Hi,
We are seeing a problem with NAT on a Cisco 7206VXR that has us completely
stumped. The setup is working using a 1721, but when replacing that with the
7206 it does not seem to work.
Current setup:
Internet connection comes into a 2950 switch switch. They is handed to
several devices on
...@puck.nether.net [mailto:
cisco-nsp-boun...@puck.nether.net] På vegne av Lee Starnes
Sendt: 22. august 2010 21:03
Til: cisco-nsp@puck.nether.net
Emne: [c-nsp] problems with NAT
Hi,
We are seeing a problem with NAT on a Cisco 7206VXR that has us completely
stumped. The setup is working
Hi All,
I'm really puzzled by a switch that has stopped working on one vlan only.
This switch has vlans 1 and 2. vlan 1 no longer will pass traffic. I can't
even ping out to it's gateway from the switch, but you can ping the switch
from it's gateway. A show cdp nei shows what it is connected to.
Hi,
I'm looking for pointers on how to best detect DDoS attacks and best
practices for stopping one once identified. Our current platform is using
12008 GRP-B routers, but I know they have their limits on what they can
handle when seeing things like 90 packets per second input rates.
What is
Thanks Mikael. Sorry about the direct reply. Should have done a cc.
-Lee
On Thu, Mar 31, 2011 at 10:55 PM, Mikael Abrahamsson swm...@swm.pp.sewrote:
On Thu, 31 Mar 2011, Lee Starnes wrote:
You should send this to the list... but here goes part of the answer. I am
not very interested
?
These will be used as service provider edge routers. All interfaces will be
either Gigabit or 10 Gigabit. There will be between 5 and 7 IPv4/IPv6 peers
on each. Some are direct peers and others eBGP multi-hop.
Thanks again.
Lee.
Any
On Thu, Mar 31, 2011 at 10:08 PM, Lee Starnes lee.t.star...@gmail.comwrote
Does anyone have information on why we would go with an XR12410 when the
non-XR version is field upgradable to 12810? Both use the same line cards
and both use the same PRP2/3 if I am not mistaken. Does the IOS-XR not run
on the non-XR chassis? Are there any downfalls to going with one verses the
Thanks Roland! So is that to say that the IOS-XR does NOT run on the
12410/12810 routers?
-Lee
On Fri, Apr 8, 2011 at 8:25 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Apr 9, 2011, at 10:05 AM, Lee Starnes wrote:
Just trying to determine which direction to go.
Cisco's direction
Hello,
I'm wondering if anyone knows if you can run the 2400W power supplies with
the GSR10-AC-PDU-B PDU on the 12410 chassis. I know you can't mix 2400W and
2800W power supplies, but it is not clear if the 2400W power supplies will
run with the 2800W PDUs.
Thanks,
Lee
Does anyone have any recommendations for an open source netflow solution? If
there is nothing out there, what is recommended in the non-open source
world? Are there any to absolutely stay away from?
Thanks,
Lee
___
cisco-nsp mailing list
Thanks everyone for all the information on this. Sorry it took so long to
reply back. Got pulled away for a few days.
All real good information. We are running 12410XRs. So far I have not seen
any issue with getting netflow data from them. I'm glad we are using them
and not the Junipers. Too many
Hi All,
I have an upgrade problem that there seems to be no fix for. Has anyone run
into this before and if so, how do you go about getting it to upgrade? Our
problem is this. We need to install some 4GE-SFC-LC cards in an IOS-XR
chassis. They won't work unless they have 1G of ram. You can't get
, then upgraded the Rommon
(via older IOX or via IOS) and then installed the 1GB again.
Regards, Marc
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Lee Starnes
Sent: sábado, 28 de Maio de 2011 00:20
To: cisco-nsp
Hello,
Has anyone had problems getting MRTG to pull counters from a 12410XR? We
have it configured to poll interface counters and while the Gig interfaces
have 80-100Mbps on them at all times, yet MRTG shows between 5.9bps and
7.2bps. Have not seen this on any of our IOS gear, so wondering if
Date: Wed, Jun 29, 2011 at 8:30 PM
Subject: Re: [c-nsp] IOS-XR and MRTG interface counters not working
To: Lee Starnes lee.t.star...@gmail.com
What snmp version is mrtg using to poll your router? When near 100 megs or
above you need to use at least snmp v2c or later and the 64 bit counters aka
HC
Hi all,
Does anyone have any recommended reading for doing IPv6 BGP peering on
IOS-XR? We setup our peer with Cogent and can get full routes in, but can't
seem to figure out how to announce our /32. I had assumed it setup just the
same way as IPv4, but can't seem to get it to announce out. I did
Hi Osama,
One thing you will need to know is that it takes about 45 minutes to load
the new IOS-XR from IOS. Once this is complete, you will need to write a new
config. Not something that is practical if you are upgrading a production
router. If you are upgrading one that is not currently in
to the
correct peer? If they do IPV6 with a single address then sorry for the
misdirection but with IPV4 they definitely use a pair of sessions.
-Original Message- From: Lee Starnes
Sent: Thursday, July 28, 2011 2:33 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] IPv6 BGP on IOS-XR
Hi
at 12:24 PM, Frederic LOUI l...@renater.fr wrote:
In IOS-XR. The default in/out rpl for ebgp is to deny all. Make sure you
have a rpl that allow your /32 to be advertized to your peer.(outbound)
--
Frederic
Le 28 juil. 2011 à 20:33, Lee Starnes lee.t.star...@gmail.com a écrit :
Hi all
Hi Andrew,
The hold down route did it. Forgot that I had not added it for this block.
Thanks.
-Lee
On Thu, Jul 28, 2011 at 12:48 PM, Koch, Andrew
andrew.k...@tdstelecom.comwrote:
You will need to get the /32 into BGP first. Then you can let it out the
peering session.
1. A matching IGP
Hi,
Can you provide config details on these for both sides? While we don't use
2950 switches, run port channels at the gig level between 3550/60 and 6500
without these issues, so I suspect you have something missing in your
config.
-Lee
On Thu, Jul 28, 2011 at 9:32 PM, m...@adv.gcomm.com.au
Hello,
Can anyone suggest a Cisco 24 or 48 port switch that is 10/100/1000 with
1G/10G uplinks and supports HSRPv2 and HSRPv6? Am having some difficulty
locating switch models with these features using Cisco's site. It looked
like the 3750E and the 3560E possibly would work, but was not able to
Hello,
Does anyone know if the WS-SVC-FWM-1-K9 supports rate limiting of traffic on
a TCP port basis within Vlans? Basically what we have are several customers
which are on separate vlans that we would like to rate limit certain TCP
ports on. The particular 6509s these are configured on are
Hi everyone.
I was wondering if anyone knows of issues running the sip-601 with the
spa-8x1ge-v2 on 12410xr doing etherbundles? Are there any memory
requirements on the sip card? I understand that you can't do ipv6 in the
bundles, but other than this is there any reason this would or does not
Thanks Oliver. We are needing to do Etherbundles (Etherchannel) between our
6509s and our 12410s. Wanted to make sure that this does not have any
hidden gotchas like not running XR unless you have a certain amount of ram
on the card before we buy buying a few. IPv6 support in 4.1.0 is good to
Thanks Mikael. Looks like we will be moving forward with this purchase and
install.
Thanks again.
-Lee
On Sun, Oct 30, 2011 at 10:57 PM, Mikael Abrahamsson swm...@swm.pp.sewrote:
On Sun, 30 Oct 2011, Lee Starnes wrote:
Thanks Oliver. We are needing to do Etherbundles (Etherchannel) between
Hi,
I have an odd question. We have a Cisco WS-C2950T-24 that was working fine
until we changed the device it is directly connected to for its uplink. The
switch was connected to a gig port on a 3550 and was reachable. It is now
connected to a gig port on a 6509. The strange thing is, it passes
Hello everyone,
I have an issue where by I have 2 TCC cards with an unknown password on
them. I can configure the IP address from the fan control panel, so I
assumed that they have the default passwords in them. What I would like to
know is if I take a TCC+ card that is already in a different
line-driver chip, a DB9 and a bit of ribbon
cable with a header plug on it.
You might try
CISCO or CISCO15 as the defaults
On 1/25/12 11:33 PM, Lee Starnes lee.t.star...@gmail.com wrote:
Hello everyone,
I have an issue where by I have 2 TCC cards with an unknown password on
them. I
have to send
the card back to cisco or buy a special cable (console cable).
-Kyle
On Wed, Jan 25, 2012 at 10:33 PM, Lee Starnes lee.t.star...@gmail.comwrote:
Hello everyone,
I have an issue where by I have 2 TCC cards with an unknown password on
them. I can configure the IP address from
onto the TCC circuit board.
Its basically a TTL to RS232 line-driver chip, a DB9 and a bit of ribbon
cable with a header plug on it.
You might try
CISCO or CISCO15 as the defaults
On 1/25/12 11:33 PM, Lee Starnes lee.t.star...@gmail.com wrote:
Hello everyone,
I have an issue where by I
Hi Everyone,
I did a few searches of the archives and was not able to find an answer to
what I'm trying to do. What we are trying to do is put a rate limit on
certain TCP ports for traffic on customer VLANs. I have put into place a
policy map that does not seem to be working. We are limiting both
for the interface your VLAN is on (mls qos
vlan-based) ?
What does the output of show policy-map int vlan 555 give ?
regards,
Tony.
- Original Message -
From: Lee Starnes lee.t.star...@gmail.com
To: cisco-nsp@puck.nether.net
Cc:
Sent: Wednesday, 22 February 2012 7:02 AM
Subject
Hi Phil,
Yep I had missed the mls qos vlan-based command on the port. Looks to be
working now.
Thanks,
-Lee
On Wed, Feb 22, 2012 at 1:14 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 02/21/2012 09:02 PM, Lee Starnes wrote:
Hi Everyone,
I did a few searches of the archives
Hi Joseph,
We has similar issues and had to make a change to the ML interface. Try
adding ppp multilink fradment disable.
-Lee
On Fri, Mar 23, 2012 at 11:38 AM, Joseph Mays m...@win.net wrote:
We have the following service policy on a router that priorities VOIP
traffic according to the ef
Hi,
I have a question about the 6509 and the SUP720-3BXL standby sup. If a
chassis only has 1 SUP installed and you install a second one, will that
disrupt the currently installed and working SUP? I ask this because we have
our standby SUPs and I would like to install them, but I know they don't
...@peper.eu.org
On 4/4/12 22:14 , Lee Starnes wrote:
Hi,
I have a question about the 6509 and the SUP720-3BXL standby sup. If a
chassis only has 1 SUP installed and you install a second one, will that
disrupt the currently installed and working SUP? I ask this because we
have
our standby SUPs
I would also look at speed setting. Not all versions of IOS default to 64K
per channel.
timeslots 1-24 speed 64.
-Lee
On Tue, Apr 17, 2012 at 11:54 AM, Jay Hennigan j...@west.net wrote:
On 4/17/12 11:46 AM, Joseph Mays wrote:
We're setting up an HDSL4 t1 across two copper pairs. This is the
If I had to guess, there is something wrong with the switch. We have 12 of
those in service and all connecting to servers with Gig. Some are AUTO and
some are hard coded to 1000 full duplex. Ours are running IOS image:
c3550-i5q3l2-mz.121-13.EA1a.bin or c3550-i5q3l2-mz.121-22.EA1a.bin
-Lee
On
Glad I could help.
-Lee
On Wed, Apr 18, 2012 at 1:49 PM, Joseph Mays m...@win.net wrote:
**
timeslots 1-24 speed 64.
That was it. Thanks so much. I've been trying to figure out for days why
something that should be simple was proving impossible.
Hello all,
I have been banging my head against the wall for some time now trying to
figure out why the DSCP bits are being stripped and replaced with 0 on
all packets when coming from a customer connected to one of our ME3400
switches. The switch is not doing any routing for them. It is just
Thanks Marrias. Yep this works.
Thanks!
-Lee
On Sun, May 6, 2012 at 10:30 PM, Mattias Gyllenvarg
mattias.gyllenv...@bredband2.se wrote:
Try this
policy-map trust
class class-default
set dscp dscp
int fas0/24
service-policy input trust
//Mattias
On 5 May 2012 01:07, Lee Starnes
/cos value of incoming packets of the access port.
From: ML m...@kenweb.org
To: cisco-nsp@puck.nether.net
Sent: Sunday, May 6, 2012 11:45 AM
Subject: Re: [c-nsp] ME3400 DSCP EF bits stripped.
On 5/4/2012 7:07 PM, Lee Starnes wrote:
Hello all,
I
Hello all,
Previously I had an issue where we were stripping the dscp bits coming into
our switch and this was solved with the policy-map that does a set dscp
dscp. I can send a packet from a laptop with the bits market and see these
bits make it all the way through our network. However, what is
on the port on the 3560 facing the
computer, is that in place?
Kind regards,
Sibbi
On 21.5.2012 14:42, Lee Starnes lee.t.star...@gmail.com wrote:
Hello all,
Previously I had an issue where we were stripping the dscp bits coming
into
our switch and this was solved with the policy-map
:
You need to see the configuration on their side.
The switch by default will set all dscp to 0 unless trust is configured.
You can also apply a policy-map that explicitly sets the dscp to a
specific value.
Kind regards,
Sibbi
From: Lee Starnes lee.t.star...@gmail.commailto
In our experience with the TA908e CPEs, we had to set the timing on the
cisco side to network (or slave) and the TA908e be the master. This is
because Adtran only uses 1 clock on the CPE. This was the only way we could
solve the issue when spread across DS3 circuits. We have about 40 of these
in
Hello,
I was reading on the Cisco site that the WS-X6708-10G-3C and 3CXL are
compatible with the SUP720-3BXL and will operate normally. I was wondering
if anyone has done this and what the performance is like. I would hate to
upgrade our SUPs if I don't have to as they are working just fine.
: %OIR-SP-6-INSCARD: Card inserted in slot 3,
interfaces are now online
On 6/12/2012 3:55 PM, Lee Starnes wrote:
Hello,
I was reading on the Cisco site that the WS-X6708-10G-3C and 3CXL are
compatible with the SUP720-3BXL and will operate normally. I was wondering
if anyone has done
, Aled Morris al...@qix.co.uk wrote:
On 12 June 2012 21:55, Lee Starnes lee.t.star...@gmail.com wrote:
Hello,
I was reading on the Cisco site that the WS-X6708-10G-3C and 3CXL are
compatible with the SUP720-3BXL and will operate normally. I was wondering
if anyone has done this and what
I don't know if this helps, but how much ram do you have in this system and
the line cards that these VLANs are on? This type of behavior sounds like
the system is running low on memory. We saw this running on the 6500
running BGP and OSPF. Had to upgrade ram to solve the issue. Of course we
were
Hello,
I am seeing these entries in my logs every few minutes. I have done
searches and found only reference to them where it says to copy the error
and sent to Cisco. Has someone seen these before and if so, what needs to
be done to resolve the issue.
LC/0/1/CPU0:Aug 16 09:03:22 PDT:
It is on an XR12410. We are doing pulling netflow data from these routers.
-Lee
On Thu, Aug 16, 2012 at 1:37 PM, Oliver Boehmer (oboehmer)
oboeh...@cisco.com wrote:
I am seeing these entries in my logs every few minutes. I have done
searches and found only reference to them where it says
Thanks Andrew. I know we are running 4.0.1. I have been looking at
upgrading to a newer version, but been holding off until I have a reason to
go through all that. Aside from all that, we are not seeing any issues on
the routers.
-Lee
On Thu, Aug 16, 2012 at 3:56 PM, Andrew Koch
Thanks Oliver for checking on that. Not a critical issue at this point
since it is not impacting service.
Thanks Andy for your help and input too.
-Lee
On Mon, Aug 20, 2012 at 5:56 AM, Oliver Boehmer (oboehmer)
oboeh...@cisco.com wrote:
Andy/Lee,
I am seeing these entries in my logs
Hello everyone,
I was looking through documentation for the ASA5510 as we have a client who
is running one in transparent mode. They need to add an additional IP block
to their network and from what I am able to gather, it looks like you can
not add a second /28 to their network configuration. Am
Hello,
We are seeing an issue whereby a service to pass RDP directly to a machine
will just hang randomly while connected. Is there something wrong with the
config we have wrong?
service customer-A.rdp
port 3389
protocol tcp
ip address 10.1.1.3
keepalive type icmp
active
owner customer-A
Hello everyone,
Does anyone know if there is an IOS equivalent to the locIfInpktsSec and
locIfoutPktsSec for IOS-XR? Doing an SNMP walk of the XR system and MIB
browser, I was not able to find the Packets Per Second OID for any
interfaces. Am I just missing something?
Thank you for your time.
Hello,
After wading through hours of pages on Cisco's site I was not able to
determine if the following configuration will work without having to
upgrade either the DFC or the IOS. We have some switches that I need to
install some 10G ports in. I have some WS-X6704-10GE blades with 3BXL DFC
Thanks Robert for the quick reply.
On Fri, Jan 4, 2013 at 3:48 PM, Robert Hass robh...@gmail.com wrote:
On Sat, Jan 5, 2013 at 12:39 AM, Lee Starnes lee.t.star...@gmail.com
wrote:
s72033-advipservicesk9_wan-mz.122-33.SXH. Aside from the fact that the
IOS
is older, does anyone see any
Thank you Nick.
-Lee
On Fri, Jan 4, 2013 at 3:48 PM, Nick Hilliard n...@foobar.org wrote:
On 04/01/2013 23:39, Lee Starnes wrote:
is older, does anyone see any issues with this IOS and SUP working with
the
WS-X6704-10GE?
should work fine. the X6704 cards have been supported since
, but not in DFC3C
mode, and leaves a slurry of warnings at startup.
Jeff
On 1/4/2013 6:39 PM, Lee Starnes wrote:
Hello,
After wading through hours of pages on Cisco's site I was not able to
determine if the following configuration will work without having to
upgrade either the DFC or the IOS. We
Hello everyone.
I was wondering if anyone has seen this and if it is caused by a bug or a
security hole. OSPF process is in an endless loop of errors that I was only
able to fix with a reboot. I could not restart the OSPF process as it would
just hang for 60 seconds and then give up. This problem
we are running 4.0.1 currently.
-Lee
On Fri, Jan 25, 2013 at 9:12 PM, Xu Hu jstuxuhu0...@gmail.com wrote:
It seems is a bug, which version you are using?
http://status.ovh.es/?do=detailsid=1152PHPSESSID=63f1ab780c97e64284a260a17828a53c
2013/1/26 Lee Starnes lee.t.star...@gmail.com
Thanks Oliver. I will login and download it.
-Lee
On Sat, Jan 26, 2013 at 12:20 AM, Oliver Boehmer (oboehmer)
oboeh...@cisco.com wrote:
Lee,
I was wondering if anyone has seen this and if it is caused by a bug or a
security hole. OSPF process is in an endless loop of errors that I was
Hello,
I was wondering if there are any known issues with XR 4.0.1 running a
SIP600 or SIP601 with ether bundles. We have a couple chassis that still
need to upgrade to newer versions of the OS, but I can't do that right away
and need to expand link capacity before I will be able to deploy newer
Hello,
We are trying to change the administrative distance on one of the OSPF
neighbors of our router and no matter what it is set to, the value does not
seem to change.
#sh ip route x.x.0.102
Thu Apr 4 02:36:05.122
Routing entry for x.x.0.102/32
Known via ospf 12345, distance 110, metric 2,
interface Bundle-Ether2
cost 20
The above will affect all prefixes learned from these paths, i.e. routes
will be preferred via Bundle-Ether1 , while Bundle-Ether2 will be just a
backup path.
On 4 Apr 2013, at 11:42, Lee Starnes wrote:
Hello,
We are trying to change
Hello,
I was wondering if anyone here has used the SPA-1X10GE-WL-V2 and if so how
it differs with the non W version with relation to Ethernet and
EtherBundles.
We currently use the non W versions for our ethernet uplinks to backbone
connections as well as between our switches and routers. In
need WAN/SONET support, get the WL.
- Ed
-Original Message-
From: Lee Starnes lee.t.star...@gmail.com
Sender: cisco-nsp cisco-nsp-boun...@puck.nether.netDate: Wed, 24 Apr
2013 16:12:26
To: cisco-nsp@puck.nether.netcisco-nsp@puck.nether.net
Subject: [c-nsp] SPA-1X10GE-WL-V2 vs SPA
are talking about SPA-110GE cards, has anyone got these to work
with a multimode sr xfp?
Andrew Jones
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Edward Salonia
Sent: Friday, 26 April 2013 1:25 AM
To: Lee Starnes
Cc: cisco-nsp
Hello,
From looking at your output and based on you replacing your cables I
suspect you are seeing issues that the carrier is not seeing from their
basic remote tests or circuit monitoring. We have seen this many times. Ask
for them to pull PMs on the circuit. If this is a CLEC circuit, have them
Hello everyone,
I am looking to get a SmartNet contract on our GSR 12410XR routers and am
having a VERY hard time finding anyone that can come up with the SKU for
it. I need to be able to upgrade our IOS-XR software but can't until I have
the contract.
Does anyone have the SKU for it or know
On 12/19/2013 2:38 PM, Lee Starnes wrote:
Hello everyone,
I am looking to get a SmartNet contract on our GSR 12410XR routers and am
having a VERY hard time finding anyone that can come up with the SKU for
it. I need to be able to upgrade our IOS-XR software but can't until I
have
is supported on this chassis under
minimum IOS XR release of 4.3.0.
Best.
Lee
On Thu, Dec 19, 2013 at 5:56 PM, Xuhu jstuxuhu0...@gmail.com wrote:
Since u had spare hardware already, just get the new OS and upgrade it
yourself, done.
Br,
On 20 Dec, 2013, at 3:38 am, Lee Starnes lee.t.star
Hello everyone,
A strange MTU issue has popped up and for the life of me I am unable to
figure out why. This seems to only affect one Metro-E carrier and only when
the traffic passes between the 6500 and the 12410.
ME Carrier A --- 10G 6509 bundle-ether1(4G)---12410A
ME Carrier B ---/
Hello everyone,
I am in the need of a recommendation for a Cisco switch that is Layer 2/3,
1U, AC powered and has the same rate limit capability as the ME3400 series
has and has 48 ports of 10/100/1000. Does anyone have any experience with a
model that would best fit this need? These would not be
Hello,
We just setup a new ASA 5512x running v9.1(2). We have about 30 remote
Anyconnect SSL vpns and an IPSec tunnel to a remote LAN. We have been able
to get all the VPN connections up and passing traffic such that remote VPNs
can reach the LOCAL LAN The LOCAL LAN can reach the REMOTE LAN, THE
: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Lee Starnes
Sent: den 30 juni 2014 23:23
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASA5512x VPN route issue
Hello,
We just setup a new ASA 5512x running v9.1(2). We have about 30 remote
Anyconnect SSL vpns and an IPSec
One final reply on this. All works if you setup everything as described in
the link you provided Ulrik. The issue we had was caused by the remote side
of the IPsec tunnel ACL not allowing access for the VPN clients IP block.
Thanks again.
-Lee
On Tue, Jul 1, 2014 at 4:43 PM, Lee Starnes
Hello,
Been fighting with a carrier about a problem that we are seeing that I have
not been able to get resolved. They are handing off an Metro-E circuit at
one of our remote sites and they are providing an access port for us.
This is un-tagged traffic at the remote site and tagged at our NNI. I
, but it should bring up the interface and let traffic
flow (unless their interface is truly trunked without the native vlan
config).
On Tue, Aug 26, 2014 at 4:32 PM, Lee Starnes lee.t.star...@gmail.com
wrote:
Hello,
Been fighting with a carrier about a problem that we are seeing that I
have
Thanks Chris for breaking it down. Makes sense.
On Wed, Aug 27, 2014 at 6:14 AM, Chris Marget ch...@marget.com wrote:
On Tue, Aug 26, 2014 at 7:32 PM, Lee Starnes lee.t.star...@gmail.com
wrote:
they are providing an access port for us.
This is un-tagged traffic at the remote site
if I
/14 7:34 PM, Lee Starnes wrote:
Thanks Mike.
That took care of the problem, but still not sure why I would have to
set
the port up as a trunk port when the handoff is an access port. When the
carrier tested the port, they tested it as an access port and then tried
to
test
Hello,
I am looking to setup some policy based routing on an IOS-XR router. From
what I understand, XR does not have PBR, but ABF. When looking at how ABF
works, I don’t see how to set a next hop route (only next hop per TCP
port). My question then would be, how does one accomplish this on XR?
Hi Oliver,
Since we have no default routes and all backbone links are full BGP minus
default route, I am going to assume that the second permit statement won't
work here. Would this just get specified as any since the first entry would
be matched for local netblocks and it would not go further in
Looks like I may not have this feature as these are 12410XR chassis. Here
is what I have in our lab environment.
RP/0/9/CPU0:lab-router(config)#ipv4 access-list ABF
RP/0/9/CPU0:lab-router(config-ipv4-acl)#permit ipv4 10.10.10.0/24
172.16.0.0/19
RP/0/9/CPU0:lab-router(config-ipv4-acl)#permit ipv4
Thanks Lukas.
We are running SDM default. The attacks are to IPs that are routed by the
switch but are on the other end of the ethernet link to the client. No
attack on the switch itself. As to TCAM warnings, would not have any in the
logs at this time. This took place last a couple weeks ago and
Hello everyone,
We have some ME3400 switches that are doing OSPF. These work fine and have
for a couple years now. However, if a link on them (100M) gets hit with a
ddos attack, the switch will start OSPF flapping. This in turn causes all
the others to do the same. Is there a way to dampen the
Hello everyone,
I have a question about OSPF route redistribution. We have no issues
redistributing subnets in the network out of our /19 blocks. But we have a
/22 block that the entire /22 is allocated to a single client. The routes
redistribute across all the all switches except back to the
Systems, Inc. All rights reserved. 1 Session Number
> Presentation_ID Cisco Confidential Deploying OSPF for ISPs ISP/IXP Workshops
>
>
>
>
>
>
>
>
>
>
>
> --
> *From:* cisco-nsp on behalf of Lee
> Starnes
> *Sent:* Tuesday, Jul
Hello everyone. I am having difficulty in finding any documentation on
Cisco's site that would provide a compatibility matrix on what Cisco SPAs
are supported on the A9k-SIP-700. Trying to find out if we can use some
existing SPA-1x10GE-WL-V2 and SPA-1x10GE-L-V2 adapters in the SIP-700 in
the 9010
Hello All,
Does anyone have any good links on how to best setup an IPSec VPN tunnel
from an ASA to a Cradlepoint that is on an LTE connection with a Dynamic
IP? I have all the configuration for the Cradlepoint side done, but having
difficulty with the ASA side since the cradlepoint is on an
Hello,
I have a SUP720-3BXL that us running ROMMON 8.1 and am trying to upgrade to
8.5(3). I have gone through the upgrade steps, and upon reload it retains
the correct version. However, if I power cycle the chassis, it reverts back
to 8.1. and lands in ROMMON.
If I boot the OS and do an
:
> You might check the little CMOS battery on the left side of the MSFC3.
> I've run into NVRAM corruption issues that generally revolve around that
> battery being low/dead. It's definitely replaceable, I've done that a
> couple times already.
>
> On Fri, Feb 22, 2019 at 5
Hello all,
I have a need to be able to do policy based routing for next hop set, but
can't find anything that works in XR. We presently are doing this with VRFs
but need to move away from the VRFs because this causes the ipv6_io to
crash over and over when doing this for IPv6 traffic. Are there
Hello everyone,
I am trying to find out if there is a way to monitor the CRIT, MAJ, MIN and
Fail alarms via SNMP. I read through a boatload of documentation on SNMP
monitoring for the ASR but was not able to find anything on these alarms. I
want to poll the system for status, bit trap send them.
Hello Bruce,
I did check out both the alarm and environment MIBs and none of the OIDs in
them come back as valid. In fact, a walk of those enterprise OIDs results
in no such object on this agent.
Best,
-Lee
On Tue, Dec 17, 2019 at 2:44 PM Bruce Pinsky wrote:
> On 12/17/2019 2:30 PM,
Hello,
We are seeing on one of our 6509 chassis high CPU load (50-90%). We are not
seeing this on our other chassis and they are all optioned the same. The
one difference is that this chassis is sending traffic on one incoming
10gig interface out to another 6509 where that traffic is destine to
Hello Nathan,
So what I find interesting is that a process that shows 13% CPU is actually
using 60% CPU. Using a "show proc cpu sorted 5sec" I was able to see that
SNMP was coming up with 13 and 15% CPU on the process when this is going on
(all the time), but on the other switches, that would
1 - 100 of 110 matches
Mail list logo