On the packet broker side we are using Arista 7504R and getting a ton of
performance per dollar spent... Arista has nice packet steering capability and
we are really happy with the solution... If you need some advanced features
like packet de-duplication you may need to shell out the big
Cisco confirmed we are hitting bug DHCP snooping fails with unicast DHCP
request CSCup02384... I don't think it should be classified as enhancement
severity... If Cisco says they do DHCP snooping then they should be able to
cover the case of unicast renewal... I'm going to try the ACL
We are experiencing something that sounds very similar... We have 3850
operating as layer-3 switch with SVI for clients on the 3850... Initial DHCP
lease populates binding table but subsequent renewals do not refresh the
timer... It appears that initial lease all communication happens via
If you haven't done it already I would suggest setting logging level for L2FM
to 5 and watch the log for errors...
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeffrey
G. Fitzwater
Sent: Wednesday, June 04, 2014 4:48 PM
To:
I have 7K with fabricpath, SVI's, and routed interfaces... The box is purely
F2 linecards... I'm not aware of limitations and I have not had any problems
with it thus far...
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On
device into the path. I
won't name names but certain security vendors don't do A/A very well...
Bill
-Original Message-
From: Eugeniu Patrascu [mailto:eu...@imacandi.net]
Sent: Tuesday, March 20, 2012 4:32 AM
To: Murphy, William
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Firewall
I thought I would poll the list to solicit recommendations on how to do
firewall/IPS load balancing. I am considering a traffic distribution switch
from GigaMon but I am curious what other products might be out there, or
perhaps even features in Cisco 6500 product that would achieve the same
I have one that runs 300Mbps with CPU staying under 50% utilization for the
most part, even while running BGP...
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados
Sent: Wednesday, June 22, 2011 1:55 PM
To:
: Saturday, June 18, 2011 5:34 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] VSS - Horror stories, show-stoppers, other personal
experience?
Murphy, William william.mur...@uth.tmc.edu wrote:
We are running VSS for distribution layer switching in a campus
environment and have been quite
We are running VSS for distribution layer switching in a campus environment
and have been quite pleased with it... Benefits for us are simplification,
faster convergence and better performance (distribution of traffic)... No
more STP blocking ports, MCE to access-layer so both links are
Is your redundancy mode set to RPR? I think what you are doing only works
if the mode is set to SSO...
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Church, Charles
Sent: Tuesday, May 17, 2011 10:31 AM
To: nsp-cisco
Nexus 7k configured with two VDCs... Have a spare $150,000 to solve the
problem? :-)
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of randal k
Sent: Wednesday, April 06, 2011 11:16 AM
To: cisco-nsp
Subject: [c-nsp]
You could also go to a VSS distribution layer and eliminate HSRP, but that
involves shelling out mucho moula...
Bill
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alan Buxey
Sent: Monday, November 08, 2010 2:51 PM
To:
We use a multicast based load sharing cluster and you definitely must create
static ARP and CAM entries for this to work properly and I believe you must
also disable IGMP snooping. Cisco will not accept ARP response with I/G bit
set...
-Original Message-
From:
Is there also a command for the 6500 that does this? It's of interest to me
because some features like VLAN translation work on groups of ports on a common
ASIC...
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Håvard
We use CNAME which equals the hostname configured on the device. The CNAME
points to the management interface of the device. For example a layer-2
switch uses VLAN 100 for management in our environment so we have A record
like son-4n-l2-1-vl100.domain and CNAME son-4n-l2-1 that points to this A
Done on each port... Check out the switchport trunk native vlan command...
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
marjo...@gwnwireless.com
Sent: Thursday, June 03, 2010 10:42 AM
To: cisco-nsp@puck.nether.net
The problem for me is that the 6500 seems to do it even if you don't have
MPLS enabled. The fact that you are running BGP inside VRF causes it to
generate labels. If I can run IGP inside VRF why then does BGP running
inside VRF automatically assuming we want to do MPLS or L3VPN? More to the
I could be wrong but we had similar problem running BGP inside VRF. The
Sup720-3CXL generates MPLS labels when BGP is run inside VRF and there
appears to be no way to turn it off, or at least that what Cisco told me.
Their recommendation is leave Internet in global table.
WEM
-Original
We encountered same thing as we deployed 10G links. It was definitely an
EIGRP learning experience. We found docs out there that describe changing K
values to ignore bandwidth and then manipulate delay in order to achieve
optimal routing. When you do this the protocol is supposed to be more
Frankenbergerrbf+cisco-...@panix.com wrote:
On Wed, Aug 19, 2009 at 10:56:23AM -0500, Murphy, William wrote:
In all recent IOS versions and switching hardware you can disable
VLAN 1 on trunk ports (switchport trunk allowed vlan remove 1) and
the protocols you mentioned will still continue to function
In all recent IOS versions and switching hardware you can disable VLAN 1 on
trunk ports (switchport trunk allowed vlan remove 1) and the protocols you
mentioned will still continue to function. This is how Cisco recommends you
do it.
-Original Message-
From:
On access layer ports in our environment 15pps works well. Very rarely we
have some weird print server or some device that bursts above that, but we
never have had to go above 30pps on an access port. Since we limit on the
edge ports we don't put a limit on the trunks...
Bill M
-Original
I believe the ACE supports multiple contexts so it's like having a bunch of
independent (virtual) load balancers...
Bill Murphy
Network Architect
The University of Texas Health Science Center at Houston
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
I was told by Cisco that SXI support both v6 and MPLS with VSS... Can
anyone else confirm this, and if so is anyone using VSS with these features
in a production network? Thanks...
Bill
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
3
1%
-Original Message-
From: Peter Rathlev [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 2:17 AM
To: Murphy, William
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco BGP Running on VRF?
Hi Bill,
On Tue, 2008-09-30 at 17:50 -0500, Murphy, William wrote:
I
I have a Cat6506 VSS720-3C-XL switch on which I have configured BGP on a
VRF using address-family ipv4 unicast vrf internet. I am getting BGP
routes and all appears well but I can only display BGP info by using
show ip bgp vpnv4 ... commands. I didn't intend to run VPNV4 and it
appears the
Our environment is probably very different than yours, but we use
Netscout nGenius... If the user does not believe the pretty graphs we
show them then we bring out the big guns... We use Network Performance
Toolkit available through I2. They have a nice bootable Knoppix version
you can boot on
show platform hardware capacity...
Bill Murphy
Senior Network Analyst
University of Texas Health Science Center - Houston
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rudy Setiawan
Sent: Thursday, April 10, 2008 7:35 AM
To: cisco-nsp@puck.nether.net
I am testing some MPLS migration approaches in the lab and I am curious
if anyone has any input on the approach shown below... Basically I have
several layer-2 networks that span through my core and distribution
boxes (VLANs 300 500) and I want to move these to a layer-3 network
sitting on an
If I run SXH on a 6500 platform with Sup720 can I also do MUX-UNI, or is
7600 required?
Bill Murphy
Senior Network Analyst
University of Texas Health Science Center - Houston
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christian Bering
Sent:
You have to use the bgp redistribute-internal command to redistribute
iBGP routes into an IGP...
Bill Murphy
Senior Network Analyst
University of Texas Health Science Center - Houston
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Uddin, Tahir
Sent:
Checkpoint also does stateful failover...
Bill Murphy
Senior Network Analyst
University of Texas Health Science Center - Houston
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 04, 2008 5:05 PM
To: Brandon Price
Cc:
I am running 12.2(18)SXF12 in my lab and BPDU's are being switched OK over
EoMPLS...
CE2#show spanning-tree vlan 200
VLAN0200
Spanning tree enabled protocol ieee
Root IDPriority32968
Address 0005.ddc0.0d00
Cost4
Port11
Our Cisco SE is saying that it is supported... The product data sheet says the
following... In what context are you saying it's not supported?
MPLS ● MPLS in hardware to enable use of
Layer 3 VPNs and EoMPLS
tunneling.
● Up to 1024 virtual routing and
forwarding instances (VRFs) with a
total
Anyone have any input on the pros cons of 6500 QoS vs Packeteer or
other similar appliance? Specifically I am referring to Sup720-3CXL QoS
capabilities... Basically my concern is having an appliance as single
point of failure. As I increase redundancy in the network
infrastructure it would be
According to the Cisco Summer/Fall 2007 QRG the 3560-E and 3750-E both
have support for DC power... Refer to page 2-14 and 2-20, last line in
the table AC/DC support
Bill Murphy
Senior Network Analyst
University of Texas Health Science Center - Houston
-Original Message-
From: [EMAIL
We have an HP Blade Center also and our switch is hard coded to on...
Don't think the HP boxes support pAgP...
Bill Murphy
Senior Network Analyst
University of Texas Health Science Center - Houston
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike
I don't have my CCIE yet but you may want to specify that you are
redistributing external type 2 routes. I believe you would do that with
redistribute ospf 1 type external 2... Hope that helps...
From: [EMAIL PROTECTED] on behalf of matthew zeier
Sent: Wed
You may want to check the show interface counters errors command to
see if any errors are being taken. We had a similar problem with
intermittent connectivity issues and it turned out to be a faulty SFP...
Regards,
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Thanks to everyone who has responded... I assume route refresh sends
the entire BGP table without resetting the peer. Given full I1 routes
would there be any benefit to still doing the soft reset feature since
this would avoid re-sending the entire table?
-Original Message-
From: [EMAIL
I am with an edu so we say I1 to mean commodity Internet as opposed to
I2 Internet2 routes...
-Original Message-
From: Philippe Strauss [mailto:[EMAIL PROTECTED]
Sent: Monday, October 01, 2007 2:03 PM
To: Murphy, William
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Soft
Just wondering how many folks are using BGP soft reconfiguration
inbound? I am currently not using it since I am concerned about memory
usage. If it's enabled I assume it doubles your BGP memory consumption.
Is that a fair assessment? Thanks...
___
We use IPM 2.6 (part of CiscoWorks) which puts a GUI around the
configuration and reporting of IP SLA functionality. You can create
custom collectors that do things like load a web page, define
thresholds, and then do things like Syslog or SNMP trap when the
thresholds are exceeded... You can
44 matches
Mail list logo