I went through the vpn wizard and I am able to connect and get an address. I
cannot ping nor access any devices on my lan through the vpn. I did enable the
sysopt for vpn. Is there anything Im missing that the wizard didn't ask me?
___
cisco-nsp
I went through the wizard and I can connect to the vpn no problem. My issue is
that I can only ping the inside interface of the firewall and nothing else. I
cannot browse anything either. I added the sysopt connection permit-vpn and
that still does not work.
I have 2 data centers each with internet circuits. Both sites are running BGP
and peering with CenturyLink as part of our MPLS design. I have 24 sites that
just use static routing to Clink. My primary site is advertising
default-originate so all my other sites can get to the internet. How
class-map match-any Best-effort
match ip precedence 0 1
class-map match-any Priority-Three
match ip precedence 2 3
class-map match-any Priority-Two
match ip precedence 4 6 7
class-map match-any Priority-One
match ip precedence 5
!
!
policy-map ELA_QUEUING_POLICY
class Priority-One
I am seeing over a million outputs drops per day. This
is a 100Mb mpls connection that is shaping down to 10. Is there any way to
improve on my drops ? Do I need to up my queue
limit on this interface and if so, what would be a good number to use.
I’m not sure how to tweak this without
-default statements - simply to
match non IP traffic (depends on purpose of link).
On Tue, Nov 5, 2013 at 12:00 PM, Michael Sprouffske msprouff...@yahoo.com
wrote:
class-map match-any Best-effort
match ip precedence 0 1
class-map match-any Priority-Three
match ip precedence 2 3
class-map
I just increased polling on that interface to see if maybe we are getting
bursty traffic that is filling the queues. It might be that we are filling the
interface and not knowing it because polling was set to 30 seconds.(LOL)
On Tuesday, November 5, 2013 12:24 PM, Michael Sprouffske
.
From: Michael Sprouffske msprouff...@yahoo.com
To: Alex Pressé alex.pre...@gmail.com
Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent: Wednesday, 6 November 2013 5:29 AM
Subject: Re: [c-nsp] cisco 2901 qos
I get 1
millions drops per day from the best-effort
I am struggling to get netflow off this box to my prtg server. I set
everything up per cisco documents and I see that udp export packets are being
sent from the ASA. I never recieve those on my prtg server. I have several
other devices setup and working just fine ( a bunch of routers). Is
I currently have a juniper ssl vpn appliance. Is there any way to prioritize
traffic going over an ssl vpn connection? The voip works well until someone
dowloads a file through the vpn and then the voip experiences latency. Is
there a appliance that will do this on the box itself or is this
Is there a safe way to change the speed and duplex of a remote routers WAN
connection without taking down the link while making the changes? I know if
you change the speed and its wrong you will lose connectivity. I have a link
that is setup auto, but my isp has their end setup 10 full. I
I attached a new switch to the network and it took down our contact center that
doesn't touch this switch nor does the phone system. Is this spanning tree
doing this? I don't see anything in the logs that show a change in spanning
tree.
I also had an employee unplug a switch by accident and
.
From: Jeff Kell jeff-k...@utc.edu
To: Michael Sprouffske msprouff...@yahoo.com; cisco-nsp@puck.nether.net
cisco-nsp@puck.nether.net
Sent: Tuesday, June 4, 2013 4:04 PM
Subject: Re: [c-nsp] Possible spanning tree issue
On 6/4/2013 6:56 PM, Michael Sprouffske wrote:
I attached a new
Here is my network. The switch that was unplugged was 10.11.1.205. All
critical systems are attached to the 1st floor avaya. Our contact center sits
behind the 2nd floor avaya.
From: Michael Sprouffske msprouff...@yahoo.com
To: cisco-nsp@puck.nether.net
...@templin.org
To: Michael Sprouffske msprouff...@yahoo.com
Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent: Tuesday, June 4, 2013 4:24 PM
Subject: Re: [c-nsp] Possible spanning tree issue
On 6/4/13 3:56 PM, Michael Sprouffske wrote:
I attached a new switch to the network
This was most definitely a topology change. Happened when this outage occured.
From: Pete Templin peteli...@templin.org
To: Michael Sprouffske msprouff...@yahoo.com
Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent: Tuesday, June 4, 2013 4:24 PM
I installed the module and it appears that the url filtering does not work
correctly. If I have url filtering on, web pages take 60-90 sec to load. If I
turn off the filtering then the pages load right away. Anyone have experience
with this? Is the content module just a poor choice to use?
I'm about to scrap my 3750E for a 49xx. I have packet drops and buffer misses.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Could someone give me some insight as to what is causing the misses? I'm
currently researching this on the inter webs. I also notice an interface with
several drops as well.
model: WS-C3750X-24T-S
Buffer elements:
1061 in free list (500 max allowed)
3479036431 hits, 0 misses,
I'm thinking that some switch qos needs to be put in place to resolve this
issue. What does everyone think? We currently don't have qos running in the
switched network. We only have qos running on the routers for the uplinks.
From: Michael Sprouffske
I currently have vwic3-1mft-t1/e1 cards in my 1941 routers. I will be
installing another wic into this router for bonded t1 and wanted to make sure I
can use this card with vwic2-1mft-t1/e1. I don't see why I can't use the two
together for this as they are both supported on the platform.
If anyone got an email from my address last night, it wasn't from me. My
account was hacked last night and I fixed the issue and the spamming should
stop now. Sorry about that.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
http://www.myfanwyjones.com/xeou/pkuqhgpevfkvw.pdz
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I'm trying to have my cisco router set the next-server address and the bootfile
name. I see the cisco dhcp server sending that info correctly to the computer
but the machine never takes the offer. If just fails trying to load from pxe.
If I take the pxe server and attach that to the machine
Also, the pxe is on the same subnet as the router. I don't use helper
address's.
From: Michael Sprouffske msprouff...@yahoo.com
To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent: Thursday, February 28, 2013 3:04 PM
Subject: [c-nsp] cisco pxe boot
I get the transfer going and then it errors out at 32,768KB. Does this mean
that I can only transfer that amount of data? Not sure I've run into this
issue before. Some guidance on copying an ios image from flash to a tftp
server would be much appreciated.
Can someone please point me in the right direction to correct this issue. I
came into a network that is using the default vlan and for about 2 weeks now,
every switch and port is rapidly blinking. I looked at wireshark and don't
seen anything out of the ordinary. I also checked for loops in
some light.
From: a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk
To: Michael Sprouffske msprouff...@yahoo.com
Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent: Monday, January 28, 2013 11:21 AM
Subject: Re: [c-nsp] Switch lights rapid blinking
Hi
.
From: a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk
To: Jeffrey G. Fitzwater jf...@princeton.edu
Cc: Michael Sprouffske msprouff...@yahoo.com; cisco-nsp@puck.nether.net
cisco-nsp@puck.nether.net
Sent: Monday, January 28, 2013 12:50 PM
Subject: Re: [c-nsp
Nope, this is happening on all 3 floors of this building and its across about 8
switches. I don't see high cpu, the network is functioning properly. I just
don't see that this is normal behavior.
From: Andrew Miehs and...@2sheds.de
To: Michael Sprouffske
Yep, every port is in the default vlan until I'm allowed to make changes and
split this large broadcast domain into vlans.
From: Andrew Miehs and...@2sheds.de
To: Michael Sprouffske msprouff...@yahoo.com
Cc: cisco-nsp@puck.nether.net cisco-nsp
chatter alone from 200 hosts is likely to light that up like a
Christmas tree.
On Mon, Jan 28, 2013 at 2:51 PM, Michael Sprouffske
msprouff...@yahoo.comwrote:
I don't see high cpu on any switch. Traffic seems to flow just fine. I'm
not sure if the ports did this the whole time
Does anybody know of some good documentation for these devices? I am tasked
with learning how to use 5650 avaya switches.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
I know this isn't the best place for this but I thought this team might have an
answer for me. I have switches that don't send the interface description with
traps and that makes it hard to tell what the alert is. Now, solarwinds can
poll the device and it has the interface description. The
.
From: Andrew Miehs and...@2sheds.de
To: Michael Sprouffske msprouff...@yahoo.com
Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent: Thursday, October 4, 2012 2:37 PM
Subject: Re: [c-nsp] solarwinds question
Where are you sending your traps?
The should be sent
What needs to be done in order for the switch to pass the descriptions of the
interfaces. I looked at a debug and the switch is only sending the physical
interface name and not the description. I did a walk on the device and was
able to pull this information.
I'm having a hard time understanding exactly why you need to create a loopback
interface and associate that with a customer vrf. Could someone please list out
a couple reasons and examples why this is used and then its not used so I have
a better understanding.
I would agree with Nick about keeping your ip address's at a pop for cleaner
route tables. I do in some places advertise /32 instead of the blocks on 2 of
my routers. We started to do that for business customers and found that we
aren't liking it. It's a pain dealing with the same block on 2
I currently have a calix switch attached to a Cisco 7606. I'm doing Q-n-Q to
the router and having an issue with customers obtaining an ip address. If I
delete and re-create the sub interface for the customer they can get an ip and
I see an arp entry. I also looked at my dhcp server logs to
So, I have this hsrp lab setup with a coulple PE routers and come CE routers.
Everything works and all is well. I wanna know how the 2 PE routers that are
playing in the hsrp role notify other PE routers upstream or if they do. So
for example, I have one CE1 router attached to PE1 and PE2
I'm having a hard time grasping, just exactly what the export feature does.
From what I see, the import command basically tells the vrf which routes to let
into the table. Can any body give me a answer as to what the export route
target feature really does in a large network?
Quick question to all. When I configure the nssa area it removes the static
default route I setup on my remote router. I configured a static route of
0.0.0.0 0.0.0.0 x.x.x.x on the remote router and it has a metric of 1 and a
cost of 0. When the nssa commands are put in place on the head end
Just curious about this question for my exam. The answer says igp and aggregate
command. Just wondering why you couldn't manually put that in the table?
Might be a dumb question.
What are the two reasons for the appearance of 0.0.0.0 as the next hop for a
network in the show ip bgp command
I'm looking to find something I can implement that will monitor all ospf
changes in a nice clear manner. Snmp traps are ok but, they don't make things
easy for multiple people to see. Any suggestions will be great.
___
cisco-nsp mailing
I'm going to lab up a tunnel and I am concerned about rate limiting I already
have in place for my vrf's. For example, I have 3 vrf's and I am rate
limitting them to 10MB each. When I create the rsvp bandwith for the tunnel,
will I have to set that to 30MB? Will the rate limiting I already
I am going to implement password protection in my mpls network and I would like
to make this happen without breaking the whole network. Is there a way to do
this without tearing down every ldp session? Thanks for any help on this.
___
Ok, ive got my key chain setup and im a little confused on one of the argument
statements.
The number argument
defines the order in which the access lists are evaluated in the
determination of a neighbor password. The valid range is 1 to 32767.
I'm not really sure what that mean, if someone
I'm not sure if this has already been posted.
I'm trying to figure out a concept of the TE tunnel. It appears that when a
tunnel is created it will forward all traffic destined for the end point down
the tunnel. My question is, is there a way to create a tunnel and have only
specific traffic
48 matches
Mail list logo