Peter Rathlev wrote on Tuesday, January 15, 2008 10:18 PM:
On Tue, 2008-01-15 at 19:29 +0100, Oliver Boehmer (oboehmer) wrote:
assuming we're talking about PFC3*, we hash on the underlying IP
header for L3VPN and regular LDP LSPs and on bottom label
otherwise (e.g. L2VPN/EoMPLS). PFC3 can
I've noticed that you cannot specify an interface in address family
configuration mode for a distribute list. I also confirmed this is
specifically stated in the IOS documentation as such.
However, I have a single interface in a VRF instance of EIGRP I need to
filter updates in on, while leaving
Hello
We are in the processes of deploying our first npe-g2 in production and
I wanted to see what the consensus is for a stable ios version.
The router will be used for pppoa termination and will be running mpls
vpn, bgp cbwfq/llq qos.
thanks in advance
Brian
RFC1918 != security, I would ensure all loopback and transfer networks
that do not require public access (other than of course ICMP TTL exceed
messages to be sent from) be filtered at the edge.
Dave.
[EMAIL PROTECTED] wrote:
We tend to design our networks based on an idea outlined somewhat in
If you would have asked me a week ago I would have said 12.2SB but its
been left to stagnate in favour of the SRC release which is a real
shame, I've found a number of bugs recently which are just not
documented properly (and not searchable from either new or old bugtools
since they stop at
We are on 12.2(18)SXE6b (7600-SUP720/MSFC3) . We are installing a SIP-400
and the SPA-1XOC48POS/RPR which based on the release notes requires
12.2(18)SXF10 or higher. Since there is already SXF11 and SXF12 and
SXF12a out already can anyone recommend which version to stay away from or
which
On Wed, 16 Jan 2008, Hank Nussbacher wrote:
We are on 12.2(18)SXE6b (7600-SUP720/MSFC3) . We are installing a SIP-400
and the SPA-1XOC48POS/RPR which based on the release notes requires
12.2(18)SXF10 or higher. Since there is already SXF11 and SXF12 and
SXF12a out already can anyone
On 16.01.2008 10:37:25 +0100, Brian Turnbow wrote:
Hello
We are in the processes of deploying our first npe-g2 in production and
I wanted to see what the consensus is for a stable ios version.
The router will be used for pppoa termination and will be running mpls
vpn, bgp cbwfq/llq qos.
I'd like to rate limit an Ethernet port for all traffic except to and
from certain prefixes. Normally, I do rate limits by applying a
policy-map to an interface, which uses a class-map that matches against
an ip access-list. The is as follows:
ip access-list extended NAMEHERE
permit ip any
I guess ask and I shall receive, since BFD for static route support
was added with SRC.
Phil
On Jan 10, 2008, at 6:39 PM, Rubens Kuhl Jr. wrote:
Is there BFD support for static routes on anything besides
IOS XR?
Is there a timeline for such support?
If we're doing BFD feature
Hi,
I need to build a remote-access vpn solution for my company.
The preference is to use the microsoft windows xp built-in dialup vpn
client, rather than having to install additional software (such as the Cisco
VPN client).
Has anyone deployed this solution for some clients (L2TP/IPSEC)?
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager CTL
Provider Heap Overflow
Document ID: 100345
Advisory ID: cisco-sa-20080116-cucmctl
http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml
Revision 1.0
For Public
Is there a web page for Cisco that will allow me to look up a part
number to find out what model it is?
Right now, I need to find out what a 73-2570-01 is.
Peace... Sridhar
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On Wed, Jan 16, 2008 at 11:22:00AM -0500, Sridhar Ayengar wrote:
Is there a web page for Cisco that will allow me to look up a part
number to find out what model it is?
Right now, I need to find out what a 73-2570-01 is.
Google says
Fast-ethernet (TX-ISL) Port adapter, 1
On Wed Jan 16, 2008 at 11:22:00AM -0500, Sridhar Ayengar wrote:
Right now, I need to find out what a 73-2570-01 is.
Did you try google? Looks like it's a PA-FE-TX
Simon
--
Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration *
Director|* Domain Web Hosting *
The subject says it all. Are these two cards the same thing?
Before anyone tells me to read the archive, I have, and I'm still confused.
Peace... Sridhar
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
I haven't used the L2TP, but have used the PPTP before. Assuming
they've got the same functionality, I believe this is what you'd be
missing by not using the Cisco client:
Ability to display a banner
Ability to do split tunneling (some subnets are reachable over VPN,
everything else doesn't use
Hi Felix,
Why not use the cisco client ?
It's free (as long as you are entitled to the crypto ios at least) and the
configuration and maintenace is going to be much easier than with windows in
the long run.
There is a technote on configuring l2tp ipsec between windows and ios
On Wed, 16 Jan 2008, Sridhar Ayengar wrote:
The subject says it all. Are these two cards the same thing?
The PA-2SFEISL-TX was just talked about on cisco-nsp last night.
A search on CCO for PA-2FE-TX-ISL returns no results, so I suspect this
is a misnomer.
jms
MPLS path seems good end-to-end - 'no mpls ip propagate-ttl local' shows
the traceroute drop to one hop, both endpoints show the two core routers
as LDP neighbors, both sides have 'send-community extended' on the BGP
neighbor sessions, receive ACLs have been opened. 'sh ip ro vrf name'
Also show mls cef vrf vrf is your friend for this kind of thing
Pete Templin wrote:
Greetings,
I'm working on our first foray into the Sup720-3BXL world, and ran into
a wall trying to transfer an MPLS VPN onto the box. Can anyone provide
some pointers on where to look and what to fix?
On Wed, Jan 16, 2008 at 05:52:39PM +, David Freedman wrote:
MPLS path seems good end-to-end - 'no mpls ip propagate-ttl local' shows
the traceroute drop to one hop, both endpoints show the two core routers
as LDP neighbors, both sides have 'send-community extended' on the BGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I thought tunnel recirculation was added automagically now when the box
boots if it thinks its gonna have a problem based on h/w config?
Dave.
Jared Mauch wrote:
| On Wed, Jan 16, 2008 at 05:52:39PM +, David Freedman wrote:
|
| MPLS path seems
Anybody know of an open-source tool that can be installed in a data
center, monitor TCP sessions via packet capture, and determine end user
response times? Without any need to instrument client hosts.
Something like NetQoS' Super Agent (which is very cool, but pricey)
Thanks,
Joe
Hank,
As usual, this is a good pointer to start from:
http://www.cisco.com/go/safeharbor/
Right now SXF11 is certified, and SXF12 is undergoing testing, and is
planned to complete the test cycle by late February.
Arie
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I don't know if it works with VRF's but one hack could be to create
a second unique AS eigrp process for that interface(network). Use that
AS for
it's remote router. You can then redistribute between the two and
filter accordingly.
-Rich
-Message: 2
Date: Wed, 16 Jan 2008 01:10:50 -0800
Brian,
I would suggest you try out 12.2(31)SB10 (SB11 should come out sometime
soon).
It should be the best software which supports this HW and used for
broadband aggregation.
You should be able to get at least a couple of more rebuilds for this
train for the next couple of months. In longer
You wouldn't have close to a full BGP table on that router...would you?
On Wed, 16 Jan 2008, Patrick J Greene wrote:
The CPU just started spiking on my Cat6509 running 12.2(18)SXF9 IP Services.
The process ios-base is running at 99%. What could this be. I can't find
anything on Google or
Anyone out there running a single cloud DMVPN with resiliency? dual
hubs...maybe dual spokes?
What's the advantages of a single cloud versus a dual cloud?
Thanks.
-lmn
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Hi Luan,
I've built a dual hub DMVPN before, and it worked like a champ. In my case,
the two hub sites were ~15 miles apart, so there was good back-end
connectivity. I had dual spoke routers at about 15 remote sites, so there were
under 40 routers involved total.
If you think of the
Your running Modular Code (IOS-BASE)
The one tunnel per source address is in order to make it so that the
tunnel's are hardware processed. It isn't a bug, but rather a limitation of
the hardware. Unless a VPNSM or VPN-SPA is installed, where the tunnels are
then offloaded to the the crypto
The CPU savings of a G2 over predecessors has been previously discussed and
is in the archives:
http://puck.nether.net/pipermail/cisco-nsp/2007-April/03.html
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wilhelm Farrugia
Sent: Wednesday,
On Wed, 16 Jan 2008, Mike Louis wrote:
I am a cisco guy by heart but I have been tasked with working with
extreme recently. Does anyone know how to configure policy based routing
on an ExtremeWare 7.6.6 6608 switch? I can't find anything in their
configuration guides that states how to do
Tristan Gulyas wrote:
They will need 4 FE interfaces in total, one connecting to a peering
network, one to their primary link and two links to two colocation server
rack switches.
If you just need Ethernet routing and no BGP + full tables, etc, why not
just look at an L3 switch, ie: 3550,
Hello all.
We are trying to find a clever, scalable way to police
customer upstream traffic (inbound into PE router from the
CE router) if the destination is to a specific set of
prefixes behind one or more routers.
Matching an ACL that defines destination prefixes is not an
option as the
Agree. We've got a 2821 pushing about 15 mbit total between 2 upstream
links and a link internal. Doing NBAR, 2 full views, heavy QOS, and
NetFlow export. CPU average stays under 10%, peaks under 30%. Expect
2x better if no NBAR is required on your end.
Chuck
-Original Message-
On Wed, 16 Jan 2008, Patrick J Greene wrote:
Nope...none.
Well I opened a case with TAC and apparently it is a bug. We have about
30 tunnel interfaces all using the same source interface. TAC says to
create a separate loopback interface as the source for each Tunnel to
work around the
Hi Kaj,
a) Sysopt connection permit-ipsec is enabled by default.
b) There is a return route on remote site end
c) tried sysopt connection tcpmss with no luck.
d) packet tracer shows that the traffic is allowed but doesn't show return
traffic for the same TCP connection.. (where the problem is)
Looks like we found what we were looking for:
- QPPB
Cheers,
Mark.
-- Forwarded Message --
Subject: QoS Policing Upstream
Date: Thursday 17 January 2008 11:45
From: Mark Tinka [EMAIL PROTECTED]
To: cisco-nsp@puck.nether.net
Hello all.
We are trying to find a clever,
HI,
Thanks to you all for your replies.
Would take your suggestions.
Regards,
Felix
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
40 matches
Mail list logo