Your large hotel chain techs sound like a bunch of gumbies, any tech
worth their salt would poll their own equipment and not the providers.
Provider: Lets feed them dummy snmp counters
Customer: hey your billing me for 500gb of traffic!!
Provider: yes.. don't your graphs reflect this? ;)
-Dan
I know that we have come across this a few times. Here is what we have in
place (policy wise) for these kind of customers.
1) If the router is owned by us, the customer does not get the passwords
or SNMP strings. Should the customer want to purchase said router from us,
we are more than happy to
Hi,
On Tue, Jun 03, 2008 at 08:40:42PM -0400, Sridhar Ayengar wrote:
Do you have a written contract that covers any of these issues? If so,
and they indeed still want that kind of access, they will have to accept
your terms. Otherwise you're leaving yourself open to situations where
they
Hello Richey:
-Original Message-
From: [EMAIL PROTECTED] [mailto:cisco-nsp-
[EMAIL PROTECTED] On Behalf Of Richey
Sent: Tuesday, June 03, 2008 4:38 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Giving customers access to your gear.
I've got a customer with a T1. They have
We provide RO snmp views to specific customers, as long as they know which exactly oids they need to
monitor. That way they're limited to specific portions of the snmp mibs.
--
Tassos
Michael K. Smith - Adhost wrote on 4/6/2008 10:13 πμ:
Hello Richey:
-Original Message-
From:
I've always had a problem with the semantics of this, perhaps I need to go back
to highschool? Or perhaps Cisco programmers instead??
When I say this link will have this bandwidth it sounds to me like it's a
dedicated bandwidth that limits the link to the given value.
When I say priority I
On Wed, Jun 4, 2008 at 4:31 AM, Richey [EMAIL PROTECTED] wrote:
Thanks for the replies. I am getting the feeling that after talking to our
sales guy who is dealing with them that they want to second guess everything
I am doing because we are a small ISP and not the big billion dollar a year
On Jun 3, 2008, at 1:23 PM, Skeeve Stevens wrote:
no ip access-list extended FWCUST_XXX_IN
ip access-list extended FWCUST_XXX_IN
remark Inbound Firewall rules for XXX Services
permit tcp any host PROTECTEDSERVER established
permit tcp host ALLOWEDREMOTE host PROTECTEDSERVER eq 3389
permit tcp
Hi,
Could somebody shortly explain or point me to some info about the different
router memory types?
What are transient contiguous largest free, etc? I understand more or
less what they areI've never had a proper explanation for all those concept,
and if I need to explain this to someone I find
There's no way to use established for UDP though, so I can share what works
for me, I call them operational rules because they suit everything I need to
allow that is host initiated/related for its own functionality, of course you
could add some more rules to permit other tcp/udp ports to reach
On Mon, Jun 02, 2008 at 09:34:10PM -0600, Clinton Work wrote:
I think that you need to speak with your service provider. Based upon
the error message it looks like vlan 2412 at site #1 is connected to
vlan 2413 at site #2. There was a post six to 12 months ago on the same
topic and it
All,
We use nfdump/nfsen to gather our flows. The nfcap daemon writes the
flows to 5-minute-window files, the filename being the *start* of the
5-minute window.
If I look at e.g. nfcapd.200806041235 I see the following distribution
of flow *end* times:
732 2008-06-04 12:29
16492
On Jun 4, 2008, at 7:25 AM, Ziv Leyes wrote:
There's no way to use established for UDP though, so I can share
what works for me, I call them operational rules because they suit
everything I need to allow that is host initiated/related for its
own functionality, of course you could add some
Ben Hicks wrote:
Forgive me if I'm missing something but you are looking at the actual
end times of the TCP flows, not the exports (which happen continuously
in chunks anyway). The flows will be reported as they end. So a 30
second connection will be reported once its finished, not at the end
Transient is when you use memory for a brief amount of time and free it back.
Say during a large routing reconvergence event.
Contiguous is in regards to blocks. It means it's a block of memory in adjacent
locations in memory and not fragmented in different spots for the same block
of data.
A flow is exported when :
1) it is inactive for a specific time (default 15 secs)*
2) it is active and has lasted longer than a specific time (default 30 mins)*
3) a TCP flag (FIN/RST?) is received, indicating that the flow is terminated
(*) 6500 uses different timers, if i remember right..
--
That was short and simple enough to understand
Thanks!
Ziv
-Original Message-
From: Rodney Dunn [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2008 3:49 PM
To: Ziv Leyes
Cc: cisco-nsp
Subject: Re: [c-nsp] question about memory
Transient is when you use memory for a brief amount of
Tassos Chatzithomaoglou wrote:
A flow is exported when :
1) it is inactive for a specific time (default 15 secs)*
I don't think that's correct. I think the default is 300 seconds.
2) it is active and has lasted longer than a specific time (default 30
mins)*
Sure; that's not this
3) a TCP
On Wed, Jun 04, 2008 at 12:23:32AM +0300, Ibrahim Abo Zaid wrote:
Hi Oli
I read that @
http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9.html
best regards
--Abo Zaid
On Tue, Jun 3, 2008 at 7:03 PM, Oliver Boehmer (oboehmer)
[EMAIL
Ben Hicks wrote:
From
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html
-The NetFlow cache is constantly filling with flows and software in the
router or switch is searching the cache for flows that have terminated
or expired and
We had a similar problem a time ago. We did some tests with a cisco es20
linecard and eompls services. This card has a feature called
vlan-translation were you can translate one vlan to a other. So we had a
setup like this
|-||---||-|
|2960 |--Vlan
The numbers/reasons given are for software platforms.
This is the default output from a 7200:
7200#sh ip cache flow | i timeout
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
On the 6500, the NDE is a different story, but according to Cisco:
What platform is this on again? If you want to use a Cisco IOS router
as a firewall, why don't you use the firewall features and configure
CBAC?
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
-Original Message-
From: [EMAIL
The provider may not support PVST+ or Rapid PVST+.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, June 04,
Troy wrote in part;
2) If the customer wants to provide a their own router, they may do so
and
eliminate this issue. Basic configs are provided and any support beyond
that is billed at $150 per hour, minimum 1 hour.
What is your routing policy when a customer owns their own router and
The provider doesn't have to support it. In fact, from what the OP said, it
sounds like the provider has enabled control protocol tunneling across his
metro-e cloud. It also sounds like they are using a solution that requires
some form of cross-connect config in the cloud and have cross connected
Is the provider using some kind of 802.1q tunneling to pass your traffic across
its network?
If yes, have they enabled L2PT for STP?
Can you check if STP is working fine (as a single domain) for a single vlan?
Do you see a common root in both edge switches?
Can you provide the config from
On Wed, 4 Jun 2008, Rick Martin wrote:
What is your routing policy when a customer owns their own router and
connects it to your network? In our case we discourage customer owned
routers but we do not totally ban it. Our policy is that we do not share
any dynamic routing protocol with routers
I couldn't make that happen in the lab:
R1_#
*Jun 4 14:40:55.344: NAT*: i: icmp (1.1.1.1, 6) - (2.2.2.2, 6) [25]
*Jun 4 14:40:55.344: NAT*: i: icmp (1.1.1.1, 6) - (2.2.2.2, 6) [25]
*Jun 4 14:40:55.344: NAT*: s=1.1.1.1-192.168.1.1, d=2.2.2.2 [25]
*Jun 4 14:40:55.348: NAT*: i: icmp (1.1.1.1, 6)
Cisco PVST+ / RPVST do integrate the vlan ID into the bridge priority
(bit stealing), but that is a function of MAC reduction to support 4096
VLANs rather than PVST+ proper. MAC reduction will do the same thing
with regular 802.1d BPDU priority values and you can interconnection two
Vlans
Hi,
Any recommendation for docs handling source failure when PIM SSM is
used?
Example:
Source 1.1.1.1, group 239.1.1.1 -R1R2--PC_joined 239.1.1.1
using IGMPv2
R2 has SSM mapping group 239.1.1.1 to sorce 1.1.1.1
I have seem 2 options: Anycast and Prioritycast. Would like to here
On Wed, Jun 04, 2008 at 09:12:33AM -0500, Rick Martin wrote:
[...]
What is your routing policy when a customer owns their own router and
connects it to your network?
We try to stick to the idea that everyone gets s single connection
to us (ethernet, T1, DSL, whatever). We expect a layer 3
Hi,
Should the following work on a 6500 (12.2(18)SXF10):
ip vrf custxxx
rd :110118
import map IMPORT-INTO-CUSTXXX
route-target import yyy:110
route-target export yyy:110
route-map IMPORT-INTO-CUSTXXX permit 10
match extcommunity 110
set weight 100
ip extcommunity-list 110 permit
Original Message
From: Pshem Kowalczyk [EMAIL PROTECTED]
Is there a way to make it work with weight or should I use
something else to influence the decision?
Given that weight won't be communicated between the PE routers, I wouldn't
recommend using it in this case - local_preference
Hello all, we're looking to buy a router on which to run BGP that can
take full BGP routes, I know all Cisco routers (1800 up) with Advanced
IP services IOS will do BGP and I've been told that if we max out the
memory we'll be fine with any router. We're going to need some ports (up
to 24) in this
Richey wrote:
I've got a customer with a T1. They have been bought out by a large hotel
chain. They are pretty much demanding that they have SNMP full read access
to our router that is at their location as well as a copy of the config for
the router. This is not their router, it is ours and
Rick Martin wrote:
What is your routing policy when a customer owns their own router and
connects it to your network? In our case we discourage customer owned
routers but we do not totally ban it. Our policy is that we do not share
any dynamic routing protocol with routers not under our
On Wed, 4 Jun 2008, Rossella Mariotti-Jones wrote:
Hello all, we're looking to buy a router on which to run BGP that can
take full BGP routes, I know all Cisco routers (1800 up) with Advanced
IP services IOS will do BGP and I've been told that if we max out the
memory we'll be fine with any
Hi,
I don't think there's much more than that, any other technology would be
some kind of prioritycast, it's just about how to make one route more
preferable than the other, different metrics, different prefix length etc.
-Original Message-
From: [EMAIL PROTECTED] [mailto:cisco-nsp-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and
Cisco ASA
Document ID: 105444
Advisory ID: cisco-sa-20080604-asa
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml
Revision 1.0
For Public Release 2008 June 04 1600
Richey wrote:
I've got a customer with a T1. They have been bought out by a large hotel
chain. They are pretty much demanding that they have SNMP full read access
to our router that is at their location as well as a copy of the config for
the router. This is not their router, it is ours and
I have a customer who is multihomed to my network. He has RouterX. I have
R1 and R2 connected to his RouterX. My R1 is in AS1 and my R2 is in AS2. I
want to sent him a BGP advertisement in such a way that he always prefers to
use R1.
I cannot use MEDs as the AS numbers of my R1 and R2 are
How do you mean?
On Wed, Jun 4, 2008 at 5:38 PM, Maarten Moerman [EMAIL PROTECTED] wrote:
Hi Gary,
AS-path prepending?
Maarten
--
Sr. Network Engineer | eBay / Marktplaats.nl
Wibautstraat 224 | 1097 DN | Amsterdam
E-mail: [EMAIL PROTECTED] | Mobile: +31 6 55 1 222 47
On 6/4/08 6:35
I assume you mean to prepend AS2 on R2 so that RouterX receives the path
AS2, AS2, from R2, therefore making the path seem longer and following the
normal BGP algorithm.
Is this what you meant?
On Wed, Jun 4, 2008 at 5:38 PM, Maarten Moerman [EMAIL PROTECTED] wrote:
Hi Gary,
AS-path
folks,
at $WORK we use 7301s as border routers at our sites. recently,
we've seen an uptick in cpu. it's too difficult to isolate the change
that was made, but it's our belief that some feature or option has caused
a majority of packets to be run through the processor as opposed to
through
Any recommendations on a version of IP advanced services (i.e. without
memory leaks)?
Thanks in advance,
Deepak
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
It Is supported on ios and it runs ios code
Sent from my iPhone
On Jun 4, 2008, at 4:02 PM, Asbjorn Hojmark - Lists
[EMAIL PROTECTED] wrote:
My question is basically, can the WS-X6608-T1 support
traditional data T1's?
No. It's a dedicated voice gateway for Call Manager.
Does it require
Hi Gary,
you can use bgp always-compare-med.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094925.shtml
Regards,
Diogo
On Wed, Jun 4, 2008 at 1:35 PM, Gary Roberton [EMAIL PROTECTED]
wrote:
I have a customer who is multihomed to my network. He has RouterX. I have
You're thinking of the CMM, not the 6608. It is not supported in Native
IOS. It must run on a box running Hybrid - CatOS on the SP and IOS on
the RP.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
-Original Message-
From:
Hi,
Does anyone has experience with MPLS-TE interoperability between IOS
(specifically ME6500, but it's probably like any other 12.2SX IOS) and
JUNOS (recent/stable/good-for-service-providers version) ?
I was wondering about 2 cenarios in particular:
1) JUNOS as head-end or tail-end, but not
Hi All,
I'm after the information on conventional floating point operation per
second (FLOPS) of Cisco Routers, let say mid-range to
enterprise models. Pointer to detailed documents will be appreciated
greatly.
Greetings,
Mehmet Suzen
___
cisco-nsp
Hi,
Can someone explain the role of the reflector port when configuring an
rspan session on a 2950 switch?
Does the port need to be up?
From what I can work out from the doco the port is put into a loopback
state so no device connected to it will pass any packets.
I have a remote switch, 70
Hi List,
Apologies. Off-topic [probably not even one of BCPs], but, I'll push my
luck anyways.
What are gotcha's of implementing a broadcast network on provider
customer edge?
Your thoughts please.
Thanks,
Roy
___
cisco-nsp mailing list
Hi,
I've been offered some cheap 6509's with the following kit (this is all
the info I have at the moment on them)
WS-C6509 Chassis 9 Slots
Dual Redundant AC Power Maximum Uptime
Supervisor 2 Engine with PFC2 and MSFC2 Dual Gig Uplink Port MultiLayer
96 10/100 Fast Ethernet Switching Ports
8
Is it possible to configure to configure RFC 1948 sequence number
generation on a Cisco ASA 5505 firewall? A recent nmap port scan shows
TCP sequence prediction to be Difficulty=0 (Trivial joke).
I did RTFM both Cisco and did several Yahoo searches, and did not turn
up anything of value.
55 matches
Mail list logo