Re: [c-nsp] Physical Network TAP devices

On the packet broker side we are using Arista 7504R and getting a ton of performance per dollar spent... Arista has nice packet steering capability and we are really happy with the solution... If you need some advanced features like packet de-duplication you may need to shell out the big

Re: [c-nsp] dai / dhcp snooping bug

Cisco confirmed we are hitting bug DHCP snooping fails with unicast DHCP request CSCup02384... I don't think it should be classified as enhancement severity... If Cisco says they do DHCP snooping then they should be able to cover the case of unicast renewal... I'm going to try the ACL

Re: [c-nsp] dai / dhcp snooping bug

We are experiencing something that sounds very similar... We have 3850 operating as layer-3 switch with SVI for clients on the 3850... Initial DHCP lease populates binding table but subsequent renewals do not refresh the timer... It appears that initial lease all communication happens via

Re: [c-nsp] nexus 7k stops mac-address table stops learning now floods

If you haven't done it already I would suggest setting logging level for L2FM to 5 and watch the log for errors... -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeffrey G. Fitzwater Sent: Wednesday, June 04, 2014 4:48 PM To:

Re: [c-nsp] Fabricpath and L3 on the same line card

I have 7K with fabricpath, SVI's, and routed interfaces... The box is purely F2 linecards... I'm not aware of limitations and I have not had any problems with it thus far... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On

Re: [c-nsp] Firewall/IPS Load Balancing

device into the path. I won't name names but certain security vendors don't do A/A very well... Bill -Original Message- From: Eugeniu Patrascu [mailto:eu...@imacandi.net] Sent: Tuesday, March 20, 2012 4:32 AM To: Murphy, William Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Firewall

[c-nsp] Firewall/IPS Load Balancing

I thought I would poll the list to solicit recommendations on how to do firewall/IPS load balancing. I am considering a traffic distribution switch from GigaMon but I am curious what other products might be out there, or perhaps even features in Cisco 6500 product that would achieve the same

Re: [c-nsp] Average throughput of a Cisco 7200 VXR G1 gig interface?

I have one that runs 300Mbps with CPU staying under 50% utilization for the most part, even while running BGP... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Wednesday, June 22, 2011 1:55 PM To:

Re: [c-nsp] VSS - Horror stories, show-stoppers, other personal experience?

: Saturday, June 18, 2011 5:34 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] VSS - Horror stories, show-stoppers, other personal experience? Murphy, William william.mur...@uth.tmc.edu wrote: We are running VSS for distribution layer switching in a campus environment and have been quite

Re: [c-nsp] VSS - Horror stories, show-stoppers, other personal experience?

We are running VSS for distribution layer switching in a campus environment and have been quite pleased with it... Benefits for us are simplification, faster convergence and better performance (distribution of traffic)... No more STP blocking ports, MCE to access-layer so both links are

Re: [c-nsp] 6500 VSS question

Is your redundancy mode set to RPR? I think what you are doing only works if the mode is set to SSO... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Church, Charles Sent: Tuesday, May 17, 2011 10:31 AM To: nsp-cisco

Re: [c-nsp] VRF-ish solution for L2 interfaces?

Nexus 7k configured with two VDCs... Have a spare $150,000 to solve the problem? :-) -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of randal k Sent: Wednesday, April 06, 2011 11:16 AM To: cisco-nsp Subject: [c-nsp]

Re: [c-nsp] ip helper-address redundancy on Catalyst 6500?

You could also go to a VSS distribution layer and eliminate HSRP, but that involves shelling out mucho moula... Bill -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alan Buxey Sent: Monday, November 08, 2010 2:51 PM To:

Re: [c-nsp] Are multicast MAC addresses allowed in the source field?

We use a multicast based load sharing cluster and you definitely must create static ARP and CAM entries for this to work properly and I believe you must also disable IGMP snooping. Cisco will not accept ARP response with I/G bit set... -Original Message- From:

Re: [c-nsp] ASIC to switch port mapping

Is there also a command for the 6500 that does this? It's of interest to me because some features like VLAN translation work on groups of ports on a common ASIC... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Håvard

Re: [c-nsp] DNS Naming conventions for Switches

We use CNAME which equals the hostname configured on the device. The CNAME points to the management interface of the device. For example a layer-2 switch uses VLAN 100 for management in our environment so we have A record like son-4n-l2-1-vl100.domain and CNAME son-4n-l2-1 that points to this A

Re: [c-nsp] Native vlan settings

Done on each port... Check out the switchport trunk native vlan command... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of marjo...@gwnwireless.com Sent: Thursday, June 03, 2010 10:42 AM To: cisco-nsp@puck.nether.net

Re: [c-nsp] inet vrf

The problem for me is that the 6500 seems to do it even if you don't have MPLS enabled. The fact that you are running BGP inside VRF causes it to generate labels. If I can run IGP inside VRF why then does BGP running inside VRF automatically assuming we want to do MPLS or L3VPN? More to the

Re: [c-nsp] inet vrf

I could be wrong but we had similar problem running BGP inside VRF. The Sup720-3CXL generates MPLS labels when BGP is run inside VRF and there appears to be no way to turn it off, or at least that what Cisco told me. Their recommendation is leave Internet in global table. WEM -Original

Re: [c-nsp] EIGRP route knob tuning

We encountered same thing as we deployed 10G links. It was definitely an EIGRP learning experience. We found docs out there that describe changing K values to ignore bandwidth and then manipulate delay in order to achieve optimal routing. When you do this the protocol is supposed to be more

Re: [c-nsp] Management Vlan VS Vlan1

Frankenbergerrbf+cisco-...@panix.com wrote: On Wed, Aug 19, 2009 at 10:56:23AM -0500, Murphy, William wrote: In all recent IOS versions and switching hardware you can disable VLAN 1 on trunk ports (switchport trunk allowed vlan remove 1) and the protocols you mentioned will still continue to function

Re: [c-nsp] Management Vlan VS Vlan1

In all recent IOS versions and switching hardware you can disable VLAN 1 on trunk ports (switchport trunk allowed vlan remove 1) and the protocols you mentioned will still continue to function. This is how Cisco recommends you do it. -Original Message- From:

Re: [c-nsp] Arp Inspection Rate Limit

On access layer ports in our environment 15pps works well. Very rarely we have some weird print server or some device that bursts above that, but we never have had to go above 30pps on an access port. Since we limit on the edge ports we don't put a limit on the trunks... Bill M -Original

Re: [c-nsp] OT: Difference between the CSS and ACE

I believe the ACE supports multiple contexts so it's like having a bunch of independent (virtual) load balancers... Bill Murphy Network Architect The University of Texas Health Science Center at Houston -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] 6500 and VSS

I was told by Cisco that SXI support both v6 and MPLS with VSS... Can anyone else confirm this, and if so is anyone using VSS with these features in a production network? Thanks... Bill -Original Message- From: cisco-nsp-boun...@puck.nether.net

Re: [c-nsp] Cisco BGP Running on VRF?

3 1% -Original Message- From: Peter Rathlev [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 01, 2008 2:17 AM To: Murphy, William Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco BGP Running on VRF? Hi Bill, On Tue, 2008-09-30 at 17:50 -0500, Murphy, William wrote: I

[c-nsp] Cisco BGP Running on VRF?

I have a Cat6506 VSS720-3C-XL switch on which I have configured BGP on a VRF using address-family ipv4 unicast vrf internet. I am getting BGP routes and all appears well but I can only display BGP info by using show ip bgp vpnv4 ... commands. I didn't intend to run VPNV4 and it appears the

Re: [c-nsp] Prove it's not the network!

Our environment is probably very different than yours, but we use Netscout nGenius... If the user does not believe the pretty graphs we show them then we bring out the big guns... We use Network Performance Toolkit available through I2. They have a nice bootable Knoppix version you can boot on

Re: [c-nsp] monitor switch backplane on catalyst 6000

show platform hardware capacity... Bill Murphy Senior Network Analyst University of Texas Health Science Center - Houston -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rudy Setiawan Sent: Thursday, April 10, 2008 7:35 AM To: cisco-nsp@puck.nether.net

[c-nsp] MPLS Using SVI's?

I am testing some MPLS migration approaches in the lab and I am curious if anyone has any input on the approach shown below... Basically I have several layer-2 networks that span through my core and distribution boxes (VLANs 300 500) and I want to move these to a layer-3 network sitting on an

Re: [c-nsp] 7600 SVI and subinterface combination

If I run SXH on a 6500 platform with Sup720 can I also do MUX-UNI, or is 7600 required? Bill Murphy Senior Network Analyst University of Texas Health Science Center - Houston -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Bering Sent:

Re: [c-nsp] BGP redistribution

You have to use the bgp redistribute-internal command to redistribute iBGP routes into an IGP... Bill Murphy Senior Network Analyst University of Texas Health Science Center - Houston -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Uddin, Tahir Sent:

Re: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)

Checkpoint also does stateful failover... Bill Murphy Senior Network Analyst University of Texas Health Science Center - Houston -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 04, 2008 5:05 PM To: Brandon Price Cc:

Re: [c-nsp] [ME6524] port based EoMPLS

I am running 12.2(18)SXF12 in my lab and BPDU's are being switched OK over EoMPLS... CE2#show spanning-tree vlan 200 VLAN0200 Spanning tree enabled protocol ieee Root IDPriority32968 Address 0005.ddc0.0d00 Cost4 Port11

Re: [c-nsp] VSS MPLS IPv6 support

Our Cisco SE is saying that it is supported... The product data sheet says the following... In what context are you saying it's not supported? MPLS ● MPLS in hardware to enable use of Layer 3 VPNs and EoMPLS tunneling. ● Up to 1024 virtual routing and forwarding instances (VRFs) with a total

[c-nsp] 6500 vs Packeteer

Anyone have any input on the pros cons of 6500 QoS vs Packeteer or other similar appliance? Specifically I am referring to Sup720-3CXL QoS capabilities... Basically my concern is having an appliance as single point of failure. As I increase redundancy in the network infrastructure it would be

Re: [c-nsp] Managed, cheap, DC powered switch

According to the Cisco Summer/Fall 2007 QRG the 3560-E and 3750-E both have support for DC power... Refer to page 2-14 and 2-20, last line in the table AC/DC support Bill Murphy Senior Network Analyst University of Texas Health Science Center - Houston -Original Message- From: [EMAIL

Re: [c-nsp] Problems adding VLAN's to portchannel trunk

We have an HP Blade Center also and our switch is hard coded to on... Don't think the HP boxes support pAgP... Bill Murphy Senior Network Analyst University of Texas Health Science Center - Houston -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike

Re: [c-nsp] eigrp redist ospf learned default route

I don't have my CCIE yet but you may want to specify that you are redistributing external type 2 routes. I believe you would do that with redistribute ospf 1 type external 2... Hope that helps... From: [EMAIL PROTECTED] on behalf of matthew zeier Sent: Wed

Re: [c-nsp] Catalyst/Fiber Connectivity Issues

You may want to check the show interface counters errors command to see if any errors are being taken. We had a similar problem with intermittent connectivity issues and it turned out to be a faulty SFP... Regards, Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

Re: [c-nsp] Soft Reconfiguration In?

Thanks to everyone who has responded... I assume route refresh sends the entire BGP table without resetting the peer. Given full I1 routes would there be any benefit to still doing the soft reset feature since this would avoid re-sending the entire table? -Original Message- From: [EMAIL

Re: [c-nsp] Soft Reconfiguration In?

I am with an edu so we say I1 to mean commodity Internet as opposed to I2 Internet2 routes... -Original Message- From: Philippe Strauss [mailto:[EMAIL PROTECTED] Sent: Monday, October 01, 2007 2:03 PM To: Murphy, William Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Soft

[c-nsp] Soft Reconfiguration In?

Just wondering how many folks are using BGP soft reconfiguration inbound? I am currently not using it since I am concerned about memory usage. If it's enabled I assume it doubles your BGP memory consumption. Is that a fair assessment? Thanks... ___

Re: [c-nsp] service monitoring on a small scale?

We use IPM 2.6 (part of CiscoWorks) which puts a GUI around the configuration and reporting of IP SLA functionality. You can create custom collectors that do things like load a web page, define thresholds, and then do things like Syslog or SNMP trap when the thresholds are exceeded... You can