[c-nsp] rancid and inventory with "^"
Is anyone having issues with rancid collecting the inventory when there are "^" characters in the output? !NAME: "temperature outlet 9 ", DESCR: "module 9 outlet temperature Sensor" !NAME: "temperature inlet 9 ", DESCR: "module 9 inlet temperature Sensor" + !NAME: "temperature device-1 9 ", DESCR: "module 9 device-1 temperature Sensor" + !NAME: "temperature device-2 9 ", DESCR: "module 9 device-2 temperature Sensor" !opv1^T^LB !NAME: "Gi9/2", DESCR: "Transceiver Port Gi9/2" !NAME: "Transceiver Port Container Gi9/2", DESCR: "Transceiver Port Container Gi9/2" !NAME: "Transceiver Gi9/2", DESCR: "Transceiver 1000BaseT Gi9/2" We get daily differences (whole config parts are removed and readded), because rancid believes that something has changed, although this is not the case. Probably has to do with the expect code. -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IP plan management tool
Hello list, And has anyone good recommendations for an IP Management tool to handle the stockcontrol, allocations and assignments of Ipv4 and Ipv6 addresses for a telecoms company ? I have been googling around and hit some links already but I wanted some feedback from you guys out there. Thanks. Regards. Y. -- Youssef BENGELLOUN-ZAHR …… Ingénieur Réseaux et Télécoms Technopole de l'Aube en Champagne - BP 601 - 10901 TROYES Cedex 9 Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE Tel +33 (0) 825 000 720 Tel. direct +33 (0) 1 77 35 59 14 Tel. portable +33 (0) 6 22 42 63 80 Emaily...@720.fr …….www.720.fr ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rancid and inventory with "^"
Tassos Chatzithomaoglou wrote: > > Is anyone having issues with rancid collecting the inventory when > there are "^" characters in the output? > > !NAME: "temperature outlet 9 ", DESCR: "module 9 outlet temperature Sensor" > !NAME: "temperature inlet 9 ", DESCR: "module 9 inlet temperature Sensor" > + !NAME: "temperature device-1 9 ", DESCR: "module 9 device-1 temperature > Sensor" > + !NAME: "temperature device-2 9 ", DESCR: "module 9 device-2 temperature > Sensor" > !opv1^T^LB > !NAME: "Gi9/2", DESCR: "Transceiver Port Gi9/2" > !NAME: "Transceiver Port Container Gi9/2", DESCR: "Transceiver Port > Container Gi9/2" > !NAME: "Transceiver Gi9/2", DESCR: "Transceiver 1000BaseT Gi9/2" > > We get daily differences (whole config parts are removed and readded), > because rancid believes that something has changed, although this is > not the case. Probably has to do with the expect code. > Yep, and Cisco were not too helpful in trying to get this fixed, their suggestion was to stop rancid making an inventory request :-/ Their initial suggestion was to stop calling 'show inv raw' in rancid as it is more a command not to be used by Joe Public (meant to be for internal use/diagnostics apparently) and that I should not be using it. I asked for another command that would give me the serial numbers of the GBIC's, but turns out 'show inv raw' is the only way. They then suggested that I sit at the console and manually check the output of 'show inv raw' and see if I notice anything in the logs when that occurs... I pointed out their madness and handed them a perl script that polled every five minutes by SSHing in, yanking the config and storing it locally. This meant you could quickly use the file size to see when it choked and run 'diff -u'. This replicated the problem after an hour or so to which the response was that my script is corrupting the output and so was rancid. It was suggested that unplugging and replugging in 'flapping' transceivers (the config changes for us were the gigabit slots on the SUP) could fix it, and it did for a short time...then it came back and would not go. I got bored hounding after them and added it to the list of items as another reason to leave Cisco... Anyway, there was a thread here that kicked this off into life: http://marc.info/?l=cisco-nsp&m=126780984709176&w=2 Offline, various people contacted me and the only common element we could find was that problem started with SXI3 and we all had a 10Gb line cards in our 6500's. Cisco say they could not replicate the problem, although they have had several reports of it. The problem was with me most of last month (and on and off for months before that), however it has been behaving recently; probably as our 6509 has actually been turned off and on due to the regularity of power outages at my organisation. My suggestion: * you probably will find some gigabit interfaces are being persistently referred to, unplug and plug them back in * re-seat the line card :) * issue a 'reload' at some maintenance window and update to SXI4 * completely power off the box and turn it on A 'reload' seemed never to quite work for us, I got the impression that there is some dice rolling occurring when the box is powered on/reload'ed that decides if you will be plagued with this issue during the uptime of the box. :-/ Good hunting -- Alexander Clouter .sigmonster says: No one can put you down without your full cooperation. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multiple 10 Gb monitoring
On 09/06/2010 10:23 PM, chris stand wrote: For those of you who are doing 10 Gb connections what are you using for packet capture and analysis ? Same tools you used at 1 Gb ? How about port aggregation ? Smart taps ? "It depends" Search the archives for previous questions I've asked on URL logging at 10gig. I got a lot of useful feedback. You're basically looking at: 1. Smart taps like the Gigamon GigaVUE (Orange!) 2. Mirroring to a port channel / load balancer 3. Smart NICs with onboard filters 4. brute-force ultra-fast capture box 4 can involve bits of 3 as well; using a NIC with an accelarated API for capturing such as the MyriCOM SNF stuff for example. We use option 2 in lieu of option 1; if your device permits it, you can do a dirty hack, such as put a layer3 ACL in the capture port which gives you a cheap and cheerful version of option 1. If you're careful, you can buy a device with esoteric ACL capabilities such as "override output port" and build some really quite clever stuff (Extreme x450e in case you're wondering). We also use short-lived ERSPAN sessions to option 4 for operational troubleshooting. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] REP support on 7600
Does the 36/3800 do T1 CES? On Sep 6, 2010, at 9:05 AM, Jason Lixfeld wrote: > I can't comment on pricing, but I've been testing a 36/3800 demo unit and if > you can wait, this box will be the ultimate PE. We're going to build an > entirely L3 network using these boxes and provide L2 services to customers > over MPLS. No more L2 anywhere. Yippee! > > On 2010-09-06, at 7:27 AM, Danijel wrote: > >> Hi, >> >> Also, does anyone have pricing on ME3800X switches? My August price list >> doesn't have them (same as with 3600X). >> >> Best Regards, >> Danijel >> -- >> *blap* >> >> >> On Mon, Sep 6, 2010 at 10:36, Danijel wrote: >> >>> Hi, >>> >>> Anyone know if REP is only supported on ES line cards or is is possible to >>> use something like WS-X6724-SFP and configure REP rings from it? >>> >>> Also, anyone using REP in a larger rings? >>> >>> We are are currently planning a small metro network with me3400 switches >>> and are looking for a aggregation point for the rings. 7600 looks nice but >>> those ES cards are pretty expensive. >>> >>> thnx, >>> Danijel >>> >>> -- >>> *blap* >>> >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Customers routers
Mohammad Khalil wrote: > hi all > > we use OSPF to transport customers routers into our backbone , i read in one > of Cisco presentations that its best to use BGP for the same purpose For MPLSVPN/VRF deployments, we refuse to run anything other than BGP with the CE. We don't want the overhead of per-vrf SPF calculations especially when the customer network is unstable, it adds additional CPU requirements to the PE which has to run the SPF algorithm and then redist this into the MP-iBGP... Dave. > > your opinions please > > Thanks > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- David Freedman Group Network Engineering Claranet Group ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP plan management tool
Youssef Bengelloun-Zahr writes: > And has anyone good recommendations for an IP Management tool to handle the > stockcontrol, allocations and assignments of Ipv4 and Ipv6 addresses for a > telecoms company ? http://sourceforge.net/projects/haci/ http://tipp.tobez.org/ http://haci.larsux.de/ All should support IPv4 and IPv6. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] REP support on 7600
No, just ethernet. -- Tassos Phil Bedard wrote on 07/09/2010 13:26: Does the 36/3800 do T1 CES? On Sep 6, 2010, at 9:05 AM, Jason Lixfeld wrote: I can't comment on pricing, but I've been testing a 36/3800 demo unit and if you can wait, this box will be the ultimate PE. We're going to build an entirely L3 network using these boxes and provide L2 services to customers over MPLS. No more L2 anywhere. Yippee! On 2010-09-06, at 7:27 AM, Danijel wrote: Hi, Also, does anyone have pricing on ME3800X switches? My August price list doesn't have them (same as with 3600X). Best Regards, Danijel -- *blap* On Mon, Sep 6, 2010 at 10:36, Danijel wrote: Hi, Anyone know if REP is only supported on ES line cards or is is possible to use something like WS-X6724-SFP and configure REP rings from it? Also, anyone using REP in a larger rings? We are are currently planning a small metro network with me3400 switches and are looking for a aggregation point for the rings. 7600 looks nice but those ES cards are pretty expensive. thnx, Danijel -- *blap* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rancid and inventory with "^"
Tue, Sep 07, 2010 at 11:03:47AM +0300, Tassos Chatzithomaoglou: > We get daily differences (whole config parts are removed and readded), > because rancid believes that something has changed, although this is not the > case. > Probably has to do with the expect code. possibly; but doubtful. when i see such behavior, it is because the device is having problems; low memory, fragmented memory, other s/w bug, failing hardware, etc. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rancid and inventory with "^"
On Tue, 7 Sep 2010, john heasley wrote: Tue, Sep 07, 2010 at 11:03:47AM +0300, Tassos Chatzithomaoglou: We get daily differences (whole config parts are removed and readded), because rancid believes that something has changed, although this is not the case. Probably has to do with the expect code. possibly; but doubtful. when i see such behavior, it is because the device is having problems; low memory, fragmented memory, other s/w bug, failing hardware, etc. We used to see this with AS5200's. Large portions of the config would "disappear". The cause was low/fragmented memory, and if you logged in and did a show run, you'd see it wasn't a rancid bug, but the access server about to hose itself. The only thing to do at that point was reload the access-server. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multiple NAT & Rerouting Web Traffic
Thanks for your test config! The main thing I see different here is that you have two default routes. In my case, the default needs to be the sdsl interface and only http/https should go out the vdsl interface. I get the routing to work, but NAT doesn't work going out the vdsl interface. (Also see my next email in this thread.) Cheers, Ray On 31. Aug 2010, at 15:59 Uhr, Roger Wiklund wrote: > Here is the NAT order of operations in a Cisco router: > > http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml#topic1 > > I just put something together in the lab, not sure if this is what you > want to accomplish, but it works like this: > > interface FastEthernet0/0 > INSIDE INTERFACE > ip address 192.168.1.1 255.255.255.0 > ip nat inside > ip virtual-reassembly > ip policy route-map PBR > speed 100 > full-duplex > ! > interface FastEthernet0/1 > OUTSIDE 1 (your ethernet) > ip address 172.18.1.1 255.255.255.0 > ip nat outside > ip virtual-reassembly > speed 100 > full-duplex > ! > interface FastEthernet1/0 > OUTSIDE 2 (your Dialer3) > ip address 10.10.10.1 255.255.255.0 > ip nat outside > ip virtual-reassembly > speed 100 > full-duplex > > This is just to simulate Internet access on both routers. Behind Fa0/1 > is a router with a loopback that has 1.1.1.1/24, the same goes for > Fa1/0. > > ip route 0.0.0.0 0.0.0.0 172.18.1.2 > ip route 0.0.0.0 0.0.0.0 10.10.10.2 > ! > standard PAT config. ACL 100 denys ICMP. Which means that SNMP will > never be NAT:ed on Fa0/1. In your case this needs to be HTTP/HTTPS > deny. > > ip nat inside source list 100 interface FastEthernet0/1 overload > ip nat inside source list 101 interface FastEthernet1/0 overload > ! > access-list 100 deny icmp any any > access-list 100 permit ip 192.168.1.0 0.0.0.255 any > > access-list 101 permit ip 192.168.1.0 0.0.0.255 any > > Then we do PBR, basically when the protocol is ICMP. Send it out of > the Fa1/0 interface (Dialer3, again this should be web traffic for > you) > access-list 150 permit icmp any any > ! > ! > route-map PBR permit 10 > match ip address 150 > set interface FastEthernet1/0 > > So when I ping 1.1.1.1 from the client, PBR kicks in and sends it to > Fa1/0, and it gets NAT:ed > isp2> > *Mar 1 00:49:17.799: ICMP: echo reply sent, src 1.1.1.1, dst 10.10.10.1 > *Mar 1 00:49:17.955: ICMP: echo reply sent, src 1.1.1.1, dst 10.10.10.1 > *Mar 1 00:49:18.095: ICMP: echo reply sent, src 1.1.1.1, dst 10.10.10.1 > *Mar 1 00:49:18.147: ICMP: echo reply sent, src 1.1.1.1, dst 10.10.10.1 > *Mar 1 00:49:18.199: ICMP: echo reply sent, src 1.1.1.1, dst 10.10.10.1 > > And when I try a telnet to 1.1.1.1 PBR will not kick in, and it will > just NAT it to Fa0/1. > > client#telnet 1.1.1.1 > Trying 1.1.1.1 ... Open > > > User Access Verification > > Password: > isp1> > > Again, I'm not sure this will suit your environment. but perhaps you > can get something from it .. > > Regards > Roger > > > > On Mon, Aug 30, 2010 at 10:25 PM, Ray Davis wrote: >> Hi y'all, >> >> Got a customer router (2801, IOS 12.4(15)T10) with two upstream interfaces. >> Both need to do NAT (private IPs inside). One is the default route, the >> other should be used for web traffic. After trying various configs, I got >> rerouting web traffic out the 2nd interface working, but it's not NATed >> properly (going out with the default interface IP. I can also get multiple >> NAT working, but not with the reroute web traffic route-map (only with >> static routes). >> >> Has anyone done this? Is it even possible with IOS or am I missing >> something here? It seems like the "which interface am I NATing" part occurs >> before the "which interface do I need to send this packet through" part. >> >> Below are the "relevant" parts of this config first, then the whole config >> (in case something else is mucking me up). There is also some VPN & VoIP >> Appliance priority stuff. Any clues would be much appreciated! >> >> TIA, >> Ray >> >> -- >> >> interface FastEthernet0/0 >> description Internal LAN >> ip address 192.168.8.254 255.255.255.0 >> ip nat inside >> ip policy route-map RerouteWebTraffic >> >> interface FastEthernet0/1 >> description Upstream SDSL (123.123.123.104 /29) >> ip address 123.123.123.108 255.255.255.248 >> ip nbar protocol-discovery >> ip nat outside >> crypto map CustVPNs >> service-policy output StarfacePolicy >> >> interface Dialer3 >> description Upstream VDSL (dynamic ip) >> ip nat outside >> >> ip route 0.0.0.0 0.0.0.0 123.123.123.105 >> ip route 10.0.0.1 255.255.255.255 Dialer3 >> >> ip nat inside source route-map sdsl interface FastEthernet0/1 overload >> ip nat inside source route-map vdsl interface Dialer3 overload >> >> access-list 110 remark * ACL route-map RerouteWebTraffic * >> access-list 110 permit tcp any any eq www >> access-list 110 permit tcp any any eq 443 >> >> route-map sdsl perm
Re: [c-nsp] Multiple NAT & Rerouting Web Traffic
Thanks for the help! I tried my previous test config again except with this difference... ip access-list extended NAT_Exempt deny tcp any any eq www deny tcp any any eq 443 deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255 deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255 permit ip 192.168.8.0 0.0.0.255 any If I do a "sh ip nat translations" it looks like http traffic is being NATed correctly: HTTP Traffic (123.123.123.123 is the VDSL ip address): tcp 123.123.123.123:14757 192.168.8.1:14757 212.96.133.192:80 212.96.133.192:80 Non-HTTP Traffic (12.34.12.34 is the SDSL ip address (default)): tcp 12.34.12.34:50004 192.168.8.115:50004 93.133.195.154:5938 93.133.195.154:5938 But doesn't seem to go out the correct interface. At least there is never an http connection made. :/ Cheers, Ray On 6. Sep 2010, at 22:35 Uhr, Jan Gregor wrote: > Hi, > >> access-list 110 remark * ACL route-map RerouteWebTraffic * >> access-list 110 permit tcp any any eq www >> access-list 110 permit tcp any any eq 443 >> >> route-map sdsl permit 10 >> match ip address NAT_Exempt >> >> ip access-list extended NAT_Exempt >> deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255 >> deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255 >> permit ip 192.168.8.0 0.0.0.255 any > > I guess this is the problem. Try denying things allowed in acl 110 away > from acl NAT_Exempt and see if that helps (be sure that these new denies > are before permit in that acl). > > Best regards, > > Jan > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP plan management tool
Great >From any of these: Is it possible to register the same IPrange several times? Example: 10.0.0.0/24 might be used by several different customers in different MPLS VPN's. DHCP/DNS functionality would probably be disabled unless the DHCP server are MPLS aware in some way Jon Harald Bøvre Fra: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] på vegne av Jens Link [li...@quux.de] Sendt: 7. september 2010 13:12 Til: cisco-nsp@puck.nether.net Emne: Re: [c-nsp] IP plan management tool Youssef Bengelloun-Zahr writes: > And has anyone good recommendations for an IP Management tool to handle the > stockcontrol, allocations and assignments of Ipv4 and Ipv6 addresses for a > telecoms company ? http://sourceforge.net/projects/haci/ http://tipp.tobez.org/ http://haci.larsux.de/ All should support IPv4 and IPv6. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP plan management tool
http://sourceforge.net/projects/gestioip/ only ipv4 Saludos Benjamín 2010/9/7 Bøvre Jon Harald > > Great > > From any of these: Is it possible to register the same IPrange several > times? > Example: 10.0.0.0/24 might be used by several different customers in > different MPLS VPN's. > DHCP/DNS functionality would probably be disabled unless the DHCP server > are MPLS aware in some way > > > Jon Harald Bøvre > > Fra: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] > på vegne av Jens Link [li...@quux.de] > Sendt: 7. september 2010 13:12 > Til: cisco-nsp@puck.nether.net > Emne: Re: [c-nsp] IP plan management tool > > Youssef Bengelloun-Zahr writes: > > > And has anyone good recommendations for an IP Management tool to handle > the > > stockcontrol, allocations and assignments of Ipv4 and Ipv6 addresses for > a > > telecoms company ? > > http://sourceforge.net/projects/haci/ > http://tipp.tobez.org/ > http://haci.larsux.de/ > > All should support IPv4 and IPv6. > > Jens > -- > - > | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | > | http://blog.quux.de | jabber: jensl...@guug.de | --- | > - > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rancid and inventory with "^"
I think I have hit this before. What version of code are you running and I will check my old cases for a Bug ID. If its the bug I think you are running a 7600 and SR code. Thanks and regards Kevin On Tue, Sep 7, 2010 at 9:03 AM, Tassos Chatzithomaoglou wrote: > Is anyone having issues with rancid collecting the inventory when there are > "^" characters in the output? > > !NAME: "temperature outlet 9 ", DESCR: "module 9 outlet temperature > Sensor" > !NAME: "temperature inlet 9 ", DESCR: "module 9 inlet temperature Sensor" > + !NAME: "temperature device-1 9 ", DESCR: "module 9 device-1 temperature > Sensor" > + !NAME: "temperature device-2 9 ", DESCR: "module 9 device-2 temperature > Sensor" > !opv1^T^LB > !NAME: "Gi9/2", DESCR: "Transceiver Port Gi9/2" > !NAME: "Transceiver Port Container Gi9/2", DESCR: "Transceiver Port > Container Gi9/2" > !NAME: "Transceiver Gi9/2", DESCR: "Transceiver 1000BaseT Gi9/2" > > > We get daily differences (whole config parts are removed and readded), > because rancid believes that something has changed, although this is not the > case. > Probably has to do with the expect code. > > -- > Tassos > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] GRE over IPSec VPN between SRX and Cisco Router
Hi, I need to establish GRE over IPSec between SRX and Cisco Router in my Lab, kindly suggest configuration for both devices. Kindly find attached LAB Topology. I need Communication between 192.168.1.0/24 and 172.16.10.0/24, 172.16.20.0/24. -- Regards, Atif ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multiple NAT & Rerouting Web Traffic
Check this link out, http://forums.whirlpool.net.au/archive/1498451 On Tue, Sep 7, 2010 at 6:57 PM, Ray Davis wrote: > Thanks for the help! > > I tried my previous test config again except with this difference... > > ip access-list extended NAT_Exempt > deny tcp any any eq www > deny tcp any any eq 443 > deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255 > deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255 > permit ip 192.168.8.0 0.0.0.255 any > > If I do a "sh ip nat translations" it looks like http traffic is being NATed > correctly: > > HTTP Traffic (123.123.123.123 is the VDSL ip address): > tcp 123.123.123.123:14757 192.168.8.1:14757 212.96.133.192:80 > 212.96.133.192:80 > > Non-HTTP Traffic (12.34.12.34 is the SDSL ip address (default)): > tcp 12.34.12.34:50004 192.168.8.115:50004 93.133.195.154:5938 > 93.133.195.154:5938 > > But doesn't seem to go out the correct interface. At least there is never an > http connection made. :/ > > Cheers, > Ray > > On 6. Sep 2010, at 22:35 Uhr, Jan Gregor wrote: > >> Hi, >> >>> access-list 110 remark * ACL route-map RerouteWebTraffic * >>> access-list 110 permit tcp any any eq www >>> access-list 110 permit tcp any any eq 443 >>> >>> route-map sdsl permit 10 >>> match ip address NAT_Exempt >>> >>> ip access-list extended NAT_Exempt >>> deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255 >>> deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255 >>> permit ip 192.168.8.0 0.0.0.255 any >> >> I guess this is the problem. Try denying things allowed in acl 110 away >> from acl NAT_Exempt and see if that helps (be sure that these new denies >> are before permit in that acl). >> >> Best regards, >> >> Jan >> > > > ___ > cisco-nsp mailing list cisco-...@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rancid and inventory with "^"
Tue, Sep 07, 2010 at 09:39:00AM +0100, Alexander Clouter: > > !NAME: "temperature outlet 9 ", DESCR: "module 9 outlet temperature > > Sensor" > > !NAME: "temperature inlet 9 ", DESCR: "module 9 inlet temperature Sensor" > > + !NAME: "temperature device-1 9 ", DESCR: "module 9 device-1 temperature > > Sensor" > > + !NAME: "temperature device-2 9 ", DESCR: "module 9 device-2 temperature > > Sensor" > > !opv1^T^LB fwiw, this would strike me a either failing hardware (SMbuss or sensor) or a s/w bug thats reading outside of device ID buffer range or an improperly flashed device ID. if it flaps, its probably not the latter. it could also be a s/w bug that is just writing junk to the tty when this command is run. you can speculate based upon the bahavior. > Anyway, there was a thread here that kicked this off into life: > > http://marc.info/?l=cisco-nsp&m=126780984709176&w=2 and that could be the s/w just not being patient enough for those devices. if the command returns an error when it fails to reach devices it knows to exist, then rancid can be altered to fail and retry. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] hsrp/vrrp with mpls vpn's
So, I have this hsrp lab setup with a coulple PE routers and come CE routers. Everything works and all is well. I wanna know how the 2 PE routers that are playing in the hsrp role notify other PE routers upstream or if they do. So for example, I have one CE1 router attached to PE1 and PE2 and they are doing hsrp and it works well. I also have PE3 and PE4 attached to CE2. How do PE1 and PE2 communicate the hsrp stuff to PE3 and PE4 or do they need to? How does PE3 and PE4 know where to send packets? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] hsrp/vrrp with mpls vpn's
Hi, On 8 September 2010 08:44, Michael Sprouffske wrote: > So, I have this hsrp lab setup with a coulple PE routers and come CE > routers. Everything works and all is well. I wanna know how the 2 PE > routers that are playing in the hsrp role notify other PE routers upstream or > if they do. So for example, I have one CE1 router attached to PE1 and PE2 > and they are doing hsrp and it works well. I also have PE3 and PE4 attached > to CE2. How do PE1 and PE2 communicate the hsrp stuff to PE3 and PE4 or do > they need to? How does PE3 and PE4 know where to send packets? They don't notify anyone in normal circumstances. HSRP address is only used by traffic from CEs towards PEs. In the other direction normally both PEs advertise the same 'connected' network, and the rest of the network decides which PE to use for particular CE. Some further configuration might be required if you want to prevent a situation when both routers become HSRP 'masters' when for example the interface doesn't go down, but there is a break in connectivity somewhere further down the line. kind regards Pshem ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Routers: Performance benchmark
Dear All, Anybody have tested these values ( http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf) , since 64bytes on 1841 doesn't give the provided results (30Mbps). Regards, Gobinath. On Thu, Sep 2, 2010 at 8:08 PM, Christopher J. Wargaski wrote: > Thanks, Elmar. That *was* too easy and way too intuitive. (I did not > expect that from Cisco. ;-) > > > Humbly, > cjw > > > > Date: Thu, 2 Sep 2010 10:39:44 +0200 > > From: "Elmar K. Bins" > > To: cisco-nsp@puck.nether.net > > Subject: Re: [c-nsp] Cisco Routers: Performance benchmark > > Message-ID: <20100902083944.gv35...@ronin.4ever.de> > > Content-Type: text/plain; charset="us-ascii" > > > > war...@gmail.com (Christopher J. Wargaski) wrote: > > > >> Thanks for posting the URL for the router performance matrix. Anyone > >> know of a similar matrix for switches (L2 & L3) and firewalls? > > > > Have you tried s/router/switch/ in the URL? > > > > Life can be so easy. > > > > > >> > Not all as requested, but a start: > >> > > >> > > http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Routers: Performance benchmark
Dear All, One more query what is the best tool to do the testing (software based), iperf , netperf ? iperf packet size selection only available for UDP. I havn't try netperf ? I tried with Mikrotik bandwidth test tool ( http://www.mikrotik.com/download/btest.exe) for 1841 Cisco router 64bytes its giving 6Mbps . any suggestion ? Thanks & Regards, E.A.Gobinath On Wed, Sep 8, 2010 at 9:41 AM, arulgobinath emmanuel wrote: > Dear All, > > Anybody have tested these values ( > http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf) > , since 64bytes on 1841 doesn't give the provided results (30Mbps). > > Regards, > Gobinath. > > On Thu, Sep 2, 2010 at 8:08 PM, Christopher J. Wargaski > wrote: > >> Thanks, Elmar. That *was* too easy and way too intuitive. (I did not >> expect that from Cisco. ;-) >> >> >> Humbly, >> cjw >> >> >> > Date: Thu, 2 Sep 2010 10:39:44 +0200 >> > From: "Elmar K. Bins" >> > To: cisco-nsp@puck.nether.net >> > Subject: Re: [c-nsp] Cisco Routers: Performance benchmark >> > Message-ID: <20100902083944.gv35...@ronin.4ever.de> >> > Content-Type: text/plain; charset="us-ascii" >> > >> > war...@gmail.com (Christopher J. Wargaski) wrote: >> > >> >> Thanks for posting the URL for the router performance matrix. Anyone >> >> know of a similar matrix for switches (L2 & L3) and firewalls? >> > >> > Have you tried s/router/switch/ in the URL? >> > >> > Life can be so easy. >> > >> > >> >> > Not all as requested, but a start: >> >> > >> >> > >> http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Routers: Performance benchmark
Have you try traffic generator (tfgen)?. Hopefully can help you. -wilson- Regards, Wilson Sihombing. -Original Message- From: arulgobinath emmanuel Sender: cisco-nsp-boun...@puck.nether.net Date: Wed, 8 Sep 2010 11:05:52 To: Christopher J. Wargaski Cc: Subject: Re: [c-nsp] Cisco Routers: Performance benchmark Dear All, One more query what is the best tool to do the testing (software based), iperf , netperf ? iperf packet size selection only available for UDP. I havn't try netperf ? I tried with Mikrotik bandwidth test tool ( http://www.mikrotik.com/download/btest.exe) for 1841 Cisco router 64bytes its giving 6Mbps . any suggestion ? Thanks & Regards, E.A.Gobinath On Wed, Sep 8, 2010 at 9:41 AM, arulgobinath emmanuel wrote: > Dear All, > > Anybody have tested these values ( > http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf) > , since 64bytes on 1841 doesn't give the provided results (30Mbps). > > Regards, > Gobinath. > > On Thu, Sep 2, 2010 at 8:08 PM, Christopher J. Wargaski > wrote: > >> Thanks, Elmar. That *was* too easy and way too intuitive. (I did not >> expect that from Cisco. ;-) >> >> >> Humbly, >> cjw >> >> >> > Date: Thu, 2 Sep 2010 10:39:44 +0200 >> > From: "Elmar K. Bins" >> > To: cisco-nsp@puck.nether.net >> > Subject: Re: [c-nsp] Cisco Routers: Performance benchmark >> > Message-ID: <20100902083944.gv35...@ronin.4ever.de> >> > Content-Type: text/plain; charset="us-ascii" >> > >> > war...@gmail.com (Christopher J. Wargaski) wrote: >> > >> >> Thanks for posting the URL for the router performance matrix. Anyone >> >> know of a similar matrix for switches (L2 & L3) and firewalls? >> > >> > Have you tried s/router/switch/ in the URL? >> > >> > Life can be so easy. >> > >> > >> >> > Not all as requested, but a start: >> >> > >> >> > >> http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] REP support on 7600
On Tuesday, September 07, 2010 09:26:35 pm Tassos Chatzithomaoglou wrote: > No, just ethernet. But it does have SyncE, for those who think it's commercially useful. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
