2015-10-28 14:28 skrev Dan Brisson:
On 10/28/2015 9:06 AM, daniel@reaper.nu wrote:
2015-10-28 13:37 skrev Mark Tinka:
On 28/Oct/15 14:27, Dan Brisson wrote:
I'm hoping to get some feedback on how to limit/shape bandwidth for
customers in a co-lo environment. Currently customers are c
2015-10-28 13:37 skrev Mark Tinka:
On 28/Oct/15 14:27, Dan Brisson wrote:
I'm hoping to get some feedback on how to limit/shape bandwidth for
customers in a co-lo environment. Currently customers are connected
to Cisco 3750 switches at either 10, 100, or 1Gig depending on what
they purchase
build L2 network not relying on STP.
Regards,
Daniel Dib
Senior Network Architect
CCIE #37149
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Daniel Dib
> Sent: den 1 oktober 2015 11:02
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] No IPv6 support in VRF on Catalyst 3560/3750?
>
> Hi,
>
>
>
s already sitting on some information.
Best regards,
Daniel Dib
Senior Network Architect
CCIE #37149
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-Original Message-
From: CiscoNSP List [mailto:cisconsp_l...@hotmail.com]
Sent: den 18 september 2015 08:27
To: Daniel Dib; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Unintentional load balancing of traffic
Thanks Daniel.
> Please give us a show ip route x.x.x.x and show ip o
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
CiscoNSP List
Sent: den 18 september 2015 01:58
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Unintentional load balancing of traffic
Hi Everyone,
Have a PE that has 2 "interpop" connections bac
As far as I can see he is just policing undesirable and netbios. The other
classes are just there without policing so it will not do something or he
didn't paste the entire config here. I don't think it looks related to CoPP
based on that output.
I suppose a Telnet on TCP on port 179 to the other
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark
Tinka
Sent: den 22 maj 2015 04:51
To: CiscoNSP List; alum...@gmail.com; Phil Mayers
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] "New" IOS release time frame, when bug is identified
On 2
traceroute, what labels are used.
Verify that new interface comes up, MPLS is enabled, do a traceroute, verify
new labels and so on.
From: Eric Louie [mailto:elo...@techintegrity.com]
Sent: den 2 maj 2015 02:12
To: Daniel Dib
Cc: CiscoNSP
Subject: Re: [c-nsp] MPLS interface continuity and
label for
MPLS switched traffic. The RIB and FIB is what creates the LFIB.
Best regards,
Daniel Dib
Senior Network Architect
CCIE #37149
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Eric
Louie
Sent: den 1 maj 2015 21:10
To: CiscoNSP
Subject: [c
returned.
-
I wrote a post about pretty much exact that scenario a while back if I
understood you correctly:
http://packetpushers.net/nat-saves-the-day/
Daniel Dib
CCIE #37149
2014-01-24 09:50 skrev Peter Persson:
> Hey,
>
> Are you running some xconnects on these or just simple interfaces?
> A good thing is to move the xconnects (if there is any) from interface to
> service instance, this makes the machine to not learn mac-addresses.
>
> /Peter
>
> Hi,
>
protection of the
control plane? The documentation talks about some default CoPP policy
but I could not see if it was applied.
What else can be done to protect against these kind of situations?
Best regards,
Daniel Dib
CCIE #37149
___
cisco-nsp
which is the IP of the interface on the 3600.
Any clues?
Regards,
Daniel Dib
CCIE #37149
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
2014-01-14 21:27 skrev Saku Ytti:
> On (2014-01-14 21:44 +0200), Mark Tinka wrote:
>
>> The ME2600X is great, but lacks the Layer 3 and MPLS capabilities (along
>> with a few QoS restrictions, but still better than any other switches in
>> Cisco's arsenal).
>
> I took a look at ME2600X rec
2014-01-14 20:44 skrev Mark Tinka:
> On Tuesday, January 14, 2014 05:06:33 PM
> daniel.dib@reaper.nuwrote:
>
>> The devices will likely be ASR9001 for PE and ME2600 for Access.
>
> I would go for the ME3600X, as that gets you proper IPv4,
> IPv6 and MPLS in the Access, along with features.
iding backup PW. I also think MST-AG and REP-AG could be viable
options but I'm not sure if they work for all services.
The devices will likely be ASR9001 for PE and ME2600 for Access.
Regards,
Daniel Dib
CCIE #37149
___
cisco-nsp mailing list
re. Thanks.
Best regards,
Daniel Dib
CCIE #37149
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
2013-08-22 10:36 skrev Chris Russell:
>> you missing any features
compared to ME devices? Has VPLS been running well or have you had any
issues?
The ME is a great little device.. and from my limited exposure
to them
"just works". Agree with you on the 10G ports. Brocades'
addition of
4x10G
? Are
you missing any features compared to ME devices? Has VPLS been running
well or have you had any issues?
Any other suggestions on how to
deploy with ME3600/3800? Maybe put something like 4500 user facing and
then trunk that to ME3600/3800?
Thanks for any inp
l authenticate both at level 1 and
2. So your configuration seems correct. So in summary right now you are
authenticating hello packets and LSPs and SNPs at all levels.
Best
regards,
Daniel Dib
CCIE #37149
___
cisco-nsp mailing list cisc
[3]
Best regards,
Daniel Dib
CCIE #37149
2013-07-01 19:33 skrev
daniel@reaper.nu:
> When testing on 12.4 code I get the following
from debug isis
> adj-packets and debug isis authentication information:
>
> ISIS-Adj: Rec
> L2 IIH from c201.0d84. (FastEthernet0/0)
ISIS-Adj: Authentication failed
So the MAC
address and interface is recorded. Don't you have these debugs or do
your debugs not show this information?
Best regards,
Daniel Dib
CCIE #37149
2013-07-01 18:31 skrev John Neiberger:
> This box is
running 12.2(33)SRC code. The TAC engi
On Fri, 21 Dec 2012 21:10:32 +1100, Reuben Farrelly wrote:
Hi Daniel
On 21/12/2012 8:26 PM, daniel@reaper.nu wrote:
Hi,
I'm trying to setup Multicast VPN (MVPN) on a Cisco ME3600. It's a
ME-3600X-24FS-M and the software is
me360x-universalk9-mz.151-2.EY1a.bin. There seems to be an issue
on or is MVPN a bit flakey on the ME3600?
Thanks.
Daniel Dib
CCIE #37149
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi,
I'm having some trouble with a Cisco ASA 5505. It is performing very badly
and I'm whondering if switch ingress policy drops can have this impact on
performance? The topology is quite simple.
Cisco ASA 5505 - RAD tiny bridge - SDH network - RAD tiny bridge - Cisco
Catalyst 3560-X - Cisco ASA
On to, mar 31, 2011 at 13:50:33, Gökhan Gümüş wrote:
> Subject: Re: [c-nsp] Unidirectional CDP traffic
>
> Hi Daniel,
>
> Thanks for this.
> Actually interfaces are all working as trunk port however they
> configured like this.
>
> We cleared counters and made ping tests.
> Please see our test
On to, mar 31, 2011 at 13:22:19, Gökhan Gümüş wrote:
> Subject: [c-nsp] Unidirectional CDP traffic
>
> Hi all,
>
> One of our customer is experiencing a strange problem.
> We are providing a link between London and Stockholm via DWDM.
> Customer is not able to ping remote site.
> Strange things f
On må, feb 07, 2011 at 15:16:30, Peter Rathlev wrote:
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] TTL not decrementing (MPLS, SXI, Sup720)
>
> Hi Manu,
>
> On Mon, 2011-02-07 at 15:09 +0100, Manu Chao wrote:
> > If IP TTL propagation is disabled in your MPLS Core with the no mpls
> >
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Lin Domingo
Sent: den 13 augusti 2010 05:47
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Weird Routing Behaviour
>I am having weird routing issues with the T1 circuits. We
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jay Nakamura
Sent: den 12 augusti 2010 21:10
To: cisco-nsp
Subject: [c-nsp] App to manage pushing out changes
>Anyone have recommendation on any application that can push ou
Hi,
I am having some trouble setting up a VPN-tunnel between two Cisco
routers. One end is my router and the other end is controlled by
another company.
We seem to get stuck in the key exchange in ISAKMP phase 1. This is
strange since tunnel has been up before but won't come up again.
Neither
On 3/24/10 01:33 Dunn, Rodney wrote
>I didn't want to plug for myself so thanks. ;)...as we are going to
>present the OPSEC WG in about 10 minutes at IETF. ;)
>In this draft we want to raise the awareness of protecting the control
>plane and give a simplistic and minimalistic example. No two
-Ursprungligt meddelande-
Från: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] För CJ
Skickat: den 3 november 2009 18:12
Till: cisco-nsp@puck.nether.net
Ämne: [c-nsp] Issue with secondary ip address
Hello all,
I have a vlan that has a primary and second
Sorry for toppost. It would be nice to be able to match IS-IS directly but
there are workarounds. Either have a class that matches all IP that is left
after all your other classes, not class-default. The only thing that will be
left after that is IS-IS. Or use mls qos protocol passthrough if you wa
Hi all,
Does anyone have any baseline CoPP policies to put in place on a
switch where you can't really anticipate the kind of traffic that will be
coming into it but you need the IP INPUT processes, etc to stay at some
level of control?
I've seen the Cisco TTL Expiry attack docu
On Tue, 16 Sep 2008, Matt Liotta wrote:
I currently have a 3750ME connected via one of its ES interfaces to a
6509 on one of the OSM (GE-WAN) interfaces and things work fine.
However, when I try to connect the other ES port on the same 3750ME to
a 7609 GigE interface the port won't come up
On (2008-07-02 17:19 +0530), Vikas Sharma wrote:
> has anyone used /31 network instead of /30? I believe this is recommended
to
> use /31 network? Need expert comments.
We've been running it for a long time. We use it for PE-CPE links where CPE
is c877/1800/3750/7300 etc. Haven't seen any issue
*On SwitchA:*
SwitchA receives the request (arp who has) for the IP address of Host B and
it checks its MAC table but none found so it will broadcast the request to
all ports and changes the Src MAC to that of the switch port that is
directly connected to e0 on the router.
Switches don't modify
Hi.
Two tools you should definately check out if you haven't already are Hping
and yersinia. Hping is a tool for crafting packets, you specify TCP or UDP
and port number etc and how often you want to send packets, good for testing
ACL's and CoPP-policies. Yersinia is a tool for flooding CDP and BP
Citerar Saku Ytti <[EMAIL PROTECTED]>:
> On (2007-11-08 10:18 +), Phil Mayers wrote:
>
>> mls qos protocol arp police 10 pps per-mac
>>
>> A single host can kick out thousands of ARP requests/sec and thus
>> trigger the rate limiter which then stops all ARP requests on all
>> interfaces :o(
>
Hey Michael.
Here is something you can try out. Instead of using CoPP to limit ARP use
the hardwarebased ratelimiters.
mls rate-limit unicast cef glean 2 60 - This limits the number of
ARP-packets punted to the RP of the type glean. This will occur when traffic
is sent to a connected host fo
-Ursprungligt meddelande-
Från: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] För Jay Hennigan
Skickat: den 18 juli 2007 21:45
Till: Masood Ahmad Shah
Kopia: cisco-nsp@puck.nether.net
Ämne: Re: [c-nsp] DHCP snooping with PIX 7.22 as dhcp server fails
Masood Ahmad Shah wrote:
> The caveat w
-Ursprungligt meddelande-
Från: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] För Jay Hennigan
Skickat: den 18 juli 2007 20:24
Till: cisco-nsp@puck.nether.net
Ämne: [c-nsp] DHCP snooping with PIX 7.22 as dhcp server fails
I have a network with a 3550 switch behind a PIX. The PIX is acting
45 matches
Mail list logo
