Re: [c-nsp] SRB4 (was RE: SRC2?)
hi, i'm running SRB4 on WS-SUP720-3BXL & WS-F6700-DFC3CXL linecards. i was running SRB2, hit some BUGs and had to option: 1. upgrade to SRB4 2. downgrade to SRA7 (change DFC3CXL linecards) i went for option 1. and everything is working fine now except my logs are full of these lines: Aug 29 09:45:59 EETDST: %DIAG-SP-3-TEST_SKIPPED: Module 7: TestFabricFlowControlStatus{ID=33} is skipped Aug 29 09:46:01 EETDST: %DIAG-SP-3-TEST_SKIPPED: Module 7: TestFabricFlowControlStatus{ID=33} is skipped [...] 72 Supervisor Engine 720 (Hot)WS-SUP720-3BXL SAL09412THT 82 Supervisor Engine 720 (Active) WS-SUP720-3BXL SAL09368YPZ [...] i'm not worried (yet) because cisco says: = %DIAG-3-TEST_SKIPPED (x1): [chars]: [chars]{ID=[dec]} is skipped Explanation: The specified diagnostic test cannot be run. Recommended Action: None. Although the test cannot be run, this message does not indicate a problem. = or = %DIAG-3-TEST_SKIPPED (x0): [chars]: [chars]{ID=[dec]} is skipped Explanation: This message indicates that the diagnostic test cannot be run. Recommended Action: No action is required. The system is working properly. = but i had to filter these lines from my logs. i'm running BGP (full bgp table), MPLS, OSPF, MULTICAST on this router. so i'm pretty pleased with SRB4 until now. -- liviu. On Wed, 2008-08-13 at 14:58 +0200, Tomas Daniska wrote: > speaking of the releases... is anyone running SRB4 in production yet? > > cheers > > -- > > deejay > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > > [EMAIL PROTECTED] On Behalf Of Mark Tinka > > Sent: 13 August 2008 14:04 > > To: cisco-nsp@puck.nether.net > > Subject: Re: [c-nsp] SRC2? > > > > On Tuesday 12 August 2008 23:32:42 Chris Griffin wrote: > > > > > Anyone know when 12.2(33)SRC2 is supposed to be released, > > > specifically for the 7600. I had heard by the end of > > > July, but so far no release. > > > > Same here... heard it was meant to be mid-July, but nothing > > yet. > > > > Having waited this long, it'll come when it comes, I > > guess :-). > > > > Cheers, > > > > Mark. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multicast NOT in HW on 7600
hi Phil, because R2 is not part of the NEW TOPOLOGY, R1 and R2 are not PIM neighbors anymore. [...] R1#sh run | inc ^ip (pim|multi) ip multicast-routing ip multicast-routing vrf XXX ip pim ssm range multicast-mdt R1#sh run int Vlan10 interface Vlan10 description XXX mtu 9216 ip address XXX no ip redirects no ip unreachables no ip proxy-arp ip mtu 1524 ip pim sparse-mode load-interval 30 mpls mtu 1542 mpls ip end R2#sh run | inc ^ip (pim|multi) ip multicast-routing ip pim ssm range multicast-mdt R2#sh run int Vlan10 interface Vlan10 description XXX mtu 9216 ip address XXX no ip redirects no ip unreachables no ip proxy-arp ip mtu 1524 ip pim sparse-mode load-interval 30 mpls mtu 1542 mpls ip end [...] i issue the command "mls ip multicast" AGAIN on R2 and it looks like this solved my problem. BEFORE - R2#sh mls ip multicast summary 0 MMLS entries using 0 bytes of memory Number of partial hardware-switched flows: 0 Number of complete hardware-switched flows: 0 Directly connected subnet entry install is enabled Current mode of replication is Egress Auto-detection of replication mode is enabled Consistency checker is enabled Bidir gm-scan-interval: 10 R2#sh mls ip multicast statistics MLS Multicast configuration and state: Counters last cleared Never Router Mac001b.0de6.7b80 MLS multicast operating state IDLE Layer 3 Switching H/W VersionPFC III+ Maximum number of allowed outstanding message 20 Maximum size reached from feQ 0 Maximum size reached from screq 2 Feature Notification sent (simple/rtr-mac)0/0 Feature Notification Ack received 0 Unsolicited Feature Notification received 0 MSM sent/Received 0/0 Delete notifications received 0 sgc oif delete notifications received 0 Flow Statistics messages received 0 Restart Notification messages received0 Cleanup Send/Resp-rx seq number 0/0 AFTER: --- R2#sh mls ip multicast summary 0 MMLS entries using 0 bytes of memory Number of partial hardware-switched flows: 0 Number of complete hardware-switched flows: 0 Directly connected subnet entry install is enabled Hardware shortcuts for mvpn mroutes supported ^ Current mode of replication is Egress Auto-detection of replication mode is enabled Consistency checker is enabled Bidir gm-scan-interval: 10 R2#sh mls ip multicast statistics MLS Multicast configuration and state: Counters last cleared Never Router Mac001b.0de6.7b80 MLS multicast operating state ACTIVE SCB RetryQ size 1 Layer 3 Switching H/W VersionPFC III Maximum number of allowed outstanding message 20 Maximum size reached from feQ 0 Maximum size reached from screq 2 Feature Notification sent (simple/rtr-mac)1/2 Feature Notification Ack received 3 Unsolicited Feature Notification received 0 MSM sent/Received 0/0 Delete notifications received 0 sgc oif delete notifications received 0 Flow Statistics messages received 0 Restart Notification messages received0 Cleanup Send/Resp-rx seq number 0/0 couple of years ago, because of the number of mac-addresses or unicast routes (depends on SDM profile), at a certain moment, 3750-ME did all the routing in software (CEF disable) and "ip cef distributed" reactivate CEF and hardware routing. looks the same to me on 7600 with multicast but in this case i don't know what is the trigger. i'll keep digging. -- liviu. On Thu, 2008-08-21 at 09:45 +0100, Phil Mayers wrote: > Something is configured wrong somewhere. Can you supply the output of: > > sh run | inc ^ip (pim|multi) > sh run int Vlan10 > sh ip pim int > sh ip pim nei > sh ip rpf SOURCEIP > > ...on both R1 and R2? > > It sounds to me as if R2 isn't correctly configured as an RP, or isn't > able to send the PIM joins which would push things down into hardware - > the initial packets to the RP are always in software, so that's normal, > but it's not normal for the traffic to be continually CPU-punted. > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] multicast NOT in HW on 7600
hi i have a multicast problem in the following topology; TOPOLOGY: Msource -> R1(SVI 10) ---trunk--- (SVI 10) R2 ---routed--- R3 ..Rn ... Receiver - R1(7613), R2(7609), R(7613) / IOS SRA3 / WS-SUP720-3BXL - 10G link between them in WS-X6704-10GE linecards with DFC - trunk between R1 and R2, link routed between R2 and R3 - SVI 10 has "ip pim sparse-mode" and "mpls ip" so R1 is PE router and R2,R3 ...Rn are P routers. - routed links between P routers has "ip pim sparse-mode" and "mpls ip" - Msource (multicast source) interface from R1(routed) is configured in vrf XXX - BGP address-family ipv4 mdt configured on R1 (and all other PE) PROBLEM: all multicast traffic goes to RP on R2 (is software processed), CPU load increase, etc ... although all 76xx (P routers) are identically configured (regarding multicast), on R2 (the one with the problem) we could NOT see this line: P-router#sh mls ip multicast summary | i mvpn Hardware shortcuts for mvpn mroutes supported WORKAROUND: Suspecting that "ip pim" on SVI might be the problem, i've changed the topology with a routed link between R1 and R3 and the problem was solved. NEW TOPOLOGY: Msource -> R1 ---routed--- R3 ..Rn ... Receiver Unfortunatelly, i could not afford to change the link between R1 and R2 from trunk to routed and keep R2 with multicast traffic flowing through it. Have anybody of you ever experienced the same ? Any advice ? thank you, liviu. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] eompls with different vlans at the ends
hello, i wanted a confirmation that "bpdu filter" and "disabling STP" are the only choices for this setup. thanks, liviu. On Wednesday 16 May 2007 14:52, Oliver Boehmer (oboehmer) wrote: > don't think you can filter BPDUs on the PE if you're using this type of > setup (you might be able to do if you used SVI/Vlan-based eompls, i.e. > with an interface Vlan and bpdu filter/mac-acl), so you need to address > this PVID inconsistency issue on the CE, either by disabling STP for the > Vlan (as you already suggested), or by enabling BPDU fulter on the CE > switches, which looks like a better option. > > oli > > [EMAIL PROTECTED] <> wrote on Wednesday, May 16, 2007 12:40 PM: > > hello, > > > > did everybody use the same vlan id on both ends of the "vlan based > > eompls tunnel" ? is anyone here that use different vlans, who can > > give me an answer to my question ? > > > > thanks, > > liviu. > > > > On Tuesday 15 May 2007 15:34, [EMAIL PROTECTED] wrote: > >> hello, > >> > >> topology: > >> Host1 --> switches -->PE --eompls--PE <-- switches <- Host2 > >> > >> config PE (7604 sup 720 / IOS SRA3): > >> subinterface + encapulation dot1q vlan X + xconnect (MUX-UNI) > >> > >> problem: > >> if vlan X for Host1 is different then vlan X for Host 2, on the first > >> switch connected directly to PE we will have STP bloking state at > >> VlanX. > >> > >> questions: > >> is there a possibility to solve that, except "spann disable on vlan > >> X" > >> or "spann bpdu filter enable" on switches, or the same vlan X on > >> both ends ? can i filter somehow bpdu throught the eompls tunnel ? > >> > >> thank you, > >> liviu. > >> ___ > >> cisco-nsp mailing list cisco-nsp@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] eompls with different vlans at the ends
hello, did everybody use the same vlan id on both ends of the "vlan based eompls tunnel" ? is anyone here that use different vlans, who can give me an answer to my question ? thanks, liviu. On Tuesday 15 May 2007 15:34, [EMAIL PROTECTED] wrote: > hello, > > topology: > Host1 --> switches -->PE --eompls--PE <-- switches <- Host2 > > config PE (7604 sup 720 / IOS SRA3): > subinterface + encapulation dot1q vlan X + xconnect (MUX-UNI) > > problem: > if vlan X for Host1 is different then vlan X for Host 2, on the first > switch connected directly to PE we will have STP bloking state at VlanX. > > questions: > is there a possibility to solve that, except "spann disable on vlan X" > or "spann bpdu filter enable" on switches, or the same vlan X on both ends > ? can i filter somehow bpdu throught the eompls tunnel ? > > thank you, > liviu. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] eompls with different vlans at the ends
hello, topology: Host1 --> switches -->PE --eompls--PE <-- switches <- Host2 config PE (7604 sup 720 / IOS SRA3): subinterface + encapulation dot1q vlan X + xconnect (MUX-UNI) problem: if vlan X for Host1 is different then vlan X for Host 2, on the first switch connected directly to PE we will have STP bloking state at VlanX. questions: is there a possibility to solve that, except "spann disable on vlan X" or "spann bpdu filter enable" on switches, or the same vlan X on both ends ? can i filter somehow bpdu throught the eompls tunnel ? thank you, liviu. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP and full traffic overload
hello, what type of L3 switches / routers do you use (paste here IOS too) ? what are the intervals that the BGP session goes up and down ? are you 100% sure the problem is generated because of the overloaded link ? paste here please the output of the command: "sh ip bgp nei " for both neighbors. do you have a CPU graph for your devices ? what value is the CPU load when sessions goes down ? what about system MTU on both devices and MTU on the neighbors interfaces ? we wait for more details to help you further, -- liviu. - Original Message - From: "Donato Dunguihual" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 11:38 PM Subject: [c-nsp] BGP and full traffic overload > Hi, > > I have a bgp peering over full traffic overload link, the bgp session > up and down frequently. I think that is for traffic overload .I'm > looking for a way to reserve > a minimal bandwidth for bgp messages,. QOS or SPD are two options. > Does anybody knows how to configure this for another way? > > > Thank You > Donato > > > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 2960 QOS issue
hello dimuthu, assure that "QoS ip packet dscp rewrite is enabled" (global config) and you'll see that your policy-map is marking your ftp traffic; you can see that with a port monitor configured with source uplink port (Gi0/24) TX or "sh mls qos interface Gi0/24 statistics" at "dscp: outgoing" field. BUT you will not see any matches at "sh mls qos interface Gi0/1 statistics" for DSCP 40 nor at "sh ip access list 133"; P.S. - i use IOS "c2960-lanbase-mz.122-25.FX.bin" -- liviu. - Original Message - From: "Dimuthu Parussalla" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 2:04 AM Subject: [c-nsp] Cisco 2960 QOS issue > Hi All, > > I am having trouble marking packets on a ingress interface. It seems like > policy doesn't mark the traffic related to access list. I have a test > access > list set to mark DSCP 40 on all the ftp traffic. I can't even see matching > traffic to my access list via sh acceess-lists. > > What I am doing wrong?. > > > Regards > Dimuthu > > > > > Configurations: > > mls qos > ! > > class-map match-any test > match access-group 133 > > > policy-map mark-i > class test > set dscp cs5 > > interface GigabitEthernet0/1 > service-policy input mark-i > ! > interface GigabitEthernet0/2 > mls qos trust dscp > ! > interface GigabitEthernet0/3 > mls qos trust dscp > > > > access-list 133 permit tcp any any eq ftp > access-list 133 permit tcp any eq ftp any > > > Diagnostic outputs: > > sh policy-map int g0/1 > GigabitEthernet0/1 > > Service-policy input: mark-i > >Class-map: test (match-any) > 0 packets, 0 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: access-group 133 >0 packets, 0 bytes >5 minute rate 0 bps > >Class-map: class-default (match-any) > 0 packets, 0 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: any >0 packets, 0 bytes >5 minute rate 0 bps > > > #sh mls qos interface g0/1 sta > GigabitEthernet0/1 > > dscp: incoming > --- > > 0 - 4 : 16620250000 > 5 - 9 : 00000 > 10 - 14 : 00000 > 15 - 19 : 00000 > 20 - 24 : 00000 > 25 - 29 : 00000 > 30 - 34 : 00000 > 35 - 39 : 00000 > 40 - 44 : 00000 > 45 - 49 : 00000 > 50 - 54 : 00000 > 55 - 59 : 00000 > 60 - 64 : 0000 > dscp: outgoing > --- > > 0 - 4 : 22362120000 > 5 - 9 : 00000 > 10 - 14 : 00000 > 15 - 19 : 00000 > 20 - 24 : 00000 > 25 - 29 : 00000 > 30 - 34 : 00000 > 35 - 39 : 00000 > 40 - 44 : 00000 > 45 - 49 : 00000 > 50 - 54 : 00000 > 55 - 59 : 00000 > 60 - 64 : 0000 > cos: incoming > --- > > 0 - 4 : 16770640000 > 5 - 7 : 000 > cos: outgoing > --- > > 0 - 4 : 22398410000 > 5 - 7 : 00 708 > Policer: Inprofile:0 OutofProfile:0 > > > #sh access-lists > Standard IP access list 22 >10 permit 192.168.1.0, wildcard bits 0.0.0.255 > Extended IP access list 132 >10 permit tcp any any eq 19100 >20 permit tcp any eq 19100 any > Extended IP access list 133 >10 permit tcp any any eq ftp >20 permit tcp any eq ftp any > Extended MAC access list jb >permit host 0017.31f2.33b8 any >permit any host 0017.31f2.33b8 > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether
Re: [c-nsp] multicast filter / one way - solved
hello, i've changed R2 from 3550 to 3560 and that solved the problem. R2 - 3560 - c3560-advipservicesk9-mz.122-25.SEE3.bin i'm pretty sure this is a bug. -- liviu. On Saturday 28 April 2007 22:44, Liviu Pislaru wrote: > hello, > > i have the topology: > R1 (SVI 460) PE (SVI460/xconnect) EoMPLSPE (SVI460/xconnect) > R2 (SVI 460) > > R1 - 7613 - s72033-advipservicesk9_wan-mz.122-33.SRA3.bin > R2 - 3550 - c3550-ipservicesk9-mz.122-25.SEE.bin > PE - 3750-ME (both) - c3750me-i5k91-mz.122-25.SEG1.bin > > i can't establish OSPF between R1(x.x.x.61/30) and R2(x.x.x.62/30) because > hello packets sent by R2 are not received by R1: > > - both interfaces Vlan 460 are up & runn with only one primary /30 ip > address. - ospf area number is 1 (on both R1 and R2) > - no stub or nssa area > - hello and dead timer values are the same > - ospf enabled on both interfaces SVI 460 of R1 and R2 > - no acl, no multicast filtering on switchports > > R1#sh ip ospf interface vlan 460 | i Hello > Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 > Hello due in 00:00:03 > > R2#sh ip ospf interface vlan 460 | i Hello > Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 > Hello due in 00:00:07 > > R1# debug ip ospf hello > Apr 28 22:26:21 EETDST: OSPF: Send hello to 224.0.0.5 area 1 on Vlan460 > from x.x.x.62 Apr 28 22:26:31 EETDST: OSPF: Send hello to 224.0.0.5 area 1 > on Vlan460 from x.x.x.62 Apr 28 22:26:41 EETDST: OSPF: Send hello to > 224.0.0.5 area 1 on Vlan460 from x.x.x.62 > > R2# debug ip ospf hello > Apr 28 22:26:21 EETDST: OSPF: Send hello to 224.0.0.5 area 1 on Vlan460 > from x.x.x.62 Apr 28 22:26:25 EETDST: OSPF: Rcv hello from x.x.x.61 area 1 > from Vlan460 x.x.x.61 Apr 28 22:26:25 EETDST: OSPF: End of hello processing > > > > R1# ping 224.0.0.5 > Reply to request 0 from x.x.x.62, 16 ms > (R1 send multicast, R2 receive multicast and respond unicast) > > R2# ping 224.0.0.5 > (no answer because R2 send multicast but R1 doesn't receive it) > > does anyone experienced this ? > it is possible that some how multicast be filtered only one way ? > > p.s. - with the same config on all devices but IOS > c3550-i5q3l2-mz.121-22.EA2.bin on R2, R2 hadn't been sending any hello > packet. > > > -- > liviu. > > > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] multicast filter / one way
hello, i have the topology: R1 (SVI 460) PE (SVI460/xconnect) EoMPLSPE (SVI460/xconnect) R2 (SVI 460) R1 - 7613 - s72033-advipservicesk9_wan-mz.122-33.SRA3.bin R2 - 3550 - c3550-ipservicesk9-mz.122-25.SEE.bin PE - 3750-ME (both) - c3750me-i5k91-mz.122-25.SEG1.bin i can't establish OSPF between R1(x.x.x.61/30) and R2(x.x.x.62/30) because hello packets sent by R2 are not received by R1: - both interfaces Vlan 460 are up & runn with only one primary /30 ip address. - ospf area number is 1 (on both R1 and R2) - no stub or nssa area - hello and dead timer values are the same - ospf enabled on both interfaces SVI 460 of R1 and R2 - no acl, no multicast filtering on switchports R1#sh ip ospf interface vlan 460 | i Hello Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:03 R2#sh ip ospf interface vlan 460 | i Hello Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07 R1# debug ip ospf hello Apr 28 22:26:21 EETDST: OSPF: Send hello to 224.0.0.5 area 1 on Vlan460 from x.x.x.62 Apr 28 22:26:31 EETDST: OSPF: Send hello to 224.0.0.5 area 1 on Vlan460 from x.x.x.62 Apr 28 22:26:41 EETDST: OSPF: Send hello to 224.0.0.5 area 1 on Vlan460 from x.x.x.62 R2# debug ip ospf hello Apr 28 22:26:21 EETDST: OSPF: Send hello to 224.0.0.5 area 1 on Vlan460 from x.x.x.62 Apr 28 22:26:25 EETDST: OSPF: Rcv hello from x.x.x.61 area 1 from Vlan460 x.x.x.61 Apr 28 22:26:25 EETDST: OSPF: End of hello processing R1# ping 224.0.0.5 Reply to request 0 from x.x.x.62, 16 ms (R1 send multicast, R2 receive multicast and respond unicast) R2# ping 224.0.0.5 (no answer because R2 send multicast but R1 doesn't receive it) does anyone experienced this ? it is possible that some how multicast be filtered only one way ? p.s. - with the same config on all devices but IOS c3550-i5q3l2-mz.121-22.EA2.bin on R2, R2 hadn't been sending any hello packet. -- liviu. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP received-routes
hello, it seems like you are talking about eBGP; one possible scenario for your case is that you don't have an entry in RIB for next-hop AA.AA.AA.16 (for example because on neighbor router AA.AA.AA.1 the subnet used for your BGP connection is secondary on a SVI interface) and also have configured command "soft-reconfiguration inbound" on your side. plese provide as more details about the BGP configuration. -- liviu. - Original Message - From: "Dmitry Kiselev" <[EMAIL PROTECTED]> To: Sent: Saturday, April 28, 2007 11:23 AM Subject: [c-nsp] BGP received-routes > Hello! > > I see strange behaviour with BGP updates on my 7600/sup720 > runing 12.2(18)SXF7 IOS. Seems update message received from BGP > neighbor stored in received-routes but failed to enter actual > RIB. It is very good seen by tracking next-hop attribute: > > > 7600-12.2(18)SXF7#sh ip bgp XX.XX.XX.0/22 > > BGP routing table entry for XX.XX.XX.0/22, version 3021883 > Paths: (12 available, best #9, table Default-IP-Routing-Table) > Advertised to update-groups: > 4 10 > ... > 111 222 333 >AA.AA.AA.16 from AA.AA.AA.1 (AA.AA.AA.1) > Origin IGP, localpref 150, valid, external, best > 111 222 333, (received-only) >AA.AA.AA.14 from AA.AA.AA.1 (AA.AA.AA.1) > Origin IGP, localpref 100, valid, external > ... > > > Just "clear in" command fix the issue: > > > 7600-12.2(18)SXF7#clear ip bgp AA.AA.AA.1 in > > 7600-12.2(18)SXF7#sh ip bgp XX.XX.XX.0/22 > BGP routing table entry for XX.XX.XX.0/22, version 3022271 > Paths: (12 available, best #9, table Default-IP-Routing-Table) > Advertised to update-groups: > 4 10 > ... > 111 222 333 >AA.AA.AA.14 from AA.AA.AA.1 (AA.AA.AA.1) > Origin IGP, localpref 150, valid, external, best > 111 222 333, (received-only) >AA.AA.AA.14 from AA.AA.AA.1 (AA.AA.AA.1) > Origin IGP, localpref 100, valid, external > ... > > A quick seek on cisco.com/google does not provide any cluefull info :( > Bug is stable and repeatable with few other prefixes at least from two > separate neighbors. > > Any ideas? Which additional info needed? > > > -- > Dmitry Kiselev > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Catalyst 6500 switchport input drops
hello, this document might help you: http://www.cisco.com/warp/public/63/queue_drops.html#topic2 -- liviu. - Original Message - From: "Matt Ryan" <[EMAIL PROTECTED]> To: Sent: Monday, April 23, 2007 8:21 PM Subject: [c-nsp] Catalyst 6500 switchport input drops > Seeing a large number of drops on a switchport interface without any > obvious > reason (no errors, buffer misses, CPU load etc): > > Router#sh int fa2/2 > FastEthernet2/2 is up, line protocol is up (connected) > Hardware is C6k 100Mb 802.3, address is 0004.de84.1431 (bia > 0004.de84.1431 > ) > MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, > reliability 255/255, txload 1/255, rxload 1/255 > Encapsulation ARPA, loopback not set > Keepalive set (10 sec) > Full-duplex, 100Mb/s > input flow-control is off, output flow-control is unsupported > ARP type: ARPA, ARP Timeout 04:00:00 > Last input never, output 18w2d, output hang never > Last clearing of "show interface" counters never > Input queue: 0/2000/1158238/0 (size/max/drops/flushes); Total output > drops: 0 > Queueing strategy: fifo > Output queue: 0/40 (size/max) > 5 minute input rate 128000 bits/sec, 113 packets/sec > 5 minute output rate 2000 bits/sec, 2 packets/sec > 943186717 packets input, 180091004357 bytes, 0 no buffer > Received 126945712 broadcasts (22133563 multicasts) > 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 watchdog, 0 multicast, 0 pause input > 0 input packets with dribble condition detected > 47163411 packets output, 7169043006 bytes, 0 underruns > 0 output errors, 0 collisions, 4 interface resets > 0 babbles, 0 late collision, 0 deferred > 0 lost carrier, 0 no carrier, 0 PAUSE output > 0 output buffer failures, 0 output buffers swapped out > > Router#sh int fa2/2 counters errors > > PortAlign-ErrFCS-Err Xmit-ErrRcv-Err UnderSize > OutDiscards > Fa2/2 0 0 0 0 0 > 0 > > Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts > Giants > Fa2/2 0 0 0 0 0 > 0 0 > > Port SQETest-Err Deferred-Tx IntMacTx-Err IntMacRx-Err Symbol-Err > Fa2/20 000 0 > > Any idea's what else to look for? > > > > Matt. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Traffic generator
hello, pktgen module included in the Linux kernel. ... Network Testing ---> Packet Generator -- liviu. - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Friday, April 20, 2007 11:31 PM Subject: [c-nsp] Traffic generator Hi, I´d like to stress some our links. Does anyone know a free traffic generator? At. LUIZ PAULO MAIA Gerência de Redes e Telecomun / ATOS ORIGIN SERVIÇOS DE TECNOLOGIAINFORM LIGHT S.E.S.A. / [EMAIL PROTECTED] / 55-21-8119-5683 >O conteúdo desta mensagem e seus anexos constitui informação confidencial. >O seu uso, > divulgação, reprodução e/ou cópia são proibidos. Caso não seja o > destinatário da mesma, > favor devolvê-la para o remetente e apagá-la em seguida. > > This message is intended only for the individual organization to which it > is addressed and > contains confidential or privileged information. Any retransmission, > dissemination or other > use of this information by anyone other than the intended recipient is > prohibited. If you are > not the intended recipient please reply to or forward a copy of this > message to the sender > and delete the message. > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500: another eompls problem
hello, first of all, i think the error "INTERFACE_API-4-TBLERROR" doesn't have anything in common with "SPANTREE-2-RECV_PVID_ERR"; because you use different VLANs at the ends of the EoMPLS tunnel and the BPDUs with vlan id 812 are encapsulated through the EoMPLS tunnel and decapsulated in vlan 4093, the port of the next switch that connects to Port-channel23.4093 will be put in STP bloking state and the end-to-end traffic will fail even if the EoMPLS tunnel is still UP. when you get "Apr 19 20:03:29.356 MSD: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 812 on Port-channel23 VLAN4093" go to the switches that connects to Po42.812 and Po23.4023 and type: "sh spanning-tree blockedports" and you will see the port in STP blocking state. One workaround is to use the same VLANs on both ends. The second is to use "spanning-tree bpdufilter enable" on Port-channel ports (on PE) or to disable spanning-tree on PE, but be sure your topology is l2 loop free. If your topology permits to establish port-based EoMPLS or VLAN based (with SVI) with the clients directlly connected to the PE, this will be the third workaround. I'm sure there are others config tricks that you can use but i've only tested the three above. -- liviu. - Original Message - From: "Alexandre Snarskii" <[EMAIL PROTECTED]> To: "Cisco-NSP Mailing List" Sent: Thursday, April 19, 2007 7:32 PM Subject: [c-nsp] 6500: another eompls problem > > Hi! > > Router in question is 6500, IOS 12.2(33)SRA1. > > We have a plenty of mux-uni eompls vc's, configured just "by the book": > > interface Port-channel42.812 > encapsulation dot1Q 812 > xconnect XX.XXX.XXX.XX 812 encapsulation mpls > > Today, while adding another one, > > interface Port-channel23.4093 > encapsulation dot1Q 4093 > xconnect XX.XXX.XXX.XX 4093 encapsulation mpls > > we faced strange problem: > > a) New vc got blocked by spanning-tree on far side of etherchannel: > > Apr 19 20:03:29.356 MSD: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with > inconsistent peer vlan id 812 on Port-channel23 VLAN4093. > > b) Even worse: old vc (812) stopped functioning - while we saw > mac-addresses > from downstream on switch, terminating Portchannel42, but no mac-addresses > were learned from eompls side.. Instead, we saw packets which should > be forwarded to vc 812 (po42.812) appeared on vc 4093 (po23.4093).. > > Well, after deleting new vc, and re-creating old one (no int po42.812/ > int po42.812) everything returned back to work. But, next try to > configure new vc failed with the same reason.. > > Interesting note: when deleting new vc (no int po42.4093) next message > appeared in log: > Apr 19 20:03:54.321 MSD: %INTERFACE_API-4-TBLERROR: A error occurred while > using the Index Table utility for Element Deletion. > -Traceback= 41B38B88 41B41B04 41B4C3AC 404B7D74 404D964C 40F9B78C 40F9B778 > > So, i'm suppose that there is some another bug.. > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500: another eompls problem
hello, first of all, i think the error "INTERFACE_API-4-TBLERROR" doesn't have anything in common with "SPANTREE-2-RECV_PVID_ERR"; because you use different VLANs at the ends of the EoMPLS tunnel and the BPDUs with vlan id 812 are encapsulated through the EoMPLS tunnel and decapsulated in vlan 4093, the port of the next switch that connects to Port-channel23.4093 will be put in STP bloking state and the end-to-end traffic will fail even if the EoMPLS tunnel is still UP. when you get "Apr 19 20:03:29.356 MSD: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 812 on Port-channel23 VLAN4093" go to the switches that connects to Po42.812 and Po23.4023 and type: "sh spanning-tree blockedports" and you will see the port in STP blocking state. One workaround is to use the same VLANs on both ends. The second is to use "spanning-tree bpdufilter enable" on Port-channel ports (on PE) or to disable spanning-tree on PE, but be sure your topology is l2 loop free. If your topology permits to establish port-based EoMPLS or VLAN based (with SVI) with the clients directlly connected to the PE, this will be the third workaround. I'm sure there are others config tricks that you can use but i've only tested the three above. -- liviu. - Original Message - From: "Alexandre Snarskii" <[EMAIL PROTECTED]> To: "Cisco-NSP Mailing List" Sent: Thursday, April 19, 2007 7:32 PM Subject: [c-nsp] 6500: another eompls problem > > Hi! > > Router in question is 6500, IOS 12.2(33)SRA1. > > We have a plenty of mux-uni eompls vc's, configured just "by the book": > > interface Port-channel42.812 > encapsulation dot1Q 812 > xconnect XX.XXX.XXX.XX 812 encapsulation mpls > > Today, while adding another one, > > interface Port-channel23.4093 > encapsulation dot1Q 4093 > xconnect XX.XXX.XXX.XX 4093 encapsulation mpls > > we faced strange problem: > > a) New vc got blocked by spanning-tree on far side of etherchannel: > > Apr 19 20:03:29.356 MSD: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with > inconsistent peer vlan id 812 on Port-channel23 VLAN4093. > > b) Even worse: old vc (812) stopped functioning - while we saw > mac-addresses > from downstream on switch, terminating Portchannel42, but no mac-addresses > were learned from eompls side.. Instead, we saw packets which should > be forwarded to vc 812 (po42.812) appeared on vc 4093 (po23.4093).. > > Well, after deleting new vc, and re-creating old one (no int po42.812/ > int po42.812) everything returned back to work. But, next try to > configure new vc failed with the same reason.. > > Interesting note: when deleting new vc (no int po42.4093) next message > appeared in log: > Apr 19 20:03:54.321 MSD: %INTERFACE_API-4-TBLERROR: A error occurred while > using the Index Table utility for Element Deletion. > -Traceback= 41B38B88 41B41B04 41B4C3AC 404B7D74 404D964C 40F9B78C 40F9B778 > > So, i'm suppose that there is some another bug.. > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How to monitor BGP sessions
hello robert, you can try to obtain automatically (with the same monitoring script) neighbors ip adresses (ipv4 or ipv6); EXAMPLE (perl): - you have router X with the ip adress $iprouter: $comm=""; # put here your own password $oid="1.3.6.1.2.1.15.3.1.7"; ($session,$error) = Net::SNMP->session( -timeout=> 2, -retries=> 1, -hostname => "$iprouter", -community => "$comm", if (!defined($session)) { print "Error fetching informations from $iprouter: $error\n"; exit(-1); } $result = $session->get_table(-baseoid => $oid); %all = %{$result}; @ktmp=keys %all; foreach (@ktmp) { $remote_peer=$result->{$_}; print "$remote_peer\n"; } even if you have IPV6 neighbors on the router, $remote_peer will be printed IPV4 style and you can combine it later with others OIDs: (for example) $oid_as="1.3.6.1.2.1.15.3.1.9.$remote_peer" $oid_lpeer="1.3.6.1.2.1.15.3.1.5.$remote_peer" $oid_state="1.3.6.1.2.1.15.3.1.2.$remote_peer" 1 -> Idle 2 -> Connect 3 -> Active 4 -> OpenSent 5 -> OpenConfirm 6 -> Established etc. OUTPUT EXAMPLE: Router X has 3 BGP neighbors: 1. 213.154.97.240 2. 213.154.97.241 3. 2001:1518:0:3000::2 the script above will return 3 values for $remote_peer: 1. 213.154.97.240 2. 213.154.97.241 3. 32.1.21.24 you can see that even if the third neighbor is IPV6, the $remote_peer is printed IPV4 style and you can use it later with the next OIDs. -- liviu. On Wednesday 18 April 2007 00:46, Antonio Querubin wrote: > On Tue, 17 Apr 2007, Robert Boyle wrote: > > The MIB is: > > > > 1.3.6.1.2.1.15.3.1.2.a.b.c.d > > > > where a.b.c.d is the IP address of your BGP neighbor. > > Anyone know how the 'a.b.c.d' is mapped for an IPv6 BGP neighbor? I've > got a bunch of such neighbors but doing an snmpwalk through that OID > subtree returns only entries that resemble IPv4 octets - some of which > aren't even configured as actual IPv4 neighbors. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] access lists on vlan interfaces
hello, VACL are a little bit different. Standard and extended IOS ACLs are configured on the INPUT and OUTPUT of router interfaces and, as such, are applied to routed packets. The use of IOS ACLs requires both a PFCx and a MSFCx on the Catalyst 6500 Series for example. VLAN ACLs (VACLs) provide access control based on Layer 3 or Layer 4 information for IP or IPX protocols. A VACL is applied to all packets (BRIDGED and ROUTED) on a VLAN and can be configured on any VLAN interface. VACLs are used for security packet filtering and redirecting traffic to specific physical switch ports. They are not defined by direction (input or output). VACL functionality requires a PFCx. The VACL configuration in Cisco IOS is based on the traditional IOS ACL implementation. That is, it relies on the IOS access-list command to define the traffic matching parameters. From there, all configuration (including ACL reference and action) is done from the "vlan access-map" configuration mode. Example: (config)# vlan 100 (config)# access-list 101 permit ip any any (config)# vlan access-map test (config-access-map)# match ip address 101 (config-access-map)# action forward (config)# vlan filter test vlan-list 100 (SVI 100 is created automatically / it is not necessary for the interface to be configured or even in an "up" state for the VACL to operate properly. ) -- liviu. On Wednesday 11 April 2007 10:59, [EMAIL PROTECTED] wrote: > What about VACL? What is it for? > What does VACL look like? > > Thanks > > > hi, > > > > think of a router as a circle with you inside (center of that circle) :). > > inbound traffic is the traffic that come towards YOU through > > interface/SVI you > > want to configure ACL (SVI 100) an leaves the router through another > > interface. > > > > outbound traffic is the destined traffic for vlan 100 that leaves the > > router > > through interface/SVI you want to configure ACL (SVI 100). > > > > as Dale said, when you apply ACL, try forget interface "Vlan100" is > > virtual. > > > > -- > > liviu. > > > > On Wednesday 11 April 2007 02:59, Kyle Evans wrote: > >> Hello, > >> > >> I'm wondering what the convention is for an access list on a vlan > >> interface. How do I tell what is inbound and what is outbound? For > >> example, if I have vlan 100 and a vlan interface 100 with ip address > >> 192.168.1.1 that serves as a gateway for 192.168.1.0/24, is traffic from > >> 192.168.1.0/24 to 192.168.1.1 inbound? Or is traffic from the rest of > >> the world back to 192.168.1.1 inbound? > >> > >> > >> Kyle > >> ___ > >> cisco-nsp mailing list cisco-nsp@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] access lists on vlan interfaces
hi, think of a router as a circle with you inside (center of that circle) :). inbound traffic is the traffic that come towards YOU through interface/SVI you want to configure ACL (SVI 100) an leaves the router through another interface. outbound traffic is the destined traffic for vlan 100 that leaves the router through interface/SVI you want to configure ACL (SVI 100). as Dale said, when you apply ACL, try forget interface "Vlan100" is virtual. -- liviu. On Wednesday 11 April 2007 02:59, Kyle Evans wrote: > Hello, > > I'm wondering what the convention is for an access list on a vlan > interface. How do I tell what is inbound and what is outbound? For > example, if I have vlan 100 and a vlan interface 100 with ip address > 192.168.1.1 that serves as a gateway for 192.168.1.0/24, is traffic from > 192.168.1.0/24 to 192.168.1.1 inbound? Or is traffic from the rest of > the world back to 192.168.1.1 inbound? > > > Kyle > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF interoperability with ME6524 and RS15800
hello, OSPF must send acknowledgment of each newly received link-state advertisement (LSA). It does this by sending LSA packets. LSAs are retransmitted until they are acknowledged. The link-state retransmit interval defines the time between retransmissions. The default interval in 5 seconds. Did you use the command "ip ospf retransmit-interval" to modifie the default value of 5 seconds ? What is the output of the commands: RS15800# show ip ospf retransmission-list GE0/0/4 ME6524# show ip ospf retransmission-list Ge1/25 If you have 2 links with equal cost then the traffic is load-balanced. What do you meen by "then, we have no works" ? If you have problems with one link you still must have OSPF neighbors in FULL state on the operational one? What is the output of the commands: RS15800#sh ip ospf neighbor when you have problems ? Did you try to eliminate layer 1 issues ? Change patch cords, modules or switch ports ? Did you see any errors on this ports ? What is the output of the commands: RS15800#sh int GE0/0/4 | i err ME6524#sh int Ge1/25 | i err Just currious: did you use MPLS traffic on this links ? -- liviu. - Original Message - From: "Hiromasa Sekiguchi" <[EMAIL PROTECTED]> To: Sent: Friday, April 06, 2007 4:33 AM Subject: [c-nsp] OSPF interoperability with ME6524 and RS15800 Hello, We have some problems about OSPF connection between ME6524 and RS15800. ++GE1/25GE0/0/4+-+ | ME6524 |=| RS15800 | ++GE1/26GE0/0/5+-+ They have about 700 OSPF routes. The ME6524 has two links of cost 10(ECMP to RS15800). Sometimes, many OSPF retransmit traps was generate from RS15800. It was generate only between GE1/25 and GE0/0/4. Then, we have no works... If it is interoperability issue, are there any similar phenomenon? What is the cause of this phenomenon? Please help us!! Regards, Hiromasa ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Layer 3 Core
hello, if you already have all links routed beetwen core routers i think the best solution for L2 transport beetwen your servers would be EoMPLS (or VPLS). in my opinion that config represents best practice for an ISP with MPLS core network. -- liviu. - Original Message - From: "Stephen Backholm" <[EMAIL PROTECTED]> To: Sent: Thursday, April 05, 2007 7:38 PM Subject: [c-nsp] Layer 3 Core > Currently where I work we run a complete Layer 3 network core. This > decision was made in order to keep Spanning Tree Protocol, ACls, QoS, > and Policing out of the core and at the distribution layer. This has > worked well for us, but we have a need for a few of our server VLANs to > be in opposite geographic ends of campus for redundancy. These servers > run as clusters and require Layer 2 connectivity between them, so in > other words we need Layer 2 connectivity across our Layer 3 core. > > > Here is the question. > > Would it be better to solve this problem with MPLS or just trunk the > handful of server VLANs across our core? > > > Your thoughts and/or suggestions are appreciated. > > Regards, > Stephen Backholm > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2960 for video & qos
hello, yes, you can use ip access list on 2960 even if it's only a L2 device: Example: (mark with DSCP = EF) ip access-list standard acl-test permit class-map cm-test match access-group name acl-test policy-map pm-test class cm-test set dscp EF (service-policy input pm-test on interface) -- liviu. On Tuesday 03 April 2007 15:04, Sean Watkins wrote: > In the 2960 configuration library; it says you can use IP access lists > in class-map commands for police/qos etc. Do you know if this is true? > > Search for "Classifying Traffic by Using ACLs " > > > http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_ > chapter09186a00805a7699.html > > > Sean > > > -- > Sean Watkins > North Rock Communications > Phone: 441-540-4102 > > > -Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Liviu Pislaru > > Sent: Tuesday, April 03, 2007 12:23 AM > > To: cisco-nsp@puck.nether.net > > Subject: Re: [c-nsp] 2960 for video & qos > > > > hello, > > > > 2960 works just fine for LAN QoS. you can mark, classifiy and > > police, you can adjust maping, buffers and output queues > > (1p3q3t). if you have voip on your network you can also use > > "auto-qos"; use 3560 only if you need la L3 device. > > > > -- > > liviu. > > > > - Original Message - > > From: "Dan" <[EMAIL PROTECTED]> > > Cc: > > Sent: Tuesday, April 03, 2007 1:06 AM > > Subject: [c-nsp] 2960 for video & qos > > > > > Hello, > > > > > > We are setting up a 6 site video conferencing system and we need to > > > replace some of our switches and I was wondering if a 2960 > > > > would do the > > > > > job as far as QOS goes? Or should I go with a 3560? > > > > > > Dan. > > > > > > ___ > > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 2960 for video & qos
hello, 2960 works just fine for LAN QoS. you can mark, classifiy and police, you can adjust maping, buffers and output queues (1p3q3t). if you have voip on your network you can also use "auto-qos"; use 3560 only if you need la L3 device. -- liviu. - Original Message - From: "Dan" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, April 03, 2007 1:06 AM Subject: [c-nsp] 2960 for video & qos > Hello, > > We are setting up a 6 site video conferencing system and we need to > replace some of our switches and I was wondering if a 2960 would do the > job as far as QOS goes? Or should I go with a 3560? > > Dan. > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/