Re: [c-nsp] 3750-E + CVR-X2-SFP10G + SFP-10G-SR = disappearing media
-Original Message- From: Holemans Wim [mailto:wim.holem...@ua.ac.be] Sent: 10 May, 2010 23:13 To: Matthew White (MAWHI); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] 3750-E + CVR-X2-SFP10G + SFP-10G-SR = disappearing media We have a similar setup but with X2 interfaces, so no X2 to SFP+ convertors and that works just fine. Have you checked the transceiver parameters ? Hi Wim, Thanks for your reply. It appears that all of the values are withing normal operating parameters: #show int ten2/0/2 trans det ITU Channel not available (Wavelength not available), Transceiver is internally calibrated. mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable. ++ : high alarm, + : high warning, - : low warning, -- : low alarm. A2D readouts (if they differ), are reported in parentheses. The threshold values are calibrated. High Alarm High Warn Low Warn Low Alarm Temperature Threshold Threshold Threshold Threshold Port (Celsius) (Celsius) (Celsius) (Celsius) (Celsius) - -- -- - - - Te2/0/2 44.275.070.0 0.0 -5.0 High Alarm High Warn Low Warn Low Alarm VoltageThreshold Threshold Threshold Threshold Port (Volts)(Volts) (Volts)(Volts)(Volts) - ----- - - - Te2/0/23.29 3.633.463.13 2.97 OpticalHigh Alarm High Warn Low Warn Low Alarm Transmit Power Threshold Threshold Threshold Threshold Port (dBm) (dBm) (dBm) (dBm) (dBm) - - -- - - - Te2/0/2 -2.5 1.7-1.3-7.3 -11.3 OpticalHigh Alarm High Warn Low Warn Low Alarm Receive Power Threshold Threshold Threshold Threshold Port (dBm) (dBm) (dBm) (dBm) (dBm) ---- -- - - - Te2/0/2 -2.9 2.0-1.0-9.9 -13.9 Maybe they are not within limit causing a shutdown of the interface ? (temperature, input power, output power). The first batch of (non-cisco) X2 transceivers we got, all gave wrong information about thresholds e.d. After replacing them, everything was fine. sh int te1/0/1 transc detail should give you this info. We are running version 122-50.SE2. Wim Holemans Network/Security Manager University of Antwerp -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Matthew White (MAWHI) Sent: dinsdag 11 mei 2010 0:03 To: cisco-nsp@puck.nether.net Subject: [c-nsp] 3750-E + CVR-X2-SFP10G + SFP-10G-SR = disappearing media Greetings, I have an open TAC case about this but I figured I'd ask here as well. I recently installed 10 3750-Es in 5 2-member stacks. Each stack has 2 uplinks to a 6509-VSS. I'm using X2 to SFP+ converters and 10G SFP+ modules on both ends of the links between the stacks and the VSS. In each stack I'm using interface Ten1/0/1 and Ten2/0/1. There is currently no real traffic on any of the links. The plan is to do a forklift upgrade of our existing production network and I've set the 3750/VSS up in a test environment. With the exception of two hosts talking iperf to each other, the network is quiet. The problem I'm seeing is this: after about 6 to 8 hours a 10G interface on the 3750 side will go down. Saying 'show int Ten2/0/1' will show the media type as Not Present: Full-duplex, 10Gb/s, link type is auto, media type is Not Present as opposed to: Full-duplex, 10Gb/s, link type is auto, media type is SFP-10GBase-SR I am seeing this behavior on three individual switches and in each case it is ten2/0/1 that fails. I've replaced the X2 converter, the SFP+ module and moved the converter to Ten2/0/2 but the symptoms persist. I RMA'd one of the switches and just installed the replacement, hopefully this will solve the problem. I also checked software compatibilty and the switches are running (C3750E-UNIVERSALK9-M), Version 12.2(53)SE2 Has anyone seen this before? -mtw ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 3750-E + CVR-X2-SFP10G + SFP-10G-SR = disappearing media
Greetings, I have an open TAC case about this but I figured I'd ask here as well. I recently installed 10 3750-Es in 5 2-member stacks. Each stack has 2 uplinks to a 6509-VSS. I'm using X2 to SFP+ converters and 10G SFP+ modules on both ends of the links between the stacks and the VSS. In each stack I'm using interface Ten1/0/1 and Ten2/0/1. There is currently no real traffic on any of the links. The plan is to do a forklift upgrade of our existing production network and I've set the 3750/VSS up in a test environment. With the exception of two hosts talking iperf to each other, the network is quiet. The problem I'm seeing is this: after about 6 to 8 hours a 10G interface on the 3750 side will go down. Saying 'show int Ten2/0/1' will show the media type as Not Present: Full-duplex, 10Gb/s, link type is auto, media type is Not Present as opposed to: Full-duplex, 10Gb/s, link type is auto, media type is SFP-10GBase-SR I am seeing this behavior on three individual switches and in each case it is ten2/0/1 that fails. I've replaced the X2 converter, the SFP+ module and moved the converter to Ten2/0/2 but the symptoms persist. I RMA'd one of the switches and just installed the replacement, hopefully this will solve the problem. I also checked software compatibilty and the switches are running (C3750E-UNIVERSALK9-M), Version 12.2(53)SE2 Has anyone seen this before? -mtw ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 line card mounted cable management bars (??)
copper cards. Lots of modular solutions, cable assembles, patch panels, available. Panduit makes a cable assemblies for this purpose. Might not be exactly what the OP was looking for, but it may help. http://bit.ly/bT6Nfd ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Help !!
If you need branch to branch communications you might want to consider DMVPN (Dynamic Multipoint VPN). cf. http://www.cisco.com/en/US/products/ps6658/index.html -mtw -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Wednesday, December 16, 2009 8:38 AM To: osmcr...@gmail.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Help !! This sounds like a good candidate for VPN. We personally use the ASA5520 for a concentrator in a similar application providing both LAN to LAN (branch office connectivity) and VPN Client access for mobile end users and their laptops. Depending on the pipe size and forwarding requirements / branch office sizes you could use Pixes in the field or even routers with VPN functionality and use an ASA as the central concentrator. Lots of ways to get from here to there might be a good time to talk to your Cisco Rep and sales engineer. - Original Message - From: osmcr...@gmail.com To: cisco-nsp@puck.nether.net Sent: Wednesday, December 16, 2009 7:46 AM Subject: [c-nsp] Help !! Hi folks I'm new here and searching for help because i have to prepare a good network topology in which can stablish a connesction between 5 offices, but now i dont have any idea about what kind of router and switch do i use. the scenary is this main office with 30 pcs 1 dns server, 1 mail server and db server and 5 branches with 20 pcs each one all office with different isp with a satatic ip. is it work ? i want to send and receive packets trough a vpn tunnel but i'd like to know what is the best equipment (models) including firewall, vpn security, and all features inside. please let me know it , any help is welcome Thanks in advance and sorry by my ignorance ! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
I don't know if the 7201 will accept PVDMs, so if you need to do voice xcoding on your box that may be a show stopper. According to Cisco's marketing speak the new 2900s will do up to 75Mbps with services such as security, mobility, WAN Optimization However it is 2U. -mtw -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Bill Blackford Sent: Wednesday, November 18, 2009 12:54 PM To: 'Scott Granados'; Ed W; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Router advice The 7201 is 1RU. It's basically an NPE-G2 shoehorned into a 1RU chassis. -b -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Wednesday, November 18, 2009 12:50 PM To: Ed W; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Router advice I'm thinking 7200 series makes sense for you although I believe they are more than 1U. - Original Message - From: Ed W ed.whitesell+li...@gmail.com To: cisco-nsp@puck.nether.net Sent: Wednesday, November 18, 2009 12:09 PM Subject: [c-nsp] Router advice Greetings, I've been out of the market on the latest Cisco routers for a while and I'm looking for some info about a router to use in a small co-located environment. Basic requirements: 2 Copper FastE/GigE 50-75 Mbps throughput HSRP NetFlow Basic ACLs/null routing for Bogons, etc. No dynamic routing No NAT/PAT Preferably 1U More than 2 FE interfaces, IPv6 support and room to grow into a BGP session or two would be nice, but not required. Traffic will be mostly HTTP/HTTPS, Mail (IMAP, POP, SMTP) and some VOIP channels mixed in (G711 G729) My first thought after some research was a 2800 series, but NetFlow seems like a possible red flag. I'd be open to hearing about other vendors' options that meet the requirements (offlist of course), but no Build Your Own/Quagga options. Thanks, Ed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Restricting VPN connections to company hardware?
Hi Scott, Certificate based authentication can meet these needs. This document is just a starting point -- the client certificate installation procedure is onerous. If you have a MS environment it's easier to push out certs with group policy objects than making your end users download and install certificates. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml -mtw -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Wednesday, November 04, 2009 9:43 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Restricting VPN connections to company hardware? Hi, I've been googling but not finding much although I think I'm probably formulating my search incorrectly so I'm hoping for some pointers here. I use ASA 5520 hardware to provide VPN services to end users with Cisco VPN clients and some L2L sessions. We've been finding that folks are configuring IPhones and other non approved devices to attach to the network. What's the best method to certify that end users are connecting with approved devices only? Is there a good way say for me to allow company provided laptops but not allow clients from home machines where users duplicate their profile or non-certified end devices like pocket PC devices? I understand how to filter based on client type but this doesn't prevent someone from copying their profile file from one machine to another. Any pointers would be appreciated. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2600XM usability?
Hi Graham, Of course YMMV, however I just replaced a 2691XM that was doing DMVPN duties running EIGRP (~350 routes). The unit was equiped with a cypto card and max throughput was around 10Mbps. At peak traffic times the CPU would hit 65/70% and this is without running QoS. So, from my perspective the 2621XM doesn't have enough juice to do what you want it to do. Hope this helps, -mtw -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Graham Wooden Sent: Monday, October 19, 2009 3:25 PM To: cisco-nsp Subject: [c-nsp] 2600XM usability? Hi all, I have a new network connecting to me that I will be shoving down some routes to them via a 5Mb metro-ethernet. They have a 2621XM. It will be doing BGP, with maybe a route table of 86K routes (mine plus their other provider, which I think is being delivered by a 2xT1 mlppp). I think it's the 128D/32F model. Not sure of the IOS as of yet. Does anyone have any real-world usability with this platform? Will this box hold up to 8Mb of traffic, with QoS/ACL and BGP with this number of routes? Thanks, -graham ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2600XM usability?
Hi Graham, I think a 2821 with enough memory would do the trick. Even new, the ones without the AIM module are fairly inexpensive. -mtw -Original Message- From: Graham Wooden [mailto:gra...@g-rock.net] Sent: Monday, October 19, 2009 5:08 PM To: Matthew White; cisco-nsp Subject: Re: [c-nsp] 2600XM usability? I appreciate the reply Matthew. Yikes, yeah - I don't think that'll work. Any suggestions for something on the used market that will suffice? Maybe I should look for a 3640 or something. Thanks! -graham On 10/19/09 6:32 PM, Matthew White ma...@vestas.com wrote: Hi Graham, Of course YMMV, however I just replaced a 2691XM that was doing DMVPN duties running EIGRP (~350 routes). The unit was equiped with a cypto card and max throughput was around 10Mbps. At peak traffic times the CPU would hit 65/70% and this is without running QoS. So, from my perspective the 2621XM doesn't have enough juice to do what you want it to do. Hope this helps, -mtw -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Graham Wooden Sent: Monday, October 19, 2009 3:25 PM To: cisco-nsp Subject: [c-nsp] 2600XM usability? Hi all, I have a new network connecting to me that I will be shoving down some routes to them via a 5Mb metro-ethernet. They have a 2621XM. It will be doing BGP, with maybe a route table of 86K routes (mine plus their other provider, which I think is being delivered by a 2xT1 mlppp). I think it's the 128D/32F model. Not sure of the IOS as of yet. Does anyone have any real-world usability with this platform? Will this box hold up to 8Mb of traffic, with QoS/ACL and BGP with this number of routes? Thanks, -graham ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Enclosed rack with filtered air
I've had good success with Hoffman cabinets: http://www.hoffmanonline.com/product_catalog/product_detail.aspx?cat_1=34cat_2=2410cat_3=81607catID=81607itemID=69583 You can get them with or without integrated AC units. I can put you in touch with a reputable manufacturer's rep if you need further information. -mtw From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] On Behalf Of scott owens [scottowen...@gmail.com] Sent: Saturday, October 03, 2009 08:37 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Enclosed rack with filtered air Hello, I need to put two 6509s in a non-clean warehouse. I thought I could just put them in a standard rack with some AC filters attached to the bottom and let the air get pulled out of the top. However the rack is not airtight enough and I am getting a lot of drywall/dust in the rack and switches. Anyone here know where / how to find a semi-sealed enclosed rack with filtered forced air ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 720x VXR -12V Sensor
Roy, I encountered a similar issue with a 7204VXR + I/O-2FE/E + NPE-225. I worked with TAC and started by replacing both power supplies; no good. This router was due for an NPE-G1 upgrade so I installed the replacement and kept the I/O controller installed; no good. I finally pulled out the I/O controller and that solved the problem. -mtw From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] On Behalf Of roy [bandwidth.u...@gmail.com] Sent: Tuesday, September 22, 2009 03:52 To: cisco-nsp@puck.nether.net Subject: [c-nsp] 720x VXR -12V Sensor Does anyone know which IC is being used by the 720x VXR router for monitoring the voltage readings (specially the one for -12V)? I've looked around and seems the DS1620 on I/O card is only for temperature. I could be wrong though. Would appreciate if anyone can point me into the right docs. Trying to troubleshoot an internal -12V issue which shuts down my 7206VXR upon reaching the threshold within 5 minutes of power-up. This happens on C7206VXR chassis, NPE-400, I/O-2FE/E controller. I have only been looking into the I/O controller. All tray fans working; input voltage good and clean on either/both PSU's. Inlet/outlet temps within range. Thanks, roy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NBAR + QoS - policing kills class-default traffic
Greetings, I've got the following kit: Cisco 7204VXR (NPE-G1) processor Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(24)T1 and the following NBAR + QoS config: class-map match-any HULU match protocol http host t2.hulu.com match protocol http host t.hulu.com match protocol http host hulu.com class-map match-any YOUTUBE match protocol http host youtube.com class-map match-all PANDORA match access-group name PANDORA_SERVERS class-map match-any WEB_ENTERTAINMENT match class-map PANDORA match class-map HULU match class-map YOUTUBE policy-map LIMIT_INTERNET_TRAFFIC class WEB_ENTERTAINMENT police 8000 conform-action transmit exceed-action drop interface GigabitEthernet0/1 ip address x.x.x.x 255.255.255.192 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery no ip mroute-cache duplex full speed 100 media-type rj45 no negotiation auto service-policy output LIMIT_INTERNET_TRAFFIC The policy polices HULU and PANDORA, counters don't increment for YOUTUBE (and doesn't get policed) and after 3 or 4 minutes ALL web traffic is policed. Has anyone seen this behavior before? Yours Sincerely, Matthew White Sr. Network Engineer Group IT, Operations, Network Vestas Wind Systems A/S T: +1 503 327 2320 M: +1 503 927 5728 ma...@vestas.com Company reg. name: Vestas Wind Systems A/S This e-mail is subject to our e-mail disclaimer statement. Please refer to www.vestas.com/legal/notice If you have received this e-mail in error please contact the sender. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/