Hi all,
I'm hoping that someone might be able to help with some suggestions for how to
configure QoS for the following setup. I've read a whole lot of documentation
and can't find anything that helps me.
Device: 7609 sup720-3b running 12.2(33)SRD1. GigE card = WS-X6516-GE-TX
Site 1 = 40Mbps,
You mean _Carthago delenda est_
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Hilliard
Sent: Monday, July 27, 2009 11:16 PM
To: Justin Shore
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco Catalyst
Thanks,
After looking deeper into the scenario and router configs I kinda managed to
come up with it.
I still didn't implement it and if we're talking I'd better show you so you can
confirm it will do what I need it to do.
The customer has a 13Mb internet link and I need to set 2Mb for the
Ziv,
You need to apply a nested policy...
The parent policy should do shaping to the real link rate, or else the
router does not have any way to know how much bandwidth is really out there.
The child policy should have the policy you want for the different classes.
Are you sure you want to put
I just got this product alert from Cisco:
From: cisconotificationserv...@cisco.com
To: h...@efes.iucc.ac.il
Subject: Cisco Notification Alert -Alerts_Daily-07/28/2009 07:38 GMT
Cisco Notification Service Alert:
Cisco Notification Alert -Alerts_Daily-07/28/2009 07:38 GMT
End-of-Sale and
On 28/07/2009 08:02, Ziv Leyes wrote:
delenda est carthago
This is ridiculously off-topic, but the original wording as Cato used in
his speeches is long lost.
The primary reference for this phrase comes from Plutarch who wrote in one
of his Lives: ...και η Καρχηδόνα πρέπει να καταστραφεί
I am attempting to use statically configured arp inspection on a vlan on
our 6500.
Here's an example, we have , say, vlan500, vlan 500 is assigned to ports
gi11/1-48
The configuration on the ports are as follows:
switchport
switchport access vlan 500
switchport mode access
switchport block
hi all
i configured the following on my router
ip sla 200
icmp-echo 4.2.2.2
threshold 50
frequency 5
ip sla schedule 200 life forever start-time now
event manager applet FILE
event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.7.200 get-type exact entry-op eq
entry-val 1 exit-op eq exit-val 2
Would you give an example for the nested policy?
I do want to put it in the priority queue, the link that ends the xconnect is
an interface connected to a Metro-E service that is physically limited to 2Mb
so it won't be able to exceed it anyway, that's why I want to limit it on the
router too,
Ziv,
Take a look here:
http://www.cisco.com/en/US/partner/docs/ios/qos/configuration/guide/qos_
mqc.html#wp1060197
Arie
From: Ziv Leyes [mailto:z...@gilat.net]
Sent: Tuesday, July 28, 2009 12:35
To: Arie Vayner
Cc: Arie Vayner (avayner); Cisco-nsp
Subject: RE: [c-nsp] L2TPv3 Tunnel
Mohammad,
The way it works is that the entry-val would trigger an event once
(enter into the state) and until you do not hit the exit-val, you
would not get another event.
This is done basically to generate a single alarm instead of getting a
repeating one.
Arie
-Original Message-
osamas...@hotmail.com
_
Windows Live™ Hotmail®: Celebrate the moment with your favorite sports pics.
Check it out.
Hi,
I have two 6500 in a LAN connected at layer 2.
Each of them have a SVI with an IP and HSRP working without problems.
When I configure Fallback Bridging in the SVI in both switches, HSRP stop
working,
so I think the problem can be related to a segmented L2 network topology.
I found the
ODR perhaps? Or maybe OER (that#39;s one letter higher anyway...)
;)
-David
Hank Nussbacher wrote:
I just got this product alert from Cisco:
From: cisconotificationserv...@cisco.com
To: h...@efes.iucc.ac.il
Subject: Cisco Notification Alert -Alerts_Daily-07/28/2009 07:38 GMT
Cisco
Hi chaps,
I want to have my VPN Client users bound to time ranges so they can
only connect during a certain period of time on week days.Typically my
remote guys will connect at the start of the day and stay connected
till the very end of it or not disconnect at all.
I've been experimenting with
show bridge group
On Tue, Jul 28, 2009 at 1:22 PM, Daniel Garrido gara...@gmail.com wrote:
Hi,
I have two 6500 in a LAN connected at layer 2.
Each of them have a SVI with an IP and HSRP working without problems.
When I configure Fallback Bridging in the SVI in both switches, HSRP stop
Hello,
The standard approach is to send at authentication via a eg. radius
attribute a session timeout calculated to the end of the work-day. ACLs
may not work because the sessions are already established. You could
experiment with stateless ACLs on a router somewhere above your ASA, but
I
William,
This was discussed another list as well, but it seems the router time-based
ACLs are absolute and that the ASA waits for active sessions to time out at
least when used with vpn-filter. I believe the vpn-filter is only called once
when the user first connects, if you have to make
Hi Guys,
Appreciate your help on this. Have tried the VPN Wizard and the CLI
config from the below link but still no luck. The Cisco VPN client tries
to connect and after for a few seconds shows Not Connected. I think it
is an ACL issue but I am not 100% sure. I have attached the running
config,
Kiran,
You'll want to get Xauth configured for your RA-VPN. Do you have an internal
auth server you can query? You can query AD directly through LDAP / NT
protocol / Kerberos or use IAS through RADIUS. Once you establish those
servers, you'll want to call them in your tunnel-group Kir-VPN
Michael,
Check:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12
.2SX/configuration/guide/intrface.html#wp104
http://www.cisco.com/en/US/partner/docs/ios/interface/command/reference/
ir_l2.html#wp1030775
Michael Robson wrote:
Michael,
Check:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12
.2SX/configuration/guide/intrface.html#wp104
http://www.cisco.com/en/US/partner/docs/ios/interface/command/reference/
ir_l2.html#wp1030775
Hank Nussbacher wrote:
I just got this product alert from Cisco:
From: cisconotificationserv...@cisco.com
To: h...@efes.iucc.ac.il
Subject: Cisco Notification Alert -Alerts_Daily-07/28/2009 07:38 GMT
Cisco Notification Service Alert:
Cisco Notification Alert -Alerts_Daily-07/28/2009 07:38
EIGRP...
Ducks and runs for cover
Justin Shore wrote:
Hank Nussbacher wrote:
I just got this product alert from Cisco:
From: cisconotificationserv...@cisco.com
To: h...@efes.iucc.ac.il
Subject: Cisco Notification Alert -Alerts_Daily-07/28/2009 07:38 GMT
Cisco Notification Service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Active Template Library (ATL) Vulnerability
Advisory ID: cisco-sa-20090728-activex
http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml
Revision 1.0
For Public Release 2009 July 28 1800 UTC (GMT
Hi All,
Im kinda new to the list and hope someone can help me an issue. I'm
trying to do some PBR with nat and am having an issue understanding how
the route-maps apply in combination with the nat process. I would like
to send my Phone based vlan traffic out of the T1 and the Data traffic
out of
I'll try to provide more details regarding the desired setup (opinions
in favour/against it are welcomed).
As I said, roughly half of the spokes will connect to hub1 while the
other half will connect to hub2. As all servers are in hub1, spokes
connecting to hub2 will reach the servers via a
Gentlemen, you forgot about IDRP (http://www.javvin.com/protocolIDRP.html).
You can already transport IPv4 and IPv6 over CLNS, this is the next logical
step :D
-Original Message-
From: Justin Shore [mailto:jus...@justinshore.com]
Sent: Tuesday, July 28, 2009 6:57 PM
To: Hank
Hi Max,
You might want to combine pbr with object tracking (and add some nat
statements to this mix). To make a long story short, you can configure
ip sla and object tracking to monitor your gateway(s) availability and
use a route-map with the verify-availability statement to select the
NPEG2 and VAM+ could do 60Mbps VPN throughput.
NPEG2 and VSA could do 160Mbps VPN throughput.
These are with 500 bytes packet.
If you need more throughput, might want to go with the ASR1002. Not that
much more expensive than the 7206VXR NPEG2/VSA combo.
Regarding design, you should go with
According to a Pannaway SE who visited us a few years ago, he'd seen SPs
many times our size who used static routes for everything. He said we
weren't big enough to need a routing protocol. Of course he also said
that our pipes weren't saturated so we didn't need QoS and that IPv6 was
just a
Justin Shore wrote:
According to a Pannaway SE who visited us a few years ago, he'd seen
SPs many times our size who used static routes for everything.
We could encapsulate it all in IPX, and yank those Netware servers out
of surplus to handle the routing. Bring back RIPs and SAPs...
Or we
You are forgetting NLSP (Novell Link State Protocol) designed to
eliminate RIP/SAP adverts But IPX had a lot of advantages large address
space, local network autoconfiguration, anti-spoofing, service
autolocation
Jeff Kell wrote:
Justin Shore wrote:
According to a Pannaway SE who
Grzegorz Janoszka wrote:
We have several 6500's, some of them heavily loaded. We use snmp to
graph traffic on all interfaces - just the simplest solution. Since some
time we have had an issue with the interface counters. When the CPU box
is really loaded (usually synchronization of BGP
Hi,
We have several 6500's, some of them heavily loaded. We use snmp to
graph traffic on all interfaces - just the simplest solution. Since some
time we have had an issue with the interface counters. When the CPU box
is really loaded (usually synchronization of BGP sessions), the counters
Hello Kiran,
1) you are using upper-case and lower case o in your crypto map -can't do
that.
relevant changes (within parentheses)below-
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds
288000
Depending on what software you're using to monitor with you might look into
whether it supports filtering values retrieved via SNMP to within a sane
range that you configure ?
Eg. On an E1 interface the maximum should only ever be 2048Kbps so it is ok to
discard anything with a value greater
Excuse the naive question, just starting to look at VSS and trying to
tune to the concept...
For those of you that have dived into VSS... are you still doing
redundant supervisors per chassis? or just duplicating links on each
chassis and crossing your fingers?
I've done the 3750 stacks
I want to monitoring vpn user on my ASA by snmp, it can trap vpn group but
it cannot trap the username (no such object available .) I use oid
1.3.6.1.4.1.9.9.392.1.3.21.1.1 , can you help me solve this problem ?
_
Note: The
Multiple sups per chassis are not supported. From access to core, since VSS
looks like one chassis, you would do 1 uplink to each physical 6500.
Cisco's data sheet:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/product_data_sheet0900aecd806ed759.html
Want to get into the
Last I had heard, the IOS code can only understand 2 supervisors total. Meaning
you have an active and a standby, and that's it. So you have 1 supervisor in
each chassis total. There is no current concept of an active, and multiple
'hot' standby supervisors.
That (among other things) made us
Hi there,
We are about to roll out VSS at our distro layer. Currently with SXI1, you
can't have redundant sups. Our assigned Cisco arch guy said that maybe
later this year or early next year that you will be able to have redundant
sups in a vss member chassis.
On 7/28/09 9:06 PM, Jeff Kell
42 matches
Mail list logo