Pshem Kowalczyk wrote:
I think that you're missing one other possibility (which may or may not
suit you) - putting all of your routing into vrfs and doing the normal
leaking between the vrfs. This way you can retain the level of granularity
you want (any particular interface might be either in
Hi,
I have a client who has moved their Microsoft Exchange servers to a service
provider location (as part of a de-perimeterization strategy). These servers
are reachable via the Internet. Thus, the client IP are NATted before they
cross the corporate boundary.
There are about 45000 users.
Hi John,
That is indeed a good idea. But there are 2 routers doing this NAT and
the load towards them is being load-balanced by the choke router before
them. I will then have to configure NAT in such a way that each IP from
the NAT pool can only be used for about 32000 sessions (as I cannot
Hi,
Can someone shed some light on the following limitation of EoMPLS?
Layer 2 connection restrictions:
- You cannot have a direct Layer 2 connection between provider-edge routers
with EoMPLS
Why is this?
I have a MAN running MPLS where my PE are directly connected. I need to do
extend my
Hello,
you could split the usage of nat pools based on statistics of the source
IP addresses eg use 1 ip/overloaded nat pool for even source IPs and
another IP for the odd source IPs
Best Regards,
John
On Wed, 25 Feb 2009, nasir.sha...@bt.com wrote:
Hi,
I have a client who has moved
I've been playing around with this command and the short answer with an
example is:
|CPE VRF|(11.0.0.2) Se1|PE ROUTER|POS2(10.0.0.2) [Internet]
1.1.1.1
PE ROUTER
-
! whatever you need for VRF, mBGP, etc.
! to propagate your networks
! you may need to add the following:
router
I need help finding a unlock code for the PIX-515e to get I to a 3des
encryption. Does the unit have to be under TAC to get this?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
You should be able to get one for free.
https://tools.cisco.com/SWIFT/Licensing/jsp/formGenerator/Pix3DesMsgDisplay.jsp
- Ed
On Wed, Feb 25, 2009 at 8:29 AM, Alex Moya alexm...@bellsouth.net wrote:
I need help finding a unlock code for the PIX-515e to get I to a 3des
encryption. Does the unit
You get the license from the Cisco website in the security section,
you will need the serial number but the upgrade is free. They email it
to you
Sent from my iPhone
On 25 Feb 2009, at 13:29, Alex Moya alexm...@bellsouth.net wrote:
I need help finding a unlock code for the PIX-515e to get
Hi
I am connecting to the router with telnet
sh sessions can't get any information
router#sh sessions
% No connections open
Why?
but I can get sh tcp vty 0
How can I know how many existing connections in the router?
and
How can I kill ideal connection?
Thank you
The following commands may help you:
who
sh user
sh line
you'll see something like this:
Line User Host(s) Idle Location
* 2 vty 0 xxxidle 00:00:00 xxx.xxx.xxx.xxx
You can make clear line 2 to disconnect the session
Hope this helps
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing
Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20090225-mtgplace
Revision 1.0
For Public Release 2009 February 25 1600 UTC (GMT
On Tuesday 24 February 2009 16:57:38 Gert Doering wrote:
easily, no - the router performance PDF lists 46-71 Mbit/s for the
VIP2-50 (for minimum sized packets), and GEIP is a VIP2-50.
This is *old* hardware.
Indeed. We have a 7507 running a 12.4 IOS in production, and have both a GEIP
and a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE
Application Control Engine Module and Cisco ACE 4710 Application
Control Engine
Document ID: 109450
Advisory ID: cisco-sa-20090225-ace
http://www.cisco.com/warp/public/707/cisco-sa
router#sh users
or
router#who
Jay Murphy
IP Network Specialist
NM Department of Health
ITSD - IP Network Operations
Santa Fe, New Mexico 87502
Bus. Ph.: 505.827.2851
We move the information that moves your world.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Hi all.
Is there anyone else still seeing this bug even with
12.2(33)SRC3, where Cisco say they have it fixed?
We recently saw an NPE-G1 reboot because of this. We've
since re-engaged the workaround (disabling BFD) until we
hear more from TAC.
This bug is very annoying...
Cheers,
Mark.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco ACE Application Control Engine Device
Manager and Application Networking Manager Vulnerabilities
Advisory ID: cisco-sa-20090225-anm
http://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml
Revision 1.0
Hi all.
Is there anyone else still seeing this bug even with
12.2(33)SRC3, where Cisco say they have it fixed?
We recently saw an NPE-G1 reboot because of this. We've
since re-engaged the workaround (disabling BFD) until we
hear more from TAC.
This bug is very annoying...
Cheers,
On Thursday 26 February 2009 01:25:34 am Dan Peachey wrote:
Do you have the bug ID for this?
CSCek75694 and CSCsq32269
I am currently
evaluating SRC2 and would be interested in reading up on
it.
I'd recommend staying away from SRC2 - it's riddled with a
number of discovered bugs. I'd
Hi guys
I copied a file to slavedisk0: on a 6513-sup II board. when I try to use
verify slaveslot0:filename I get this error output
%Error verifying slaveslot0:c6sup22-jk2sv-mz.121-22.E2.bin (Bad file number)
the disk was formatted in this switch and the file copied without problems.
The
On the original subject of Trains Difference, here's an obscure one for you.
I'm running four routers on an OC3 WAN link, and am running 1+1 APS at both
ends. One end has a 12012 and a 7507; the other end has a 7507 and a 7401ASR.
The 7401ASR and the 7507 on the far end are running 12.4
Does the Sup have Rommon 7.1(1) on it? Otherwise, it won't understand the 64MB
ATA card. I believe that's the only one that shows up as disk0:. The smaller
ones aren't ATA, so they're linear and show up as slot0:. Did you try verify
slavedisk0:filename?
Chuck
-Original Message-
ok. Thanks.But the next hop is still not right. It shows this below in red
when my advertised next hop is 1.1.1.1. I checked that by capturing BGP
Update message.
Does anyone know why would next hop be displayed as 0.0.0.0.
Thanks,
Marlon
7609s#show bgp vpnv4 unicast vrf ipvpn_1 191.1.0.0/24
On Wed, 2009-02-25 at 10:45 -0800, Marlon Duksa wrote:
ok. Thanks.But the next hop is still not right. It shows this below in red
In red? On my monochrome display? ;-)
when my advertised next hop is 1.1.1.1. I checked that by capturing BGP
Update message.
Does anyone know why would next hop
Maybe the trick is the software supports it, but you can't actually boot
off it until it's 7.1(1). Is this really a 64MB ATA card? The Cisco
P/N is MEM-C6K-ATA-1-64M=. That IOS you're running (or trying to run)
is pretty old (assuming it's that c6sup22-jk2sv-mz.121-22.E2.bin shown
below).
What are the resource limitations on policy routing on SUP720s/MSFC3? Are the
flows ultimately process switched every time or will it draw from the
route-cache?
We were toying with a very simple route-map that called for both a next-hop and
a recursive next-hop route. A moderate
Anyone have any idea of the performance impact (both latency and CPU wise)
if we were to move from turbo/compiled ACLs to non-compiled?
The outside ACL has about 1 entries in it currently, and takes about 3-4
minutes to compile. We¹re suffering from packet loss and performance
problems as
Chuck,
Yes ,it's a 64 MB ATA card. It could be the case that the problem arises at
boot time . I'll follow your advice and do the upgrade and retry,
thanks again
Alejandro
--- On Wed, 2/25/09, Church, Charles cchur...@harris.com wrote:
From: Church, Charles cchur...@harris.com
Subject:
Hi Nasir,
On Wed, 2009-02-25 at 12:01 +, nasir.sha...@bt.com wrote:
Can someone shed some light on the following limitation of EoMPLS?
Layer 2 connection restrictions:
- You cannot have a direct Layer 2 connection between provider-edge
routers with EoMPLS
Why is this?
The only place I
Any thoughts on RSA Envision vs. Symantec SSIM?
Thanks,
Dean Perrine
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
ok. Thanks. Well, I just miss the way Juniper shows things, the level of
details. Juniper would display the next hop that it is carried in the BGP
Update message.Marlon
On Wed, Feb 25, 2009 at 11:25 AM, Peter Rathlev pe...@rathlev.dk wrote:
On Wed, 2009-02-25 at 10:45 -0800, Marlon Duksa wrote:
All SIM products suck unless you have full time dedicated staff assigned
to them, IMHO. We use EIQ's SecureVUE and it promised everything, but
left out that you need another employee full time just to manage it.
Dean Perrine wrote:
Any thoughts on RSA Envision vs. Symantec SSIM?
Thanks,
Hi,
I have a problem with a SUP720 in a CAT6509 Chassis.
SUP720 is rebooting and the console output is repeating a waiting
message and is not starting.
I'm unable to break to rommon.
This SUP720 has a blank config, but we saw the same failure on a 2nd
SUP720 which is fully configured.
After
Hi
I see there is setting in switch
why disable?
no ip directed-broadcast
no ip route-cache
What is good for this configuration?
Thank you
__
Instant Messaging, free SMS, sharing photos and more... Try the new Yahoo!
ann kok wrote:
Hi
I see there is setting in switch
why disable?
no ip directed-broadcast
Because this allows the switch to broadcast packets to a specific VLAN
(more specifically, to an IP subnet) from hosts outside of the VLAN.
Enabling this provides a nice vector for a specific
Jay Hennigan wrote:
ann kok wrote:
no ip route-cache
This is generally NOT a good thing, other than for debugging during
low-traffic scenarios. It forces traffic to be process-switched and
will cause high (or very high) router CPU utilization.
...I had a misunderstanding about this
On 25/02/2009, at 10:01 PM, nasir.sha...@bt.com
nasir.sha...@bt.com wrote:
Hi,
Can someone shed some light on the following limitation of EoMPLS?
Layer 2 connection restrictions:
- You cannot have a direct Layer 2 connection between provider-edge
routers with EoMPLS
Why is this?
I have a
No ip-route cache with no keywords afterwards refers to the fast-switch
handling of packets. CEF is usually enabled globally on the device (and
thus is enabled for each interface), so this forces the interface to use CEF
and ensures fast-switching is not enabled on the port.
More info:
Max Palatnik wrote:
No ip-route cache with no keywords afterwards refers to the fast-switch
handling of packets. CEF is usually enabled globally on the device (and
thus is enabled for each interface), so this forces the interface to use CEF
and ensures fast-switching is not enabled on the
Hi,
I've setup a router to act as a vpn server according to the article
http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_
example09186a0080819289.shtml. What i'll like to know is the maximum number
of simultaneous user connections that can be supported.
Thanks
Peter
--- On Tue, 24/2/09, Joe Maimon jmai...@ttec.com wrote:
From: Joe Maimon jmai...@ttec.com
Subject: Re: [c-nsp] VRF and STATIC ROUTE to GLOBAL
To: Luan Nguyen l...@netcraftsmen.net
Cc: cisco-nsp@puck.nether.net
Date: Tuesday, 24 February, 2009, 11:45 PM
There are apparently three
On Wed, Feb 25, 2009 at 8:26 PM, Peter Chuba ptch...@live.com wrote:
I've setup a router to act as a vpn server according to the article
http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_
example09186a0080819289.shtml. What i'll like to know is the maximum number
of
Hi,
On Wed, Feb 25, 2009 at 07:10:51PM -0600, Max Palatnik wrote:
No ip-route cache with no keywords afterwards refers to the fast-switch
handling of packets. CEF is usually enabled globally on the device (and
thus is enabled for each interface), so this forces the interface to use CEF
and
Hi,
On Wed, Feb 25, 2009 at 08:46:28AM -0800, Alex Wa wrote:
I also would like to know the difference between disk0: and slot0:, i don't
fully understand it, if any.
disk0: - ATA disk, modern
slot0: - linear flash card, no ATA stuff, you don't wanna know
Just use slavedisk0.
gert
--
USENET
Peter Chuba wrote:
Hi,
I've setup a router to act as a vpn server according to the article
http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_
example09186a0080819289.shtml. What i'll like to know is the maximum number
of simultaneous user connections that can be
Hi,
On Wed, Feb 25, 2009 at 11:15:25AM -0500, Lamar Owen wrote:
I will say this: the 7401 that is paired with the 7507 is somewhat faster;
the
7507 is running RSP8's. I don't, unfortunately, have any metrics on just how
much faster the 7401 is, sorry.
With an RSP8 and only two active
Gert Doering wrote:
Hi,
On Wed, Feb 25, 2009 at 07:10:51PM -0600, Max Palatnik wrote:
No ip-route cache with no keywords afterwards refers to the fast-switch
handling of packets. CEF is usually enabled globally on the device (and
thus is enabled for each interface), so this forces the
Hi,
On Thu, Feb 26, 2009 at 02:45:01AM -0500, Steve Bertrand wrote:
For my own understanding, is it fair to assume:
- no ip route-cache forces punting to the RP for proc-switch
- lack of no ip route-cache and without ip cef enabled (at all)
implies 'proc-switch once, then fast-switch'
-
48 matches
Mail list logo