Re: [c-nsp] Cisco Nexus 3k Route Selection\Packet Forwarding Debugging

oincidence, but these seems like a direct line from problem to resolution. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett via cisco-nsp" To: "Cisco Network Service Providers"

Re: [c-nsp] Cisco Nexus 3k Route Selection\Packet Forwarding Debugging

7167, but yet it still fails. - Mike Hammett [ http://www.ics-il.com/ | Intelligent Computing Solutions ] [ https://www.facebook.com/ICSIL ] [ https://plus.google.com/+IntelligentComputingSolutionsDeKalb ] [ https://www.linkedin.com/company/intelligent-computing-solutions ] [ https

[c-nsp] Basic Cisco Nexus ACL, VRF, etc. Questions

firewalls\ACLs? I've read various pieces of documentation on Cisco's site for SSH, VRFs, and ACLs, but no mention of any of the above types of activities. I'd assume that if not mentioned, they don't exist, but I thought I'd check before assembling a rather lengthy ACL. - Mike

Re: [c-nsp] Cisco Nexus 3k Route Selection\Packet Forwarding Debugging

. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett via cisco-nsp" To: "Cisco Network Service Providers" Sent: Monday, April 3, 2023 12:16:52 AM Subject: [c-nsp]

Re: [c-nsp] Cisco Nexus 3k Route Selection\Packet Forwarding Debugging

The snmp if index reported by the Nexus matches the if index in ElastiFlow. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Raymond Burkholder via cisco-nsp" To: cisco-nsp@puck.nether

Re: [c-nsp] Cisco Nexus 3k Route Selection\Packet Forwarding Debugging

. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Raymond Burkholder via cisco-nsp" To: cisco-nsp@puck.nether.net Sent: Monday, April 3, 2023 12:31:59 AM Subject: Re: [c-nsp] Cisco Nexus 3k Route Select

Re: [c-nsp] Cisco Nexus 3k Route Selection\Packet Forwarding Debugging

What started this investigation was a client complained of traffic coming from another upstream instead of our direct connection. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett via

[c-nsp] Cisco Nexus 3k Route Selection\Packet Forwarding Debugging

on a different interface, the one that would carry the default route for routes not otherwise known. If the next hop IP is expected and the ARP of that next hop IP is expected, why are packets leaving out an unexpected interface? - Mike Hammett Intelligent Computing Solutions Midwest

[c-nsp] Nexus sFlow

rface, it is enabled for both ingress and egress. You cannot enable sFlow for only ingress or only egress." Hasn't Cisco fixed this yet? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ___

Re: [c-nsp] DC PoE Switch Recommendations

a new car. Let someone else take the loss of value up front. In a few years, it still fits the requirements, but for much less money (thus I can more cost effectively stock spares. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP

Re: [c-nsp] DC PoE Switch Recommendations

Given the lack of AC in the telco room, I was looking for easier ways than generating my own AC to power a few devices, but maybe that'll be a reasonable course of action. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original

[c-nsp] DC PoE Switch Recommendations

reasonable price, but the power supplies are like $2k/each, which is not very reasonable. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https

[c-nsp] captive portal / l4redirect

Hi,     I have ASR1000 and I am trying to configure l4redirect for a captive portal application. I apply "Cisco-AVPair = "ip:l4redirect=redirect to group REDIRECT_NOPAY" in radius, and I get error messages from sss: L4 Redirect: Apply inbound direction from Per-user configuration L4 Redirect:

Re: [c-nsp] Nexus 3064 BGP Scalability

By route filters, I mean an ACL applied against received and advertised routes. I'm not sure off of the top of my head the terminology Cisco uses. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "

[c-nsp] captive portal / l4redirect

Hi,     I have ASR1000 and I am trying to configure l4redirect for a captive portal application. I apply "Cisco-AVPair = "ip:l4redirect=redirect to group REDIRECT_NOPAY" in radius, and I get error messages from sss: L4 Redirect: Apply inbound direction from Per-user configuration L4 Redirect:

[c-nsp] Nexus 3064 BGP Scalability

. That should be more than enough for our needs as we only have a few hundred routes that we need at this time. Any limitations for route filters? Any scalability issues with filters? Any good reason not to use this in a low route count BGP environment? - Mike Hammett Intelligent Computing

[c-nsp] pppoe and l4redirect

Hi,     I have asr1000 and have working pppoe with radius. Im now trying to add 'l4redirect' and it causes the session to not come up.     In radius, if I add the following: Cisco-AVPair := "ip:l4redirect=redirect to group REDIRECT_NOPAY"     Yes I have the redirect group defined. Debugging

Re: [c-nsp] asr920 - pppoe - Filter-Id is fail

On 9/19/20 4:16 AM, Chris Jones wrote: > Does it work any better if you use > > Cisco-AVPairs = “ip:inacl=MY_ACL” > Unfortunately, no it does not. I have verified I have a matching acl name, it just doesn't seem to want to fly. The only sss message I see just says: "Subscriber service profile

[c-nsp] asr920 - pppoe - Filter-Id is fail

Hi,     I got another one -     Playing with my asr920 I have it working as a pppoe server. I notice that if I have a radius attribute returned "Filter-Id" with the name of a filter already on the box, the pppoe session doesn't come up and throws an error: Sep 18 12:11:13.636 PDT: RADIUS:

Re: [c-nsp] cisco ACL filter outbound only

On 9/15/20 8:08 AM, Brian Turnbow wrote: >> It just seems to me that it is indeed possible using the above to put it >> together. Is this all just non-working on this platform? >> > The difference is in connection state. > An ACL does not track it so you can do > Permit tcp any any established >

Re: [c-nsp] cisco ACL filter outbound only

On 9/15/20 3:12 AM, Nick Hilliard wrote: > Mike wrote on 15/09/2020 02:17: >> I have some gear that needs a public ip, but does not have the best >> security profile, and I want to put up an ACL that only permits this >> gear to make outbound connections while dropping a

[c-nsp] cisco ACL filter outbound only

Hello,     I have some gear that needs a public ip, but does not have the best security profile, and I want to put up an ACL that only permits this gear to make outbound connections while dropping all inbound. My router is an ASR920 running IOS-XE 03.17.03.S. Does anyone have a simple copy/paste

Re: [c-nsp] BGP - advertising default route to Branch offices

h/use a static default? Easier to configure and nearly goof-proof. Otherwise, I would think that 'default-originate' would be the better choice under each neighborship. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck

[c-nsp] Looking for Consultant Familiar with Older Cisco Routers

e base, we can probably work around that. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp a

[c-nsp] ospf auto-cost reference-bandwidth on modern gigabit networks

Hello, Is there a recommended 'modern default' for ip ospf auto-cost reference-bandwidth, to account for the fact that modern networks have 1g and faster interfaces?     My core equipment all has 10G and 1G interfaces today, and it seems to me that if I set the reference-bandwidth to

Re: [c-nsp] asr920 tag translation 1-to-2 unsupported?

Yep - that absolutely works, thank you! On 4/20/20 6:29 PM, Tan Shao Yi wrote: > Hi Mike, > > Would this work for you? > > bridge-domain X > > interface A > service instance 1 ethernet > encapsulation dot1q 131 > rewrite ingress tag pop 1 symmetric > bridge-d

[c-nsp] asr920 tag translation 1-to-2 unsupported?

Hello,     I have an ASR920 and   I am trying to translate input dog1q tag '131' to dual-tagged '313,10'. My intention is to the bridge this over to another port that expects these frames on 313,10. But when I try configuring the translation, I get the following: Router(config)#interface gi0/0/0

[c-nsp] asr920 pppoe on bdi

-over-mple. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR1000 Info..

too much, but don't listen to nay sayers. I was able to make the leap pretty easy and I think you could too. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether

Re: [c-nsp] Inter-VRF with NAT

> Hi Mike, > > I'm not sure I've understood your network topology to be honest. Are you > saying that you have Cisco devices with a single WAN link that doesn't > support logical separation such as VLANs, e.g. ADSL [1] to run multiple VRFs > over different VLANs, e.g.

[c-nsp] Inter-VRF with NAT

be inside a seperate vrf. If the vrf/management network was 172.16.1.0/24, I would want this same route also in my global table so I can address hosts on this network, with the switch to vrf/nat on the inside. Is this possible, or am I just conceptualizing this wrong? Mike

Re: [c-nsp] OSPF flapping between Nexus 7000 and ASR 1001x

p link id's, and such, which cause similar results. The adjacency debugging should give you more of a reason WHY the adjacency is going down. Post your results if you find the cause. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus Lack of Functionality Parity

) - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 3548 No Traffic on a Port

Interesting... I'll look into that. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "khagendra dhakal" To: "Mark Tees" Cc: cisco-nsp@puck.nether.net Sent: Tuesday, June

Re: [c-nsp] Nexus 3548 No Traffic on a Port

"What is the port?" In what context? interface Ethernet1/5 description Peering: [redacted] no cdp enable switchport access vlan 777 spanning-tree bpdufilter enable - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP

[c-nsp] Nexus 3548 No Traffic on a Port

). - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail

Re: [c-nsp] ASR920 Usb console issues

On 3/28/19 2:59 AM, Spyros Kakaroukas wrote: > Hey, > > I'm able to connect using a normal USB cable just fine on my MacBook, > as long as I install the drivers provided by Cisco for it. > > Airconsole, as mentioned, also works out of the box. Yeah what sucks is that those drivers are not

Re: [c-nsp] ASR920 Usb console issues

On 3/27/19 12:23 PM, Brian Knight wrote: > On 2019-03-26 15:40, Mike wrote: >> Hello, >> >> >> Got a strange problem... I use my mac laptop for serial console duty >> all the time and have a keyspan usb dongle I can attach the cisco flat >> serial console c

[c-nsp] ASR920 Usb console issues

knows something that linux doesn't, and my desktop linux machine also knows something the laptop doesn't as well. Does anyone know of a fix or a trick here? I need a mobile machine that can talk console and I can't drag a desktop machine around for this job. Mike

Re: [c-nsp] 9396 SNMP

I'm guessing not? Am I barking up the right tree regarding the source of my issues? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett" To: cisco-nsp@puck.nether.net Sent: Sun

[c-nsp] 9396 SNMP

t; GetResponse(66) E:cisco.9.91.1.1.1.1.4.300028173=-6968 E:cisco.9.91.1.1.1.1.4.300028174=-6090 ^C 2 packets captured 2 packets received by filter 0 packets dropped by kernel - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP _

[c-nsp] DHCP per user features

up on 'isg subscriber sessions' which seems to indicate it can do something with dhcp subscribers, but the documentation is really difficult and I find no real examples for same. It also states per-user firewall is not supported nor is policing.     Any clues would be most appreciated Mike

[c-nsp] ASR920 mounting brackets

Hi, I have an ASR920 I am intending to mount in a 23" telco style rack. I have no mounting hardware for it however. Can anyone recommend a suitable kit for this? Thanks. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

[c-nsp] QoS and groups of subscribers

. Thank you. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ADSL, PPPoE, Multiple Static, Bridge + NAT

If anyone knows how to do that, I'll consider reasonable offers to pay someone to set that up. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett" To: cisco-nsp@puck.nether

[c-nsp] Cisco ADSL, PPPoE, Multiple Static, Bridge + NAT

, but if it doesn't work, I don't know if I screwed it up or you just can't do that. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https

[c-nsp] What causes mac table relearning?

that would require this behavior. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] gre tunnel mtu mismatch

me3600 has a big mtu and the asr920 has a smaller one, and no way to influence the selection it seems. Surely there needs to be some way to connect disparate equipment over a gre tunnel? Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether

[c-nsp] Nexus 3548 and VDCs

added to our config, but the only instance of vdc I can find applies to 7000 series switches. Is that supposed to be there? Should I just follow the 7000's config for VDCs? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP

Re: [c-nsp] Nexus Config Sanity Check

Transport provider admitted to having a VLAN filter in place. They're working to fix that. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett" <cisco-...@ics-il.net>

[c-nsp] Nexus Config Sanity Check

-+-++-+--++-- * 200 d4ca.6d74.3eb2 dynamic 2270 F F Eth1/46 - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ___ cisco-nsp mailing

Re: [c-nsp] me3600 ospf %100 cpu blowup

>> mtu 9000' and the problem has not come back since >> (>10 hours now). >> >> > Hmm could it be that you hit the mtu limit of your links (which is not 9216 > but just 9000)? > > adam Thats what Im thinking; the hardware mtu was set to 9216 but for whatever reason the mtu actually was not that

Re: [c-nsp] me3600 ospf %100 cpu blowup

the updates were not working due to full size packets. I added 'ip mtu 9000' and the problem has not come back since (>10 hours now). Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] me3600 ospf %100 cpu blowup

. Thank you. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco 3750G backplane throughput

On 12/15/2017 10:47 AM, Aaron Gould wrote: > As a side-note/response to the "don't laughinherited" comment... > > Anyone who has been around long enough should know that there are things that > we all come across in our careers that we ask "what in the world were they > thinking?!" ...

Re: [c-nsp] cisco ip nat question

devices can't do that either. I need to do source nat so that all packets directed at these devices appear to have the source ip of the router itself. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco

Re: [c-nsp] cisco ip nat question

On 11/9/17 4:17 PM, Nick Cutting wrote: There is more to it. What is the model and code version of the router? - we need these to help you with the configuration. Fair enough. Its a Cisco 7201 running 12.2(33)SRE7 Thank you. ___ cisco-nsp

[c-nsp] cisco ip nat question

will be the router itself and within their same subnet.     How would this be accomplished? Is it as simple as putting 'ip nat inside' on the interface facing the dumb devices? Or is there more to it? Mike- ___ cisco-nsp mailing list cisco-nsp

Re: [c-nsp] Outdoor switch

On 10/19/2017 09:00 AM, Christina Klam wrote: All, I am hoping for some ideas. We are running fiber to an outdoor pole (for cameras and wireless access-points) and need a switch that can be configured remotely, does 802.1q, Qos, and has 3 - 5 ports. We are in the MidAtlantic so the

Re: [c-nsp] Nexus 3548 S-Flow

*bump* - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett" <cisco-...@ics-il.net> To: cisco-nsp@puck.nether.net Sent: Tuesday, May 9, 2017 8:55:16 AM Subject: [c-nsp] Nexus

[c-nsp] Nexus 3548 S-Flow

I thought I saw a software update to the Nexus 3548 that added sflow, but I am now seeing no mention of it. What's worse, my memory or my searching ability? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP

Re: [c-nsp] bfd session flaps troubleshooting

Hi, Thank you for your response. So, the set up is this: Site 1: MX3600X-24CX-M - Running 15.4(3)S2 BFD: Session Host: Hardware - session negotiated with platform adjusted timer values. interface GigabitEthernet0/7 no switchport mtu 9216 ip address 10.0.16.13 255.255.255.252 ip

[c-nsp] bfd session flaps troubleshooting

ath to the output queue bypassing everything else for exactly this reason. I have read a few bfd troubleshooting documents and I don't seem to fit into any of the listed scenarios. I would appreciate hearing from others who run bfd and any opinions or suggestions where to further look. M

Re: [c-nsp] Nexus OIDs

doesn't support that. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Lee" <ler...@gmail.com> To: "Mike Hammett" <cisco-...@ics-il.net> Cc: cisco-nsp@puck.nether.net Sent: Mo

[c-nsp] Nexus OIDs

K-C9396PX" iso.3.6.1.2.1.47.1.1.1.1.11.10 = STRING: "[redacted]" iso.3.6.1.2.1.47.1.1.1.1.11.22 = STRING: "[redacted]" iso.3.6.1.2.1.47.1.1.1.1.11.149 = STRING: "[redacted]" - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WIS

Re: [c-nsp] FabricPath on Nexus Switches

True. Product line ADD. 3500 and 9300. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Tom Hill" <t...@ninjabadger.net> To: cisco-nsp@puck.nether.net Sent: Sunday, January 22,

Re: [c-nsp] FabricPath on Nexus Switches

I hadn't realized at the time that these switches also support EVPN + VXLAN, which would at least be a more modern fit. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett" <

[c-nsp] FabricPath on Nexus Switches

I've used TRILL-based protocols on other platforms before and it pretty much worked as expected. Any gotchas with Cisco's implementation? Is it much more complicated than setting it up, enabling it on particular interfaces and then plug and chug? - Mike Hammett Intelligent Computing

Re: [c-nsp] DDOS Attacks Mitigation

Your DDoS mitigation appliance can still send that information to the 1k to act upon as necessary. It's not as good as passing it upstream, but better than nothing. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message

Re: [c-nsp] DDOS Attacks Mitigation

vector they're using from anyone in that address list. Why am I talking about Mikrotik on a Cisco list? I'm here for Cisco switches, not routers. :-) - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From

[c-nsp] Nexus 9300 DOM SNMP

I came to the determination that Cisco in its infinite wisdom has decided to not reveal DOM information via SNMP in NX-OS (at least the versions I have). Have they added this in newer versions? I've got 6.0 and 6.1. - Mike Hammett Intelligent Computing Solutions Midwest Internet

[c-nsp] mystery pseudowire interfaces?

addresses in my mpls network. How is it possible these have been created? I don't understand the mechanisam. There are no log entries... Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive

Re: [c-nsp] Strange bug - me36500x - ip address on gig interface

On 07/12/2016 07:29 AM, Mark Tinka wrote: What licenses is it running? AdvancedMetroIP. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Strange bug - me36500x - ip address on gig interface

On 07/12/2016 04:06 AM, James Bensley wrote: Hi Mike, You haven't mention what IOS/IOS-XE versions you are using. Is this a 3rd party fibre/wavelength/pseudowire by any change, if so have you raised this with the carrier? Damm. Yes, I am running 15.4(3)S2 on this box at the moment, and yes

[c-nsp] Strange bug - me36500x - ip address on gig interface

Why does it have to exist in an SVI in order to work? And even worse - I have tengig interfaces on this box which I can apply ip addresses to directly as above and they work as expected. What gives? Mike- ___ cisco-nsp mailing list cisco-nsp

[c-nsp] ATT ASE Madness - one way ethernet

' is an ASR920, if that helps. Does anyone have a better idea as to what to look at here? Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1000 - rate limit interface

On 07/08/2016 08:27 AM, Mark Tinka wrote: On 8/Jul/16 16:19, Mike wrote: Hi, I have a gigabit interface on an asr1000 that I'd like to apply a rate limit to. Specially, I want to limit inbound DNS to 15mbps maximum. On C7201, I would use a 'rate-limit' command but this is missing

[c-nsp] asr1000 - rate limit interface

Hi, I have a gigabit interface on an asr1000 that I'd like to apply a rate limit to. Specially, I want to limit inbound DNS to 15mbps maximum. On C7201, I would use a 'rate-limit' command but this is missing on ASR. Any pointers? Thank you.

[c-nsp] SNMP - determining active radius servers

Hi, I was wondering if there is an snmp way to determine, from the perspective of a cisco router such as the asr1000, how many and which radius servers are responding to it? The router will log messages about a dead server but if I could pick up on that via snmp it would be very handy.

Re: [c-nsp] asr920 - push two vlans

On 06/23/2016 12:14 AM, Adam Vitkovsky wrote: > Mike > Sent: Wednesday, June 22, 2016 7:43 PM > > Hi, > > I have a gig ethernet port I want to accept untagged frames on, and push > two vlans on for forwarding thru mpls. Of course, I also want to remove > these tags and

Re: [c-nsp] asr920 - push two vlans

and not like the me3600's at all. I did try the above and it doesn't seem to work. It would seem that only tagged packets entering the port would work anyways. I am trying to put tags on untagged frames. Mike- ___ cisco-nsp mailing list cisco-nsp

[c-nsp] asr920 - push two vlans

and dirty config example on this? Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Private IP in point to point link on internet

can source these with a valid ip instead. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Private IP in point to point link on internet

On 06/21/2016 06:07 AM, Satish Patel wrote: You have a point, what if I increase MTP size to 9000 on that point to point interface? You mean, mtu size? Well, it's not likely to help you with anything, since you are only receiving Internet thru it. Mike

Re: [c-nsp] MPLS on ASR1000 - Ping mpls returns 'QQQQQ'

On 06/21/2016 12:14 AM, James Bensley wrote: On 21 June 2016 at 00:06, Mike <mike-cisconspl...@tiedyenetworks.com> wrote: sh mpls l2transport vc detail ... Last error: MPLS dataplane reported a fault to the nexthop Output interface: none, imposed label stack {} Preferre

Re: [c-nsp] Private IP in point to point link on internet

seem to work. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MPLS on ASR1000 - Ping mpls returns 'QQQQQ'

lapsed 19 ms So, the question here, is what would prevent my asr1000 from being able to successfully establish an mpls session with the asr920 given that ip connectivity is working? Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net ht

Re: [c-nsp] asr 920 - lower mpls mtu?

On 06/19/2016 05:56 AM, Lukas Tribus wrote: Hi Mike, Trying to set up an EoMPLS tunnel, the mtu allowed for 'l2 vfi somename manual' is a bit short.. only 9180 bytes as opposed to 9216 for all the rest of my me3600's for example. asr920(config-vfi)#mtu ? <1500-9180> MTU size in

Re: [c-nsp] netflow on bridge domain interface

Too bad too. Thanks for the follow up howeverwould love to see it fixed too. Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] asr 920 - lower mpls mtu?

the rest of my me3600's for example. asr920(config-vfi)#mtu ? <1500-9180> MTU size in bytes I am trying to figure out why this is... am I being silly and this is too high and I should select a lower global default like 9100 or ?

Re: [c-nsp] Cisco IOS: Polling OSPF External LSA count via SNMP

hts? > > Sounds like a bug then (the presence of the ospfv3 pid 1 causes the > issue?). > I removed the ospfv3 config temporarily and I still get a reply of zero. :-/ -- ---~~.~~--- Mike // SilverTip257 // ___ cisco-nsp mailing list

Re: [c-nsp] Cisco IOS: Polling OSPF External LSA count via SNMP

- ospf pid 10 Hmm, so that explains a difference (2 versus 1 ospf process on these two respective routers). Thoughts? Thanks, -- ---~~.~~--- Mike // SilverTip257 // ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailm

Re: [c-nsp] Cisco IOS: Polling OSPF External LSA count via SNMP

Andrew, See the output below. Thanks. - Mike On Sat, Jun 4, 2016 at 8:51 PM, Andrew Miehs <and...@2sheds.de> wrote: > > > Sent from a mobile device > > > > Now that my typo is out of the way, I receive a zero value for the proper > > OID. > > .1.3.6.1.

Re: [c-nsp] Cisco IOS: Polling OSPF External LSA count via SNMP

Thanks. My reply is inline. Date: Fri, 3 Jun 2016 23:04:29 + > From: Lukas Tribus <luky...@hotmail.com> > To: Mike - st257 <silvertip...@gmail.com>, "cisco-nsp@puck.nether.net" > <cisco-nsp@puck.nether.net> > Subject: Re: [c-nsp] Cisco

[c-nsp] Cisco IOS: Polling OSPF External LSA count via SNMP

k in place. The return value is still zero. Thoughts? Thanks! -- ---~~.~~--- Mike // SilverTip257 // ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Pre-owned equipment vender

Yet another plus 1 for Curvature. They're pretty awesome. Our rep is Lee Jacobs. Great dude. I'm pretty sure Curvature has ruined virtually ever other vendor for me. There are very few that respond as quickly. On Wed, May 18, 2016 at 7:12 PM, CiscoNSP List wrote:

[c-nsp] netflow on bridge domain interface

ing to and from the internet has to pass by this way. I am running 03.10.05.S on an asr1000, wondering if this is a bug/limitation/config error on my part? Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/ci

Re: [c-nsp] ASR920 vs ASR1001-x

On 04/29/2016 02:53 PM, Mark Tinka wrote: On 29/Apr/16 23:24, Mike wrote: So that includes slinging EoMPLS at 10gbps, yes? It should do. The box is rated at 64Gbps throughput. Have you hit any issues? Nope haven't bought it yet but I'm going to have some soon

Re: [c-nsp] ASR920 vs ASR1001-x

On 04/29/2016 02:06 PM, Mark Tinka wrote: Think of the ASR920 as a router with one testis instead of two. It runs as a router, but there are some things it won't do due to its target market. It's purpose-built and does that job very well. So that includes slinging EoMPLS at 10gbps, yes?

Re: [c-nsp] Stop IP Fragmentation attck

On 04/26/2016 10:54 AM, Roland Dobbins wrote: But you really aren't being smart about this. Why not use S/RTBH on your edge router to simply block the sources, since they aren't spoofed? Export NetFlow from your edge router to an open-source collection/analysis system, so that you can see

  1   2   3   4   5   >