On (2007-12-18 22:51 +0100), Blake Willis wrote:
Hi Blake,
Baseline is usually around 5% or less. The vast majority of it is
usually IPSec AH, which I can understand why the PFC can't forward needs to
Is the IPSec being terminated to the box itself? If it's just passing
through, it
Hi!
Can someone tell me, which performance impact I have, when I activate
an acl on an interface ? Is there a sheet or something like that, where
I can read that information ? How do the 6500/7600 series do that ?
I mean, do they handle the acls in hardware too, or is it done by the
software ?
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:cisco-nsp-
[EMAIL PROTECTED] De la part de Ahmad Cheikh Moussa
Envoyé : mercredi 19 décembre 2007 09:54
À : cisco-nsp@puck.nether.net
Objet : [c-nsp] access-list performance impact
Hi!
Can someone tell me, which performance
Hi Guys,
Thanks for the links. They are really good.
Is there a document for a 7200VXR Series ?
The access-list should only be used for packet filtering
on an interface. An extended access-list will be used.
Regards,
Ahmad
--
Ahmad Cheikh-Moussa
ISP-Technik
NetUSE AG
Dr.-Hell-Straße,
On Tue, Dec 18, 2007 at 09:01:50PM -0500, Tuc at T-B-O-H.NET wrote:
I'm basically looking for something I can run on Unix and
give me a curses view of IPs I give it to ping at the same time.
You could use Mon:
http://mon.wiki.kernel.org/index.php/Main_Page
(Info deleted for
On (2007-12-19 08:58 -0500), Phil Bedard wrote:
match-all works, but I don't think you can use it with multiple match
clauses. I've only ever really used match-all and it works fine for CoPP
on the Sup720/RSP720. The hardware counters certainly increment, and CoPP
blocks bad traffic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Application Inspection Vulnerability in Cisco
Firewall Services Module
Advisory ID: cisco-sa-20071219-fwsm
Revision 1.0
Last Updated 2007 December 19 1600 UTC (GMT)
For Public Release 2007
Howdy.
We have a 6509 which has two Sup720s for whatever reason when we began using
the 6500 we decided to use the Gig-E connections on the Supervisor 720 as the
uplink for the switch to the rest of the network, it has worked fine. We
noticed that we had both of the uplinks to
On Dec 19, 2007 12:19 PM, Drew Weaver [EMAIL PROTECTED] wrote:
Howdy.
snip
My question is
Are you not able to use the interfaces on a standby Supervisor 720 if
you are in SSO mode?
Thanks,
-Drew
There should be no problem with this. I've used all 4 ports at the
You can't do this by using pooling or interval based monitoring system. You
need to work on syslog or event based traps. I believe that your equipment
at both end is Cisco.
You must track reachable IPs and generate syslog or event traps if the next
hope or whatever IP is unreachable. Here is an
Except for on the 4500 platform, which has some restrictions. But for the
6500's you should be fine to use all of them on any module, including
redundant SUPs. You probably have a bad port, bad optics, or bad patch
cable.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
did you check hping?
El mar, 18-12-2007 a las 21:01 -0500, Tuc at T-B-O-H.NET escribió:
Tuc at T-B-O-H.NET wrote:
Problem we have is a small wireless network is basically flat, not
networked. There are 10 pieces of equipment between 2 machines. However,
they are both on the same
Hello,
I know this aint necessarily cisco stuff, but please help me out.
I've been having persistent problems with spam in my network. Email users
(from my CEO to everyone) are complaining each day about the spam.
We use Exchange server 2003.
I should be glad that you share with me on how you
BARRACUDA.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Felix Nkansah
Sent: Wednesday, December 19, 2007 2:13 PM
To: groupstudy; cisco-nsp@puck.nether.net
Subject: [c-nsp] OT: How do you fight spam in your enterprise? I need
help
Hello,
I know this
Steve Bertrand wrote:
Bob Fronk wrote:
BARRACUDA.
Seconded.
Which has the ability to create spam, but just not for the people who
bought it, thus creating the illusion of making the world a better
place. If you choose to use one, please don't spam the rest of us with
its NDR's and other
Yes, use the same group number on the two (or more) routers that will be
participating for a particular VLAN / subinterface. However, on an
individual router you must use different group numbers for the different
VLANs / subinterfaces. Technically you shouldn't have to; it's just a
limitation on
Thanks for your answer Fred.
So let me see if I understand everything correctly.
The steps are...
- configure 802.1q subinterfaces as usual in the routers
- configure glbp over those interfaces using the same group id for the
subinterfaces in the same vlan.
Is that correct?
El mar, 18-12-2007 a
On Wed, Dec 19, 2007 at 08:41:04AM +0100, Ahmad Cheikh Moussa wrote:
Hi Rodney,
Rodney Dunn schrieb:
It's a bug.
Looks like:
CSCsi93916
Externally found severe defect: Open (O)
Alignment Error/ Traceback with IP NAT.
that isn't fixed yet.
Do you know, when it will be
It's always best to get the console logs of both active and standby
for a cold reboot and see what is going on.
All the things folks have mentioned are good too.
On Wed, Dec 19, 2007 at 12:19:57AM -0500, Andy Dills wrote:
On Tue, 18 Dec 2007, neal rauhauser wrote:
Can anyone comment on RSP
Hi,
On Wed, Dec 19, 2007 at 07:13:04PM +, Felix Nkansah wrote:
I know this aint necessarily cisco stuff, but please help me out.
Well, since you're asking on a Cisco list, Ironport of course...
But really - this is not the generic there are experts here, ask anything
list. Otherwise the
+1
We run a Barracuda 400 in front of our Exchange server and see
essentially nothing in the way of SPAM. The price point on their
hardware is great, updates are frequent and reflect community demand,
and their support is better than most. To say it's 98% effective would
be low-balling :)
On Wed, Dec 19, 2007 at 02:40:26PM +0100, Ahmad Cheikh Moussa wrote:
Hi Guys,
Thanks for the links. They are really good.
Is there a document for a 7200VXR Series ?
The access-list should only be used for packet filtering
on an interface. An extended access-list will be used.
Not really
On Dec 19, 2007, at 1:13 PM, Felix Nkansah wrote:
Please share your experiences with me.
There's a new list for people who run email services--mainly ISP
oriented, but I don't see why a large enterprise couldn't benefit.
Just be warned--Exchange and Barracuda are not well thought of on the
Well,
Thanks to everyone who replied and helped me out on this.
I re-did it the way Anamari suggested and they are all working the way they
should be.
Both Vlans give out their respective DHCP leases as they should and now my
7921's register correctly.
I deployed 6 AP's today covering 3 separate
Hi,
We've been adding clients onto ATT's OPTEMAN Ethernet service running
12.2.33 SRB and looking at the physical interface stats there are quite a few
giants:
5 minute output rate 10862 bits/sec, 12609 packets/sec
11534799216 packets input, 2729015090593 bytes, 0 no buffer
Any update to the current estimate?
Thanks
Chris
Rodney Dunn wrote:
Estimate (always subject change) 11/23/07.
Rodney
On Mon, Oct 22, 2007 at 02:32:43PM +0100, Ian MacKinnon wrote:
Anybody heard of an SXH1 release date yet?
The date on the current release notes keeps updating with no
Hi,
Does anyone know how many PBRs can I configure in a router series 7500?
Thanks
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
All I want for Christmas is SXH1.
What are the odds?
I theory that would give us enough time to go to the lab and test before
upgrading.
We could then do a bulk upgrade on new year's morning while the rest of the
world sleeps :).
/me shudders at the thought of 1000 drunk admins rebooting
What I'd really like is one of those nice VS-C6509VE-S72010G bundles
Cisco isn't quite selling yet...
Tim:
On Dec 19, 2007 8:08 PM, mack [EMAIL PROTECTED] wrote:
All I want for Christmas is SXH1.
What are the odds?
I theory that would give us enough time to go to the lab and test before
Hi Tuc,
Not a perfect solution... you can open multiple xterm and each
fire up a mtr to one of the IPs you are interested. mtr has an
option (-f? I don't remember exactly) allow you to specify hop n
to start your ping.
Min
On Dec 18, 2007 11:29 PM, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
You could buy appliances from Cisco Ironport. I heard that the
largest ISP's in the world use it.
Also, You can deploy a linux server with MailScanner + Antivirus +
SpamAssassin as Gateway Antispam (installed IBM - xSeries 366), it
works fine for me. Currently It blocks about 9 spams each
According to Cisco I have to run a Site Survey for deploying a WLAN.
Currently I need deploy it in my enterprise, iluminate several
courtrooms conference in the building, how can I run a good site
survey?. In addition, I have router wireless trednet but it does not
work very well, because the wall
On 20/12/2007, at 4:15 PM, Pablo Almido wrote:
You could buy appliances from Cisco Ironport. I heard that the
largest ISP's in the world use it.
IronPort may be owned by Cisco, but the IronPort appliances are not a
Cisco product.
One of the conditions negotiated by IronPort was that
-Original Message-
From: [EMAIL PROTECTED] [mailto:cisco-nsp-
[EMAIL PROTECTED] On Behalf Of Felix Nkansah
Sent: 19 December 2007 09:13 PM
To: groupstudy; cisco-nsp@puck.nether.net
Subject: [c-nsp] OT: How do you fight spam in your enterprise? I need
help
Hello,
I know this
34 matches
Mail list logo