Hello All,
I m trying to find a reference guide which has IPSec VPN throughput rates of
Cisco 7600 router. I m not sure to use VPN SPA or not because of that. For
example if you have 50 IPSec Sites with low speed such as 128 Kbps, do we need
to use VPN SPA or just upgrade the IOS of the router
2009/3/4 Asheesh Jadav aja...@gmail.com:
The Line card I have is a WS-X6408A-GBIC. I'm using different ports on the
same line card for my attachment circuit as well as VC. Is VPLS supported on
this hardware?
VPLS is supported only on ES, SPA and OSM line cards
[...]
interface Tunnel1
ip
Hi all!
I have a question.
Is it possible to use ip dhcp pool XY for one host( use mac address) and
ip helper-address for the others (all pc is in the same subnet).
the scenario is here:
onePcWithKnownMAC
probably you could solve it by placing one pool for your local stuff, and doing
some nasty dhcp proxying / agent stuff for your other requirement
-steven
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Hegedus Gabor
Hello,
I have recently taken over a network and have a question about a current QoS
policy and am trying to understand why it would have been configured this way.
An excerpt of the questionable config is as follows:
policy-map apply_1000_qos_for_att_dscp_to_nextlevel
class EF_QOS_PORTS
I have recently moved the routing of a subnet from an old sup2/msfc2
6500 (Version 12.1(26)E8, RELEASE SOFTWARE (fc1)) to a newer sup3/
msfc3 6500 (Version 12.2(18)SXF13, RELEASE SOFTWARE (fc1)). On the old
router the udp-helper command worked fine, but on the new router I can
see the DHCP
Craig,
Basically you are making sure the customer is not abusing the different
classes.
For example any packet that goes beyond the policer in class
EF_QOS_PORTS would be remarked (this is the exceed-action
policed-dscp-transmit violate-action policed-dscp-transmit part) to a
lower value.
To
Arie,
I understand the policed-dscp-transmit part of the policy however it's the
CIR/BC/BE values that I'm questioning as based on the figures the CIR is set to
4Gbps so effectively the policed-dscp-transmit will never kick in and BC/BE are
set to 32Megabytes.
Basically this policy is
Hi all,
I would want to know of my logic makes sense.
Customer side A = SWITCH L2 = ROUTER = L2TPv3 cloud = ROUTER =
SWITCH L2 = Customer side B
So I would configure QinQ on my switch and this would arrive on my router
via dot1q subinterface and with an xconnect to the other router and
My best guess is that your Linux box isn't correcting determining what
term type to use or some other core shell variable along those lines.
SSH in normally and issue echo $TERM to see what it is. Add env to
one your shell's startup file (.bash_login for example if you use bash).
Compare env
Good Morning,
I'll try to explain what I want to do... We are LOCAL NETWORK in this graphic.
The ISP wants to use our fiber link to connect to his wireless customer.
We also want internet access from his Wireless Backhaul1.
ISP also use VLAN on his customer subscriber modules.
How would you
Upgrade the 72xx's to 12.4(20)T latest on Cisco.com to get the
packet capture feature and prove where the packets are getting
lost via a capture:
http://supportwiki.cisco.com/ViewWiki/index.php/Tech_Insights:Utilizing_the_New_Packet_Capture_Feature
We could go in to the long discussion about how
Look at layer 2 tunneling for your switches. You would assign tunnel
vlan ID and ISP would send tagged traffic into tunnel (Q in Q) and
traffic would exit tunnel where ever needed. When you assign a port
as a tunnel port, it becomes a tunnel-input and tunnel-output. You
can have as
Serhat - look for ipsec support on 7600 posting on this list. A similar
question was submitted a several days ago..
On Wed, Mar 4, 2009 at 1:14 AM, Serhat Candan (Probil - İstanbul)
serhat.can...@probil.com.tr wrote:
Hello All,
I m trying to find a reference guide which has IPSec VPN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco 7600 Series Router Session Border
Controller Denial of Service Vulnerability
Document ID: 109483
Advisory ID: cisco-sa-20090304-sbc
http://www.cisco.com/warp/public/707/cisco-sa-20090304
Roy wrote:
I am trying to ssh from a 2811 to linux box. I telnet to the Cisco and
issue
ssh -l root xx.xx.xx.xx
and I get the password prompt. I enter that and then logon goes through
and I get the shell prompt. The problem is that nothing I type seems to
get through to linux.
Is there
Justin Shore wrote:
Brandon Price wrote:
Actually, you can install a C7200-I/O-GE+E and save yourself a PA
slot and the associated bandwidth point hit.
http://www.gossamer-threads.com/lists/cisco/bba/101247
Now that's something that I did not know. Any word on if this is
actually
Hi list,
I would like to set a limit in my 6500/Sup720 3BXL RP card to how many
ACK/RST packets send back to source if this RP get lot of SYN packets
(flood) to random ports. I think to a magic mls rate-limit command :)
The CoPP not a good idea, because if i use it the CPU make a 100% load
I am trying to bridge my 2821 to one ip to give me redundancy.
I am using this config to bridge the two ints and I see gig0/1 up and the bvi
up but I am not able to ping it
The original config gig0/1 had the ip of 10.1.1.6 and I could ping everything
and get to everything
Ios
On Wed Mar 4 13:21 , Leslie Meade sent:
I am trying to bridge my 2821 to one ip to give me redundancy.
I am using this config to bridge the two ints and I see gig0/1 up and the bvi
up but I am not able to ping it
The original config gig0/1 had the ip of 10.1.1.6 and I could ping everything
Yep
ip route 0.0.0.0 0.0.0.0 10.1.1.220
-Original Message-
From: ch...@lavin-llc.com [mailto:ch...@lavin-llc.com]
Sent: Wednesday, March 04, 2009 10:28 AM
To: cisco-nsp@puck.nether.net; Leslie Meade
Subject: Re: [c-nsp] (no subject)
On Wed Mar 4 13:21 , Leslie Meade sent:
I am
A couple of other things to look for.
1) Where are you trying to ping the 10.1.1.6 IP from? I assume something
on Gi0/1?
2) Make sure the devices plugged into Gi0/0 and Gi0/1 are either set up
as trunk ports allowing VLAN100, or access ports in VLAN100. (since
you're giving it a dot1q
On Wed Mar 4 8:00 , Michael Robson sent:
I have recently moved the routing of a subnet from an old sup2/msfc2
6500 (Version 12.1(26)E8, RELEASE SOFTWARE (fc1)) to a newer sup3/
msfc3 6500 (Version 12.2(18)SXF13, RELEASE SOFTWARE (fc1)). On the old
router the udp-helper command worked
I have and it still doesnt show up in a show mpls forw however when
I dug deeper
show ip cef and show ip bgp labels was showing them.
No idea why. It does for eBGP learned routes with a label but not iBGP
learned labels.
Its ipv4 only routes no vpnv4.
Regards
Kevin
On Tue, Mar 3, 2009 at 10:29
Yes there is a route to a.b.c.d and yes we can ping the DHCP server
from everywhere, including the new sup.
On 4 Mar 2009, at 18:54, ch...@lavin-llc.com wrote:
On Wed Mar 4 8:00 , Michael Robson sent:
I have recently moved the routing of a subnet from an old sup2/msfc2
6500 (Version
Extended ping using the source interface of Vlan937 as well works?
Ken Matlock
Network Analyst
Exempla Healthcare
(303) 467-4671
matlo...@exempla.org
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Michael Robson
Sent:
look like L2TP.
Can I know why use it intead of typically vlan?
Thank you
On Wed, Mar 4, 2009 at 10:14 AM, Jeff Fitzwater jf...@princeton.edu wrote:
Look at layer 2 tunneling for your switches. You would assign tunnel vlan
ID and ISP would send tagged traffic into tunnel (Q in Q) and
On Wed, Mar 4, 2009 at 5:47 PM, Charles Regan charles.re...@gmail.com wrote:
There's now way my switch will support L2TP.
How would you setup VLAN in this setup.
ISP needs to pass all his vlan (switchport mode trunk)
I don't want ISP to have access to my network ... (swictchport access
vlan
There's now way my switch will support L2TP.
How would you setup VLAN in this setup.
ISP needs to pass all his vlan (switchport mode trunk)
I don't want ISP to have access to my network ... (swictchport access
vlan 500, on both end ?)
I want Internet acces from this ISP from his BackHaul1.
Apologies if this has been addressed previously, I looked through the last 12
months of c-nsp threads and didn't see this mentioned.
There is some debate going on in my department over a particular implementation
and the 5505's capability to handle multiple netblocks. A quick primer on the
One thing that I have had problems with is sourcing a high number of IPv6
pings (~10K) from the FWSM in routed mode; it makes the FWSM freeze. Don't
do this if you don't have console access. I was running FWSM 4.0.3.
Good luck IPv6ing!
--Samuel
-Original Message-
From:
Hi
I only have l2tp configuration in linux router. Here is below.
Pls note that i don't know Jeff suggestion how L2tp works out in your
network
it looks like his suggestion is same as L2tp so that I post to ask him
I only know this l2tp worked in my setting before when doing in DSL
HTH
!
Thanks guys I have worked it out.
I left this command out...
bridge 100 route ip
Thanks for your help
From: Rich Davies [mailto:rich.dav...@gmail.com]
Sent: Wednesday, March 04, 2009 2:08 PM
To: Leslie Meade
Subject: Re: [c-nsp] (no subject)
Leslie,
A handy command I used to use
We have two Cisco 3560E switches that during the day when the network
traffic load is high run at about 40% CPU utilization. This is much
higher than on our other 3650E switches that sit at about 10% CPU
utilization even when the network traffic load is high.
What I have noticed is that when
Hello Jonathan:
You can have multiple subnets defined on the statics from the outside with no
problem, routed as you described. Such as:
static (inside,outside) 5.1.1.1 192.168.0.1
static (inside,outside) 6.2.2.2 192.168.0.2
If you have multiple inside subnets they would have to be on their
Have you found a solution to this problem? I have the exact same problem except
that our 6500 router has a Sup2 with a MSCFC2 and we are running 12.2(18)
SFX11, I can see the Bridge captured data but nothing is being exported to the
Netflow server, only the routed information.
I'm considering
We have a couple of areas with a need to aggregate some legacy 100FX/MM
fiber runs. There are three different housing clusters that are
currently all 100FX uplinks, and 100FX back to campus. In two areas we
have small IDFs with 100FX back to a common plant back to campus over
100FX, one of
I'm trying to get multiple OSPF instances to work in separate VRFs with
all OSPF instances using the same router-id. We're offering a VPN
tunnel service to access offsite bit-for-bit data copy services in our
Data Center. The tunnel of choice is a GRE tunnel with IPSec
protection. The GRE
This afternoon I stumbled across a problem with a LDP session between a
7613 and a 7201. Actually both LDP and iBGP were flapping every 10
seconds or so. I had both interfaces configured for MPLS, LDP, IS-IS
(with AUTH and BFD though BFD isn't enabled on the interface itself yet)
with an
39 matches
Mail list logo
