTECTED] wrote: On Tue, 29 Jan 2008, Luan Nguyen wrote: Anyone knows when can the 7200VXR support VPLS? AFAK VPLS is not supported on 7200VXR. Regards, Janos thanks. -lmn On Jan 29

Re: [c-nsp] MPLS PE to PE over GRE/IPIP

If you don't have mpls then using GRE between PEs would be okay. Do some thing like: int tun1 ip address 1.1.1.1 tunnel source x.x.x.x tunnel dest y.y.y.y y.y.y.y is the other PE backbone facing ip, reachable by x.x.x.x then advertise your loopback address through the tunnel using whatever you

  1   2   >