Hi,
On Wed, Jul 15, 2009 at 02:09:17AM +0200, Peter Rathlev wrote:
Currently we only allow if-authenticated on the console port. After a
few funny situations the past year I'm seriously considering just
enabling it for VTYs also. I'm not exactly sure why I haven't done this
yet, but there's
Hi,
On Tue, Jul 14, 2009 at 08:58:53PM -0800, Christopher E. Brown wrote:
Come on guys, study the proto a little before going off.
We did...
In order for MST to work all members of an MST domain *MUST* agree on
the VLAN - MST group mapping.
If you change the mapping it must update across
On (2009-07-14 14:57 -0400), Jared Mauch wrote:
I'm having a call with some people in a few minutes, I will share
what is feasible to share once it's completed.
While I subscribe to the download manager hate, it doesn't bother me
nearly as much as unusable bugtool since the last upgrade two
On Tue, July 14, 2009 07:46, Stephen Fulton wrote:
I'm looking for thoughts on the stability of 12.2(33)SRD releases (latest
is
SRD2) in general, as well as any experiences running it on the 7600/RSP720
series. I'm connecting a SIP400/SPA-5x1GEv2 to a CWDM network, and only
SRD
supports the
On Wed, 15 Jul 2009, Saku Ytti wrote:
While I subscribe to the download manager hate, it doesn't bother me
nearly as much as unusable bugtool since the last upgrade two years
ago. Prior to the upgrade, I could solve maybe 1/3 of my cases, without
involving TAC. At that time, I thought bugtool
Gert Doering wrote:
Hi,
On Tue, Jul 14, 2009 at 08:58:53PM -0800, Christopher E. Brown wrote:
Come on guys, study the proto a little before going off.
We did...
In order for MST to work all members of an MST domain *MUST* agree on
the VLAN - MST group mapping.
If you change the
DEar frend
i need a crak... IPswitch Whatsup gold 11
On Tue, Jul 14, 2009 at 8:27 PM, Matlock, Kenneth L matlo...@exempla.orgwrote:
The serial numbers can be found here:
http://www.whatsupgold.com/
Ken Matlock
Network Analyst
Exempla Healthcare
(303) 467-4671
matlo...@exempla.org
Hi,
* David Freedman david.freed...@uk.clara.net wrote:
Have a bizarre NTP issue with 877 routers running 12.4(T) train.
- Only seems to affect a small percentage of 877 routers,
878s, 1800s , 2800s seem to be fine
A coworker reported the exact same behavior a couple of weeks ago. They
got 87x
I want to block the url https://www.facebook.com
Without using NBAR
Using access-lists ??
And if I want to block based on the IP address it has a lot
of IP addresses ( i dont want to block a whole class)
And the cache only blocks based on HTTP port 80
Hi
One I used a while ago to test was the below
ip urlfilter allow-mode on
ip urlfilter exclusive-domain deny www.theregister.co.uk
is a while since ive used this but you can check the Cisco Docs for the ip
urlfilter feature, if you want to block based on IP just use access lists as
normal to
Maybe not crack, but it might work: http://www.clubsmokey.nl/.
Listen kid, your question is clearly not on topic here even though it
does have some entertainment value. You make yourself look like a stupid
11 year old kid. If you really want to use What's Up Gold then go to
the standard is ieee 802.1s
don't change anything to your interface config
mst instance and vlan association is a global config
if you planned to migrate to mst on your side, make sure you will migrate to
mst with your client ;)
On Tue, Jul 14, 2009 at 6:57 AM, m...@adv.gcomm.com.au wrote:
i have siemens wimax cpe (gigaset SX682)
i cannot access the web interface using the default password admin
always prompted its incorrect
and i need a user manual
can anyone help
_
Windows Liveā¢: Keep your life in sync. Check
Man, thts pretty straightforward. all u needed is
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080ab4ddb.shtml
if i am remembering correctly, you can block https using proxy/cache
server; If it is Squid thn i can help you.
Regards,
Masood
Hi
One I used a
Would you mind sharing the tac SR with me? about to open my own and
would help me lots if my request is in sync (pun intended) with yours.
David.
Christian Zeng wrote:
Hi,
* David Freedman david.freed...@uk.clara.net wrote:
Have a bizarre NTP issue with 877 routers running 12.4(T) train.
A few things.
1) I'm not your 'friend'. My friends actually PAY for what they use, not try
outright theft (and advertise it on a public forum!)
2) This has nothing to do with Cisco equipment
3) If you want a monitoring package, I'd suggest either paying for it, or using
one of the many
You cannot block HTTPS on the router with anything but the IP-based access
lists because (by definition) the HTTP request (which the URL filter,
content filter or NBAR recognizing HTTP uses) is encrypted.
If you want to block HTTPS requests for particular hosts, you need a HTTP
proxy which
On Tue, Jul 14, 2009 at 3:45 AM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
... but it doesn't say anything about the number of STP instances.
things go wonky when you have more than 1800 virtualports per slot
(which you didnt quite reach) (1200 on older eg 100mbit blades)
with 13,000 in
Well sure, I'm aware of the logic behind the behavior - I'm not saying
it's a bug. But the result is that it is a good choice protocol for a
very specific scenario, while RPVST is a much superior choice for
certain other scenarios.
So having been provided with a lovely open standard car and a
Default timers...several hundred will be ok.
You get in trouble when you try to bring the timers down less than say 20/60.
We introduced a new scheduler to handle hellos for the peers that allows
them to work at smaller intervals but it can't guarantee no false positives.
Rodney
On Tue, Jul
Tim,
I doubt you will see improvement over 3ms for general latency reduction
(assuming a OCX P-t-P link?). However it will improve CIFS performance
if the files are being accessed and changed a lot by the users at the
site remote from the CIFS server. The WAE on the server side of the
Interesting comment.
I stopped giving feedback a long time ago when they did the first major
trainwreck of cisco.com.
tv
- Original Message -
From: Hank Nussbacher h...@efes.iucc.ac.il
To: Saku Ytti s...@ytti.fi
Cc: cisco-nsp@puck.nether.net
Sent: Wednesday, July 15, 2009 2:13 AM
I've done this before; this will work but Cisco will not give you
support if there are issues;also the VAM combo with this router engine
results in very llittle throughput; not worth it IMHO.
Regards,
Ge Moua | Email: moua0...@umn.edu
Network Design Engineer
University of Minnesota |
I'm bringing up a MLPPP PPPoA bundle with 4 7-meg DSL lines. It had worked
fine with only 2 lines in the bundle and provided the full expected speed.
Adding the next two lines didn't provide an increase in speed, it actually
might have decreased a bit. It tops out at around 10 megabits with 4
Tim,
While in theory you should still see some improvement from CIFS with a
setup like this, I've done a PoC/trial with a near identical setup, 1G/3-4ms
latency, and the performance improvements where minimal at best. The one
caveat was the CIFS shares were being used by a questionable
I'm having some trouble with h.323 (video) calls through a PIX 525 using NAT.
We can get incoming calls fine, but not outgoing calls for some reason. My
question has to do with 'inspect h323' vs 'fixup protocol h323'. What's the
difference between them? The video conferencing unit in question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Vulnerabilities in Unified Contact Center
Express Administration Pages
Advisory ID: cisco-sa-20090715-uccx
http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml
Revision 1.0
For Public Release 2009 July 15 1600
Tim Stevenson wrote:
Ok - if you have mrouter ports being learned, then the upstream router
should be sending IGMP queries already IGMP snooping querier is not
required.
You may want to check the igmp snooping stats see what type of joins
etc are being seen on 1/26. Also what is the
Just checking something that I haven't been able to verify online...
Changing the bgp router-id manually will require you to clear the bgp
sessions? Correct?
Thanks!!!
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
We're currently using Cacti, Nagios, and RANCID in an ISP environment.
Nagios is a bit bulky when it comes to the management side of things but I
highly recomend both RANCID and Cacti. Depending on your knowledge level
with *nix systems, CactiEZ is also available. The EZ version is a
Ram Krishna Pariyar belongs to Skoost and sent you a little gift.
Click below to collect your gift:
http://uk.skoost.com/fun?cisco%2Dnsp%40puck%2Enether%2Enet/21588610/8
P.S. This is a safe and innocent gift that Ram Krishna Pariyar
sent from Skoost, the free goodies website.
This e-mail was
As far as I know, changing the router ID will take care of clearing the
BGP tables for you. :) It should reset all sessions.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeff Cartier
Sent: Wednesday, July 15, 2009 1:49
Hi Steven,
On Wed, Jul 15, 2009 at 6:28 PM, Steven Pfisterspfis...@dps.k12.oh.us wrote:
I'm having some trouble with h.323 (video) calls through a PIX 525 using NAT.
We can get incoming calls fine, but not outgoing calls for some reason. My
question has to do with 'inspect h323' vs 'fixup
Oh that's lovely :) Thanks for the heads up all!
-Original Message-
From: Paul G. Timmins [mailto:ptimm...@clearrate.com]
Sent: Wednesday, July 15, 2009 2:06 PM
To: Jeff Cartier; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] BGP router-id - Chaos?
As far as I know, changing the router
Hi,
The IPV6 host has to communicate to some IPV4 on Internet, I can use NAT-PT
one but I see that it is now no more recommended.
So, what is best translation mechanism achieve this when I being ISP provide
IPV6 Internet service to my customer?
Regards,
CS
I see, PE to CE routing protocols are segmented from PE to P routing
protocols. So for PE to PE traffic,
the ingress LSR only needs to know how to route to the egress PE router via
IGP label, once there the VPN label forwards traffic to the proper VRF.
The next -hop for the desination route
I don't think you can have the inspect and fixup in the same config. I believe
the inspection policies replace the fixup commands in the 7.x+ code.
either one pretty much does the same thing- its going into the packet and
rewriting the IP in the h323 data payload (if necessary).
we had some
I tried in my lab with two boxes
28xx-76xx
28xx is running 12.4(15)T9
76xx is running 12.2(33)SRB6
eBGP between the boxes.
I changed the route-id manually on 28xx
2800#sh ip bgp sum
BGP router identifier 10.10.10.1, local AS number 1020
BGP table
Yes, tcp/1720 seems to be going to the correct address. The thing I'm wondering
now is this... I did the capture on the PIX itself on the outside interface.
I've found at least one spot where the internal address for the unit on our
side appears. I would have thought the NAT transversal setting
Out of the blue the other day I received a NAGIOS alert about a 2950T-24
being down. I was off-site, so I called over to the onsite tech who
confirmed that traffic was flowing just fine. When I checked later, I
couldn't ping or telnet to it. I went onsite today had no response at the
console
Dual Stack.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chintan Shah
Sent: Wednesday, July 15, 2009 2:08 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] IPV6 to IPV4
Hi,
The IPV6 host has to communicate to some
Ibrahim Abo Zaid wrote on Wednesday, July 15, 2009 02:47:
Hi All
I have a question about ISIS mesh groups which is used to reduce LSP
flooding in full-mesh p2p enviroments , that means we lose redudacny
for sake of LSP flooding reducation hence it affects forwarding and
traffic is forced
ip per-packet load-sharing on single ethernet interface with multiple
iBGP routes installed to different nodes on that ethernet interface.
Software router, 12.3
Does not seem to be balancing. Is this supposed to work?
___
cisco-nsp mailing list
Joe,
Which platform is it?
Can you share show ip route and show ip cef internal?
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Joe Maimon
Sent: Wednesday, July 15, 2009 22:29
To: cisco-nsp
Subject: [c-nsp] ip
Joe,
Which platform is it?
Can you share show ip route and show ip cef internal?
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Joe Maimon
Sent: Wednesday, July 15, 2009 22:29
To: cisco-nsp
Subject: [c-nsp] ip
c7100-jk9o3s-mz.123-12e.bin
Raw output sent direct.
Arie Vayner (avayner) wrote:
Joe,
Which platform is it?
Can you share show ip route and show ip cef internal?
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
On Wed, Jul 15, 2009 at 8:58 PM, Steven Pfisterspfis...@dps.k12.oh.us wrote:
Yes, tcp/1720 seems to be going to the correct address. The thing I'm
wondering now is this... I did the capture on the PIX itself on the outside
interface. I've found at least one spot where the internal address for
Hi, so I've started working with the Pix and am trying to forward port 80
and 443 in from an outside facing address to a 10.x space inside. I have
two basic interfaces (outside and inside) and am running Pix 6.3 for
firmware.
I was thinking the following line would work but wasn't sure if I
Turn on 'ip cef account load per pre'
and send the 'sh ip cef internal' for the prefix you are going towards.
On Wed, Jul 15, 2009 at 10:33:34PM +0200, Arie Vayner (avayner) wrote:
Joe,
Which platform is it?
Can you share show ip route and show ip cef internal?
Arie
-Original
On 14/07/2009, at 11:26 PM, Jon Lewis wrote:
But isn't that the whole point of MST? Most of what I've read about
it talks about doing setups where you only have 2 or 3 instances,
with all your vlans in the 2nd and or 3rd instance.
Yup. In a DC / Hosting environment it's a must.
On 15/07/2009, at 4:01 AM, Jon Lewis wrote:
The cisco examples I saw say to leave MST0 empty and use MST1 and
MST2 for VLANs.
Good option. Only non-MST speakers will end up in instance 0. Spread
your vlans over instance 1 and 2 (and root those instances
appropriately) and all will be
On 15/07/2009, at 4:22 AM, Geoffrey Pendery wrote:
Will adding new VLANs to an MST instance disrupt traffic flow for
other
VLANs in that MST instance?
Yes. We've verified this.
A trunk port carrying only VLAN 30, or even an access port carrying
only VLAN 30.
VLAN 30 is in instance 2. You
On 15/07/2009, at 8:02 AM, Phil Mayers wrote:
R-PVST + manual VLAN management works like a charm here.
. works like a charm until it doesn't. Any PV based STP will not
work in a dense server virtualisation environment. So these days
that's basically any hosting provider. MST is
Quoting Manu Chao linux.ya...@gmail.com:
the standard is ieee 802.1s
don't change anything to your interface config
mst instance and vlan association is a global config
if you planned to migrate to mst on your side, make sure you will migrate to
mst with your client ;)
Thanks for the
Hi Scott,
For your NAT to work you need to things:
1. static command
2. Access-list
static (outside,inside) tcp general-internet-rtr-svc-nat 80 inside-ip-object
80 netmask 255.255.255.255 0 0
You have it round the wrong way, you would need:
static (inside,outside) tcp outside_ip
I bet your out of order is getting so bad you are dropping the packets.
I'm not a PPPox expert...but could you create 7 dialers and do CEF
per packet over them?
On Wed, Jul 15, 2009 at 10:07:24AM -0500, Dave Weis wrote:
I'm bringing up a MLPPP PPPoA bundle with 4 7-meg DSL lines. It had
Depending on your apps ability to handle out of order frames on the end
stations of course.
On Wed, Jul 15, 2009 at 09:59:04PM -0400, Rodney Dunn wrote:
I bet your out of order is getting so bad you are dropping the packets.
I'm not a PPPox expert...but could you create 7 dialers and do CEF
On Tue, Jul 14, 2009 at 05:00:36PM +0200, Gert Doering wrote:
rant
MST is what comes out if vendor committees get together, and agree to
implement the least common determinator in the most complicated way.
/rant
I completely disagree - it's what comes out of solving problems
related to the
Hi Guys,
I'm seeing an issue on some of our 6509's where no matter what I do I
can't disable the event link status up/down appearing in the logs. 'no
logging event link-status' appears in the interface config but does
nothing. 6509 with sup 720 and s72033-pk9sv-mz.122-18.SXD6.bin as the
Excerpts from Giles Woolston's message of Wed Jul 15 21:18:58 -0700 2009:
I'm seeing an issue on some of our 6509's where no matter what I do I
can't disable the event link status up/down appearing in the logs. 'no
logging event link-status' appears in the interface config but does
nothing.
Yea, as I understand that makes the default value enabled, but you
should still be able to disable on a per interface basis. Which I can do
on other 6500's but not these ones. The boot option suppresses link
state messages during a reload/bootup but I need to disable logging for
specific
61 matches
Mail list logo
