Wilkinson, Alex wrote:
4. What are the best practice commands to watch memory usage ?
Set up some kind of NMS, at least something like cricket or the likes,
and plot memory usage over time ... from our experience, memory use
should stay relatively constant unless there are config
Hi,
FYI:
I forget. There are commands to change the main/IO split but I forget
exactly
which NPEs have static RAM for packet processing and when it matters.
Its been a while since I had to care. :)
The NPE-200 doesn't permit me to use memory-size iomem (or at least it
didn't when I wanted
Does the addition of the global command 'mls mpls tunnel-recir' make any
difference? I've seen some weirdness before with GRE tunnels and MPLS
without this command.
And my problems magically go away. As soon as I enabled the command, I was able
to see the rest of the VRF
Thanks Matthew!
Hi all,
Does asa 5520 support MPLS in routing mode?
Thanks,
Eimantas
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi Eimantas,
On Wed, 2008-06-25 at 14:11 +0300, Eimantas wrote:
Does asa 5520 support MPLS in routing mode?
No, the ASA does not support MPLS. It does support multiple context
mode, which combined with VRF Lite can give a seperation between
different levels of your network.
Regards,
Peter
Hi,
I have situation:
mpls edge router - asa 5520 (routing mode) - mpls network -
mpls edge router
if i understand correct, this situation will not work?
On Wed, 2008-06-25 at 14:27 +0200, Peter Rathlev wrote:
Hi Eimantas,
On Wed, 2008-06-25 at 14:11 +0300, Eimantas wrote:
If I have got a 'real' IP address range provided to me by provider A and I
want to close their link and either move it to provider B or get my own AS
to advertise it myself, can I do this?
As I understand it, it will be part of a greater block that has to remain
with provider A and they do not
It's because the MPLS and GRE are done by the sup and it needs
two passes to do the VRF lookup pre and post encapsulation from
what I remember.
Rodney
On Wed, Jun 25, 2008 at 08:14:33AM +0100, Timothy Arnold wrote:
Does the addition of the global command 'mls mpls tunnel-recir' make any
On Wed, Jun 25, 2008 at 10:44:14AM +0800, Wilkinson, Alex wrote:
Hi all,
We have a:
Cisco 7204VXR (NPE200) processor (revision B) with 114688K/16384K bytes of
memory.
We are loosing our EIGRP neighbour adjaceny due to exhausting our memory usage
(i think): e.g.
EIGRP:
On Wed, 25 Jun 2008, Gary Roberton wrote:
If I have got a 'real' IP address range provided to me by provider A and I
want to close their link and either move it to provider B or get my own AS
to advertise it myself, can I do this?
If provider A has control of the parent block, then you will
Hello,
We are running one OSPF process with several areas. The service provider
is going to install one router on my network to provide an IPT service.
We want this new router to only learn a group of networks where IP
phones inside our network are located. We don't want them to learn any
other
On Wed, 2008-06-25 at 16:02 +0300, Eimantas wrote:
I have situation:
mpls edge router - asa 5520 (routing mode) - mpls network -
mpls edge router
if i understand correct, this situation will not work?
Well, the routers connected to the ASA would be MPLS PEs, doing tag
Hi Zahid,
you can not match EXP bits within a WRR queue. The EXP value is copied
to the internal DSCP and if the internal DSCP to EXP and the internal
DSCP to CoS maps are consistent then you can match according CoS
within a WRR queue.
Regards,
David
On 6/18/08, Zahid Hassan [EMAIL PROTECTED]
My SHX2a boxes are showing a shift from small to large initial index
numbers (ciscoEnvMonTemperatureStatusIndex) in CISCO-ENVMON-MIB in the
ciscoEnvMonTemperatureStatusTable, release notes mention nothing about
this, bugtool turns up a blank, has anybody else seen this? is it
intentional?
SXF box
$quoted_author = Gary Roberton ;
If I have got a 'real' IP address range provided to me by provider A and I
want to close their link and either move it to provider B or get my own AS
to advertise it myself, can I do this?
No. The IP addresses are allocated to provider A and you can't
Hi Gary,
Gary Roberton wrote:
If I have got a 'real' IP address range provided to me by provider A and I
want to close their link and either move it to provider B or get my own AS
to advertise it myself, can I do this?
you talking about PA space vs. PI space here:
Drew Weaver wrote:
Hi there, there appear to be a few different ways (I'd almost say
many) to announce/filter BGP prefix announcements between neighbors
these days (I'm speaking specifically about Internet edge neighbors
here i.e. company to internet transit provider), I am trying to see
if
Well not sure if this is what you are asking, but the Team Cymru guides
are very useful
http://www.cymru.com/Documents/secure-bgp-template.html
Ian
Drew Weaver wrote:
Hi there, there appear to be a few different ways (I'd almost say
many) to announce/filter BGP prefix
Drew Weaver wrote:
Hi there, there appear to be a few different ways (I'd almost say
many) to announce/filter BGP prefix announcements between neighbors these
days (I'm speaking specifically about Internet edge neighbors here i.e. company to
internet transit provider), I am
In configuring L2TPv3, I'm getting:
Jun 25 10:07:20.077: uid:43 Tnl/Sn 32862/8086 L2TP: Session state change from
wait-connect to wait-for-service-selection-icrq
Jun 25 10:07:20.077: uid:43 Tnl/Sn 32862/8086 L2TP: Started service selection,
peer IP address 192.168.7.1, VCID 77
Jun 25
Hello,
There is a dual connection with the ISP. I don't like the static routing
approach because it requires manual configuration of some devices we don't
control and we don't want to relay on the ISP configuration.
The networks I want to redistribute are now Inter-Area inside the process we
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service and Authentication Bypass
Vulnerabilities
Advisory ID: cisco-sa-20080625-cucm
Revision 1.0
For Public Release 2008
David Freedman wrote:
My SHX2a boxes are showing a shift from small to large initial index
numbers (ciscoEnvMonTemperatureStatusIndex) in CISCO-ENVMON-MIB in the
ciscoEnvMonTemperatureStatusTable, release notes mention nothing about
this, bugtool turns up a blank, has anybody else seen this? is
Matt Nguyen wrote:
Is anyone out there using OAL? It seems very easy to implement but
I’d appreciate any feedback about your experience implementing this.
Yes. It works fine, however it has some caveats notably:
1. If you want to deny log and have OAL work, you need to tell the
box to
Hi Ruben,
What is the topology of the the border between you and the ISP? If
there is a single connection between the ISP and (only) one of your
routers there is no requirement for a dynamic protocol, just use static
routes. No point waiting for routing protocol convergence if you don't
As far as I'm aware these indices are not in the ENTITY-MIB , I've
confirmed this by walking it on both SXF and SXH boxes.
I know you can't rely on index persistance in all cases and to do so for
such indices would be silly, but I'm sure the algorithm for generating
these must have changed here.
David Freedman wrote:
As far as I'm aware these indices are not in the ENTITY-MIB , I've
confirmed this by walking it on both SXF and SXH boxes.
Sorry, I'm thinking of the ENTITY-SENSOR mib.
I know you can't rely on index persistance in all cases and to do so for
such indices would be
PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service and Authentication Bypass
Vulnerabilities
Advisory ID: cisco-sa-20080625-cucm
Revision 1.0
Apologies i meant to send this to the cisco-voip list
On Wed, Jun 25, 2008 at 2:18 PM, Ed Leatherman [EMAIL PROTECTED]
wrote:
Hi folks
Was planning to apply a SR to call manager 5.1.3 this weekend anyway so may
as well patch this too... but I can't find a 5.1.3c version on cco. Latest
is
Hi,
I am troubleshooting an ATM multilink issue.
The first (3) ATM lines I add to the bundle work great. I add a fourth line,
and performance degrades horribly.
I'm working with a 3640, 128MB RAM, 12.3(26), with the following cards:
- NM-0FE2W: (2) PA-1C-P
- NM-2FE2W: (2) PA-1C-P
(there's
I'm probably missing something really obvious here, but I'm trying to do a
monitor session on a LACP port channel. sh etherchannel 16 port-channel
says the following:
houcore5#sh etherchannel 16 port-channel
Port-channels in the group:
--
First off, I apologize for being so chatty lately it just seems there
has been an abundance of networking issues cropping about.
Secondly, I had the strangest issue earlier today and I am wondering if
anyone else has ever had this happen. Box is a 6513 with 2x Sup-720 (regular
Morning All
Quick Question, within the standard ASA 5520 box, what is the best way to
fire off a notification that the box is being port scanned by a specific ip.
Would you require third party application for this or is ASDM / the ASA
itself capable of such notifications. Are we able to make use
Hi All,
We provide dialup services using Cisco AS5400 and AS5300 (in few
remote and low-use places). The ASes initiate L2TP tunnels to our
7301s, that in turn terminate the sessions.
Everything was fine until we upgraded the 7301 to a newer software
version (from 12.3.18 to 12.4.10). After that
Hi,
We are working with a new ISP for service. This one is via metro
ethernet. They require two BGP sessions. One goes between the ends of
the ethernet. The other BGP session is between a loopback interface on
our router and a loopback interface on one of the ISP's other routers.
The
Hey all,
I am trying to get a new range of IP addresses on a asa/pix to work for
vpn clients.
Doesnt seem to work.
Can anyone share any tips?
Thanks,
Joe
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
...or with 8.0, you could use threat-detection
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/prote
ct.html#wp1072953
I was researching equivalent commands on Cisco for set zone screen
port-scan :)
On the router i think you have to use IOS IPS.
-Luan
-Original
Hello,
This may have been asked before if so I apologize but just want some clearer
insight. What is the best way to setup a burstable ethernet connection so
that the user can sustain 1Mbit to the Internet and burst if need to 10Mbit
only? Wouldn't you need an end-to-end QoS design for this?
Just wanted to alert people to a possible minor info leak in regards
to Cisco CDP.
We had 'cdp off' on POS11/0/0 which is an STM-16 link. Now change the
encap from ppp to hdlc. Automagically, without notifying anyone, IOS
changes CDP to be on. Not a good thing when trying to maintain a secure
Apologies for being unclear. I am referring to the IKE/ipsec endpoint.
Suppose the clients have configured a profile that connects to
vpn.example.com
Which has a ttl of 24hrs.
So if I want to be nice, I ensure that the new and old address work at
the same time and then I update the DNS
40 matches
Mail list logo