Should I be worried about these?, do these come from the line?, the PA?
the PCI bus? , I can't tell, all normal show interface counters are clean
#sh int Se6/0.1/1/2/3:0 controller | in FCS
PCI system errors 0, PCI parity errors 0 Rx FCS errors 1065313702
#sh int Se6/0.1/1/2/3:0 controller
I have crafted and applied some rules which I thought would
prioritize traffic from an 871w (via ADSL) to one specific
host. The idea is that any traffic destined to this host
should be prioritized over all other traffic.
What is your upstream connection? If you're using PPPoE, you won't
Exactly true ... That would be my next answer :)
However, the problem is that it's somewhat hard to estimate what the shaping
bandwidth should be in DSL environments (you have the cell tax on top of
PPPoE plus unknown amount of oversubscription in the SP network) if you want
to squeeze as much
Hi
I need to get chespest cisco router to learn VPN vlan tcsh
Could you suggest model?
Thank you
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
I'd recommend getting a Cisco 2651xm with a cisco WS-C3550-24-EMI switch off of
ebay. Be patience and you can get both for about $500-$600.
The router will need 256MB of RAM and at least 48MB of Flash if you want to run
the latest 12.4T ios. For the switch, you want 64MB of ram and 16MB of
Hi,
you should use hierarchical QoS. First of all you should shape the
output traffic down to the upstream speed, then you can use the llq inside
the shaped class:
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800b2d29.shtml
BR, A.
On Tue, 24 Mar 2009, Ivan
On Tue, March 24, 2009 12:12 pm, Ivan Pepelnjak wrote:
What is your upstream connection? If you're using PPPoE, you won't be able
to do any output queuing, as the outbound LAN interface is never saturated
(the bottleneck is experienced by the DSL modem).
If you know what your upstream
Hey all,
I am wondering if it is possible to use a 827, 828, 837, 877, 878, 888 as a
bridge modem?
What I want to do is have a router like an 1811, with say 5 xDSL devices which
hold their connection up, but the 1811 does the Dialer part, so they can be
multi-linked, or other load balancing.
Skeeve,
I am wondering if it is possible to use a 827, 828, 837, 877, 878, 888 as a
bridge modem?
What I want to do is have a router like an 1811, with say 5 xDSL devices
which hold their connection up, but the 1811 does the Dialer part, so they
can be multi-linked, or other load
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a008071a78c.shtml
Run each of the 5 routers into separate interfaces (or subinterfaces) on
the 1811, config it as a PPPoE client on each interface and then do
MLPPP across the dialers.
Rich.
Skeeve Stevens
It's possible, but as Matheusz said, it would be too expensive to use Cisco
router as a modem
You lose every advantage you have on the router, also the possibility to remote
manage it, you can only control it via console/aux.
You can configure the ATM (DSL) interface to match your needs, and
First, thanks to those who pointed out my (should have been obvious)
error where I named the access-list qos1 but then tried to reference it
with al-qos1. When you're looking for a big problem it's easy to
overlook the obvious.
On Tue, 2009-03-24 at 12:56 +, Tim Franklin wrote:
On Tue, March
Hello list,
I have a small network with four 3640s. Each router has 128/32MB ram, and a
single FE interface connected to a catalyst 2924. Two of the routers are
running BGP, each with a session to a (single) other provider, and a session
between themselves. These are not carrying full tables. All
How is it too expensive? If you are doing DSL1, 827/837's, even SOHO87 can be
had for a few $$$
...Skeeve
--
Skeeve Stevens, CEO/Technical Director
eintellego Pty Ltd - The Networking Specialists
ske...@eintellego.net / www.eintellego.net
Phone: 1300 753 383, Fax: (+612) 8572 9954
Cell +61
A cisco router, even a SOHO97 is still more expensive than any little simple
DSL modem, isn't it?
Anyway, shouldn't you get a modem from your DLS provider?
But if you can spare a 827 or a SOHO then go for it, it will work good, that we
can be sure, and you can still get the added value of
I have read that multiple match lines in a route-map are treated with AND
logic.
But this scenario here does not do AND, but OR:
route-map IX-TEST-OUT permit 10
match community PREPEND-1-PEERING
match community PEERING-OUT
set as-path prepend 65001
route-map IX-TEST-OUT permit 20
match
That 12.4(3) IOS is pretty old. Trying a newer one might help, as
you're vulnerable to many things. It's possible there are bugs you're
hitting that are affecting performance. If you could consolidate some
things, that may help. You're matching RTP, but also matching packet
length, that might
Hello All:
I just want to make sure I haven't lost my mind. I logged into CCO looking for
12.0S images for the GRP and all I see is PRP images. Has Cisco stopped
supplying images for the GRP-based GSR's?
Regards,
Mike
--
Michael K. Smith - CISSP, GISP
Chief Technical Officer - Adhost
Hi all!
I need some help!
Can somebody give me a curriculum or e-book, or link for MARS, CSA, IDS,
IPS.
I want to learn about them, but I can't find materials.
config guides, 'howto's, e-learning materials, e-book web pages...
everything can be good.
thank you
Gabor
On Tue, Mar 24, 2009 at 08:59:17AM -0700, Michael K. Smith - Adhost wrote:
Hello All:
I just want to make sure I haven't lost my mind. I logged into CCO looking
for 12.0S images for the GRP and all I see is PRP images. Has Cisco stopped
supplying images for the GRP-based GSR's?
On Tue, 24 Mar 2009, Brandon Ewing wrote:
Note that 12.0(32)S12 contains the 4-byte ASN problems discussed here
and on NANOG, so 12.0(32)S11 is your best bet.
As far as I have heard, most people are at 12.0(32)SY, which is (I would
say) a better bet.
I've also been told there will be no
Andy,
Try using policy-list which don't get merged like community-lists...
ip policy-list PERMIT200 permit
match community 2
!
ip policy-list PERMIT100 permit
match community 1
!
ip community-list 1 permit 123:100
ip community-list 2 permit 123:200
!
!
!
route-map OUT permit 10
match
I have a Sprint MPLS cloud for which they extend the VRF configs down to
the CE. I am in the middle of divesting a section of these MPLS
routers/subnets off of the main cloud and onto their own VRFs. I
essentially want to start by making a handfull of the sites, change
their default route for
Robert Johnson wrote:
Hello list,
I have a small network with four 3640s. Each router has 128/32MB ram, and a
single FE interface connected to a catalyst 2924. Two of the routers are
running BGP, each with a session to a (single) other provider, and a session
between themselves. These are not
Hi,
I am familiar with auto rollover of CA certificates but is there also a way to
do an automatic rollover for pre-shared keys?
I am looking to do this in a still to be deployed DMVPN environment and
security people would like a policy to change the keys periodically.
Kind regards
Nasir
Hi Mike,
Actually I need both conditions set, because the community-list
PREPEND-X-PEERING may contain prefixes that we don't want to announce to our
peerings, that is why I was looking for some sort of AND logic here.
A real-life example with ASN 1234 would be:
Customer sends us three
That does sound correct, I will schedule some testing time, thanks for
your input!
David Freedman wrote:
Chris, the key thing here are the vrf address-families
address-family ipv4 vrf -Voice e.g
Imagine these like the equivalent of the normal ipv4 address-family, but
for each VRF
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note0918
6a00800b2d29.shtml
Basically, the virtual interfaces do not implement the
back-pressure algorithm necessary to signal that excess
packets should be queued by the Layer 3 (L3) queueing system.
Ok, so I'm going to
Also take a look at flow-tools / FlowViewer. Uses netflow and keeps up to
three years based on filtering by AS, combination AS's, exclusion of AS's
etc. Open-source.
http://ensight.eos.nasa.gov/FlowViewer/
Joe
Jeff Crowe lista...@genhex.net
Sent by: cisco-nsp-boun...@puck.nether.net
Hi.
So just a final question, would the solution have worked if it was on a
regular interface? I just want to make sure I had the right idea.
Yes, in this case the ATM-interface where the PVC lives. But the PVC
must be something else than the default ubr class of service. The U
in UBR stands
Hi
As far as I have heard, most people are at 12.0(32)SY, which is (I would
say) a better bet.
If you have Eng5 LC's and is doing MPLS-VPNs there is a bug
(CSCsq83540) potentially killing 0.0.0.0/0 in VRFs. Affected are
basically everything upto 32S11, 32SY6 and 33S1. 32S12, 32SY7/8 and
33S2
On Tue, 2009-03-24 at 13:29 +0100, BALLA Attila wrote:
Hi,
you should use hierarchical QoS. First of all you should shape the
output traffic down to the upstream speed, then you can use the llq inside
the shaped class:
Is anyone doing anything like this in a Catalyst 6500? I'm running a
sup 720 with ios 12.2(33)SXH4. I have a bad user that I need to block,
regardless of where or how they connect to the lan. I hoped that by
blocking their mac address, where-ever it may appear, I might be able to
accomplish
Thank you to Ian who replied off list with an example of an
unproblematic implementation of exactly this. I'm more calm now. :-)
On Mon, 2009-03-23 at 19:09 -0400, Jeff Kell wrote:
AFAIK, etherchannel will select one physical path per flow (based on
src/dst ip/mac), so there is no out-of-order
You can just do
mac-address-table static 0016.6f99.9e61 vlan 3030 drop.
Schilling
On Tue, Mar 24, 2009 at 3:42 PM, Rick Coloccia coloc...@geneseo.edu wrote:
Is anyone doing anything like this in a Catalyst 6500? I'm running a sup
720 with ios 12.2(33)SXH4. I have a bad user that I need to
oh, thank you, I see how direct and precise this is, and if I wanted to
drop the person in several vlans, I assume I could do
mac-address-table static 0016.6f99.9e61 vlan 3030 drop
mac-address-table static 0016.6f99.9e61 vlan 3010 drop
mac-address-table static 0016.6f99.9e61 vlan 3020 drop
On Sun, Mar 15, 2009 at 10:54 AM, Drew Weaver drew.wea...@thenap.comwrote:
Does anyone here have any real world experience with Cisco Guard or other
products such as Arbor's Peakflow that they can share?
If you've tried multiple systems and ended up with a specific one, please
share the
On Mon, 2009-03-23 at 23:50 +0100, zarenks wrote:
I wonder if anyone had experienced the problem I have noticed with
dynamic routing (BGP) running over IPSec link.
...
I decide to use VTI (Virtual Tunnel Interface) configuration instead
of IPSec+GRE to support dynamic routing.
Untill I use
I would defiantly check out http://onesc.net/communities/ it lists communities
of major providers. You can see if your ISP_2 is on there and supports
modifying the LOCAL_PREF with communities. That happened to me before where one
ISP was setting a higher preference for a path with longer AS.
On Tue, 2009-03-24 at 14:39 -0500, John Lange wrote:
I followed the examples on that page but I'm not having any luck. As
far as I can tell the queue is dropping at least some packets that it
should be prioritizing (look for 582 below).
...
policy-map parent_shaping
class class-default
Hi,
We're considering getting some ASR (1004 and 1006) as peering routers.
I would like to know what sort of experience you had with them.
What are the advantages of running the 'modular' IOS XE? We tried the
'modular' software on 6500 and we ran into some issues that we didn't
have on the
Hi.
Which direction are you trying to prioritize? In the first post the
policy were on the Dialer0-interface (traffic from LAN towards DSL),
but in the last post it's on the Fa4-interface (traffic from DSL
towards LAN).
I assume it's the first one because there is less point shaping when
going
Hi,
Thank you for the off-list replies. I've read some more documentation
regarding the ASRs and I'm a bit unsure what the advantages of running
a sub-packaged image are. According to the Cisco website:
Individual sub-package upgrades are atypical on the Cisco ASR 1000
Series Routers, because
Hi All,
Two questions...
1/ We have a 200mb link between two POPS that is being congested in the
evening. Congestion is happening on the outbound direction from POP2 to
POP1, so from a user's perspective in GROUP1 it would be impacting their
download.
[GROUP1] -- [ POP1] -- [POP2] -- [HOSTED
Hi Andy,
On Wed, 2009-03-25 at 11:15 +1100, Andy Saykao wrote:
1/ We have a 200mb link between two POPS that is being congested in the
evening. Congestion is happening on the outbound direction from POP2 to
POP1, so from a user's perspective in GROUP1 it would be impacting their
download.
Hi Peter,
Thanks for the detailed reply. I forgot to include the router platforms
we are using for this.
[GROUP1] -- [ POP1] -- [POP2] -- [HOSTED SERVICES + INTERNET]
POP1 = Cisco 7204VXR (NPE-G1) GigE Interface running 12.2(31)SB13
POP2 = Cisco 7606 with 4-subslot SPA Interface (7600-SIP-400)
Good Afternoon,
I’m in the process of setting up a proof of concept on our network for the
Cisco Guard and Detector. I had them up and running for a small /28 test
zone (I’ve attached configs and diagrams) However, in thinking through fully
implementing this into production, I realized that I
Hey all, I was just going to download the latest IOS for a Cisco 877 and below
is the current list of 800 series routes on the Cisco website.
What caught my eye was the 3 entries for the Cisco 887 (887, 887W, 887SRSTW).
I was like WHAT THE ??!?!?!?
Went to the product pages... nothing
Hello,
Is it possible to use policy-map if the packet goes to specific IP address.
example:
If packet goes to subnet 192.168.0.0/24 then router should use
policy-map 512Kbps.
If packet goes to subnet any then router should use policy-map 256Kbps.
How to do it with PPPoE.
Really
49 matches
Mail list logo
