Re: [c-nsp] Configure port to supply PoE only

2016-01-15 Thread Marc Redeker 
Hi,

you could simply use the “protected port” feature.
Devices connected to a Protected port are not able to talk to each other, even 
if they are within the same vlan.

conf t
int gi 0/1
switchport mode access
switchport acess vlan x
switchport protected
spanning-tree portfast

The protected port feature only works local on a switch while private vlans 
could span over multiple switches.

much easier then configure private vlans and should work for your use case just 
fine.

cheers
marc


> On 14 Jan 2016, at 23:56, Ricardo Stella  wrote:
> 
> Hi folks,
> 
> Sorry if this might be a 'stupid' question.  I need to test a wireless mesh
> configuration and the only thing I have available to supply power to the
> access points (PoE+) is a 2960S switch.
> 
> The switch is isolated to the network, but when it seems that when I add
> more than one access point to it, they are 'talking' to each other.  So is
> there a way to configure the ports so that the ports only supply power?
> The moment the second access point is connected and goes up, I start
> getting flapping errors.
> 
> Thanks in advance for your help and apologies if it is indeed a dumb
> question. All I ask is that you minimize your laughs.  :)
> 
> Ricardo.
> 
> --
> °(((=((===°°°(((
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Configure port to supply PoE only

2016-01-15 Thread Marc Redeker 
I understood that this is only a test setup with just one switch involved where 
he wants to connect multiple APs to.
If i got this wrong, my bad and yes, he will need private vlans then.

/marc

> On 15 Jan 2016, at 16:02, Lukas Tribus  wrote:
> 
>> you could simply use the “protected port” feature.
> 
> How so? He would have to configure all the other ports AND the uplink
> in that vlan as protected as well, breaking connectivity for all
> hosts.
> 
> If only the AP port is configured as protected, the switch won't
> do anything different than without "switchport protected" config.
> 
> 
> Lukas



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR1k Port-channel hash algo

2016-01-15 Thread James Jun 
On Fri, Jan 15, 2016 at 09:28:09AM +0200, Mark Tinka wrote:
> 
> This is the only reason I don't use the ASR1000 as an edge router for
> Ethernet hand-offs.
> 
> But if the hand-off is non-Ethernet, the ASR1000 is a great box.
> 
> LAG's are a part of network life, and Juniper have left Cisco trailing
> by yards...
>

Yea, agreed.  As a workaround, I've switched the hand-off to individual L3 
interfaces with ECMP (no problem there).

Regards,
James
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Configure port to supply PoE only

2016-01-15 Thread Lukas Tribus 
> you could simply use the “protected port” feature.

How so? He would have to configure all the other ports AND the uplink
in that vlan as protected as well, breaking connectivity for all
hosts.

If only the AP port is configured as protected, the switch won't
do anything different than without "switchport protected" config.


Lukas 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ibgp on 6509 with sup2?

2016-01-15 Thread Brandon Ewing 
On Thu, Feb 12, 2015 at 11:32:34AM +0200, Mark Tinka wrote:
> Does anyone know whether the 6500/7600 supports BGP-SD? That is one way
> to have the full table in RAM but limit how much of that table is
> downloaded into FIB.
> 
> For any routes that are not in FIB, you can have 0/0 or ::/0 to handle
> that traffic.
> 
> This way, if you have any downstream customers that need a full table
> from your 6500, you can still send it to them even if your FIB is not
> holding the full table.
> 
> Mark.

Confirmed that table-map filter works on 15.1(2)SY6 with a Sup2T, if anyone
else ever stumbles across this thread. Expands the usefulness of the
6840-X-LE switches, or other Sup2T platforms without XL TCAM.

-- 
Brandon Ewing (nicot...@warningg.com)


pgp3iZ1kbDuB5.pgp
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco ASR920-24SZ-IM BVI Feature Limitations

2016-01-15 Thread Darin Herteen 
Greetings,


I'm in the processes of evaluating a ASR920-24SZ-IM for a variety of services 
and I'm struggling to find a definitive list of feature limitations as they 
pertain to BVI interfaces and time constraints aren't going to allow me to lab 
all permutations.


I've reviewed the slide deck from Waris's ASR900 & ASR920 Product Family 
Technical Webinar as well as some other decks I have and as informative as they 
are they are only listing scale.


I've done a quick run using:


http://www.cisco.com/c/en/us/support/routers/asr-920-24sz-im-router/model.html#ConfigurationGuides


And it doesn't appear that any guide on the page touches on BVI/IRB, however I 
continue to search.


Even though I know they are not the same, I'm currently basing what features 
and I can, and cannot offer on a BVI based on a Trident Chipset using a 
A9K-16T/8-B/A9K-40GE-B as it is the lowest scale LC I deal with where I would 
otherwise terminate a customer service on a BVI. 
(http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/interfaces/configuration/guide/hc51xasr9kbook/hc51irb.html)


Anybody know off the top of their head whether this assumption is too 
restrictive and/or inappropriate?


Thanks in advance,


Darin

[http://www.cisco.com/web/fw/i/logo-open-graph.gif]

Configuring Integrated Routing and Bridging - 
Cisco
www.cisco.com
Configuring Integrated Routing and Bridging on the Cisco ASR 9000 Series Router


[http://www.cisco.com/web/fw/i/logo-open-graph.gif]

Cisco ASR 920-24SZ-IM 
Router
www.cisco.com
ASR 920-24SZ-IM Router: Access product specifications, documents, downloads, 
Visio stencils, product images, and community content.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ibgp on 6509 with sup2?

2016-01-15 Thread James Bensley 
On 15 January 2016 at 15:40, Brandon Ewing  wrote:
> On Thu, Feb 12, 2015 at 11:32:34AM +0200, Mark Tinka wrote:
>> Does anyone know whether the 6500/7600 supports BGP-SD? That is one way
>> to have the full table in RAM but limit how much of that table is
>> downloaded into FIB.
>>
>> For any routes that are not in FIB, you can have 0/0 or ::/0 to handle
>> that traffic.
>>
>> This way, if you have any downstream customers that need a full table
>> from your 6500, you can still send it to them even if your FIB is not
>> holding the full table.
>>
>> Mark.
>
> Confirmed that table-map filter works on 15.1(2)SY6 with a Sup2T, if anyone
> else ever stumbles across this thread. Expands the usefulness of the
> 6840-X-LE switches, or other Sup2T platforms without XL TCAM.


Did you confirm it in the global routing table or in a VRF or both?

James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR920-24SZ-IM BVI Feature Limitations

2016-01-15 Thread James Jun 
Hello,

> Even though I know they are not the same, I'm currently basing what features 
> and I can, and cannot offer on a BVI based on a Trident Chipset using a 
> A9K-16T/8-B/A9K-40GE-B as it is the lowest scale LC I deal with where I would 
> otherwise terminate a customer service on a BVI. 
> (http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/interfaces/configuration/guide/hc51xasr9kbook/hc51irb.html)


Can you describe which specific features you're looking for, exactly?

On ASR920, integrated routing & bridging works just fine, that is layer-3 
routed interface off bridge-domain sitting between EFPs and/or VPLS segment.

You just use 'bridge-domain XXX' under service instance, then configure the 
layer-3 interface using 'interface BDI XXX' (instead of BVI on A9K/XR).

Most stuff listed on your ASR9K link should work fine, albeit couple caveats I 
can think of top of my head:

- Last I checked (03.14.00.S), control-plane policing didn't seem to work very 
well.
  Not much of an issue for us, as our 920's mostly do layer-2 backhauls MX/A9K 
boxes.

- Port-channels/bundle as hand-off interfaces isn't a good idea.  Best to use 
individual ports.
  QoS features understandably become limited on the Po; hash algorithm doesn't 
seem to support L4 ports; only src/dst IP pair


Best,
James
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR920-24SZ-IM BVI Feature Limitations

2016-01-15 Thread Darin Herteen 
It's not so much about features I'm looking to implement so much as it is 
possible features I may lose.

Today, some customer Internet access is L2 transported back to a 9010 and 
service is terminated on L3 do1q sub-int.

If I wanted to entertain the idea of deploying a 920 closer to a customer for 
service termination, I'm going to do this on a BVI. 

So I'm looking to know whether or not I can expect to lose ACL, netflow, QoS on 
a 920 BVI the same as I would as a BVI on the Trident based LC's...

Regards,

Darin


From: cisco-nsp  on behalf of James Jun 

Sent: Friday, January 15, 2016 1:01 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco ASR920-24SZ-IM BVI Feature Limitations

Hello,

> Even though I know they are not the same, I'm currently basing what features 
> and I can, and cannot offer on a BVI based on a Trident Chipset using a 
> A9K-16T/8-B/A9K-40GE-B as it is the lowest scale LC I deal with where I would 
> otherwise terminate a customer service on a BVI. 
> (http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/interfaces/configuration/guide/hc51xasr9kbook/hc51irb.html)


Can you describe which specific features you're looking for, exactly?

On ASR920, integrated routing & bridging works just fine, that is layer-3 
routed interface off bridge-domain sitting between EFPs and/or VPLS segment.

You just use 'bridge-domain XXX' under service instance, then configure the 
layer-3 interface using 'interface BDI XXX' (instead of BVI on A9K/XR).

Most stuff listed on your ASR9K link should work fine, albeit couple caveats I 
can think of top of my head:

- Last I checked (03.14.00.S), control-plane policing didn't seem to work very 
well.
  Not much of an issue for us, as our 920's mostly do layer-2 backhauls MX/A9K 
boxes.

- Port-channels/bundle as hand-off interfaces isn't a good idea.  Best to use 
individual ports.
  QoS features understandably become limited on the Po; hash algorithm doesn't 
seem to support L4 ports; only src/dst IP pair


Best,
James
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 1000BASE-ZX/LH multi-manufacturer interconnection

2016-01-15 Thread Livio Zanol Puppim 
Hello everybody! I have a question regarding the interconnection of
equipments of different vendors using 1000BASE-ZX/LH. Since 1000BASE-ZX
isn`t standardized by IEEE, every manufacturer produces it`s own
transceiver with different characteristics.

*So my question is: Can I connect 2 equipments of different manufactures
using their own manufactured transceiver? Will there be a problem in this
connection?*

Imagine connecting a Cisco equipment to a Juniper equipment. The optical
specifications of theirs transceiver are too different:

Cisco 1000BASE-ZX:
Wavelenght Range: 1500 to 1580
Transmit power: +5 to 0
Receive power: -3 to -23


Juniper 1000BASE-LH:
Wavelenght Range: 1460 to 1580
Transmit power: +3 to -3
Receive power: -3 to -20

References:

http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/gigabit-ethernet-gbic-sfp-modules/product_data_sheet0900aecd8033f885.html

http://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/specifications/transceiver-m-mx-t-series-1000base-optical-specifications.html#jd0e383

Thanks in advance!

--
[]'s

Lívio Zanol Puppim
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SUP-2T and Cisco 6513

2016-01-15 Thread Pete Templin 
Almost. 6724s (SFP or GE) will work in slots 1-8; they only use one 
fabric connection.


On 1/14/2016 5:18 PM, Paul wrote:
You are correct with the sup720, the 67xx line cards are only 
supported in slots 9-13.


On 1/13/2016 6:58 AM, Alireza Soltanian wrote:

Hi everybody

We are planning for installing Cisco 6513. Based on my researches, if we
install SUP-2T on this Chassis we will have 80Gbps Fabric Switch 
capacity
(Half-duplex) for each slot. But if we use SUP-720 then we will have 
20Gbps

Fabric Switch capacity for Slots#1-6 and 40Gbps for slots#9-13.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR920 "console" port....ugh

2016-01-15 Thread CiscoNSP List 
Hi everyone,



I see the ASR920 doesnt have the "traditional" console port, but uses 
USBthen you have to install special driver on your Lappy/whatever that 
turns the USB into a "console" port (So you can access it via putty etc.)



While painful(But works), my other issue is with how to solve remote 
DC's/OOBi.e. we currently use Opengears and still a couple of old 2500's 
with the RJ45 ports for the console connections..question is, has anyone 
successfully used a USB->console/RJ45 connector on these devices? (So I would 
still be USB cable from ASR920 -> converter(USB->RJ45?), then rollover cable 
from adapter to Opengear console ports?



Begs the other question...why have Cisco decided to cease using the traditional 
console ports? purely to frustrate users of there equipment? lol



Cheers.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 "console" port....ugh

2016-01-15 Thread Nathan Ward 
> On 16/01/2016, at 20:46, CiscoNSP List  wrote:
> 
> Hi everyone,
> 
> 
> 
> I see the ASR920 doesnt have the "traditional" console port, but uses 
> USBthen you have to install special driver on your Lappy/whatever that 
> turns the USB into a "console" port (So you can access it via putty etc.)
> 
> 
> 
> While painful(But works), my other issue is with how to solve remote 
> DC's/OOBi.e. we currently use Opengears and still a couple of old 2500's 
> with the RJ45 ports for the console connections..question is, has anyone 
> successfully used a USB->console/RJ45 connector on these devices? (So I would 
> still be USB cable from ASR920 -> converter(USB->RJ45?), then rollover cable 
> from adapter to Opengear console ports?
> 
> 
> 
> Begs the other question...why have Cisco decided to cease using the 
> traditional console ports? purely to frustrate users of there equipment? lol

Hi, there is both a USB signalled console port, and an RS232 console. The RS232 
console uses a USB style connector, which is very, very poor. Cisco sell a 
cable that gives you an RJ45 RS232, it’s just wires, no active components in 
there.

I’m not sure I’ve got one handy, but when I do, I can reverse engineer the 
cable for you so you can get the pinout if you like - but I don’t imagine it’d 
be hard to figure out if you’ve got a multimeter, USB connectors only have 4 
pins.

Also, have you got ASR920 rack mount ears? Ever notice that they’re taller than 
1RU because of the folded bits? It’s a pretty bad product from a physical 
design POV.

--
Nathan Ward

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 "console" port....ugh

2016-01-15 Thread Nathan Ward 

> On 16/01/2016, at 20:54, Gert Doering  wrote:
> 
> Hi,
> 
> On Sat, Jan 16, 2016 at 08:50:49PM +1300, Nathan Ward wrote:
>> Hi, there is both a USB signalled console port, and an RS232 console. 
>> The RS232 console uses a USB style connector, which is very, very poor. 
> 
> Is that the "EIA console" port?  On an USB A-type connector?

Yes.

Check out "Figure 1-2 Front Panel of Cisco ASR-920-12CZ-D Router” on this page:
http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide/ASR920_HIG/overview.html

"Console port (TIA/EIA-232F)” is RS232 on a USB connector.
"Auxiliary Console port” is also RS232 on a USB connector.

The only USB signalled ports are down the other end of the router.

>> Cisco sell a cable that gives you an RJ45 RS232, it???s just wires, no 
>> active components in there.
> 
> From the description I assumed that this would be some sort of standard
> USB RS232 cable, but what you write scares me deeply…

Yeah, it’s naff. Really, really, naff.

--
Nathan Ward


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 "console" port....ugh

2016-01-15 Thread Gert Doering 
Hi,

On Sat, Jan 16, 2016 at 08:50:49PM +1300, Nathan Ward wrote:
> Hi, there is both a USB signalled console port, and an RS232 console. 
> The RS232 console uses a USB style connector, which is very, very poor. 

Is that the "EIA console" port?  On an USB A-type connector?

> Cisco sell a cable that gives you an RJ45 RS232, it???s just wires, no active 
> components in there.

From the description I assumed that this would be some sort of standard
USB RS232 cable, but what you write scares me deeply...

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/