Rodney Dunn wrote:
'sh redund history' might give a clue why it's never coming up
and staying there.
memory mismatch
image mismatch
HA configuration issue
are the 3 most common I've seen.
But fyi, you really need to get off that 12.2S code.
Long story...
12.0(32)S latest or 12.4(19a) are
Hi,
I'm making a VPN Site to Site tunnel in a lab test between a Cisco 1840 router
and ASA5510, each one connected behind a satellite link, because of the high
latency in such setup (1300ms RTT) we're trying to implement acceleration and
the appliance we're trying to implement needs the VPN to
Does anyone know what the IOS support or roadmap is like for the newer
L3VPN multicast i.e. draft-ietf-l3vpn-2547bis-mcast and the MVPN BGP
address family?
This is as opposed to the older draft-rosen / MDT SAFI.
I'm particularly interested in 12.2SX/6500/sup720
Hello,
I need to enable NetFlow support in our customer's core 6500 sup720.
I'd like to know if enabling the command mls flow ip interface-full
and ip flow-ingress in every L3 VLAN can cause any disruption in the
traffic.
Is there any additional internal table that is enabled when you
configure
Ziv,
I have a setup very similar to what you describe, a transport mode
tunnel between two 3725s connected via satellite. We have accelerators
in place but I'm not familiar with them. It's a fairly standard setup;
what do you need to know?
stretch
http://packetlife.net
Ziv Leyes wrote:
Balance them? with a 2960G switch?
Right now I don't have any clue how to do it.
Any idea?
El mié, 18-06-2008 a las 00:58 +1000, Whisper escribió:
Why don't you want to load balance them?
Also, the problem with passive/cold-backup solutions is, you never
know until you flip the switch
In transport mode the original header is used, a new header isn't installed.
This works very well when using GRE tunnels, since both the GRE and IPsec
are initiated by the same device. You won't be able to do transport mode on
the ASA, at least I don't think so. You will need routers at each end.
Hi Zahid,
I have tested the following with policy maps. The classification of
the packet is performed at the ingress, so if the packet enters router
as IP packet (Input Edge) then you must on egress interface match
according DSCP value, if the packet enters router as labeled packet
(LSRs in the
On Tue, 17 Jun 2008, Richard A Steenbergen wrote:
On Tue, Jun 17, 2008 at 11:27:23PM +0200, Peter Rathlev wrote:
Changing switching mode power cycles the modules by the way. I guess
that's a gotcha. :-)
I'm pretty sure thats not true. You may be thinking of PFC/DFC modes,
where inserting a
I believe that is correct. When a switching mode changes automatically
due to cards with different capabilities being inserted, then there is
no chassis or card resets. However, when you force bus mode the
effected cards are reset.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network
The whole router reloads, or just one of the RSPs? Have you tried it
with just a single RSP? Maybe one is dying?
FYI, I have experienced great stability with
rsp-ik91sv-mz.122-25.S12.bin - Some routers have been running it for
almost 18 months. I'm not saying it's perfect, but I would suspect
hey all , i have Cisco MGX 8850
and i have backup configuration file that i want to apply
how can i do that ??
thanks in advance
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
We need to find a way to encrypt the data BEFORE the acceleration and from what
I've read, is not possible to accelerate TCP when the data is inside an
encrypted tunnel, so the possible way to be able to spoof the TCP is in
transport mode instead of tunnel mode of the IPSec.
But that's only
Hi,
We have a L3VPN with quite a few routes (in ranges of 40k+). So far
all PEs that had to carry that were 6500, but soon we'll be adding a
few smaller ones (28xx) for remote sites. They don't need to know the
'optimal' path to the destination, it's enough if the CEs hanging of
them can talk to
This is an old one for configuring transport mode:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp
le09186a008009438e.shtml
Newer configs would use tunnel protection instead of a crypto map.
--
http://dcp.dcptech.com
-Original Message-
From: [EMAIL
There was discussion about bogon filters and the 0.0.0.0/24 not being
advertised unless the default-information originate command was entered in
BGP. I'm wondering if this is the same issue. If so open a case and have a
bugid filed, unless of course there already is one.
David
--
That doesn't make sense. Encrypt the traffic before acceleration from
what perspective? From looking at it from the WAN in between the two
sites? That I can see, but that's not usually how VPN's and encryption
are described, and can confuse a lot of people. If described in the
normal way, from
Dear Mohamed,
The command restoreallcnf can be used if you saved the configs with the
saveallcnf command.
More at:
http://www.cisco.com/en/US/docs/switches/wan/mgx/mgx_8850/software/mgx_r
2.1/configuration/guide/ops.html
Regards,
Ahmed Maged
-Original Message-
From:
Hello!
While doing VRF-Lite on 7600-RSP720 with 12.2SRC I try to
save FIB entries as much as I can. As I don't need mpls in any way,
I just drop to the minimum number of mpls routes in mls cef:
lab1(config)#mls cef maximum-routes mpls 1
..and reload the router. After roting protocols come up I
hello,
I need license key for this application please: Brightstor ARCserve 11.5 sp2
thank you
Ibrahim Alsharif
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
Hi,
Thinking of firing up LACP between a Cisco 3560G and a Netgear (yes a Netgear
-- ugh) gigabit switch (GSM7224).
Should LACP just work? Or is this the kind of thing where if any kind of
reliability is desired, I need to pop in another Cisco on the other end ...
Thanks,
Adam
I know one person :-)
I resolved the issue reinstalling the application. Something was going wrong
with Java.
Thanks anyway,
Leonardo Gama.
De: Ziv Leyes [mailto:[EMAIL PROTECTED]
Enviada: ter 17/6/2008 05:11
Para: Leonardo Gama Souza;
Zenon,
Sorry for the delay, as I was a bit overloaded.
Looking at the following link, I see that SDP/SAP is assigned the range of
224.2.0.0/16:
http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00802d4643.shtml#wp1005088
So you can use the configuration example below to rate
Some good info on the operation of accelerators often found attached to
satellite links:
http://www.scps.org/scps/html/tcp_peps.html
To summarize, TCP ACKs are generated/dropped locally at either end
rather than being forwarded across the satellite link. Of course, this
doesn't work on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo
Frame Denial of Service
Advisory ID: cisco-sa-20080618-ips
Revision 1.0
For Public Release 2008 June 18 1600 UTC (GMT
Has anyone run into any problems with the BGP TTL security check? I've
tried to configure it a couple of times on our eBGP peers with no luck.
The BGP session is eventually dropped after the hold time expires. It
should be extremely easy to configure but for some reason it always fails.
Justin Shore wrote on Wednesday, June 18, 2008 6:47 PM:
Has anyone run into any problems with the BGP TTL security check?
I've tried to configure it a couple of times on our eBGP peers with
no luck. The BGP session is eventually dropped after the hold time
expires. It should be extremely
Hi,
No problem with any delay, I'm glad you answered.
The configuration you suggest is fine but the question is (and has
been all along) whether this will police individual traffic flows or
the aggregate traffic matched by the acl? I don't know for sure, but I
believe it is more likely to
Hi,
On Wed, Jun 18, 2008 at 11:47:14AM -0500, Justin Shore wrote:
neighbor a.b.c.d ttl-security hops 1
You need to enable it on both sides. Did you?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
Well, AFAIK default-information originate is needed to advertise
defaults also in VRFs. But if PE1 and PE2 are the same HW/SW that
shouldn't be the case here, i.e. 0.0.0.0/1 doesn't seem to be considered
a default.
If I understand it correctly, for a label to be assigned by the router
the prefix
Many thanks David, this is makes perfect sense now.
I don't have any P routers in my core only PEs.
This is my scenario:
CE1-PE1-PE2CE2
So as per your explanation, on PE1 and PE2 I will have to match
on both DSCP and EXP bits as the PEs will see both IP and labelled
packets at the
Hi,
I have over a dozen of EoMPLS tunnels running in production over years on
7609s
with OSM-4GE-WAN-GBIC linecards running 12.1(22)E1 without any problems.
Regards,
Zahid
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 16
I have over a dozen of EoMPLS tunnels running in production over years on
7609s
with OSM-4GE-WAN-GBIC linecards running 12.1(22)E1 without any problems.
I'm glad it's working for you. However, it sounds like the original
poster only has Sup2/MSFC2 and no OSMs. In this situation, I would
claim
If you don't need support for larger routing tables, the Sup32 works
well for EoMPLS/VPN applications as well.
Phil
On Jun 18, 2008, at 3:20 PM, [EMAIL PROTECTED] wrote:
I have over a dozen of EoMPLS tunnels running in production over
years on
7609s
with OSM-4GE-WAN-GBIC linecards
On Wed, Jun 18, 2008 at 11:47:14AM -0500, Justin Shore wrote:
Has anyone run into any problems with the BGP TTL security check? I've
tried to configure it a couple of times on our eBGP peers with no luck.
The BGP session is eventually dropped after the hold time expires. It
should be
Oliver Boehmer (oboehmer) wrote:
Just to be sure: your neighbor also enabled this on their end? It needs
to be enabled on both ends to work..
Gents,
That's the problem. I completely overlooked that part in the
prerequisites section of the docs. My bad.
However, that said, I thought the
Hi Ruben,
On Wed, 2008-06-18 at 12:27 +0200, Ruben Montes (Europe) wrote:
I need to enable NetFlow support in our customer's core 6500 sup720.
I'd like to know if enabling the command mls flow ip interface-full
and ip flow-ingress in every L3 VLAN can cause any disruption in the
traffic.
Justin Shore mailto:[EMAIL PROTECTED] wrote on Wednesday, June
18, 2008 9:31 PM:
Oliver Boehmer (oboehmer) wrote:
Just to be sure: your neighbor also enabled this on their end? It
needs to be enabled on both ends to work..
Gents,
That's the problem. I completely overlooked that part
Hi Guys,
I used a 4HWIC as my other physical link for config. IP address cannot be
configured directly on the eth0 slots so I used
the layer 2 config and used the VLAN. config goes
!
interface FastEthernet0/3/0
description *** BGP L2 config - Via VLAN 1 ***
interface Vlan1
description *** BGP
On Jun 18, 2008, at 11:50 AM, Adam Greene wrote:
Hi,
Thinking of firing up LACP between a Cisco 3560G and a Netgear (yes
a Netgear -- ugh) gigabit switch (GSM7224).
Should LACP just work? Or is this the kind of thing where if any
kind of reliability is desired, I need to pop in another
Hi,
Thinking of firing up LACP between a Cisco 3560G and a Netgear (yes
a Netgear -- ugh) gigabit switch (GSM7224).
Don't be hating on the Netgear! Our entire switching core (L2 and L3) is
based on Netgear GSM series equipment. Don't underestimate their enterprise
hardware. Lifetime
David Coulson wrote:
The whole router reloads, or just one of the RSPs? Have you tried it
with just a single RSP? Maybe one is dying?
Router reloads :(
FYI, I have experienced great stability with
rsp-ik91sv-mz.122-25.S12.bin - Some routers have been running it for
almost 18 months. I'm
Hi
2008/6/19 Peter Rathlev [EMAIL PROTECTED]:
Well, AFAIK default-information originate is needed to advertise
defaults also in VRFs. But if PE1 and PE2 are the same HW/SW that
shouldn't be the case here, i.e. 0.0.0.0/1 doesn't seem to be considered
a default.
If I understand it correctly,
43 matches
Mail list logo