Hi Arnab,
Arnab Bakshi wrote on 18/4/2007 8:01 πμ:
Hi All,
I have been experimenting with QinQ a few days and I came across
some issues and questions I would like to put forward.
My question is whether QinQ or 802.1Q which is said to be supported
by cisco 3550, 7206 series
According to Cisco:
If the bandwidth of the interface is greater than the maximum value
reportable by this object then this object should report its
maximum value (4,294,967,295) and ifHighSpeed must be used
to report the interace's speed.
--
Tassos
Bill Nash wrote on 10/5/2007 8:05 μμ:
WS-X67xx-SFP GLC-T work only in 1000Mbps.
Keep complaining to Cisco ;)
--
Tassos
saso pirnat wrote on 11/5/2007 12:04 μμ:
Does anybody knows why i can't get line protocol up with sfp GLC-T on
cisco7609 WS-SUP720-3BXL and line card WS-X6748-SFP when I try to
connect with some other
Hi Peter,
Searching on cisco.com/go/fn for 802.1Q Tunneling returned many results.
3400,3550,3750 surely support it.
Usually 802.1Q Tunneling refers to L2 devices, while QinQ termination to L3
ones.
--
Tassos
Peter Olsson wrote on 12/5/2007 8:01 μμ:
I'm trying to find out what equipment
I was wondering
Is there a way to display the x last lines of the log of a router (through the
cli) ?
Like the CatOS sh logging buffer -x is doing.
--
Tassos
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Watching the latest emails about DFC cards, i was wondering if the addition of
WS-F6700-DFC3BXL cards to WS-X67xx modules would
help a 6500/7600 in nay case, when used exclusively as a L2 switch (plus 802.1q
tunneling/QoS/ACLs).
According to CCO:
The Cisco? Catalyst? 6500 Series Distributed
module or per chassis?
Regards,
Tassos
Tim Stevenson wrote on 15/6/2007 6:05 μμ:
At 03:35 PM 6/15/2007 +0300, Tassos Chatzithomaoglou observed:
Watching the latest emails about DFC cards, i was wondering if the
addition of WS-F6700-DFC3BXL cards to WS-X67xx modules would
help a 6500/7600 in nay
Sorry Tim, but more questions came up now...
7600-ES20 datasheets say something about 80.000 mac addresses per ES card.
What is the catch here? How can the SUP720 know n * 80k addresses when it only
supports 64k?
Does it refer to mac addresses belonging to per card locally configured vlans
Isn't it the same as vlan translation that ME-3750 support?
--
Tassos
Gert Doering wrote on 25/6/2007 9:14 μμ:
Hi,
On Tue, Jun 26, 2007 at 02:55:02AM +1000, Skeeve Stevens wrote:
Now I know what the concept is called. but needing a router sucks.
Actually I'm fairly sure I've seen
You can use EEM to watch for a specific syslog output and then execute the
clear command.
--
Tassos
Ed Ravin wrote on 26/1/2007 5:12 μμ:
On Fri, Jan 26, 2007 at 11:23:19AM +0100, Wolfgang Roth wrote:
we use a Cisco 3640 with NM-2V and VIC-2BRI-NT/T modules as VoIP/PTSN
gateway. The device
If you are referring to 3548XL, then this switch doesn't support 802.1q
tunneling.
If you are referring to 3550-48, then you can use switchport mode
dot1q-tunnel under the port.
--
Tassos
Chris Cappuccio wrote on 2/8/2007 1:28 πμ:
Hey does anyone know how to pass double tagged packets on
You can try show controllers gigabitethernet x/y
--
Tassos
Robert Boyle wrote on 17/8/2007 2:20 πμ:
I have a 7206VXR with NPE-G2 with 3 SFPs at a remote location. I am
trying to get info from the SFPs to make sure they are the correct
type. Is there a command like:
sho idprom int g2/9
I'm trying to troubleshoot an issue which appears just after a reload and i
need to have some debugs enabled as soon as the router
boots up.
Is there a way i can enable some debugs before a reload and keep them active
after the reload?
PS: I tried the EEM functionality (event syslog
From CCO (at least on SB IOS):
A subinterface that is configured with multiple inner VLAN IDs is called an
ambiguous Q-in-Q subinterface. By allowing multiple
inner VLAN IDs to be grouped together, ambiguous Q-in-Q subinterfaces allow for
a smaller configuration, improved memory usage,
and
Suppose we have the following network:
100 10010 100 100
R1 === SW1 === SW2 === SW3 === SW4 === R2
All switches are just L2 devices and all connections are just plain ethernet.
As you can see there is a 10 Mbps link between SW2 and SW3, while all other
links are
I'm trying to check if CSCed45578 applies to our case, but the first tests show
that the proposed workaround doesn't work.
--
Tassos
Oliver Boehmer (oboehmer) wrote on 21/8/2007 8:25 πμ:
Tassos Chatzithomaoglou wrote on Monday, August 20, 2007 6:54 PM:
I'm trying to troubleshoot an issue
Chris,
According to cisco, the ES ports support only 1000BaseT when using copper SFPs.
Any other speed (10/100) may force the link to come up, but many errors will
appear and it's not recommended.
I still don't understand the reason behind this.
--
Tassos
Chris Lane wrote on 25/9/2007 8:16 μμ:
I believe you can get the conformed packets counter, so by getting these in
periods of 5' you can
create your graphs. It's like getting ifInOctets ifOutOctets.
--
Tassos
omar parihuana wrote on 26/9/2007 2:48 πμ:
Hi List,
I configure QoS via MQC, now I need to get the utilization of
Hi,
Is there a way i can achieve the following?
router#copy bootflash:crashinfo_200709* ftp:
I'm just trying to transfer all the September crashinfos to our ftp server.
--
Tassos
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Check the logging event link-status default config command.
http://www.cisco.com/en/US/products/ps6017/products_command_reference_chapter09186a00808829a0.html#wp1012561
I think there was a bug (CSCsb66248 ?) around this one in some SXF versions.
--
Tassos
Wyatt Mattias Ishmael Jovial
Hi Lincoln,
If i remember right, there are some SFPs that use a single fiber for both tx/rx.
Does UDLD help in such cases? Is there a possibility for a problem in only one
direction?
--
Tassos
Lincoln Dale (ltd) wrote on 12/10/2007 5:39 πμ:
Will auto-neg signal one-way fiber failures (after
Can someone please clarify the following ?
Do these cards work together?
Supported only with SUP720
http://www.cisco.com/en/US/products/hw/routers/ps368/prod_installation_guide09186a008069bb90.html#wp1304068
Not listed under unsupported for RSP720
WS-X6148-FE-SFP ( shared bus connection :( )
It's a shame that all other WS-X67xx gigabit cards do not support such SFPs.
--
Tassos
Robert Boyle wrote on 18/10/2007 10:17 πμ:
Hello all,
I am trying to simplify some of our POP setups. We frequently have a
stand alone fiber transceiver rack
I heard recently (during a cisco technical presentation) that packets sourced
by the router itself,
are not affected by an outbound acl defined on a router's interface; something
that -at first-
seemed a little bit strange to me.
I guess that seems normal in the following scenario:
1) the
Does anyone know if in-line optical attenuator have to be connected on the
receiver side only?
For example in the following link
A-C
SW1 SW2
B-D
SW1 is transmitting through A and receiving through B
SW2 is transmitting
One ugly way to do it would be to create an eem applet on both routers which
would do the following:
1) watch for syslog messages STANDBY Active-xxx and then decrease the
metric of these
redistributed connected routes through configuring the local router
2) watch for syslog messages
To make it even uglier, you can configure (using eem again) pbr under the
upstream interface to send
all these requests to the appropriate router, bypassing the connected routes.
--
Tassos
Phil Mayers wrote on 28/10/2007 2:27 μμ:
On Sat, 2007-10-27 at 18:02 +0300, Tassos Chatzithomaoglou
I'm trying to find a way to avoid (or at least be warned about) duplicate ip
addresses on a lan connected to a ME-3400.
I have checked IP Source Guard Dynamic ARP Inspection but both require
either a dhcp snooping database (in my case ips are
statically configured) or a static ip-mac mapping
What kind of multicast are these?
Do you have a dump?
Maybe you could try enabling bpdufilter on this port.
--
Tassos
Xavier Beaudouin wrote on 5/11/2007 3:25 μμ:
Hello,
I have a problem with Multicast and Cisco 3560G.
We a have a data vlan with mixed unicast and multicast data.
We
Maybe someone is trying to exploit the following?
http://www.cisco.com/en/US/partner/products/products_security_advisory09186a008029e189.shtml
--
Tassos
Sascha E. Pollok wrote on 8/11/2007 12:35 μμ:
Nov 6 18:16:00 CET: %OSPF-4-BADLENGTH: Invalid length
10246 in OSPF packet type 208 from
If the QinQ service is point2point, then i guess the service provider can
disable mac-address
learning in order to avoid this situation.
--
Tassos
Matt Buford wrote on 14/11/2007 12:21 πμ:
Old HPs (such as the 4000) have a single switch-wide fdb. I've been
bitten by this more times than I
Maybe try increasing the burst size of the policer.
Also make sure you get this low speed because of drops, otherwise you need to
increase the tcp
window and/or number of connections on the iperf hosts.
--
Tassos
William wrote on 13/11/2007 7:51 μμ:
Hi,
I'm trying to rate limit traffic
Peter Rathlev wrote on 23/11/2007 1:51 πμ:
On Thu, 2007-11-22 at 19:49 -0300, [EMAIL PROTECTED] wrote:
I plan to change the STP root to CAT6513 using the command set spantree
root. I?d like to ask:
1. Is this command enough?
The set spantree root set the bridge priority to 8192. If your
Usually, you have 3 options (actually the last 2 are variations of the same
option):
1) redistribute a static route (to null) of the nat outside address space
2) redistribute a virtual connected interface (a loopback) having an ip from
the nat outside
address space
3) use the network of a
http://www.cisco.com/en/US/products/ps6441/products_data_sheet0900aecd806d1fd6.html
When downloading from Cisco, the Cisco IOS Auto-Upgrade Manager uses Secure
Sockets Layer (SSL) for
a secure connection, requiring the user to configure the Cisco SSL certificate.
--
Tassos
Richard A
no cdp advertise-v2 will stop these messages, since the unmatching duplex
reporting
functionality (+ native vlan mismatch) has been added in CDP v2.
--
Tassos
Jay Hennigan wrote on 3/12/2007 7:30 πμ:
Tuc at T-B-O-H.NET wrote:
Hi,
I'm getting on a 3640 running (C3640-JK9S-M), Version
There is an interesting doc here:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186a0080094bc6.shtml
We have been using 10 routed interfaces on a 3550 for many months without any
problems. But this 3550 doesn't have a lot of
traffic. We had another 3550 with 8
Justin Shore wrote on 7/12/2007 5:26 μμ:
Marc Haber wrote:
On Thu, Dec 06, 2007 at 09:03:39PM +, Thorsten Dahm wrote:
Marc Haber wrote:
Which access privileges would RANCID need, and how far can the RANCID
account be restricted?
The same as any user who is able to to a sh run.
Which
Jared Mauch wrote on 7/1/2008 9:53 μμ:
It may be that SXD can't properly show stuff, but yes, you may
want to update the monlib. I think there's some other cli way to do it
but the easiest i've found is to format.
router#upgrade filesystem monlib
Regards,
Tassos
What about simple IRB?
--
Tassos
David Granzer wrote on 9/1/2008 10:24 πμ:
I'm not sure how QinQ can help here, but L2TPv3 yes.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hwan_c/hl2tpv3.htm#wp1045845
David
On 1/9/08, Andrew Gristina [EMAIL PROTECTED] wrote:
This has happened to me twice and the answers i got from Cisco were :
1) the feature wasn't supposed to work from the beginning
2) the feature was causing conflict with other, more important features
Although our account team was involved, although cisco developers were
involved...nothing
I don't think you can do Per-Port Per-VLAN QoS on 3550 or VLAN-Based QoS on
3560 on the egress
direction. Just on ingress.
--
Tassos
Michael Malitsky wrote on 22/1/2008 2:25 πμ:
Hello,
I am trying to figure out a way to set up some traffic limiters.
Specific situation is: I have several
You can provide some form of filtering using snmp views.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hnm_c/htnmsnmp.htm#wp1026473
I haven't used this functionality specifically for filtering access to
interfaces, but i guess i would work.
--
Tassos
Mike Louis wrote
There have been some cases reported here (for other IOS), that this command
might have moved under
the aaa group xxx for tacacs.
--
Tassos
Higham, Josh wrote on 22/1/2008 8:11 μμ:
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Louis
I recently upgraded some switches 3750 from 12.2(35) ipbase
Yes, that is a known bug of PXF, EC and SB IOS.
CSCsj02377
ICMP messages generated on port channels use 0.0.0.0 address (from phy)
Release-note:
=
Symptom:
ICMP unreach messages generated by c10k when port channels in use
Conditions:
when the port channel is
Has anyone real world experience of using these 2 features (Reflexive ACLs or
CBAC) on 6500 with
MSFC2 (SUP2) or MSFC3 (SUP720)?
If i understand right (according do the documentation) both are processed in
software in the MSFC,
so that's going to hurt a little.
Are there any hidden
Technology Group
http://www.cisco.com/go/iosfw
Date: Fri, 25 Jan 2008 12:19:20 +0200
From: Tassos Chatzithomaoglou [EMAIL PROTECTED]
Has anyone real world experience of using these 2 features
(Reflexive ACLs or CBAC) on 6500 with
MSFC2 (SUP2) or MSFC3 (SUP720)?
If i understand right
I believe it's normal for cpu to go high when having long cli outputs.
Nevertheless, you shouldn't worry because the Virtual Exec process should be
(is ?) of low priority.
--
Tassos
Jorge Evangelista wrote on 4/2/2008 5:08 μμ:
Hi list,
I I have some issues with a router Cisco 871, it have
I had the same problem, but it was normal.
Although the mac address is the same, the inner (customer) vlan is different,
so from customer side
everything is fine.
From provider side, since you're using a common outer vlan, you'll have the
same mac address from 2
different ports, but on the
Have a look at J3.
http://www.cisco.com/en/US/customer/products/hw/univgate/ps501/prod_configuration_guide09186a008007cad2.html#11556
--
Tassos
Justin Shore wrote on 18/2/2008 6:47 μμ:
Does anyone know if there's a certain ROM version or jumper setting that
required to support more than
I'm looking for a document describing the differences between these 2 DFC
modules.
Looking through various CCO pages, the only difference i found was the number
of mac addresses supported (64k vs 96k).
Is there anything else i'm missing?
Also, has anyone used DFC-3CXL with 67xx modules on a
:[EMAIL PROTECTED] On Behalf Of Tassos
Chatzithomaoglou
Sent: Wednesday, February 20, 2008 17:41 PM
To: cisco-nsp
Subject: [c-nsp] DFC-3BXL vs DFC-3CXL
I'm looking for a document describing the differences between these 2
DFC modules.
Looking through various CCO pages, the only difference i
simple. The DFC is basically a distributed
replica of the central PFC, so they can only operate in the same mode.
Arie
-Original Message-
From: Tassos Chatzithomaoglou [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 20, 2008 18:11 PM
To: Arie Vayner (avayner)
Cc: cisco-nsp
on some
module, you would basically force the whole router to work in 3B mode.
The reason for this is very simple. The DFC is basically a distributed
replica of the central PFC, so they can only operate in the same mode.
Arie
-Original Message-
From: Tassos Chatzithomaoglou [mailto
There is a command ip options ignore, but it's only availably on 12000
routers.
--
Tassos
Ras wrote on 21/2/2008 5:15 μμ:
We make heavy use of Microsoft's MSMQ libraries to implement our PGM
messaging bus. Unfortunately this implementation of PGM likes to send
an awful lot of SPM messages
I don't see any support for tftp, just xmodem.
http://www.cisco.com/en/US/products/hw/switches/ps628/products_tech_note09186a0080169696.shtml
Regarding the boot loader, i think it gets updated automatically by the IOS, so
there is always hope
for a future tftp support.
Tassos
Peter
If the mutual redistribution happens on the same router, you don't need to
worry.
--
Tassos
Dan Letkeman wrote on 2/3/2008 5:54 μμ:
Ben,
Thanks for the information. I will try removing the default metric
commands to see if they are needed.
In what kind of scenario can redistributing
You can use the following as a start:
menu CONSOLES prompt %
Please make a selection : %
menu CONSOLES text 1 Console to R1
menu CONSOLES command 1 telnet x.x.x.x 2001
menu CONSOLES text 2 Console to R2
menu CONSOLES command 2 telnet x.x.x.x 2002
menu CONSOLES text 3 Console to R3
menu CONSOLES
The same happened to me too. 1 out of 10 AS5300 has failed the past year,
mostly due to PSU.
--
Tassos
Justin Shore wrote on 4/3/2008 4:25 μμ:
Jon Lewis wrote:
On Tue, 4 Mar 2008, Joe Maimon wrote:
Is there any way to get the vxr to support analog dialup access using
pri t1's?
Hook it up
I was the one who asked it ;)
10k will get PRE-4 and SIP/SPA (+10GE) support soon. Better late, than never
--
Tassos
Justin Shore wrote on 5/3/2008 5:59 πμ:
Rubens Kuhl Jr. wrote:
I see no netflow word in the ASR 1000 RP datasheet... :(
It is mean no hardware support available or just
as a rock. Fully loaded with CT3 and NP108's.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tassos
Chatzithomaoglou
Sent: Tuesday, March 04, 2008 7:52 AM
To: Justin Shore
Cc: cisco-nsp; Jon Lewis
Subject: Re: [c-nsp] 7200 vxr as analog dialup
You might want to look into NBAR and http classification, but depending on
volume of traffic, a
traffic-shaper/service-control box might be more appropriate.
--
Tassos
Dracul wrote on 8/3/2008 7:10 πμ:
Hi guys,
I was looking into rate-limiting youtoube traffic and the likes. Do you have
I'm trying to find a way to get the OIF count per (*,G) and (S,G) entry.
routersh ip mroute sum
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J -
IP Plus should be ok for LAC/LNS functionality. If you need the extra features,
then you might need the enterprise one.
--
Tassos
Andrew Jones wrote on 14/3/2008 7:29 πμ:
Hi All,
We got some advice here a while back to use the 12.2SB train on our 7200 LNS
which is terminating l2tp tunnels
Peter Rathlev wrote on 19/3/2008 12:35 πμ:
Hi Brandon,
On Tue, 2008-03-18 at 12:32 -0800, Brandon Price wrote:
So Netflow it is then.
snip
What I don't know is what are the negative impacts of setting a really
short timeout for active flows?
Our router Catalyst has about 150 T1s and 2
We did some testing on a NPE-G2 for a week and this was the difference from
NPE-G1:
http://img84.imageshack.us/img84/905/g1vsg2px4.gif
PPPoE termination, Qos/ACL/netflow per user, simple mcast, plus some basic
routing stuff.
We used exactly the same setup (latest SB IOS) and same customers on
Wildcards provide greater functionality with acls (possibly in rare cases), as
it's mot mandatory to follow strict subnetting
rules like in network masks.
--
Tassos
Scott Granados wrote on 21/3/2008 5:07 πμ:
Right or at least be consistent, use masks or wild card bits but not both.
I
It's working fine in SB IOS. Check the aaa server radius dynamic-author
command ;)
Btw, CoA = change of authorization (aka push pull).
--
Tassos
Dean Smith wrote on 22/3/2008 12:14 πμ:
Is Change of Authentication supported on a VPDN LNS ? (7200/7201 running SB
or SRC)
I've found
client configured.
CoA only kicked in when I added an explicit client yyy.yyy.yyy.yyy
server-key x line
Goes back to Cisco inconsistencies as per the other thread I guess why one
PoD works without an explicit client and CoA doesn't.
Dean
-Original Message-
From: Tassos
They were about 1000 sessions, having max 2 x 200/90 Mbps traffic passing
through the box.
--
Tassos
Ben Steele wrote on 21/3/2008 2:33 πμ:
How many PPPoE sessions did you have terminated and approx what traffic
flow in those graphs?
On 21/03/2008, at 5:30 AM, Tassos Chatzithomaoglou
We were getting the same kind of errors on some ports on 2900/3500 XL switches
and we had to upgrade
the switches (to 2950/3550) in order to stop.
I guess XL switches cannot do much these days.
--
Tassos
[EMAIL PROTECTED] wrote on 22/3/2008 3:45 μμ:
Hi all,
i have some serious problems
The following two could probably help you too:
remote command switch xxx
remote login switch
--
Tassos
David Prall wrote on 25/3/2008 11:05 μμ:
Switch console can only be done from catos. You want to find and entry that
has a mac address within the cisco range. What does sh cdp neighbor give
Since 1500 is the default and 1504 is by default supported on 802.1q trunk
links, i guess 1504
should be the correct value for 802.1q tunneling. I guess the ethernet header
is not counted by default.
My proposition? Use something that covers all of them (i.e. 1600 for GE, 1546
for FE) and (as
Thanks for clearing that out Adam ;)
--
Tassos
Adam Greene wrote on 27/3/2008 3:08 μμ:
I just confirmed that those two commands are not available in Hybrid mode.
Thanks,
adam
- Original Message - From: David Prall [EMAIL PROTECTED]
To: 'Tassos Chatzithomaoglou' [EMAIL PROTECTED
Saku Ytti wrote on 30/3/2008 5:44 μμ:
On (2008-03-30 10:29 -0400), Chris Griffin wrote:
Running 12.2.33SXH1 with SFP-GE-S style SFPs. Module 1 is a 6724.
Weird, I got our SE find out this, and answer was the LAN blades
don't have hardware to read he higher addresses where this data is.
CCP refer to Compression Control Protocol, so i guess the command refers to the
max number of ppp sessions with compression
enabled. It's probably used to keep the cpu usage down.
--
Tassos
Joe Maimon wrote on 31/3/2008 4:26 μμ:
Anybody know exactly what this command does? Cant find it
I'm looking for various L2/L3 QoS guidelines, regarding the DSCP/CoS values
used in a network.
Cisco QoS baseline
(http://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper0900aecd80295a9b.pdf)
defines
specific values for different classes of traffic.
RFC 4593
If i remember right, sh frame pvc xxx will show you the truth.
--
Tassos
virendra rode // wrote on 8/4/2008 10:56 μμ:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have a class based weighted fair queue/LLQ defined and applied in a
frame-relay lab environment.
1. class-map
I note with concern that the Cisco product page lists the VSS as a
different product to the base 6500. Ordinarily such a minor thing
would not concern me, but as Gert has pointed out repeatedly, Cisco have
made people very nervous about the 6500/7600 roadmap...
I've been watching all
I have a 7609/SUP720 (12.2(18)SXF10) chassis with the following results:
7609#sh platform hardware capacity forwarding
L2 Forwarding Resources
MAC Table usage: Module Collisions Total Used %Used
10 65536 18004
You may also need no ip dhcp relay information check if option 82 is added by
another relay (L2) agent.
--
Tassos
Alfred Nagl wrote on 16/4/2008 5:11 μμ:
On Wednesday 16 April 2008 15:47, MKS wrote:
Hi list
I'm playing around with dhcp on cisco and it seams that c7600 (SRB)
isn't relaying
Is the following error something to worry? Can this SSRAM memory be replaced?
test-7609#sh diagnostic description module 5 test 27
TestFibTcamSSRAM :
This test exhaustively exercises the FIB TCAM and the layer 3 adjacency
SSRAM memory. This test may take several hours to
/SUP720/3BXL 67xx/3CXL
confuses this specific diagnostic test. I don't
want to think that there is a hardware problem with all these 3CXLs.
--
Tassos
Phil Mayers wrote on 18/4/2008 6:45 μμ:
Tassos Chatzithomaoglou wrote:
Is the following error something to worry? Can this SSRAM memory
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6968/ps6350/product_bulletin_cisco_ios_software_gd_program_retirement.html
--
Tassos
Jason Berenson wrote on 19/4/2008 12:17 πμ:
That's what I say too...
Gert Doering wrote:
Hi,
On Fri, Apr 18, 2008 at 02:55:54PM -0400, Rodney
1) make the port an access port
2) block 01-00-0C-CC-CC-CC (used by CDP too)
3) use transparent vtp v1 different domain
4) block vlan 1 (although actually that's not possible)
You can also use switchport nonegotiate to turn DTP off, if you're getting
vtp mismatch messages
(different vtp
http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_u1.html#wp1013452
I guess enabling vtp on your internal ports and disabling it on your external
ones would accomplish
the needed security.
I don't know what happens if global vtp (on) and per-port vtp (off) are
configured
Peter Rathlev wrote on 23/4/2008 8:48 μμ:
(Or convince Cisco to implement BFD for static routes in regular IOS...)
Regards,
Peter
Isn't that supported in SRC? Or maybe i misunderstood the regular keyword...
--
Tassos
___
cisco-nsp mailing
I have seen the same output in cards than have double connections (2x20) to the
fabric (i.e.
X6704-10GE WS-X6748-GE-TX) and use DFC cards. But that didn't cause any
problem.
I guess ... FE = Forwarding/Fabric Engine or Fabric Enabled?
--
Tassos
Ramcharan, Vijay A wrote on 23/4/2008 10:03
Paul,
To be honest, i didn't think the mac acl would work using 0x2003 as an
ethertype, because the value 0x2003 refers to the Local
Code field (or Protocol Identifier (PID)) of the LLC/SNAP header.
But i tried it and it worked. It also worked for UDLD (0x0111).
I then found out that IEEE
global : logging event link-status default
per interface : logging event link-status
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailsbugId=CSCsj00385
--
Tassos
Holemans Wim wrote on 29/4/2008 11:38 πμ:
I know I have seen this before, but I can't find
Hi Peter,
I usually use the following:
sh controllers cpu-interface
sh platform ip unicast counts
sh platform ip unicast failed
sh ip cef switching statistics feature
But from your tcam output, i see IPv4 unicast indirectly-connected routes are
close to max (1921/2176). You also said about
If i understand correctly, you're doing netflow for bridged IP traffic.
If yes, do you have a a corresponding VLAN interface with an IP address as the
one you're gathering netflow data from?
Maybe posting your mls/flow config would help a little more.
--
Tassos
Andy Ellsworth wrote on
route-cache flow with ip flow
ingress.
--
Tassos
Andy Ellsworth wrote on 29/4/2008 7:37 μμ:
Tassos Chatzithomaoglou wrote:
If i understand correctly, you're doing netflow for bridged IP traffic.
Correct.
If yes, do you have a a corresponding VLAN interface with an IP
address as the one you're
SXF is too buggy on netflow I haven't tried SXF13 or SXH though.
--
Tassos
Andy Ellsworth wrote on 29/4/2008 10:02 μμ:
Tassos Chatzithomaoglou wrote:
Maybe add mls nde sender version 5? I don't know if that's causing
any problem, but from your previous output, you're using v7 for PFC
The debug shows that the snmp packet is received by the SNMP process, although
it's dropped afterwards:
May 3 19:53:45.341: SNMP: Packet received via UDP from x.x.x.x on FastEthernet0
May 3 19:55:29: %SEC-6-IPACCESSLOGS: list 99 denied x.x.x.x 1 packet
I believe the acl check could be done
George,
I guess you're referring to snmp traps (not syslog entries).
If yes, try no snmp-server trap authentication acl-failure.
Otherwise, i would be interested to see these syslog entries.
--
Tassos
Koffler, George A. wrote on 3/5/2008 6:58 πμ:
Jeff,
I've noticed that, unlike other
Although the operating mode of a 7606/RSP720-3CXL (12.2(33)SRB2) is PFC3BXL
(due to a 3BXL card), i can see 96k as the maximum
number of mac-addresses on the SUP, which means i'm not loosing one of the
advantages of 3CXL mode. Am i missing something here?
7606#sh mod
Mod Ports Card Type
Any idea why the switch listens to all these ports?
3400#sh ip sockets
ProtoRemote Port Local Port In Out Stat TTY OutputIF
17 0.0.0.0 0 x.x.x.x 1967 0 0 211 0 (sla control)
17 y.y.y.y 162 x.x.x.x 61570 0 00 0
I guess the match any under your class is like the class-default which cannot
be used for policing
on the 3550.
On the other hand, dscp 0 refers to all traffic on untrusted ports, which
might be ok for you.
--
Tassos
Chris Riling wrote on 8/5/2008 8:23 μμ:
I had heard of that before as
You're probably using a fake SFP.
What does show errdisable recovery show?
You can try a combination of the following, but i'm not sure if they'll help
you.
service unsupported-transceiver
no errdisable detect cause gbic-invalid
Check the ios version too, below:
1 - 100 of 407 matches
Mail list logo