Re: [c-nsp] Search small replacement for Cisco 12k with ATM/OC3 interface

2014-01-20 Thread Markus H
On Mon, Jan 20, 2014 at 5:18 PM, Mikael Abrahamsson  wrote:
> On Mon, 20 Jan 2014, Sigurbjörn Birkir Lárusson wrote:
>
>> There is a warning on boot up that the router might explode and spread its
>> ashes into space (or similar).
>
>
> This is not my experience. The warning seen when booting 15.2M on a NPE-300
> isn't shown when booting it on an NPE-400.
>
> 15.2M (latest) will boot on NPE-300 with 256M of ram (with warning saying
> it's not supported), but there isn't much memory to spare for routes.

I ran some 15.x code on an NPE-300 (including LISP) but I would
strongly advise against using that in producion because at least CEF
is broken with that release on the NPE-300.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


Re: [c-nsp] 7200VXR no packets being routed w/ CEF enabled

2013-12-27 Thread Markus H
Downgrading to 12.3(22) fixed the issue.

Thanks, Markus


On Fri, Dec 27, 2013 at 9:21 AM, Oliver Boehmer (oboehmer) <
oboeh...@cisco.com> wrote:

>
>
>  Hi,
>
>  I am not in Hamburg, I am providing a tunnel for a remote öocation
> participating in Congress Everywhere (as you might guess from the config).
> I'll try some older IOS versions (and I really need to get myself an
> NPE-G1 from ebay since they don't cost much more then an NPE-400).
>
>
>   ah, ok… 12.3 should still be next version to load, CEF
> was heavily rewritten in 12.4/15.0, not sure if everything works on NPE300..
>
>  oli
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


[c-nsp] 7200VXR no packets being routed w/ CEF enabled

2013-12-26 Thread Markus H
Hi,

My 7204VXR (NPE-300) is showing weird behaviour. When enabling CEF no
packets are actually routed.

Config minus passwords can be found here:
http://pastie.org/private/ehsxoszlhqxo9lzftjzg

This also happened before using the tunnel (when I just NATed out via the
Dialer 1 interface)

Any Ideas? (Other than using an older IOS version which I will try tomorrow)

Greetings, Markus
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


Re: [c-nsp] cheap core switch for a "hacker space" (nonprofit association)

2013-12-10 Thread Markus H
Thanks for the input so far.

I have found a Cisco Catalyst 4948-S to be less expensive on ebay than two
3750G-24 (and both options are far cheaper than any Juniper EX on ebay).

So the benefit of a 4948 would be bigger buffers (and therefore less
problems from microbursts), the benefit of a pair of 3750Gs would be that I
don't have to buy them at once and I have some redundancy. So I think I
would prefer the 4948 at the moment.


On Mon, Dec 9, 2013 at 5:32 PM, Scott Granados wrote:

> +1 on the EX 4200.
>
> Good, configurable with VC cables or optics for bundling in to a chassis
> over a larger physical area, decent horse power and decent features.
>
>
> On Dec 9, 2013, at 11:19 AM, Doug McIntyre  wrote:
>
> > On Mon, Dec 09, 2013 at 05:17:58PM +0200, Mark Tinka wrote:
> >> On the Juniper side, the EX4200 and EX3200 might be all you
> >> need. You can get them pretty cheap on the used market now.
> >
> > Ditto on the Juniper EX. The EX4200 is current, and is even cheap on
> > gray market (ie. Amazon), although not quite as cheap as used.  The
> > EX4200 in particular comes with the VC ports & VC stack cables already.
> > (as opposed to the EX4550 which you have to buy both, but
> > that is beyond what the OP is looking for).
> >
> > At used EX4200 pricing, I'd go for them over the EX2200, since there
> > are a lot more out there, more bang for the buck.
> >
> > The EX3200 is fine too, just be careful that you can only VC stack
> > the same family (ie. only all EX4xxx).
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


Re: [c-nsp] cheap core switch for a "hacker space" (nonprofit association)

2013-12-09 Thread Markus H
Thanks for all your input so far.


Regaring the Cat4k range - a C4948 would be an option if I could spend all
the money upfront, I don't think we can invest that much right now.

Regarding the EX2200 - IIRC it is very restricted in terms of L3 features
and forwarding (and the price once again).

Regarding the Cisco SBS - I have to take a look at those again, maybe
something there fits our needs.


Regarding "routing" vs "switching" -  I'd like to do routing between VLANs
(and basic ACLs) on the switch and hand off anything more complex to a
(linux or *BSD based) software router. That includes routing at least our
guest traffic via some kind of VPN service to get rid of most .

I don't think microbursts are that much of a problem for us. I at least
don't see them impacting the VM host sending a backup to the file server,
or even several of us pushing photos/videos from an event we attended onto
the owncloud instance. (If anyone however has some nice article that I
should read on microbursts feel free to send a link my way.)

Greetings,
Markus
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


[c-nsp] cheap core switch for a "hacker space" (nonprofit association)

2013-12-09 Thread Markus H
Hi,

I know that this list is more for service provider discussions, but I feel
like this is still the most suited place to ask.

We just founded a hacker space [1] and are about to setup our home. For a
few rooms full of people making and creating things and working on nerdy
stuff you need a good networking infrastructure. So I have come to the
following requirements:

Fully managed, layer 3 and IPv6 capable switch(es) with 48 ports in total,
at least 24 of them gigabit.

The most affordable solution for me seems to be a stack of 3750s: 3750G-24T
+ 3750-24TS. Which has the added benefit that we could add another
3750G-24T to increase the number of gigabit ports later on.

I have found all chassis based solutions from Cisco to be more expensive on
the used marked, especially if you want a decent Supervisor. A Catalyst
3560G-48 would cost about the same or even slightly more than two 3750G-24
and we would have to spend all the money at once - and with the 3750Gs we
could connect servers redundantly.

I had a quick look into Juniper and HP but also clouldn't find any solution
that would beat a stack of 3750s.

So if you have any further ideas what I should look into (or maybe even
know someone who would donate (or sell at a reasonably price) suitable gear
to a recently founded german hacker space) I'd be glad to hear from you.

Thanks,
Markus

[1] http://en.wikipedia.org/wiki/Hackerspace
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


[c-nsp] DHCP Forwarding Strategy

2013-03-09 Thread Markus H
I've just read the Option 82 topic which brings to memory an unsolved
prolbem I had:

The "current" state of a network for a rather small event:
At the core a Cisco 3550, a few 2950s and non-Cisco WLAN APs (the APs
just map a few SSIDs onto the corresponding VLANs with either no
encryption (guest) or WPA2 (event organziers)).
The DHCP Server (dnsmasq) is a VM which has an interface for every
VLAN where DHCP leases are needed (that would be all except the
management VLAN für the ciscos and APs).

What I would like it to be:
The 3550 forwards DHCP requests to the DHCP VM. The VM decides (based
on which VLAN the client is in) from which pool to give out an address
and needs only one interface/ip. Further benefit: the VM server needs
to deal with fewer VMs and gets a much more simple config.

The Problem:
As I understand Option 82 won't help, because port numbers on the
cisco are not of much use in my case. And I haven't found a way to map
the forwarded request onto a VLAN or subnet.


So is there anything I am missing? Is there any good documentation on
what information forwarded DHCP requests have by default or what
things I can add (besides the quite useless port number where the
request came in)?

Greetings,
Markus

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


Re: [c-nsp] VPN on 7200

2013-01-14 Thread Markus H
Sorry, it seems the title somehow got lost.

On Mon, Jan 14, 2013 at 10:21 PM, Markus H  wrote:
> Hi,
>
> I want to add VPN support to a cisco 7200 (w/ NPE300). Use case would
> be secure remote management (of the 7200 and other gear at the site)
> from a Linux-based computer.
>
> Pretty much my only requirement would be that the VPN is usable out of
> the box with standard Linux tools or the open-source vpnc client (the
> proprieatry cisco vpn client is a no-go, it has proven to be too
> unstable and broken for me). Encryption is a strong plus but I think I
> could somehow live without. Otherwise I don't need a large number of
> connected clients or high data-rates.
>
> So what are you using and what kind of VPN/Tunnel would you suggest in my 
> case?
>
> Thanks,
> Markus
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


[c-nsp] (no subject)

2013-01-14 Thread Markus H
Hi,

I want to add VPN support to a cisco 7200 (w/ NPE300). Use case would
be secure remote management (of the 7200 and other gear at the site)
from a Linux-based computer.

Pretty much my only requirement would be that the VPN is usable out of
the box with standard Linux tools or the open-source vpnc client (the
proprieatry cisco vpn client is a no-go, it has proven to be too
unstable and broken for me). Encryption is a strong plus but I think I
could somehow live without. Otherwise I don't need a large number of
connected clients or high data-rates.

So what are you using and what kind of VPN/Tunnel would you suggest in my case?

Thanks,
Markus
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


[c-nsp] 7200 NAT performance

2013-01-10 Thread Markus H
Hi,

I currently plan on using a 7204VXR with an NPE-G1 at an event for NAT
only and wonder what performance I could get out of it.
Common to both secarios I am thinking about is the following:
Two active intefaces (on the NPE): one to the ISP and one the core
switch (proably GBICs on both).
A few thousand (1,5-4k) users (mostly via WLAN) surfing facebook,
twitter, etc pp.

Secnario A:
One IP on each interface, NAT inside/outside (maybe with a pool of a
hanful of IPs on the internet side) - nothing else.

Scenario B:
As above plus: Either coming from a different IP or distinguishable by
some other feature: important traffic (from event organizers) which
then needs to be given prority (or which may use some reserved
bandwidth)


I'd like to hear your performance expectations for these secnarions.

Thanks & Greetings,
Markus
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/