[c-nsp] FYI regarding Cisco 12000 GSR Engine 3 ISE IPv6 tcam carving

2013-02-06 Thread Mikael Abrahamsson 


Hello. I'm posting this here so it'll be searchable for future use.

4 port 1GE SFP card for Cisco 12000 running IOS only supports around 4k 
IPv6 routes, then a message is displayed:


It was discussed in 
 
before, but there is a twist. If the tcam regions doesn't add up to 100%, 
no carving is done. This was verified with 12.0(33)S10. Also 
 
discusses this.


So with "show controllers ise  tcam", the output MUST say:

"Total Tcam size = 100%"

If it says < 100% or > 100%, no carving is done. I cannot find any error 
message about this, so I thought I'd create this post so others might find 
it in the future.


Keywords/commands:

show controllers ise  tcam
exec slot  show controllers tofab alpha tcam carve

--
Mikael Abrahamssonemail: swm...@swm.pp.se
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SIP 400 reload due to power supply issue

2013-02-06 Thread Tony 
Indeed, ref:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Chassis_Installation/Cat6500/0apwsply.html

For the 2700W DC option:

=

Power supply output capacity
   
•1350 W maximum (-48 to -60 VDC, with one DC input)
•2700 W maximum (-48 to -60 VDC, with two DC inputs) 

=




regards,
Tony.



>
> From: John van Oppen 
>To: Francisco López ; zaid  
>Cc: "cisco-nsp@puck.nether.net"  
>Sent: Thursday, 7 February 2013 5:22 AM
>Subject: Re: [c-nsp] SIP 400 reload due to power supply issue
> 
>Based on looking at that output, I would question if you have all the inputs 
>on the power supply hooked up.    My recollection (although we mostly use the 
>6500s) is that the 2500 watt supplies (producing ~2300 watts) are the biggest 
>DC supplies that only take one circuit.   I think the 2700 watt supplies 
>require two feeds to reach full output. 
>
>
>Thanks,
>John van Oppen
>Spectrum Networks
>Direct: 206-973-8302
>Main: 206-973-8300
>
>
>From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] on 
>behalf of Francisco López [f...@transtelco.net]
>Sent: Friday, February 01, 2013 12:26 PM
>To: zaid
>Cc: cisco-nsp@puck.nether.net
>Subject: Re: [c-nsp] SIP 400 reload due to power supply issue
>
>You second power supply just have  1319.22 Watts, and you need 1431.36
>Watts to operate normally, when your power 1 comes down your power 2 do not
>have enough power to run properly.
>
>Best regards.
>
>On Fri, Feb 1, 2013 at 1:09 PM, zaid  wrote:
>
>> Hi
>>
>> I have 7606 chassis equipped with SIP 400 that reloading from time to time
>> due to power supply issue, i don't know why in spite of the available power
>> is 1237.74 Watts
>>
>> show power
>> system power redundancy mode = redundant
>> system power redundancy operationally = non-redundant
>> system power total =     2669.10 Watts (63.55 Amps @ 42V)
>> system power used =      1431.36 Watts (34.08 Amps @ 42V)
>> system power available = 1237.74 Watts (29.47 Amps @ 42V)
>>                         Power-Capacity PS-Fan Output Oper
>> PS   Type               Watts   A @42V Status Status State
>>  -- --- -- -- -- -
>> 1    PWR-2700-DC        2669.10 63.55  OK     OK     on
>> 2    PWR-2700-DC        1319.22 31.41  OK     OK     on
>>                         Pwr-Allocated  Oper
>> Fan  Type               Watts   A @42V State
>>  -- --- -- -
>> 1    FAN-MOD-6SHS        180.18  4.29  OK
>>                         Pwr-Requested  Pwr-Allocated  Admin Oper
>> Slot Card-Type          Watts   A @42V Watts   A @42V State State
>>  -- --- -- --- -- - -
>> 1    WS-X6724-SFP        125.16  2.98   125.16  2.98  on    on
>> 2    7600-SIP-200        240.24  5.72   240.24  5.72  on    on
>> 3    7600-SIP-400        265.02  6.31   265.02  6.31  on    on
>> 5    RSP720-3C-GE        310.38  7.39   310.38  7.39  on    on
>> 6    (Redundant Sup)       -     -      310.38  7.39  -     -
>>
>>
>> I have this log also
>>
>> Feb  1 20:10:43 UTC: %C7600_PWR-SP-4-PSOUTPUTDROP:
>> Power supply 1 output has dropped
>> Feb  1 20:10:43 UTC: %C7600_PWR-SP-4-UNDERPOWERED:
>> insufficient power to operate all FRU   s in system.
>> Feb  1 20:10:43 UTC: %C7600_PWR-SP-4-DISABLED: power to
>> module in slot 3 set off (FRU-power denied)
>>
>> Any idea please if the problem with the power supply or the power source .
>>
>> ZH
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>
>--
>
>
>*TRANSTELCO | **Francisco Lopez* | Engineering
>
>MX: +52 (656) 257 - 1106 | US: +1 (915) 217 - 2235
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] GSR faceplate P/N

2013-02-06 Thread Erik Sundberg 
Try this... I have never used them I just found there website the other day.

$50 GSR10-BEZEL-TOP... not sure if it the right model... if not give them a 
call.

http://www.cablesandkits.com/cisco-gsr10-top-faceplate-part-gsr10bezelkit-p-703.html




-Original Message-
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jim Fitzgerald
Sent: Tuesday, February 05, 2013 12:07 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] GSR faceplate P/N

Perhaps someone here can assist me.  We need to replace the top plastic cover 
plate on one of our 12000's but I just cannot seem to locate a replacement or 
even a part number for this simple plastic component.

Heres a photo of where the particular cover plate goes.

  http://aries.spacelink.com/gsr.jpg

If anyone can point me in the right direction to either the P/N or where I can 
readily purchase a replacement that would be most helpful!

Thanks
-J
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FWSM Maintenance software - where to download from

2013-02-06 Thread Erik Sundberg 
Just going to share the process that I used to upgrade the Maintenance 
Partition, FWSM, and ASDM software...  Took me a while to follow all the cisco 
doc's...

FWSM is in slot 9 of a Cisco 6509e with SUP720-3BXL running 
s72033-advipservicesk9_wan-mz.122-33.SXH8b.bin
FTP SERVER is 192.168.0.10

ASDM File: asdm-623f.bin
FW Image: c6svc-fwm-k9.4-1-11.bin
Management Partition: c6svc-mp.2-1-5.gz

I upgrade this on 2/6/2013 current software at this time. Product is EOL by the 
way...

FWSM UPGRADE
-

Upgrade Maintenance Partition
---

Download software

FWSM# upgrade-mp http://192.168.0.10/fwsm/c6svc-mp.2-1-5.gz

copying http://192.168.0.10/fwsm/c6svc-mp.2-1-5.gz to image
!!
 
!
 
!!
Received 12259010 bytes.
Image download complete.
Bytes written = 16891904
FWSM#

Upgrade FWSM Firewall software using Maintenance Partition


Reload to use the new maintenance software to upgrade the OS...

Note: when you use the maintenance software to upgrade the OS it will format 
the partition with the Firewall Software and the Config files will be erased. 
Back'em up

SW1#hw-module module 9 reset cf:1
Device BOOT variable for reset = 
Warning: Device list is not verified.

Proceed with reload of module?[confirm]
% reset issued for module 9

SW1#show mod 9
Mod Ports Card Type  Model  Serial No.
--- - -- -- ---
  96  Firewall ModuleWS-SVC-FWM-1   SADMYSERIAL

Mod MAC addresses   HwFw   Sw   Status
--- -- --   ---
  9  0018.19ed.ea08 to 0018.19ed.ea0f   4.0   7.2(1)   8.7(0.22)BUB Other

Mod  Online Diag Status
 ---
  9  Unknown


SW1#session slot 9 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open

Cisco Maintenance image

login: root
Password:

!NOTE: USER: root PASSWORD: cisco
!Maintenance Partition software only runs when you boot in to this software to 
upgrade... So the password doesn't matter.
!NOE: Partition Manage

Re: [c-nsp] FWSM Maintenance software - where to download from

2013-02-06 Thread Erik Sundberg 
Justin,

It's not a "patch" for a software release.



I found the software for the Maintenance Partition it's located in the download 
manager under.
Cisco Interfaces and Modules
Cisco Services Modules
Cisco Catalyst 6500/6000 Series Services Maintenance Partition 
Maintenance
Partition Software-2.1(5)

Filename: c6svc-mp.2-1-5.bin.gz

You would think that they would also put a link to the software under the FWSM 
section...

Thanks

Erik

-Original Message-
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin M. Streiner
Sent: Wednesday, February 06, 2013 8:46 PM
To: Cisco-nsp (cisco-nsp@puck.nether.net)
Subject: Re: [c-nsp] FWSM Maintenance software - where to download from

On Wed, 6 Feb 2013, Justin M. Streiner wrote:

> On Wed, 6 Feb 2013, Erik Sundberg wrote:
>
>>  Where in cisco's download tool do you download the maintenance
>> software  for the Firewall Services Module?
>>
>>  It's not listed under the FWSM Section under the following area
>> Switches  Campus LAN Switches - Core and Distribution  Cisco Catalyst
>> 6500 Series Switches  Cisco Catalyst 6509-E Switch  Cisco Catalyst
>> 6500 Series Firewall Services Module  Firewall Services Module (FWSM)
>> Software-4.1(11)
>>
>>  Only the FWSM Image is located here...
>
> Not sure what you mean by maintenance software.  Do you mean ASDM?
>
> ASDM for FWSM is here:
> http://software.cisco.com/download/release.html?mdfid=277413409&softwa
> reid=280775067&release=6.2%283%29F&relind=AVAILABLE&rellifecycle=&relt
> ype=latest
>
> If you mean something else, I'm not sure where you'd find it.  In that
> case, the best bet would be to check with the TAC or your account team.

I normally don't reply to my own posts, but I had another thought after I sent 
this.

If you're referring to a maintenance release of code, I've found one of two 
things to be the case in the past:
1. The TAC needs to make it available for you on request, or...
2. The release you see on CCO is the maintenance release.  For whatever reason, 
Cisco has often been very bad at clearly identifying maintenance/interim 
releases as such on CCO, at least for the FWSM and ASA.  I don't know if it's a 
business unit policy thing or what, but it can make things confusing for 
customers because you're not quite certain you're downloading the version of 
code that has feature or bug fix XYZ, and the image posting date on CCO doesn't 
always help.

jms
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FWSM Maintenance software - where to download from

2013-02-06 Thread Erik Sundberg 
It's not the ASDM software... It's the underlying, I guess you can call it a 
BootROM  software on the blade. You have to reboot the blade in to the 
maintenance software to upgrade the IOS version on the Firewall Services Module.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html
FSWM Configuration Guide says
 You must use maintenance software Release 2.1(2) or later with the FWSM... I 
am currently at 1.1(2).

The advantage of upgrading through the maintenance software is there is two 
Partitions that you can run software from cf:4 and cf:5... It's like having two 
OS's on the same computer and choosing which one to boot. This comes in handy 
when your upgrading from  3.x code to 4.x code... Very easy roll back to the 
old software version.

I could be wrong with everything I just said.. Im learning about the FWSM today.

Still looking for the maintenance software... Think im going to call cisco TAC.

Thanks

Erik


-Original Message-
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin M. Streiner
Sent: Wednesday, February 06, 2013 8:38 PM
To: Cisco-nsp (cisco-nsp@puck.nether.net)
Subject: Re: [c-nsp] FWSM Maintenance software - where to download from

On Wed, 6 Feb 2013, Erik Sundberg wrote:

> Where in cisco's download tool do you download the maintenance software for 
> the Firewall Services Module?
>
> It's not listed under the FWSM Section under the following area
> Switches Campus LAN Switches - Core and Distribution Cisco Catalyst
> 6500 Series Switches Cisco Catalyst 6509-E Switch Cisco Catalyst 6500
> Series Firewall Services Module Firewall Services Module (FWSM)
> Software-4.1(11)
>
> Only the FWSM Image is located here...

Not sure what you mean by maintenance software.  Do you mean ASDM?

ASDM for FWSM is here:
http://software.cisco.com/download/release.html?mdfid=277413409&softwareid=280775067&release=6.2%283%29F&relind=AVAILABLE&rellifecycle=&reltype=latest

If you mean something else, I'm not sure where you'd find it.  In that case, 
the best bet would be to check with the TAC or your account team.

jms
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FWSM Maintenance software - where to download from

2013-02-06 Thread Justin M. Streiner 

On Wed, 6 Feb 2013, Justin M. Streiner wrote:


On Wed, 6 Feb 2013, Erik Sundberg wrote:


 Where in cisco's download tool do you download the maintenance software
 for the Firewall Services Module?

 It's not listed under the FWSM Section under the following area
 Switches
 Campus LAN Switches - Core and Distribution
 Cisco Catalyst 6500 Series Switches
 Cisco Catalyst 6509-E Switch
 Cisco Catalyst 6500 Series Firewall Services Module
 Firewall Services Module (FWSM) Software-4.1(11)

 Only the FWSM Image is located here...


Not sure what you mean by maintenance software.  Do you mean ASDM?

ASDM for FWSM is here:
http://software.cisco.com/download/release.html?mdfid=277413409&softwareid=280775067&release=6.2%283%29F&relind=AVAILABLE&rellifecycle=&reltype=latest

If you mean something else, I'm not sure where you'd find it.  In that case, 
the best bet would be to check with the TAC or your account team.


I normally don't reply to my own posts, but I had another thought after I 
sent this.


If you're referring to a maintenance release of code, I've found one of 
two things to be the case in the past:

1. The TAC needs to make it available for you on request, or...
2. The release you see on CCO is the maintenance release.  For whatever 
reason, Cisco has often been very bad at clearly identifying 
maintenance/interim releases as such on CCO, at least for the FWSM and 
ASA.  I don't know if it's a business unit policy thing or what, but it 
can make things confusing for customers because you're not quite certain 
you're downloading the version of code that has feature or bug fix XYZ, 
and the image posting date on CCO doesn't always help.


jms
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FWSM Maintenance software - where to download from

2013-02-06 Thread Justin M. Streiner 

On Wed, 6 Feb 2013, Erik Sundberg wrote:


Where in cisco's download tool do you download the maintenance software for the 
Firewall Services Module?

It's not listed under the FWSM Section under the following area
Switches
Campus LAN Switches - Core and Distribution
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6500 Series Firewall Services Module
Firewall Services Module (FWSM) Software-4.1(11)

Only the FWSM Image is located here...


Not sure what you mean by maintenance software.  Do you mean ASDM?

ASDM for FWSM is here:
http://software.cisco.com/download/release.html?mdfid=277413409&softwareid=280775067&release=6.2%283%29F&relind=AVAILABLE&rellifecycle=&reltype=latest

If you mean something else, I'm not sure where you'd find it.  In that 
case, the best bet would be to check with the TAC or your account team.


jms
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

2013-02-06 Thread Charles Sprickman 
On Jan 16, 2013, at 2:41 AM, Nikolay Shopik wrote:

> http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html
> 
> cisco.com/go/asr1000 -> data sheets -> Embedded Services Processors Data
> Sheet
> 
> ASR1002-X essentially tightly packeted ESP40+RP2 into 2U.

Sorry to drag this thread back from the dead, but we're not big enough to merit 
attention from the Cisco sales boys, so we have to actually put some effort 
into giving them money.  And the integrators we're dealing with (both for Cisco 
and Juniper) don't seem to really know which parts go with which…  One gave us 
a quote for a Juniper MX5 and an ASR-1002 (not X) with no ESP and presented it 
as if the ASR-1002 could do something without an ESP module installed.

That said, "ASR1002-X essentially tightly packeted ESP40+RP2 into 2U" has me 
confused.  I'm looking at the first URL noted above 
(http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html),
 and while the "integrated" ESP on the 1002-X seems to almost match the ESP-40 
for traffic/Mpps, I see that it can only take 1M IPv4 (or? and? split?) IPv6 
routes.  For something we want to keep around for many years, that feels a 
little bit tight.  We currently take two full views.  I would not be surprised 
if we ended up with 3-4 full views down the road (both IPv4 and IPv6).  

What other limitations might these boxes have when running full bgp views?

What is the relation between the ESP and the number of routes vs. the RP and 
number of routes?  Datasheets for both ESP and RP have a route limitation.

Also, looking at the RP datasheet 
(http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-441072.html),
 it's not clear which RP is included when the RP is integrated (everything 
below the ASR-1004, yes?).  

What does more RAM in the RP buy me?

If I'm reading all these charts right, it looks like the starting point for 
having more than 1M routes is an ASR-1002 with an ESP-20, correct?

Computers are hard.  Let's go shopping!  Oh wait, shopping is hard… 

Thanks all,

Charles

> 
> On 16/01/13 11:08, Charles Sprickman wrote:
>> 
>> On Jan 6, 2013, at 8:14 AM, Nikolay Shopik wrote:
>> 
>>> ESP5 comes with 512K FIB, while ASR1001 which has also ESP5 integrated
>>> have 1M FIB.
>> 
>> I'm still putzing around the Cisco site, where are you finding these 
>> detailed specs?  I'm trapped in some link loop that's only giving me the 
>> most basic specs…
>> 
>> And while I'm here, does anyone have any thoughts on the 1002-X?
>> 
>> Thanks,
>> 
>> Charles
>> 
>>> 
>>> On 06.01.2013 16:26, Robert Hass wrote:
 On Sun, Jan 6, 2013 at 1:16 AM, Scott Pettit  wrote:
> Hmm, perhaps I was incorrect - the old ESP2.5 appears to have been made
> End of Sale since July 2012.  I just checked our ASR and it's showing 5G
> throughput.
> 
> #show platform hardware throughput level
> The current throughput level is 500 kb/s
 
 But my question was about FIB capacity not performance.
 
 512K FIB is not very scale for near future as world BGP table is
 growing all the time.
 
 Rob
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
 
>>> ___
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] FWSM Maintenance software - where to download from

2013-02-06 Thread Erik Sundberg 
Where in cisco's download tool do you download the maintenance software for the 
Firewall Services Module?

It's not listed under the FWSM Section under the following area
Switches
Campus LAN Switches - Core and Distribution
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 6509-E Switch
Cisco Catalyst 6500 Series Firewall Services Module
Firewall Services Module (FWSM) Software-4.1(11)

Only the FWSM Image is located here...


Need the software that goes in cf:1


Thanks in advance!!!

Erik


CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASA limit for number of policies

2013-02-06 Thread Mick O'Rourke 
This link has some detail on maximum connection profiles vs maximum VPN
tunnels

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_groups.pdf

But i didnt see anything looking quickly on group policy - which is what I
assume your referring to by policy?

You've probably heard similar stories over the years about people running 1
to 2 million plus record access list policies on certain ASA models, the
draw back being added latency - for this particular config im thinking
of it was around 7ms from memory.

On Wednesday, 6 February 2013, Skeeve Stevens wrote:

> Hey all,
>
> Anyone know a document that lists how many policies can be created on Cisco
> ASA's - most interested in the 5505 and 5510, but would love a full matrix.
>
> Thanks.
> *
>
> *
> *Skeeve Stevens, CEO - *eintellego Pty Ltd
> ske...@eintellego.net  ; www.eintellego.net
>
> Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellego ;  
> linkedin.com/in/skeeve
>
> twitter.com/networkceoau ; blog: www.network-ceo.net
>
> The Experts Who The Experts Call
> Juniper - Cisco – IBM - Brocade - Cloud
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SIP 400 reload due to power supply issue

2013-02-06 Thread John van Oppen 
Based on looking at that output, I would question if you have all the inputs on 
the power supply hooked up.My recollection (although we mostly use the 
6500s) is that the 2500 watt supplies (producing ~2300 watts) are the biggest 
DC supplies that only take one circuit.   I think the 2700 watt supplies 
require two feeds to reach full output. 


Thanks,
John van Oppen
Spectrum Networks
Direct: 206-973-8302
Main: 206-973-8300


From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] on 
behalf of Francisco López [f...@transtelco.net]
Sent: Friday, February 01, 2013 12:26 PM
To: zaid
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] SIP 400 reload due to power supply issue

You second power supply just have  1319.22 Watts, and you need 1431.36
Watts to operate normally, when your power 1 comes down your power 2 do not
have enough power to run properly.

Best regards.

On Fri, Feb 1, 2013 at 1:09 PM, zaid  wrote:

> Hi
>
> I have 7606 chassis equipped with SIP 400 that reloading from time to time
> due to power supply issue, i don't know why in spite of the available power
> is 1237.74 Watts
>
> show power
> system power redundancy mode = redundant
> system power redundancy operationally = non-redundant
> system power total = 2669.10 Watts (63.55 Amps @ 42V)
> system power used =  1431.36 Watts (34.08 Amps @ 42V)
> system power available = 1237.74 Watts (29.47 Amps @ 42V)
> Power-Capacity PS-Fan Output Oper
> PS   Type   Watts   A @42V Status Status State
>  -- --- -- -- -- -
> 1PWR-2700-DC2669.10 63.55  OK OK on
> 2PWR-2700-DC1319.22 31.41  OK OK on
> Pwr-Allocated  Oper
> Fan  Type   Watts   A @42V State
>  -- --- -- -
> 1FAN-MOD-6SHS180.18  4.29  OK
> Pwr-Requested  Pwr-Allocated  Admin Oper
> Slot Card-Type  Watts   A @42V Watts   A @42V State State
>  -- --- -- --- -- - -
> 1WS-X6724-SFP125.16  2.98   125.16  2.98  onon
> 27600-SIP-200240.24  5.72   240.24  5.72  onon
> 37600-SIP-400265.02  6.31   265.02  6.31  onon
> 5RSP720-3C-GE310.38  7.39   310.38  7.39  onon
> 6(Redundant Sup)   - -  310.38  7.39  - -
>
>
> I have this log also
>
> Feb  1 20:10:43 UTC: %C7600_PWR-SP-4-PSOUTPUTDROP:
> Power supply 1 output has dropped
> Feb  1 20:10:43 UTC: %C7600_PWR-SP-4-UNDERPOWERED:
> insufficient power to operate all FRU   s in system.
> Feb  1 20:10:43 UTC: %C7600_PWR-SP-4-DISABLED: power to
> module in slot 3 set off (FRU-power denied)
>
> Any idea please if the problem with the power supply or the power source .
>
> ZH
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



--


*TRANSTELCO | **Francisco Lopez* | Engineering

MX: +52 (656) 257 - 1106 | US: +1 (915) 217 - 2235
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] No. of vlans supported on 4948

2013-02-06 Thread Mack McBride 
There are other limitations if you are running rapid pvstp vs mstp or HSRP.
pvstp and HSRP are CPU bound processes and can eat a lot of CPU.
If you go too high on the CPU, there will be issues.
Too high is very relative and very specific to an environment.

LR Mack McBride
Network Architect

-Original Message-
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of CiscoNSP_list 
CiscoNSP_list
Sent: Tuesday, February 05, 2013 10:17 PM
To: td_mi...@yahoo.com; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] No. of vlans supported on 4948


 Thanks Tony.
 Date: Tue, 5 Feb 2013 20:46:45 -0800
From: td_mi...@yahoo.com
Subject: Re: [c-nsp] No. of vlans supported on 4948
To: cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net

Not sure whether/how you can see this but it will be 4096 which is from the 
IEEE 802.1Q standard (as well as what the spec docs say). I've run a few 
commands on some 3550/3750 and can't find anything that specifically says how 
many VLANs are supported by the box itself (ie. from a "show" command).

As to whether there are other limitations in how many you can actually 
configure/use at once on this device, I don't know about that.


regards,
Tony.


 
   From: CiscoNSP_list CiscoNSP_list 
 To: "td_mi...@yahoo.com" ; "cisco-nsp@puck.nether.net" 
 
 Sent: Wednesday, 6 February 2013 2:22 PM
 Subject: RE: [c-nsp] No. of vlans supported on 4948
   




 
 
Thanks for the clarification Tony - What is the command to show how many vlans 
the switch supports?
 
 
 
"sh vlan summary" shows how many are used, but not how many are 
supported/available?

 
 
Date: Tue, 5 Feb 2013 19:59:37 -0800
From: td_mi...@yahoo.com
Subject: Re: [c-nsp] No. of vlans supported on 4948
To: cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net

Hi,

That is the number of VLAN's supported by VTP (VLAN trunking protocol), not the 
switch itself.

===
VTP version 1 and version 2 support only 
normal-range VLANs (VLAN IDs 1 to 1005). In these versions, the switch 
must be in VTP transparent mode when you create VLAN IDs from 1006 to 
4094. Cisco IOS Release 12.2(52)SE and later support VTP version 3. VTP 
version 3 supports the entire VLAN range (VLANs 1 to 4094). Extended 
range VLANs (VLANs 1006 to 4094) are supported only in VTP version 3. 
You cannot convert from VTP version 3 to VTP version 2 if extended VLANs
 are configured in the domain. 

===

regards,
Tony.

From: CiscoNSP_list CiscoNSP_list 
 To: "cisco-nsp@puck.nether.net"
  
 Sent: Wednesday, 6 February 2013 1:07 PM
 Subject: [c-nsp] No. of vlans supported on 4948
   





Hi Guys,
 
 
Following doc states that the 4948 supports 4096 vlans:
 
 
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/product_data_sheet0900aecd8017a72e.html
 
 
 
But if I run "sh vtp status" on one of our 4948's it states it only supports 
1005 vlans?
 
 
Feature VLAN:
--
VTP Operating Mode: Transparent
Maximum VLANs supported locally   : 1005
   Cheers. 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


  


  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability

2013-02-06 Thread Cisco Systems Product Security Incident Response Team 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability

Advisory ID: cisco-sa-20130206-ata187

Revision 1.0

For Public Release 2013 February 6 16:00  UTC (GMT)
- --

Summary
===

Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and
9.2.3.1 contain a vulnerability that could allow an unauthenticated,
remote attacker to access the operating system of the affected device.

Cisco has available free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlEScnoACgkQUddfH3/BbTq/hAD8DVT9GUFCPSgQm7ZGjHAEWe5H
7g7Avwpzn0JFaqQViTkA/3HacZozibRdG2RnkQ/RJuJ4iNY0RSK3+u5Qxt/ICspB
=TIrv
-END PGP SIGNATURE-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASA limit for number of policies

2013-02-06 Thread Skeeve Stevens 
Hey all,

Anyone know a document that lists how many policies can be created on Cisco
ASA's - most interested in the 5505 and 5510, but would love a full matrix.

Thanks.
*

*
*Skeeve Stevens, CEO - *eintellego Pty Ltd
ske...@eintellego.net ; www.eintellego.net

Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellego ;  
linkedin.com/in/skeeve

twitter.com/networkceoau ; blog: www.network-ceo.net

The Experts Who The Experts Call
Juniper - Cisco – IBM - Brocade - Cloud
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] End to end keepalive over QinQ provider

2013-02-06 Thread Adam Vitkovsky 
How about running LACP with the 7600 and let the ISP to build just one PW
(pipe) between your two endpoints rather than trying to bundle 2 pipes
yourself. 


L2 end-to-end, Ethernet for that matter has so much potential like any other
type of virtualization. 
It's just a pity that after having it around for so many years it's just
recently becoming mature in its basic functionalities, not speaking about
the advanced stuff like EVPN. 


adam
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chris Evans
Sent: Tuesday, February 05, 2013 8:11 PM
To: Tim Jackson
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] End to end keepalive over QinQ provider

Agreed.. L3 is the answer.. This is actually for a customer of mine that I
consult for, so easier said than done to get them to switch. The provider
can tunnel if it if you pay for the "plus" service which they don't want to
do either..

I haaatttee L2 extensions and curse any company that is helping to bring it
back.. Mainly Cisco and VMWare!!

Thx for the help all!

On Tue, Feb 5, 2013 at 1:41 PM, Tim Jackson  wrote:

> Cisco 7600 won't tunnel LACP.. I wouldn't say strange equipment 
> doesn't do it. Lots of "normal" gear sucks at it. L2PT is bad, and all 
> of the gear is bad (and it should feel bad).
>
> One option would be to buy "cheap" ethenet NIDs that can do L2PT 
> tunneling to uncommon MAC addresses to avoid the underlying equipment 
> from eating the frames. Accedian/Adva/Overture/Probably others can all do
that.
>
> Ethernet CFM could potentially do what you're after, but there's not 
> going to be a built in mechanism to disable a port, or take a port out 
> of the port-channel.
>
> Go L3 instead across your two links.
>
>
> On Tue, Feb 5, 2013 at 12:23 PM, Ross Halliday < 
> ross.halli...@wtccommunications.ca> wrote:
>
> > > -Original Message-
> > > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- 
> > > boun...@puck.nether.net] On Behalf Of Chris Evans
> > > Sent: Tuesday, February 05, 2013 1:19 PM
> > > To: Adam Vitkovsky
> > > Cc: cisco-nsp
> > > Subject: Re: [c-nsp] End to end keepalive over QinQ provider
> > >
> > > I have two paths that I'd like to port-channel. Since they don't
> support
> > > LACP the only thing I can do is do static configuration, but if 
> > > the
> path
> > > of
> > > one of the links takes a hit there is no end to end notifications 
> > > that will cause an interface to go down or be taken out of 
> > > forwarding. With LACP you can do this because the ports will 
> > > debundle. I was hoping that CFM
> would
> > > take the path out of service, but I don't think that is the case.
> > >
> > > Thoughts?
> >
> > You mean the LACP negotiation is eaten by your provider? What kind 
> > of strange equipment/config are they running?
> >
> > UDLD is designed to do what you want - will that function?
> >
> > Cheers
> > Ross
> >
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco 3850 switches

2013-02-06 Thread Francesco Pettene 
You can find lots of details about 3850, 5760 and converged
access on www.ciscolive365.com: registering you can download
full session slides about these subjects.

Kind regards
Francesco
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/