Howdy,
Does anyone know of something similar to this that would be achievable
on an mpls xconnect between a 6509 and 7300?
The scenario is 2 seperate switch worlds at the end of each xconnect
which are linked together(via xconnect) to provide a complete L2 path
end to end for 2 ASA's that are
If you are running a 1500 byte MTU path for your GRE tunnels take off 24
bytes for your GRE encapsulation, ie try adding ip mtu 1476 into your
tunnel interface, as long as there is no blocking of ICMP in the return
path back to the host it should work.
Ben
Stefan Hegger wrote:
Hi,
hope you
/pipermail/cisco-nsp/
--
Ben Steele
Cisco Field Engineer
Cisco Systems Engineer
Corporate Projects Team
Internode Systems Pty Ltd
Ph: 08 8228 2968
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Ben Steele
Cisco Field Engineer
Cisco Systems Engineer
Corporate Projects Team
Internode Systems Pty Ltd
Ph: 08
I've been running it on my lab 5520 for a few days now and so far so
good, mainly testing the EIGRP implementation(which I must add is great
to see on there).
Unfortunately it still hasn't fixed a mail logging timestamp bug I have
open with TAC at the moment.
Ben
Asbjorn Hojmark - Lists
Yep it should handle that without too much fuss.
Ben
On 30/6/07 12:31 AM, Paul Stewart [EMAIL PROTECTED] wrote:
Hi folks...
I'm googled and searched the archives.. need to ask to be sure...
Cisco 2821 w/1 gig RAM - should it be able to handle 140-160 PPPOE sessions
without too much
Howdy,
Anyone had any experience with getting MS Exchange to work with a
webvpn client on ASA 8.0(2) or greater without using the AnyConnect
client (ie clientless) now that MAPI support isn't available?
Doesn't look like smart tunnels will do the job either and can't find
anything else
to know what bugs you;ve encountered so far?
As im testing this in lab right now, and so far all has been good
On 1/25/08, Ben Steele [EMAIL PROTECTED] wrote:
I'd recommend 7.2(2)
I've got it running on a few 5510's that have been up without a crash
for about a year, 8.0 does bring some really
Just stumbled across a router in our network currently sitting at 1535
days of uptime, not to often you see that sort of uptime on a router
these days, given this router does nothing important anymore though...
in fact I think it's probably been forgot about, which is a good
enough reason
this as the cpu went crazy @
like 90%.
Thanks for your suggestions.
Cheers,
Aaron.
-Original Message-
From: Ben Steele [mailto:[EMAIL PROTECTED]
Sent: Friday, February 01, 2008 2:31 PM
To: Aaron R
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Spanning-Tree question
Yes you can, you can even boot your IOS from a usb drive (although it
wasn't supported some time ago even though possible, not sure of
current support status).
On 04/02/2008, at 7:02 PM, Daniel Hooper wrote:
Sorry.. I just realised it was only a few platforms of routers that
support the
You can install your WIC into slot 1-3, slot 0 is the only one
reserved for VIC only, slot 2 is VIC or WIC and 1/3 are HWIC and
backwards compatible with WIC.
Ben
On 05/02/2008, at 9:53 AM, Tom Storey wrote:
Hi,
I just got a WIC-1ADSL and put it into my 2801 (IOS 12.4(16)). No
lights,
Oh and in regards to actaully getting it show up, you need a T train
IOS, 12.3(8)T and on..
On 05/02/2008, at 8:35 AM, Adam Greene wrote:
Hi,
I just got a WIC-1ADSL and put it into my 2801 (IOS 12.4(16)). No
lights, no logs, no nothing. I understand these cards are supported
on the
Yes sorry Pete your right, I was thinking of the HWIC-1ADSL when I
wrote you need 12.4T and copying in 12.3(8)T from the
WIC-1ADSL...sigh, so yes a plain WIC-1ADSL should be mainline in 12.4,
need more zzz :)
On 05/02/2008, at 12:28 PM, Pete Templin wrote:
Ben Steele wrote:
Oh
Do you have an IPS module installed (ie AIP-SSM-10 etc.)?
If not then it maybe something being caught by ip audit if you have that
configured to drop packets upon a match, sh ip audit count will give you
stats on that, is there any rate-limiting configured?
Probably best you show us your
PDLM's.
Note on the 12.4 issues: what kind of memory issues were you seeing,
Ben? We only manage about 12 routes on this router between OSPF and
BGP so I wonder if that would really be an issue for us.
Thanks,
Adam
- Original Message - From: Ben Steele [EMAIL PROTECTED
None of your neighbors are flapping or at least their route tables?
could be BGP RIB tables constantly being updated by unstable peer,
check to see if any have excessive updates, is the router meshed with
any others via iBGP? ie similar route tables, maybe compare memory
consumption with a
One of the key principles that have changed over those years is the
move from the hierachical design model to the enterprise composite
network model, as there was not enough modularity provided in the 3-
layer access/distribution/core method for most campus styled design
networks, and of
On 02/03/2008, at 4:55 AM, Dan Letkeman wrote:
Is there a simple explanation as to how
the metric is calculated for eigrp?
5 things, Bandwidth, Delay, Reliability, Load and MTU.
I used to use the Big Dogs Really Like Meat acronym when I was first
learning about it to help remember :)
Most
On 03/03/2008, at 2:24 AM, Dan Letkeman wrote:
In what kind of scenario can redistributing both routing protocols
cause a routing loop?
Lots, especially anything with redundancy built in, essentially you
need 2-ways into the network, this is where the confusion will come in
for the
On 04/03/2008, at 2:25 AM, Higham, Josh wrote:
A small note, the default for EIGRP is to only consider bandwidth and
delay, so the other values will have no impact.
Another small note :) is that despite the fact EIGRP doesn't use all
the metrics to calculate its path you do need to fill all
I'm going to recommend rsync mainly for it's resume of transfer
ability over scp(given your files sound large), you can tunnel it via
ssh using a flag like --rsh=ssh or similar for security, it would
depend on your OS, on top of that to make it even smoother you could
use pre-shared keys
On 06/03/2008, at 9:59 AM, Justin Shore wrote:
No-negotiate - Forces trunking but will not negotiate anything.
I don't think that's right, switchport nonegotiate actually just
stops DTP from being transmitted and hence can't be applied when the
switchport is in dynamic desirable mode,
On 07/03/2008, at 2:18 PM, Hiromasa Sekiguchi wrote:
Hi,
The cisco products have bgp fast-external-fallover function.
It is available on only eBGP, isn't it?
Yes, only for eBGP
We'd like to do same behabior like it on iBGP.
So, is there any solutions?
Have a look at bfd for BGP
Ben
Are any other hosts affected off the switch during this period aswell?
Ben
On 13/03/2008, at 8:05 AM, Jason Berenson wrote:
Rodney,
They connect back to a cisco switch. No errors anywhere along the
ethernet and no packet loss. It also only flapped 3 times yesterday
and
2 times 5 days
(flaps
OSPF/BGP instance 1) is the only one that takes a hit out of all of
them connected to the switches.
I'm leaning away from thinking this is an ethernet issue, but I
definitely could be wrong. Are there any helpful outputs I could
include?
Thanks,
Jason
Ben Steele wrote
Scenario: cluster of PE's terminating DSL CE's running EIGRP between
CE and PE in MPLS VPN's, so the CE's could terminate on any one of the
PE's.
Problem: would like to identify EIGRP routes from certain neighbors
for BGP redistribution to use set extcommunity cost pre-bestpath x x
for
, 2008 at 2:28 AM, Ben Steele [EMAIL PROTECTED]
wrote:
Scenario: cluster of PE's terminating DSL CE's running EIGRP between
CE and PE in MPLS VPN's, so the CE's could terminate on any one of the
PE's.
Problem: would like to identify EIGRP routes from certain neighbors
for BGP redistribution
:29 PM, Ben Steele wrote:
Ah looks just like what I was after, thanks a lot Diogo!
Ben
On 13/03/2008, at 8:23 PM, Diogo Montagner wrote:
Hi Ben,
Did you tried to use the Site of Origin feature ?
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gtmvesoo.html
Best regards
Can you not just summarise the redundant routes at each site with
static's over the wireless link with a higher AD and redistribute
those static's into OSPF?
On 15/03/2008, at 1:22 PM, [EMAIL PROTECTED] wrote:
We have a client with a network that's got a main hub site and two
'remote'
Actually I can vouch for per-packet working fine for sensitive
applications like VoIP as long as your bonded lines are basically
parallel in the sense they are the same technology over the same
distance with the same characteristics, ie multiple T1 lines through
the same carrier to the
try ip accounting on your interface, it won't impact your cpu much on
a T1 link and will give you you top IP talkers, you probably want to
append the output packets option to it to see who is downloading the
most, a sh ip accounting will give you a list of IP's and byte
counts for that
On 18/03/2008, at 8:08 PM, Gert Doering wrote:
Actually netflow is much *less* resource-hungry than ip accounting.
I was referring to the overall resources ie the huge amount of disk
space often needed, the servers to collect it etc.. as for the actual
routers resources I'll take your
worth having in a lot of other debugging
situations.
Regads,
Peter
On Tue, 2008-03-18 at 11:19 +1030, Ben Steele wrote:
try ip accounting on your interface, it won't impact your cpu much on
a T1 link and will give you you top IP talkers, you probably want
to
append the output packets option
looking for
a quick view of an offender on a router.
Ben
On 18/03/2008, at 8:22 PM, Ben Steele wrote:
On 18/03/2008, at 8:08 PM, Gert Doering wrote:
Actually netflow is much *less* resource-hungry than ip accounting.
I was referring to the overall resources ie the huge amount of disk
space
How many PPPoE sessions did you have terminated and approx what
traffic flow in those graphs?
On 21/03/2008, at 5:30 AM, Tassos Chatzithomaoglou wrote:
We did some testing on a NPE-G2 for a week and this was the
difference from NPE-G1:
http://img84.imageshack.us/img84/905/g1vsg2px4.gif
I concur with the 2801/2811 being the better choice than an ASA in
this scenario, just make sure you have the AIM-VPN module with it.
The only benefit I can see the ASA giving you is more advanced deep
packet inspection(compared to CBAC), even then you really need the SSM
module in the ASA
Before applying the policy under your pvc specify the bandwidth in
your ATM subint and make sure it's within the reserved range,
otherwise use max-reserved-bandwidth x to accommodate it, I feel your
pain as i've experienced the whole apply the policy it takes it then
when you go to view it
1504 is the system mtu you want, however i'd find a higher common
value between your switches incase you choose to run mpls down the
track, or anything else that is going to add to your frame size.
Ben
On 27/03/2008, at 9:31 AM, Dan Armstrong wrote:
I've been bashing my head against the
Your better off just running system mtu 1504(if you want to deliver
QinQ to customers) and then specifying the larger mtu frames on your
trunk interfaces, this still restricts your customer access ports to
1504 while allowing you to run what you need, jumbo frame mtu on an
interface will
I seem to recall there was a command that allowed a router to still
cef switch packets when the next hop was an interface rather than an
ip address, ie an ADSL client dialer interface with ip route 0.0.0.0
0.0.0.0 d0
Am I dreaming or was there a command which still allowed this to be
cef
Ah that's the ticket, thanks oli.
On 27/03/2008, at 5:20 PM, Oliver Boehmer (oboehmer) wrote:
Ben Steele wrote on Thursday, March 27, 2008 6:41 AM:
I seem to recall there was a command that allowed a router to still
cef switch packets when the next hop was an interface rather than an
ip
One bit of advice I can offer to this is make sure all 4 lines are
exactly the same speed, shape them if you have to, mis-matched speed
on mlppp can result is sub optimal performance for the entire bundle.
Ben
On 01/04/2008, at 4:13 AM, Adam Greene wrote:
Hi,
I'm bonding (4) aDSL lines
Maybe it would be easier if you just pasted your config in rather than
us keep guessing, but I can add to the guess list.. :)
do you have nat-control turned on? if so have you got your nat 0
statement setup for the IPSEC traffic?
Ben
On 01/04/2008, at 8:08 PM, William wrote:
Hi Peter,
I
So do you have the route for 22.22.22.0/24 to go via the outside? is
it caught by the default route or is there something else in place?
hence why I asked for output of sh route
On 01/04/2008, at 9:31 PM, William wrote:
Network behind the 800 is 22.22.22.0/24
W
On 01/04/2008, Ben Steele
lifetime 86400
tunnel-group Uname type ipsec-ra
tunnel-group Uname general-attributes
default-group-policy 800vpn
tunnel-group Uname ipsec-attributes
pre-shared-key *
isakmp ikev1-user-authentication none
On 01/04/2008, Ben Steele [EMAIL PROTECTED] wrote:
Maybe it would be easier if you just
255.255.255.0 [1/0] via 192.168.0.254, inside
On 01/04/2008, Ben Steele [EMAIL PROTECTED] wrote:
I thought I saw earlier a mention of the traffic hair-pinning, yet
your crypto map is bound to the outside interface.
Is the IPSEC tunnel being established on the outside or the inside
interface? can you sh
PM, William wrote:
Hi Ben,
There is a default route to go via the outside, sorry about the
confusion.
Regards,
On 01/04/2008, Ben Steele [EMAIL PROTECTED] wrote:
So do you have the route for 22.22.22.0/24 to go via the outside? is
it caught by the default route or is there something
What you are doing is known as ships in the night routing where you
run multiple protocols that are unaware of each other, I would go
ahead and deploy your EIGRP config while keeping your OSPF running and
as someone else has mentioned the default admin distance for EIGRP is
90 which will
/2008, at 1:39 PM, Ben Steele wrote:
What you are doing is known as ships in the night routing where you
run multiple protocols that are unaware of each other, I would go
ahead and deploy your EIGRP config while keeping your OSPF running and
as someone else has mentioned the default admin
ISG and SBC both have embedded support on the ASR, look forward to
seeing some test results :)
Ben
On 08/04/2008, at 9:23 AM, Brad Gould wrote:
As a p.s. to this post - does anyone know if the ASR has ISG on the
roadmap? I've found zero mention of ISG with regards to the ASR
(which
If you haven't already, try posting this in the cisco-voip mailing
list, they are very active, [EMAIL PROTECTED]
Ben
On 08/04/2008, at 6:38 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi There,
Trying to make calls from a POTS do VOIP in SIP setup in attach, calls
from POTS are not
The Sup720 is good for 1024 vrf's, the limitation is in the number of
routes it can hold, which will vary on memory.
On 08/04/2008, at 12:21 PM, Colin McNamara wrote:
I have configured 31 vrf's on 6500's (sup720's) with no problem
before.
The 26 vrf limitation maybe specific to other
If it's a 1:1 NAT ie a true NAT'd IP and not PAT, then GRE will work,
the NAT problem with GRE is when you are running PAT as you can't
forward that protocol by itself on a Cisco via PAT, which is where
IPSEC is often used instead.
Having said all that I would highly recommend you run your
On a PIX, no, version 7 snmp-map will let you filter with version
only, you may be able to do what you are after on an ASA with an SSM-
AIP module, but I haven't ever looked or tried.
Ben
On 09/04/2008, at 10:22 PM, Bagosi Rómeó wrote:
Hello Experts!
Can the Cisco PIX v6 or v7 filter
Does a sh standby 1 show any hsrp state changes? might also be worth
setting up an ip sla probe to your neighbor for the 34 minutes to
probe every second and just see if it fails at all when you lose your
OSPF neighbor, that way you can discard OSPF from the problem and look
into what is
the LAC is pretty irrelevant, you need to configure MMPPP capabilities
on your LNS's, which means an sgbp group on your LNS's for the
multichassis and ppp multilink under your virtual template for the
MPPP side of things.
I noticed your topology is using 2 seperate wireless services to
this feature enable by default on routing protocol as long
as they are equal admin distances.
And is it for traffic out to the internet or traffic coming to the
customer ?
regards.
Edi
- Original Message
From: Ben Steele [EMAIL PROTECTED]
To: Edi Guntoro [EMAIL PROTECTED]
Cc: cisco-nsp
though this
is a single user with PC/notebook/windows dialing using two
different wireless service... is it possible?
regards
- Original Message
From: Ben Steele [EMAIL PROTECTED]
To: Edi Guntoro [EMAIL PROTECTED]
Cc: cisco-nsp@puck.nether.net
Sent: Wednesday, July 16, 2008 2:21:27
This is where dns doctoring on the asa/pix really comes in handy!
Split dns is usually the way to go but I had another thought, can you
put the public 203 address as an alias on the server and then setup a
policy route-map on your lan interface to match packets with a
destination of your
Hi Nick,
You want something like this:
class-map match-all VoIP-Control
match protocol sip
match access-group 101
class-map match-all VoIP-Data
match dscp ef/match precedence 5/match protocol rtp **
match access-group 101
access-list 101 permit ip any host 202.x.VOIP.PROXY
policy-map QOS-OUT
Hi Nick,
You want something like this:
class-map match-all VoIP-Control
match protocol sip
match access-group 101
class-map match-all VoIP-Data
match dscp ef/match precedence 5/match protocol rtp **
match access-group 101
access-list 101 permit ip any host 202.x.VOIP.PROXY
policy-map QOS-OUT
Depends a lot on the adsl connections, are they ppp ? does the remote
end support multilink? if so then multilink ppp is a good option
providing all 4 lines are the same characteristics.
Otherwise other options are cef load balancing, what type will depend
on whether you are using NAT or
/guide/gtpbrtrk.html
- Original Message -
From: Dan Letkeman [EMAIL PROTECTED]
To: Ben Steele [EMAIL PROTECTED]; cisco-nsp@puck.nether.net
Sent: Thursday, July 24, 2008 7:42 AM
Subject: Re: [c-nsp] combining multiple dsl lines
The adsl connections are PPPoE and they do not support
You're still going to need something on the CPE side to detect a failed
route unless you plan on running a routing protocol to your customers, I
won't bother going into the Linux side of things seeing as this is a Cisco
list but in my experience per-packet is only good if the lines are really
I like the answer from Iassen, while it does leave some question as to where
the source packet comes from though as he has assumed local broadcast
segment, I guess you could add to your answer should the packet be from
beyond a layer 3 boundary then the 2 hosts can be requested to mark traffic
I like the answer from Iassen, while it does leave some question as to where
the source packet comes from though as he has assumed local broadcast
segment, I guess you could add to your answer should the packet be from
beyond a layer 3 boundary then the 2 hosts can be requested to mark traffic
Dan the reason your having issues is not MTU related, it's NAT related,
because you have 3 ADSL lines each doing NAT against a different outside IP
when you turn on per-packet load sharing you end up with flows to the same
destination having different source IP addresses.
Your only option is
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Hi Scott,
Try this:
Seeing as you are working statics over your wireless cloud to
simplify things a little setup a GRE tunnel from your 7200 over the
wireless to the 1841 (don’t forget to subtract 24
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Hi Scott,
Try this:
Seeing as you are working statics over your wireless cloud to
simplify things a little setup a GRE tunnel from your 7200 over the
wireless to the 1841 (don’t forget to subtract 24
omg terrible formatting, apologies everyone! damn webmail client...
- Original Message -
From: [EMAIL PROTECTED]
To: cisco-nsp@puck.nether.net; Scott Lambert [EMAIL PROTECTED]
Sent: Tuesday, August 19, 2008 1:25 PM
Subject: Re: [c-nsp] Need some guidance for T1 / wireless ethernet
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Hi,
Has anyone had any issues with filtering anything with a % sign in
the url when trying to match for url filtering.
Example:
class-map type http inspect match-any SQL_FILTER
2 match
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Yes I have, I did mention that in my first post but this stupid
webmail client removed it and just put 'ing instead of 'ing :)
FWIW I did manage to get this to match by telling it to match an
ASCII space
Apologies but both my emails yesterday were via a webmail client that kept
deleting special characters, including \'s
I did get this to work by \'ing a rather than \'ing %
So the string that worked for me was: .*select\ .* to achieve filtering of
select%20 in a url.
On a side note I still had
Does anyone have any idea on the current wait times for the Lab? I'm about
to sit the written in a couple of weeks and someone mentioned to me the
current wait is around a year and a half?? Is there a specific wait for each
stream or is that in general, only interested in Sydney Lab dates, a year
Remove the service policy from your ATM int's and just leave it on your
Dialer, then do a sh users and you should see an interface listed as the
MLP Bundle, this is the one you want to be watching, if for example it is
Vi4 then do a sh policy-map int vi4
Also given you are running pppoe, you
That example is using a virtual-template, not a dialer, there used to be an
issue some time ago where if you didn't run MLPPP on your dialer your
QoS(CBWFQ) wouldn't work properly as it required an MLP Bundle to attach to,
a work around for this was using virtual-template and ATM int for QoS.
If
and the improved latency results shown by someone in an
earlier thread.
From: David Freedman [mailto:[EMAIL PROTECTED]
Sent: Thursday, 28 August 2008 10:12 AM
To: Ben Steele; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] LLQ + MLPPPoE - ?
Yes, it seems to be working when applied
I believe in the setup we are testing with we have a 1500 mtu either end
so the pppoe overhead shouldn't be an issue, but will double check.
Dialer will default to interface mtu of 1500 bytes unless you specify
something else.
The config we are using is in the original post
Justin, the shape average is what you are wanting to shape the whole
subinterface to in bps, ie if you wanted to shape it to 1Mb then you would
have shape average 1024000, sometimes a nicer way to do it is just say
shape average percent 100 which will reference the bandwidth statement on
the
An easier solution if you really need to go down that path is to allow all
down the vpn (no split tunnel) and have static persistent routes on the
client, setup a script or something.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Looney
Sent:
Of Marc Haber
Sent: Friday, 29 August 2008 8:30 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] VPN Client to 1841, default route into tunnel with
exceptions
On Fri, Aug 29, 2008 at 04:50:49PM +0930, Ben Steele wrote:
An easier solution if you really need to go down that path is to allow all
If you don't plan on expanding that 20-30Mbit too much in the future even
2801 will handle that fairly comfortably, the main killer in your list is
the IOS firewall, the rest would have been cef switched, i've done between
20-30Mbit on a 2801 with all the below running with no issues before, 2811
Those figures aren't a real world typical example, they are based on
small(64byte) packet sizes x pps the router can do, if you increase the byte
size to above 1000 you can see those numbers quickly explode to a more
realistic figure.
-Original Message-
From: [EMAIL PROTECTED]
I'm pretty sure it is scheduled for release in an upcoming update, I know
there was lots of hmmm's when I saw the list of current unsupported
technologies during our companies presentation, but I seem to recall most of
them set for release in the future, I mean it would be ridiculous to never
Howdy all,
Anyone know if it's possible to get as ASA to spit out the group name in an
av-pair via radius when authenticating a user? (in this case webvpn).
The issue i'm having is multiple clients on the one ASA authenticating via
IAS/AD and the possibility of overlapping usernames
by sending
back a group attribute to the ASA from RADIUS and it actually acknowledging
it and putting the WEBVPN user into that group?.
Cheers
Ben
-Original Message-
From: LaPorte, David [mailto:[EMAIL PROTECTED]
Sent: Friday, 5 September 2008 9:54 PM
To: Ben Steele
Cc: cisco-nsp
It looks like the fix was to enable flow-sampling.
Out of curiosity what are you using your netflow for? I'm asking because
sampling obviously isn't ideal when you are trying to get completely
accurate data for accounting.
I am interested in hearing people's opinion on their methods of
MED isn't going to solve this problem.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christian Koch
Sent: Monday, 15 September 2008 9:01 AM
To: Tomas Hlavacek
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] separation of transit, peerings and this-AS
The whole Enterprise being cheaper than base is still a bit confusing to me
having just put an order in for a couple of ASR1002's, can anyone explain to
me why you would buy base when enterprise is cheaper and by default the 1002
is filled to 4GB RAM?
-Original Message-
From: [EMAIL
As a test try putting some fair-queuing on your multilink interface and see
if the problem lessens/goes away, play with the values until you find your
sweet spot.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Church, Charles
Sent: Monday, 29 September
I have already lodged a TAC for this (actually on my second TAC for same
issue) but I thought i'd throw out here to see if anyone else has seen this
as it has me perplexed at the moment.
Problem: Netflow collector stops receiving flows from DFC on 7609-S but
continues to receive flows from
Hi All,
Recently I changed some mls aging timers to a fairly aggressive (low)
setting to fix a TCAM threshold issue we were hitting which was breaking
netflow creation/export.
I understand the different timers and how they affect the length of time a
flow will stay in TCAM but i'm curious
Anyone had much experience with one? We are looking at deploying one on a
national level and while it sounds great and seems to do what we are after
i'm curious as to anyones real world experience with one.
Cheers
Ben
___
cisco-nsp mailing
If it's purely just for failover (ie you don't want to get billed for
traffic down your failover link while your active is up) then why not just
send the community:
174:70 70 Set customer route local preference to 70
This will make them use ATT's path until the ATT link goes down.
Ben
export community and do a clear
ip bgp x.x.x.x out
Ben
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Steele
Sent: Saturday, 25 October 2008 10:44 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP
and take action based on that?
Thank you,
From: Ben Steele [mailto:[EMAIL PROTECTED]
Sent: Fri 10/24/2008 8:55 PM
To: 'Ben Steele'; Kacprzynski, Tomasz; [EMAIL PROTECTED];
cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] BGP Multihomed Selective/Conditional
What does an ospf debug show on the 2800 side? I've had issues before with DSL
ospf and mis-matched network types due to the point-to-multipoint type of
relationship you get with an LNS/client, does putting a /30 on the link make
any difference? I think the debug is going to be the one that
Anyone currently using this in a fairly demanding environment? Ie 5-10Gbs+
Campus/DC model.
Curious as to whether you've had any/many false dead peers with such a short
interval, subsecond dead peer detection does sound very temping though.
Cheers
Ben
October 2008 11:41 PM
To: Ben Steele
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF fast hellos
Why don't you use BFD instead. It's designed with something called
pseudo preemption from an OS scheduler perspective that helps
reduce false positives and the fact that BFD frames are handled
1 - 100 of 139 matches
Mail list logo