Hey Guys,
I understand the differences between IP Source guard and Dynamic Arp
Inspection. One looks at IP packets and one looks at arp packets. But if we
had DHCP snooping configured and DAI configured, do we really need IPSG?
Lets say on a port configured with DHCP snooping and DAI only,
Nothing the server can do or the mirrored server would stop the mirror
from working. I've never had one stop no matter how much I blasted it
or how long. Capacity issues, and packet drops, yes, but never quit. I
would assume it's a bug in the code.
--
GloboTech Communications
Phone:
On 03/13/2012 07:24 AM, Shanawaz Batcha wrote:
because he doesnot send any DHCP packets. But Dynamic arp inspection will
catch him because he cannot do any ARP replies. And other machines will
require his arp reply to communicate to him. So static or spoofed IP
addresses will fail.
Then I am
Not seeing this in SXI3,
Whilst doing some reading
(http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html)
, I came across:
The initial release supports all existing BGP features including IPv4, IPv6,
VPNv4, and VPNv6 address and sub-address
It is my understanding that you put switchport access vlan XX
on the dot1q-tunnel port and this encapsulates all traffic coming in
there to that specified
vlan. (So it's basically an access port to the customer, which instead
of being a normal
access port it accepts ALL tagged frames (encaps
If you want to do what you described you need a switch that supports
vlan mapping
(switchport vlan mapping 1-2 dot1q-tunnel 3) to filter only those vlans
you want into the
tunnel vlan.
Or are you suggesting that you want to use the port as a trunk and a
tunnel at the same time
where some
Hi Guys,
I have a scenario for which I'm scratching my head since long - please help
Nexus 5K-1-Nexus5K-2
| |
| |
Nexus2K-1 Nexus2K-2
| | Port eth 1/1
|
On Nexus devices, Ensure that you are configuring the ports correctly for the
type of device to which the interface is connected.
Att,
Alessandro Braga
CCIE #30393
On Mar 13, 2012, at 8:56, jack daniels jckdaniel...@gmail.com wrote:
Hi Guys,
I have a scenario for which I'm scratching my
Hi Alessandro,
Please suggest the configuration , if that can help avoid loop.
Regards
On Tue, Mar 13, 2012 at 5:58 PM, Alessandro Braga sandro.u...@gmail.com wrote:
On Nexus devices, Ensure that you are configuring the ports correctly for the
type of device to which the interface is
On 13/03/2012 11:56, jack daniels wrote:
In this scenario Switching LOOP is getting formed. Only way I'm able
to get rid is shutdown Port eth1/1 on Nexus2K-2. Please help in this
case.
are the 3750 and both the n5k boxes running spanning tree?
Nick
On 13/03/2012 12:59, Joe Freeman wrote:
I'm working on a design for a public cloud offering and the security guys
are screaming that I need to implement network access control (from what
they describe, it's 802.1x) in the underlying network as they claim the
VRF/MPLS/VPLS/vlan model doesn't
That's exactly my argument at the moment, but I thought I'd reach out to minds
brighter than mine to see if I've missed something somewhere.
Sent from my iPhone
On Mar 13, 2012, at 9:12 AM, Nick Hilliard n...@foobar.org wrote:
On 13/03/2012 12:59, Joe Freeman wrote:
I'm working on a design
On 13/03/2012 13:16, Joe Freeman wrote:
That's exactly my argument at the moment, but I thought I'd reach out to
minds brighter than mine to see if I've missed something somewhere.
Ask them what specific problem they are attempting to solve with 802.1x and
how .1x specifically solves this
Hi Guys,
I'm dipping my toe into the world of IPv6 and I'm looking for
recommendations on resources - books, design guides, white papers,
tutorials etc.
I'm attending a course at the end of the month on the subject but would
like to get a head start as I find I generally get more out of a
N2k's do not run spanning-tree and will block ports if a bpdu is detected. You
can disable spanning tree on those ports, but your 3750 will be flat at that
point.
Sent from handheld
On Mar 13, 2012, at 8:57 AM, Nick Hilliard n...@foobar.org wrote:
On 13/03/2012 11:56, jack daniels wrote:
Hi,
On Tue, Mar 13, 2012 at 01:39:03PM -, Steve McCrory wrote:
I'm dipping my toe into the world of IPv6 and I'm looking for
recommendations on resources - books, design guides, white papers,
tutorials etc.
96 more bits, no magic
gert
--
USENET is *not* the non-clickable part of WWW!
Switch the 3750 to use flex links. That way you can have redundancy without
causing a loop.
On Mar 13, 2012 9:50 AM, Ryan West rw...@zyedge.com wrote:
N2k's do not run spanning-tree and will block ports if a bpdu is detected.
You can disable spanning tree on those ports, but your 3750 will be
Hi Chris,
I appriciate your suggestion , for Flex links this can surely help.
Hi All,
Request your suggestion support on this.
Regards
On Tue, Mar 13, 2012 at 7:21 PM, Chris Evans chrisccnpsp...@gmail.com wrote:
Switch the 3750 to use flex links. That way you can have redundancy without
Hi,
On Tue, Mar 13, 2012 at 02:49:28PM +0100, Gert Doering wrote:
On Tue, Mar 13, 2012 at 01:39:03PM -, Steve McCrory wrote:
I'm dipping my toe into the world of IPv6 and I'm looking for
recommendations on resources - books, design guides, white papers,
tutorials etc.
96 more bits,
On Tue, 13 Mar 2012, Steve McCrory wrote:
I'm dipping my toe into the world of IPv6 and I'm looking for
recommendations on resources - books, design guides, white papers,
tutorials etc.
It's really not all that different from IPv4 other than much larger
address space, conservative IP
Hi,
On Tue, Mar 13, 2012 at 02:13:28PM -, Steve McCrory wrote:
I appreciate this list doesn't look favourably on the 'I can't figure
this out and can't be bothered looking for myself, please do it for me'
type of posts but that's not what I'm looking for here.
I'm more than prepared to
A few good resources and cheat sheets:
http://www.estoile.com/ and http://www.estoile.com/links/ipv6.pdf
http://packetlife.net/library/cheat-sheets/
http://search.oreilly.com/?q=ipv6x=0y=0
Also check out some of the Live Virtual sessions covering IPv6, some
very good intros there. If you
Does this question not worry community ?
Ruslan Pustovoytov пишет:
Hi all
Does anybody explain me what is the best way to do CGN on Cisco boxes ?
I look for powerfull solution with price congruous with other vendor.
Recently I closely looked at ISM-100 card for asr9k platform.
I was negativly
Hi,
On Tue, Mar 13, 2012 at 07:01:10PM +0400, Ruslan Pustovoitov wrote:
Does this question not worry community ?
I think it's great that the hidden costs that come with running IPv4
now start being openly visible...
Sorry, what was the question?
gert
--
USENET is *not* the non-clickable part
We did support you. We sent you links to the design guide as well as
explained why you are having the STP issue. What else do you want/need?
-Hammer-
I was a normal American nerd
-Jack Herer
On 3/13/2012 8:58 AM, jack daniels wrote:
Hi Chris,
I appriciate your suggestion , for Flex links
Hi,
On Tue, 13 Mar 2012, Gert Doering wrote:
Hi,
On Tue, Mar 13, 2012 at 07:01:10PM +0400, Ruslan Pustovoitov wrote:
Does this question not worry community ?
I think it's great that the hidden costs that come with running IPv4
now start being openly visible...
next let's think about the
Phil Mayers writes:
On 13/03/12 09:02, David Freedman wrote:
Not seeing this in SXI3,
Are you using Netflow v9?
(I have no idea if it's supported, but I'm certain that, if it is, it
will require v9)
I'm pretty sure that on the Catalyst 6500, Netflow export for 4-byte
ASes is not supported
Hi,
On Tuesday 13 March 2012 16:01:10 Ruslan Pustovoitov wrote:
Card is occupied full slot in chassis and costs about 200.000$ in GPL
with license for 10 miilion sessions.
I know that other vendors with more ancient NATs has double
performance for this price.
Also, I look in CGSE
Trying to work on an interesting project, where it would be nice to monitor the
routing table of a collection of routers, store it, and look at it later, as a
snapshot of what the routing table for a particular router looked at a
particular time. All the information I'm wanting (route entry,
Hi,
some years ago I thought about this myself - coupled with SNMPtraps etc you can
build a map
of the routing across your network. the trouble was, i went into planning it
and all the
required features...and it just grew and grew... i had a couple of quagga boxes
joined into
the IGP and EGP
Hi,
I'm dipping my toe into the world of IPv6 and I'm looking for
recommendations on resources - books, design guides, white papers,
tutorials etc.
there are a few IPv6 books out there - from the cisco offerings
to third party and usual stalwart publishers. they should get you well versed
on
Did the Solaris system have the gateway in the defaultrouter file, or did it
need to be added?
It's possible that it never did have a default gateway, and your local router
was doing proxy arp. I've run into that a few times where a server isn't given
the proper gateway but still ends up
+1 on test lab. Lots of issues won't show up until actual use.
For example, on a Cisco router by if you disable SLAAC by doing:
# ipv6 nd prefix default 300 180 no-autoconfig
Windows and Linux work fine. However, Solaris no longer gets a default route
from RA.
These are the gotcha's that you
The Nexus 2248 ports (not the uplink/fabric interfaces) are designed to
connect hosts not switches.
If you need Cisco's support down the road I think you'd be told that this is
not a supported topology/configuration.
Bill
From: jack daniels
I know this topic has been discussed a million times, but just wanted to get an
updated opinion on how people are feeling about this:
In a service provider network, how do people feel about putting the big
Internet routing table, all their peers and customers inside a VRF? Keep the
global
Hi,
On 14 March 2012 11:59, Dan Armstrong d...@beanfield.com wrote:
I know this topic has been discussed a million times, but just wanted to get
an updated opinion on how people are feeling about this:
In a service provider network, how do people feel about putting the big
Internet
We have all our Internet peers and customers inside a VRF currently, and our
Cisco SE thinks we're stark raving mad, and should redesign and put everything
back in the global table.
This is all on ASR 9Ks and 7600s.
On 2012-03-13, at 8:12 PM, Pshem Kowalczyk wrote:
Hi,
On 14 March
I would like to understand why you guys would do this? What is the
reasoning behind this? Super granular control? Cant this level of
granularity be achieved with route-maps?
Sent from my iPhone
On Mar 13, 2012, at 8:27 PM, Dan Armstrong d...@beanfield.com wrote:
We have all our Internet peers
Hello,
I am now working on a 7201 trying to get all features implemented which
are important to our PPPoE termination needs. I am comming from a linux
environment which has allowed me substantial customization and although
about %85 of what we want appears easily done in the cisco world,
Two reasons, the first reason is that the config is extremely simple, clean and
difficult for a less trained provisioning guy to make a mistake. With route
maps, it's error prone to harmonize them across many boxes - and it's
relatively easy for somebody to muck one up by accident.
The other
In the past (though probably still true), there were plenty of management
things type things in 6500/7600 that didn't work in a VRF. So if you wanted
to keep your management (SNMP, telnet/SSH, file copying, etc) separate from
your production traffic and you wanted it to work, you had to keep it
In RE networks, separation of commodity Internet-1 and Internet-2 traffic.
--
Regards,
Ge Moua
University of Minnesota Alumnus
Email: moua0...@umn.edu
--
On 3/13/12 8:17 PM, Jose Madrid wrote:
I would like to understand why you guys would do this? What is the
reasoning behind this? Super
42 matches
Mail list logo