Does anyone have personal experience with the Catalyst 9500 series
(specifically interested in 16X)? Impressions, caveats?
Sincerely,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Biggest issue is buffer space. 3750X has 2750KB shared between 24 GE ports.
Switch models starting with 29XX are similar or worse. 3650 and 3850 show 12MB
shared between 48 ports
(http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3650-series-switches/qa_c67-729531.html).
I
I need to upgrade the edge router for one of my deployments. Current 2811 is
not expected to support the new WAN links. I need 4-5 ports (copper is fine),
aggregate throughput up to 125Mb (not accounting for future growth), BGP with
3-5 peers and <100 routes, and QoS. I don't ever expect to
drives up the cost.
Again, depending on the amount and pattern of traffic, a pair of 29XX with a
pair of 3650s with LAN BASE licenses may be more functional and more economical.
Sincerely,
Michael Malitsky
--
Date: Mon, 31 Aug 2015 11:43:40 -0700
From: Jason
are empty
Have you tried to use logging buffered 128000 debugging?
I know there is level debugging, but maybe it change the behavior...
Am Dienstag, 12. Mai 2015, 19:11:08 schrieb Michael Malitsky:
sh run all produces the same output: logging buffered 128000. I
thought debug was usually default... Sh
helping.
Sincerely,
Michael
-Original Message-
From: Randy [mailto:randy_94...@yahoo.com]
Sent: Tuesday, May 12, 2015 1:56 PM
To: Michael Malitsky; Chuck Church
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Logs are empty
Curious abut the default severity level for logging buffered
messages
incident to the router booting up. BTW, these 13 did not show up until 3-4
hours after boot.
Thanks
Sincerely,
Michael
-Original Message-
From: Lukas Tribus [mailto:luky...@hotmail.com]
Sent: Tuesday, May 12, 2015 12:39 PM
To: Michael Malitsky; cisco-nsp@puck.nether.net
Subject: RE
Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Michael Malitsky
Sent: Tuesday, May 12, 2015 2:27 PM
To: Lukas Tribus; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Logs are empty
True. However, logging monitor plus terminal monitor change absolutely
nothing.
I do
This is going to sound stupid, and I am hoping it's just complete lack of sleep
that's causing me to overlook something. Can anyone clue me in please?
Working with a brand new 2911, 15.4(3)M2. I can't get anything to show up in
the logs. Neither monitor, nor buffer. I am not next to it,
The ISP is not giving me a new circuit, just swapping IP space, so I am limited
to one interface on one box. Is there a way to bind multiple crypt maps to an
interface? Or a way to bind different entries in a crypto map to different
source IPs?
Sincerely,
Michael Malitsky
-Original
the answer is NO, but I am hoping I missed
something.
Router in question is a 2801. All VPNs are site-to-site IPSEC.
Sincerely,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
Sounds eerily familiar, although I can't find any notes for v6. The first
releases of 7 had a similar issue, caused by the firewall dropping any packets
with MSSnegotiated size.
However, you options are very few. Try disabling the http fixup to confirm it
is the inspection engine causing the
From: Aaron [aar...@gvtc.com]
Sent: Thursday, July 11, 2013 3:24 PM
To: Michael Malitsky; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] pix 6.1(3)
Thanks Michael, What does http fixup do ? how would disabling fixup fix my
issue ?
Aaron
-Original Message-
From: Michael Malitsky
+ years.
Sincerely,
Michael Malitsky
From: N. Max Pierson [mailto:nmaxpier...@gmail.com]
Sent: Thursday, August 30, 2012 5:47 PM
To: Michael Malitsky
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] 7200 Line protocol bouncing
How do you have your timing setup WRT all circuits coming
be helpful.
Sincerely,
Michael Malitsky
--
Message: 5
Date: Thu, 30 Aug 2012 12:53:22 -0600
From: Tim Densmore tdensm...@tarpit.cybermesa.com
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] 7200 Line protocol bouncing
Message-ID: 503fb6a2.3000
channels.
Sincerely,
Michael Malitsky
-Original Message-
From: Andrew Miehs [mailto:and...@2sheds.de]
Sent: Thursday, August 30, 2012 6:29 PM
To: Michael Malitsky
Cc: N. Max Pierson; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] 7200 Line protocol bouncing
Sent from a mobile
SmartNet, just suggesting you consider
options.
Sincerely,
Michael Malitsky
Date: Tue, 27 Apr 2010 14:53:28 -0700
From: Mike mike-cisconspl...@tiedyenetworks.com
To: 'Cisco-nsp' cisco-nsp@puck.nether.net
Subject: [c-nsp] ouch 7204vxr reloaded
Howdy,
Well that was fun, I discovered
.
Sincerely,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
.
In both cases, symptoms are similar to what you describe.
Sincerely,
Michael Malitsky
Message: 7
Date: Mon, 25 Jan 2010 15:22:38 -0800
From: Scott Granados gsgrana...@comcast.net
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Self rebooting pix?
Hi All,
I'm having a strange problem and not much
Thanks to all who replied, will give it a try.
Sincerely,
Michael
-Original Message-
From: Peter Rathlev [mailto:pe...@rathlev.dk]
Sent: Wednesday, September 02, 2009 5:05 PM
To: Michael Malitsky
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Geographically dispersed ASA
understanding what the major differences are. Can
anyone enlighten me?
If anyone has hands-on experience with both and willing to share, that
would be most appreciated.
Thanks,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
Hello,
Does anyone know if the ASA failover feature supports a setup where the
ASAs are in geographically different locations? Specifically, I have
two data centers about 30 miles apart, connected by a 50Mb metro
ethernet link with latency under 10ms.
Thanks,
Michael Malitsky
a champ
(assuming the CPU can keep up of course) and is just 2 lines to set up
vs the MQC on the switch.
Sincerely,
Michael Malitsky
Date: Wed, 8 Apr 2009 09:36:07 +0500
From: Muhammad Salman Zahid gregariouspe...@gmail.com
Subject: Re: [c-nsp] rate limiting pointers?
To: Scott Granados
Hello,
Can anyone recommend a training simulator appropriate for someone
studying for CCNA/CCNP?
Sincerely,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
-queue
ppp multilink
ppp multilink group 1
Sincerely,
Michael Malitsky
Message: 8
Date: Thu, 15 Jan 2009 16:55:48 +
From: William wil...@gmail.com
Subject: Re: [c-nsp] Per packet load balancing with low latency
applications
To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
be situations where IP unreachables are
desired, or situations where infrastructure protection is not important,
but by and large disabling it seems to be a good step. If you disagree,
I'd appreciate an explanation.
Sincerely,
Michael Malitsky
Message: 3
Date: Thu, 15 Jan 2009 11:37:38 -0600
possible).
The above is my experience.
Sincerely,
Michael Malitsky
Date: Thu, 15 Jan 2009 14:10:48 -0600
From: Tony Varriale tvarri...@comcast.net
Subject: Re: [c-nsp] Per packet load balancing with low latency
To: cisco-nsp@puck.nether.net
Message-ID: 77d9873d48ba45ddab65a10b74710
identify/classify them?
Thank you,
Michael
-Original Message-
From: Michael Malitsky
Sent: Wed 10/29/2008 9:07 PM
To: 'cisco-nsp@puck.nether.net'
Cc: Michael Malitsky
Subject: reflexive ACL on 6500
Hello,
Does anyone have any experience using reflexive ACLs on a 6500? I am having
Hello,
Does anyone have any experience using reflexive ACLs on a 6500? I am
having trouble finding definitive information as to the manner these are
processed. One document indicates the first packet of a flow is punted
to the MSFC, the rest are hardware-switched. Another says that the
first
phrased the original question the way I did because the specs for the ASA and
VAM are written in bits-per-second rather than packets-per-second. In either
case, I am curious how close does real world come to the specs?
Thanks,
Michael Malitsky
-Original Message-
From: Arie Vayner
at 5540?
-7201 (or 7206) with NPEG2. Do I need to add a VAM, or will the NPE
handle the load?
Any real-world experiences will be most appreciated. Also, if there are
better suggestions (including non-Cisco), please share.
Thanks,
Michael Malitsky
Date: Sun, 4 May 2008 00:36:01 -0500
From: Dan Letkeman [EMAIL PROTECTED]
Subject: [c-nsp] 2801 - can it handle this?
To: cisco-nsp@puck.nether.net
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1
Hello,
I have a 2801 router with the firewall IOS. I
[mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 4:56 PM
To: Michael Malitsky; [EMAIL PROTECTED]
Cc: cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] 2801 - can it handle this?
What version of code was the router running. There was a
major rewrite of
the IPS code in 12.3(11)T. If you
Hello,
I am curious if anyone is experiencing bugs with the 1841 platform? In
our case it's acting as a firewall, and terminating 5 IPSEC tunnels.
Also routing between several VLANs. No dynamic routing protocols.
Remote access via SSH. It seems that we are getting a bunch of error
messages in
I'd been running with no problems:
--7.2(2)23 on my PIXs
Had to upgrade from 7.2(2) to resolve a NAT bug
I use these as firewalls, no VPNs
--7.2(3) on ASA5510s
These serve as firewalls, and also terminate L2L VPNs and VPN clients.
--8.0(2) on ASA5505s
These are just used as SOHO/small site
. I'll settle for policing or even CAR, but so far
haven't been able to figure it out. I need this done on several
switches, all are either 3550 or 3560 models.
Any suggestions appreciated.
If this can't be done, what's the minimum level of hardware necessary?
Thanks,
Michael Malitsky
Hello,
Looking for help with summarizing routes in OSPF. I have a VPN headend which
populates a bunch of host routes into OSPF. The routes are contiguous, so I
want to aggregate them. The headend itself lacks such functionality, so I am
trying to do this on the next OSPF-capable device,
Malitsky [EMAIL PROTECTED]
Cc: cisco-nsp@puck.nether.net
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
On (2007-11-05 18:08 -0600), Michael Malitsky wrote:
Last week one of my customers DoS'd me - they managed to
create a wire
loop between their switches
I am running the following with no problems:
5510s with 7.2(3) - static routing, NAT, stateful firewall, IPSEC
5505s with 8.0(2) - NAT, stateful firewall, IPSEC
PIX525s with 7.2(2)23 - static routing, NAT, stateful firewall, some
OSPF
Hope this helps,
Michael
Date: Mon, 5 Nov 2007 13:01:19
Cliff,
Unless I am misunderstanding, this looks like a straightforward routed
networks behind PIX scenario. Depending on complexity and scale, this
could be as simple as a static route pointing back to the network(s) at
center B and appropriate NAT/ACL statements on the PIX.
Let me know if you
Last week one of my customers DoS'd me - they managed to create a wire
loop between their switches, with no STP. The resulting broadcast storm
killed the CPU on my access router (their default gateway). Does anyone
have any pointers or best practices on how I can protect the router
without
Did you use a cross-over cable?
Michael
Message: 1
Date: Wed, 24 Oct 2007 06:50:05 -0400
From: Paul Stewart [EMAIL PROTECTED]
Subject: Re: [c-nsp] Ethernet Question - Problem with link
To: 'Mike Louis' [EMAIL PROTECTED], 'Pete Templin'
[EMAIL PROTECTED]
Cc: cisco-nsp@puck.nether.net
Now, why doesn't TAC know about this? I've just opened a ticket with
the exact same question. It took them 2+ days to arrive at a similar
answer (with a lot less certainty and detail), and in between they've
produced random guesses ranging from your IOS is too new and this is a
cosmetic problem
_
Doesn't work - route-map shows no hits at all. Any help appreaciated.
Thanks,
Michael Malitsky
Message: 9
Date: Wed, 22 Aug 2007 16:31:02 -0400
From: Rodney Dunn [EMAIL PROTECTED]
Subject: Re: [c-nsp] NAT on one interface
To: Joe Maimon [EMAIL
processing at all). Is there any other
way?
Thanks,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
of equipment also is not an option - everyone shares a
backhaul to the data center.
Michael
Michael Malitsky wrote:
Hello,
We are in the process of deploying an MPLS network
(carrier-provided) to
connect several customers to a data center. The customer
locations are
all separate
providing), but since they are not under my physical
control, that makes me somewhat uneasy. Are there any better solutions?
Thanks,
Michael Malitsky
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
48 matches
Mail list logo