Hi,
On Tue, Jan 26, 2010 at 10:14:43PM -0500, Luan Nguyen wrote:
Back when I was at VzB managed services, it's EIGRP over the DMVPN/IPSEC
tunnel backing up BGP MPLS.
Something along that line would be my suggestion as well. Run an IGP over
the IPSEC tunnels (GRE-in-IPSEC, routing protocol
Hi,
On Wed, Jan 27, 2010 at 07:53:50AM +0100, Ivan Pepelnjak wrote:
* Configure EBGP sessions over IPSec between remote sites and central site.
* On remote sites use EEM to detect MPLS VPN EBGP neighbor loss (either
default route is gone or you might rely on SNMP traps)
* When the MPLS VPN
Hi,
I want to authorized user in Cisco ACS per network devices added in Cisco
ACS 4.2. My theme is to give full access on device-1 and read-only access on
device-2 to same user. Kindly guide me to do this.
Regards,
Atif.
--
Regards,
Muhammad Atif Jauhar
(+92-33-3346-)
We have a VSS running, L2 only for the moment. We plan to enable L3
(static routing only for the moment) next week (along with a FWSM board
in each chassis).
We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for
the moment (I know this version has too much features for what we
I am running three VSSs on 's72033-advipservicesk9_wan-vz.122-33.SXI.bin' with
an ACE and a FWSM.
'Time since CORP-CORE01 switched to active is 1 year, 9 weeks, 5 days, 19
hours, 46 minutes'
Jason
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Yes, the limit was set to 200 at ATT. They've bumped it up and everything
seems to be happy now.
Thanks to everyone who responded I thought I was going crazy... :-)
Steve Pfister
Technical Coordinator,
The Office of Information Technology
Dayton Public Schools
115 S. Ludlow St.
Dayton,
I have used 12.2(33)SXI1 on a VSS but encountered a *very* nasty bug triggered
when performing an SSO failover, which causes STP to get its knickers in a
twist. Ultimately we had to just power the whole thing off (both chassis) to
break the loops and restore service, but the whole installation
On Jan 27, 2010, at 11:25 AM, Alasdair McWilliam wrote:
I've run 12.2(33)SXI3 on some non-VSS nodes but the upgrade breaks SSH beyond
repair (to my knowledge?) if you do an SSO failover, so these are going to be
downgraded back to SXI2a.
Is this the bug where the private key goes away?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified
MeetingPlace
Advisory ID: cisco-sa-20100127-mp
Revision 1.0
For Public Release 2010 Jan 27 1600 UTC (GMT
With SXI3 there is a quick fix for the SSH bug.
Basically, during the upgrade the key gets corrupted and becomes a phantom. You
can't delete it with zeroize. The corruption is in the key label (which if you
don't specify, is the fqdn) which gets corrupted with the last letter left off.
For
We've had a few PIX-501s overheat. No internal fans, so they are
susceptible.
We've also had one or two of these have problems with the power
connector. It would boot and run, but slight movement of the power
connector on the box would cause it to loose connection momentarily and
reset.
In
We are doing a long overdue redesign of our network as part of a voip
implementation, hopefully ending up with a collapsed core w/routed access
layer. A consultant has proposed the 4507 as access switches and a pair
of 3750-E switches as the core. The 3750-E seems a strange choice to me
for a
I don't believe that twin-gig converters are supported in the onboard 10G
interfaces of the 4900M. I think they are only supported on the
oversubscribed 8 port 10G card. Also, watch for licensing costs. The adder
to get up to enterprise licensing is very expensive. Look in the feature
for the cisco people here (hehehe), can i do the following:
use an inject map for a route that is locally originated, i think im
having issues with the route source ie.
int fas 0/1
ip address 123.123.123.1 255.255.255.0
router bgp 1
neigh blah remote-as blah
network 123.123.123.0 mask
This is HW we have:
Mod Ports Card Type Model
--- - -- --
18 8 port 1000mb GBIC Enhanced QoSWS-X6408A-GBIC
2 48 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX
3 48 48-port
Are you talking about using the twin-gig connectors to provide 1 G uplinks?
Nothing wrong with that but its pretty expensive by comparison to a regular
gig SFP.
Regards,
Andrew Gabriel.
On Thu, Jan 28, 2010 at 12:12 AM, Jason Gurtz jasongu...@npumail.comwrote:
We are doing a long overdue
Hi,
On Wed, Jan 27, 2010 at 07:06:18PM +0100, Ivan Pepelnjak wrote:
If I understood the original question correctly, he's an MPLS
VPN customer running BGP with his Service Provider. Unless I'm
mistaken, it's somewhat hard to run IGP on top of that, unless you
build GRE or DMVPN tunnels over
Jason Gurtz wrote:
After each drop this counter returns to 0 which tells me the Pix is
rebooting for some reason.
[...]
experienced this. The software rev is 6.3.
We experienced this on a 515E running 6.3 code. A move to the 7.0 series
solved this issue.
Same thing here. It would crash
Message: 3
Date: Wed, 27 Jan 2010 13:42:43 -0500
From: Jason Gurtz jasongu...@npumail.com
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] 4900M vs. 4503 for core
Message-ID:
a92eaf652ec423438d55c14c60771c8701f3e...@exchgsrv.nputilities.local
Content-Type: text/plain;
The point of termination between the pix and the power supply end point (shaped
like a 7) is a known issue. If it moves at all or gets bumped at all it will
reboot the devices. To rule this out you can try to zip tie it to the device
in an effort to keep it still. If there is no possible
Exactly. This is a secondary form of calling back home if the MPLS Link or BGP
breaks. We have static routes at the remote site pointing traffic over the
IPSEC tunnel if it fails. If MPLS is lost we want the remote campus to be able
to communicate with the main datacenter which is also where
On Wed, Jan 27, 2010 at 10:50 AM, Matthew Huff mh...@ox.com wrote:
With SXI3 there is a quick fix for the SSH bug.
Do you happen to have the bug ID for the ssh bug?
We're considering the possibility that we'll need to upgrade to SXI
very shortly here, although it's purported to also be affected
Oooh... :-)
The bug I had stumbled over was CSCtc41114, matching our conditions and
symptoms. I've had no luck with the workarounds mentioned in the bug notes and
my interpretation was that SXI3 'caused' the bug. I don't have the luxury of
test boxes, multiple downtime windows or just enabling
I take back what I just said about the specified workaround not working...
I clearly had blinkers on and missed the line about taking the last character
off !!!
Ho hum..
On 27 Jan 2010, at 23:01, Alasdair McWilliam wrote:
Oooh... :-)
The bug I had stumbled over was CSCtc41114,
I'm trying to setup a mechanism for ensuring end-to-end MTU in our L3 MPLS
VPN network. I'd like to use ip sla tracking to do so and I have setup a
monitor:
ip sla monitor 99
type echo protocol ipIcmpEcho x.x.x.x
request-data-size 1500
vrf XYZ
Unfortunately, I cannot find any way to set the
We are a smaller shop (7 access switches including the datacenter)
with
100Mb desktops and a mix of 100/1000 for servers. Switch-to- switch
trunks
are 1Gb. The number of access switches is very unlikely to change
and we
could, in the future move to a 10Gb. The 4900M solution would save
Tried that as well as with a new cable, still no luck. Next I'm going to
capture the console output and see if that sheds any light on anything.
- Original Message -
From: Jason LeBlanc jasonlebl...@gmail.com
To: Justin Shore jus...@justinshore.com
Cc: cisco-nsp@puck.nether.net
Sent:
The base bug is CSCtc41114. The workaround that I provided is derived from the
bugid and a cisco engineer.
-Original Message-
From: Adam Korab [mailto:adam.ko...@gmail.com]
Sent: Wednesday, January 27, 2010 5:43 PM
To: Matthew Huff
Cc: Alasdair McWilliam; Holemans Wim;
On Thursday 28 January 2010 07:30:38 am Jeff Bacon wrote:
You could probably use a pair of 3560Gs for your core and
get away with it, without having to spend any real
money. I wouldn't actually stack the cores - too easy
for one to take out the other via the stack cable... but
that's a
On Thursday 28 January 2010 07:16:35 am Alasdair McWilliam
wrote:
Here's me thinking I'm cracking up.
I just did what you recommended and it worked! I guess
SXI3 can stay... you've just saved me another early
downtime window.
It never ceases to amaze me how problematic the history of
I did the exact same thing first go round ;) Crazy thing is I just went
through this 2 days ago and thanks to Matthew got it fixed!
On Jan 27, 2010, at 4:03 PM, Alasdair McWilliam wrote:
I take back what I just said about the specified workaround not
working... I clearly had blinkers on
Hi,
* Christopher Hunt dharmach...@gmail.com wrote:
Unfortunately, I cannot find any way to set the DF bit using ip sla
monitor. Anyone know if it's available anywhere or coming soon? Can
anyone else think of another strategy? I'm currently running 12.4(22)T on a
series of 7200VXRs.
Look
We had this issue on a 525 and opened a TAC case. We provided Cisco with sh
tech (I think) and the root cause was a code issue (ver. 6.x) concerning the
number of connections. The issue was resolved with an update to the code.
Sorry would like to confirm that the issue is most likely a code
Just guessing: Local policy routing that sets DF bit on ICMP ECHO traffic
between two known IP addresses with the set ip df 1 command within the
route-map.
Let me know if it works ;)
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
-Original Message-
From: Christopher Hunt
OK, it looks like I've over-engineered the solution ;)
The best solution (if you can make it work) would be to run BGP over the backup
links and use BGP attributes to make backup links a less desirable BGP path.
Running OSPF on backup links and BGP on MPLS VPN can be made to work ...
barely. I
Why not an IGP on the backup link, BGP over MPLS, and eBGP peer from your
'MPLS' router to your core network? All of your MPLS routes will be eBGP w/
admin of 20 and depending on what IGP you choose it'll have a higher admin
distance. Normal ops BGP routes are preferred. If MPLS goes away IGP
36 matches
Mail list logo