ip access-list extended IP-Pool-Allowed
permit ip any 192.168.0.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended IP-All
permit ip any any
Class-map match-all IP-Pool-Allowed
match access-group name IP-Pool-Allowed
Class-map match-all IP-All
match access-group name IP-All
On Wed, 25 Mar 2009, Pshem Kowalczyk wrote:
Hi,
We're considering getting some ASR (1004 and 1006) as peering routers.
I would like to know what sort of experience you had with them.
What are the advantages of running the 'modular' IOS XE? We tried the
'modular' software on 6500 and we ran
On Wed, 25 Mar 2009, Julio Arruda wrote:
- The device has more horse-power and potential capabilities than 7200 with
any NPE. It survived several DoS attacks, while 7200 died.
Interesting, the Control-plane in the IOS-XE, from what I understand, is not
the legacy piece IOS, correct ? Is
Rick Coloccia wrote:
oh, thank you, I see how direct and precise this is, and if I wanted
to drop the person in several vlans, I assume I could do
mac-address-table static 0016.6f99.9e61 vlan 3030 drop
mac-address-table static 0016.6f99.9e61 vlan 3010 drop
mac-address-table static
Greetings All,
I was wondering if anyone had any examples of how to impose QoS on a
Site that would be doing IPSec VPN tunnels to another site via a
standard DSL feed.
I'm curious to see if best-practice is to place the policy-shaping on
the interface tunnel and/or the Internet interface.
I also aggree with Stig,
If you want to use ISP-2 as a backup of ISP-1 and because of local-pref or
similar config of ISP-2 you see inbound traffic; you can announce more
specific routes towards ISP-1 to break local-pref.
You have a /16. just advertise two /17s and a /16(just for backup) to ISP-1
On Wed, 2009-03-25 at 13:17 +1100, Andy Saykao wrote:
POP1 = Cisco 7204VXR (NPE-G1) GigE Interface running 12.2(31)SB13
POP2 = Cisco 7606 with 4-subslot SPA Interface (7600-SIP-400) running
12.2(33)SRB3
1/ If you have a 200mbps connection going out from GigabitEthernet-link
your
I am looking to gather information on what metrics NOCs collect for a tier 2
, tier 3 personnel for WAN status and performance monitoring.
I feel the following are useful, any additional info on beneficial metrics
will be helpful.
Interface/Node availability
latency/jitter on major network paths
We are attempting to establish a new BGP session between one of our
CRS-1 routers, and a Redback SE800 router owned by another provider. Am
not familiar with Redbacks myself and we have not peered with any before
(as far as we know anyway). The BGP session only remains up if no NLRI
is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6
Vulnerabilities
Advisory ID: cisco-sa-20090325-mobileip
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
Revision 1.0
For Public Release 2009 March 25 1600
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS cTCP Denial of Service
Vulnerability
Advisory ID: cisco-sa-20090325-ctcp
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml
Revision 1.0
For Public Release 2009 March 25 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN
Vulnerabilities
Advisory ID: cisco-sa-20090325-webvpn
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
Revision 1.0
For Public Release 2009 March 25 1600 UTC (GMT
This is probably a stupid question, but anyway:
Can I match and remove no-export from routes? I need to shuffle some
routes between global and a vrf. I have a fake eBGP session up, but
the routes I need to move are marked no-export.
I've tried applying a simple match/set route-map to the eBGP
Great to see that the 890 will have 8 lan ports, unfortunately not at
gig speed.
Skeeve Stevens wrote:
Hey all, I was just going to download the latest IOS for a Cisco 877 and below
is the current list of 800 series routes on the Cisco website.
What caught my eye was the 3 entries for the
DSL on both ends? Cisco on both ends? What gear/ios version?
I'm curious to this as well. I have an 1841 ISR I'm using as my
production home router, and want to deploy an IPSEC endpoint at another
location, and optimize as much as possible.
Jeff Cartier wrote:
Greetings All,
I was
Tim,
You should definitely be able to remove the no-export well know
community using an inbound route-map but you will not be able to do it
outbound on an eBGP session as the path will not even be considered for
advertisement in the latter case.
Regards
-Original Message-
From:
On Wed, Mar 25, 2009 at 2:17 PM, Harold Ritter (hritter)
hrit...@cisco.com wrote:
Tim,
You should definitely be able to remove the no-export well know
community using an inbound route-map but you will not be able to do it
outbound on an eBGP session as the path will not even be considered for
I'm seeing a strange problem with an OC3 link that should be really
simple. The link runs from a 4-port OC3 card in a 12012 to an old
POSIP-OC3-50 in a 7507. Earlier in the day one of the two POSIP cards in
the 7507 started running a *lot* of receive errors, all CRC, so we
thought maybe the optic
Hello ,
I have got two core switches. They are running redundant with HSRP. One of
them is hsrp active and spanning tree root for all vlans , the other is hsrp
passive and spanning tree secondary for all vlans. I have got a server vlan
which i would like to inspect traffic to this vlan from
On Wednesday 25 March 2009 15:03:34 Bill Wichers wrote:
Does anyone have any ideas? I've already checked light levels, CRC (set
the same on both ends - CRC16), clocking is line on one end, internal on
the other, all the other settings are identical on both ends. What is
happening right now is
One quick question: is this your own dark fiber, or through a SONET
ADM,
or
through a service provider? Interestingly enough, the recommendation
for
dark
fiber is internal clocking on both ends.
Also note that the quad OC3 line cards in the 12000 have some
limitations
as
to clocking
Does any one know the packets per second limitations on a 3550's gig
interface? I'm seeing some weirdness when I do a show controllers
utilization. Several interfaces register 100 on either transmit or
receive. This doesn't seem to be the case when I show int g0/? to see
what the pps
Greetings,
I've got a 7206VXR NPE-G1 with a bunch of DS3 cards in it (PA-MC-T3).
There's about 25 multilinks with an average of 2 T1s per bundle. I see
a lot of process switching on the router and I have a feeling it's
because we don't have the PA-MC-T3-EC card so the processor has to step
The G1's with MLPPP should not be process switching the traffic.
What is the config?
The EC cards just offload the MLPPP to the new asic on the PA.
Rodney
On Wed, Mar 25, 2009 at 04:35:50PM -0400, Jason Berenson wrote:
Greetings,
I've got a 7206VXR NPE-G1 with a bunch of DS3 cards in it
Here's a sample:
interface Multilink2
ip vrf forwarding VPN1
ip address x.x.x.x 255.255.255.252
no cdp enable
ppp multilink
ppp multilink group 2
service-policy output voice
!
interface Serial6/0/25:0
no ip address
encapsulation ppp
down-when-looped
no cdp enable
ppp multilink
ppp multilink
Hi,
We have a 3550-12T switch.The highest load on one GE port (till now):
820 mbps down/700 mbps up
110k pps unicast+ 15k pps multicast
Alexandru Ulici
Does any one know the packets per second limitations on a 3550's gig
interface? I'm seeing some weirdness when I do a show controllers
Do you control both ends of the link(s)? any reason you can't just run L3
without PPP on the links with a routing protocol for redundancy and use
cef's load sharing abilities?
I'd avoid the overhead and processing requirements of MMP if you can.
On Thu, Mar 26, 2009 at 12:21 AM, James Edmondson
Hi Peter,
Much appreciate your help with understanding QoS a little better.
---
I tried to create a Heirarchical QoS policy on a spare 7606 we have here
and no go. Tried to create a parent shaper and policer and neither
worked when the service-policy was applied to the interface.
With parent
Hello,
I have the need to create a vpn between two routers. R2 is behind R1
which is doing nat, and R3 has an interface with a public ip. R3 has
to initiate the vpn connection because it has a dynamic public ip. I
also need to be able to run ospf across the vpn and monitor the vpn
traffic.
DMVPN with GRE is your friend
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008019d6f7.shtml
On Thu, Mar 26, 2009 at 10:54 AM, Dan Letkeman danletke...@gmail.comwrote:
Hello,
I have the need to create a vpn between two routers. R2 is behind R1
which is
Hi,
Just wondering if anyone on list has run into issues where their routed
Metro-E links will sometimes stay up as the mux isn't properly downing the
interface ( cheap gear without interface tracking per se) when the circuit
goes down. Pinging the interface doesn't really apply in this situation
What are you trying to accomplish? Your subnet says something about EIGRP
but the message doesn't. :)
tv
- Original Message -
From: Ryan Hughes rshug...@gmail.com
To: cisco-nsp@puck.nether.net
Sent: Wednesday, March 25, 2009 11:36 PM
Subject: [c-nsp] EIGRP Neighbor tracking
Hi,
Hi,
Though I have just few routes still I am getting
Mar 26 04:49:06.406 UTC: %MLSCEF-SP-4-FIB_EXCEPTION: FIB TCAM exception for
IPv4 unicast, Some routes will be software switched.
Use mls cef maximum-routes to modify FIB TCAM partition.
6500.LAB#sh mls cef maximum-routes
FIB TCAM maximum
If all you need is to track whether you can ping the directly connected IP
address and react on the tracked object down status, you can use EEM with
the event track X state up|down trigger.
See the Not so very static routes section in this article
http://www.nil.com/ipcorner/SmallSiteMultiHoming/
34 matches
Mail list logo