Running into performance issue with a couple 6503/Sup720-3BXL routers with
about 8 or more peers. Each peer's sending a full BGP table.
If a couple peers flap, the box typically stays at 100% long enough to either
drop more peers or drop OSPF.
Cisco's site is vague, only mentioning 1m v4
On May 21, 2010, at 5:30 AM, scott owens wrote:
Not knowing what the intended traffic type is -
you left out Barracuda and NetScalers which perform great and are at
opposite ends of the financial spectrum.
I'd skip Netscaler and take a good look at Zeus.
In 3.1(12) we used no sysopt connection tcp sack-permitted to deal with the
FWSM's lack of TCP SACK option support.
Somewhere betweeen (12) and 3.1(16), that command disappeared. Did the syntax
change?
___
cisco-nsp mailing list
On 11/19/2009 12:26 PM, Pshem Kowalczyk wrote:
Hi,
We've been using various ASR1k variants for the last few months.
Generally the experience's been positive. Devices deliver what is
expected in terms of performance without even breaking a sweat. We
What sort of performance are you seeing?
On Nov 9, 2009, at 2:29 PM, Eric Girard wrote:
Peter,
I'm not familiar with the IBM, but when I deploy the 3x20 for the
HP chassis, I just disable to the Fa0 port to cut it off from the HP
Onboard Administrator, and then proceed to configure it as a
'regular' switch with a management
screen /dev/tty.KeySerial1
worsk well and doesn't require any additional software.
Mark Boolootian wrote:
Out of curiosity, what app are people using w/ OSX to console into
Cisco gear? I've been using ZTerm, but thought I'd pose the question
in case there was a better app out there that I
My standby FWSM all of a sudden stopped accepting inbound ssh (so says
RANCID, which is no complaining incessantly).
Short of a reboot, is there a quick fix for this?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
I'm stuck - I have a lot of Mac OSX users. Services that depend on
multicast appear broken when going between wired and wireless (or even
across WLCs or APs).
I blogged about this yesterday @ http://blog.mozilla.com/mrz/ with the
hopes someone would have solved this.
Cisco apparently can't
Upgrading a couple 6503s from Sup32s to Sup720-3BXLs. TAC is
recommending one of the following images:
-- s72033-adventerprisek9_wan-mz.122-33.SXH3a.bin
-- s72033-adventerprisek9_wan-mz.122-18.SXF15.bin
When asked what the difference was, the best I got back was:
Their only main difference
Am I overthinking this? After yesterday's CRG failure
(blog.mozilla.com/it/) I was left with a failed 3750 and got the RMA
this evening.
Is it as simple as replacing the dead unit with this one? I've already
made sure the replacement is running the same IOS image as the stackwise
master.
I would be interested in the results of such an experiment (I was about
to research this this week myself).
Church, Charles wrote:
I got curious last week when I saw this thread. From my (AS 26296)
point of view, there aren't a whole lot of routes in the /25 to /29
range, maybe a couple
I have a Cisco/HP 3020 blade chassis switch that all of a sudden stopped
accepting telnet (because rancid started to fail config checks).
Short of rebooting I'm not sure how to fix. I can login on the console
(using tacacs auth of all things, so IP works) and can ping it. But
telnet gives a
Peter Rathlev wrote:
On Sun, 2008-07-20 at 16:15 -0700, matthew zeier wrote:
I have a Cisco/HP 3020 blade chassis switch that all of a sudden stopped
accepting telnet (because rancid started to fail config checks).
Short of rebooting I'm not sure how to fix. I can login on the console
I keep seeing stuff with a udp src or dst port of 0. Anyone else see
that in the wild?
Michael Smith wrote:
Hey Matt:
From: matthew zeier [EMAIL PROTECTED]
Date: Mon, 30 Jun 2008 13:32:06 -0700
To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Subject: [c-nsp] bcp on edge filtering
haven't made up my mind on that - either the routers directly connecting
to the Internet or closer into my core.
Rogelio wrote:
matthew zeier wrote:
Trying to find a pre-build set of ACLs for filtering bogus inbound
udp, if one already exists, otherwise I'll have to build my own :)
Where
What's the magic to getting an EAP SSL cert (WLCs using RADIUS for WPA
Enterprise) to work with machines without getting cert warnings?
I've used a self-signed one and got unknown root errors (expected) and
took a GeoTrust cert off a webserver and got unknown trust settings in
OSX. In either
GeoTrust is a well known root CA and I don't get prompts going to
websites signed by them. I do, however, if I use the same cert for
RADIUS. The error is unknown trust setting.
[EMAIL PROTECTED] wrote:
Hi,
What's the magic to getting an EAP SSL cert (WLCs using RADIUS for WPA
Enterprise)
I have an ISR with two WLC cards bridged to a wired network. Seems
certain broadcast traffic isn't getting bridged.
A simple example is with iTunes Users on wired can only see other wired
iTunes libraries. Wifi users can only see wifi users.
I see the same issue with other Apple services
Revelant config @ http://mrz.pastebin.mozilla.org/404065
Mario Spinthiras wrote:
can you please post your configuration?
--
Warm Regards,
Mario A. Spinthiras
Nicosia , Cyprus
Blog: http://www.spinthiras.net
Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Skype: smario125
So that's a good point.
Would storm-control have helped any here with sufficiently low values as
to not overwhelm the entire network? Would that be on the port-channel
or the member interfaces (or both)?
Mateusz B?aszczyk wrote:
As Fredrik said running channel-group on could be very
On Mar 19, 2008, at 5:18 PM, Lincoln Dale wrote:
Hi Matthew,
not a specific diagnosis to your problem, but i think this is a bit
of a warning here:
matthew zeier wrote:
Felt like a broadcast storm or even a spanning-tree loop but I'd be
surprised if it was the latter and the upstream
Trying to setup a VTI IPSEC VPN between a 3845 and an 1841. The 3845
has a couple vpns already up and working, one of which is a VTI to a 2800.
The log just spits out:
CRYPTO-3-IKMP_QUERY_KEY : Querying key pair failed.
Cisco says -
Explanation: A public key or private key query attempt
Fix was:
crypto isakmp policy 20
authentication pre-share
group 2
Which enables the negotiation using pre share keys. If not the default
on the router is to use certificates.
matthew zeier wrote:
Trying to setup a VTI IPSEC VPN between a 3845 and an 1841. The 3845
has a couple vpns
I must have different code or this box works different.
I don't have anything like:
dot11 ssid ssid
mozca-gw01(config)#dot11 ?
aaa Authentication, Authorization, and Accounting
activity-timeout Activity timeout for device classes
arp-cache Enable DOT11 ARP cache
I'm not finding Cisco's docs on setting up two SSIDs, one with WEP and
one with WPA Enterprise (with an external RADIUS server), helpful.
Does anyone have a sample config I can use as an example?
My guest SSID is 40bit WEP. My inside SSID is WPA Enterprise off an
external RADIUS.
3. The ServerTech serial console stuff is pretty lame. We are using
Lantronix SLC now, which are much better (SSH support, multiple logins,
log console output to NFS, dual ethernet ports).
I totally agree with that, plus the SLC's dual ethernet and
iptables-like firewall make it easy to
I have gear in Amsterdam and in San Jose. Pushing log files from
Amsterdam to San Jose through rsync seems to top out at 7Mbps even
though the box doing the push is pushing much more out to the Internet.
If I run several rsync's it goes quicker so I know I have the bandwidth.
What's
Before I go crying to TAC, I'll try here first -
I upgraded a 3845 to 12.4(17.8)T and ever since folks using PPTP
complain that they can't connect to outside PPTP servers.
I don't think I'm doing anything esoteric - I have an inbound ACL with a
default 'deny ip any any log', ip inspect on,
I'm doing NAT too... PPTP uses GRE? Can I get that to work with NAT?
matthew zeier wrote:
Before I go crying to TAC, I'll try here first -
I upgraded a 3845 to 12.4(17.8)T and ever since folks using PPTP
complain that they can't connect to outside PPTP servers.
I don't think I'm doing
I made need a (cost effective) bgp-capable router for a remote
deployment which would only need to announce -1- route and take in a
default route from -1- provider. Also needs to push 100Mbps of traffic.
A 3750 (EMI) can do this fine, right?
Otherwise, what else would I be looking at, a
I want to make sure voip traffic has at least a guaranteed bandwidth
level at all times (on a 3845). All voip traffic is within a seperate /24.
Can someone shoot me a sample config that would do something like that?
I don't have my MCQ notes anywhere near me...
Phil Bedard wrote:
What platform are you using? The 6500/7600 w/SUP720 can do per-user
microflow policing, which would probably accomplish what you are
after. As for the router type platforms like the 7200/GSR I'm not
aware of any such feature outside of dial profiles.
3845 so I'm
On Sep 13, 2007, at 9:29 AM, matthew zeier wrote:
Phil Bedard wrote:
What platform are you using? The 6500/7600 w/SUP720 can do per-user
microflow policing, which would probably accomplish what you are
after. As for the router type platforms like the 7200/GSR I'm not
aware of any
Is there some QOS magic to limit each host behind an interface to a max
bandwidth? Something such that no particular user could use more than
5Mbps ?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
I have a remote office in China that wants to split traffic such that
domestic routes go out in the clear to the provider and all other
traffic (or essentially, the default route) goes out across an IPSEC tunnel.
I'm not clear on how to make the latter work - do I specific a default
route
My growing iphone user base is complaining that they have to continue to
re-web-auth more frequently than the session timeout (1 day).
It seems that when the phone sleeps, it disassociates and
de-authenticates with the WLC forcing users to have to re-authenticate.
I can duplicate this with
What's the recommended way to setup two WLCs in a single chassis? I can't
seem to put wlan-controller 1/0 and 2/0 on the same network but I don't know
if that's true for the ap-manager and management interfaces.
And the aside from trying to figure out mobility groups, I'm not sure how I
get
Any best practice ideas on using ipv6 autoconfig on firewall interfaces
vs. static assignments?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
Anyone have experience with a working fwsm v6 setup? I have a couple v4
hosts behind the fwsm that I want to v6 enable.
Can I just enable v6 on the inside outside interfaces and it'll just
work (with the right access-list)?
___
cisco-nsp mailing
Having problems figuring out what I need to configure on a Cisco router
to make it a 6to4 relay. Any pointers?
I plan on anycasting 192.88.99.0/24 from this router.
thanks.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
/products_configuratio
n_guide_chapter09186a00801d6604.html#wp1048589
--
http://dcp.dcptech.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of matthew zeier
Sent: Tuesday, June 05, 2007 10:37 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] 6to4 relay
David Prall wrote:
In a 6to4 auto tunnel, you use 2002:192 88:99 1::1/16 as your address. Where
the IPv4 address is converted to Hex. I'm not sure you should anycast the
address, since this address is typically used as your BGP next hop. Might
load balance it with sticky, only need an IPv4
What's the difference between an ipv6ip tunnel and a gre tunnel?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
messages nor respond to router
solicitation messages otherwise.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of matthew zeier
Sent: Tuesday, May 22, 2007 1:05 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ipv6 autoconfig linux
I must be missing
I have a 3845 running 12.4(9)T1 (advipservicesk9-mz if it matters) and
am trying to get ipv6 running on a bvi:
interface BVI2
ip address 10.250.2.254 255.255.255.0
ip access-group into-corp out
ip nat inside
ip inspect Inside in
ip virtual-reassembly
ipv6 address
Anyone know the snmp oid to clear arp on an IOS router?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
46 matches
Mail list logo