[c-nsp] Catalyst 4500 PSUs
All, Just putting the feelers out here - has anyone else had problems with multiple PSUs in the Catalyst 4500 chassis failing within a short period of time? Cheers, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sharing router uplinks?
On 1 Aug 2012, at 16:23, Erik Nelson wrote: I have run into a situation where there is insistence that both of these practices not be observed. I am being asked to put many router uplinks on a single subnet connected to a single port on the core router. I am also being asked to put a web server on this same subnet. What do others think of this? I have been unable to find anything on the web that says anything for or against. If anyone knows of authoritative guidelines on the web about this I would be very interested. Which of the two devices do you set as the default gateway on the web server? (rhetorical question) Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MTU - issue while doing VPLS over VPLS!
Dipesh, As nobody has replied, maybe you should seek the services of a consultant or your local Cisco reseller. Peter -- Peter Hicks peter.hi...@poggs.co.uk ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] tftp woes
On Sun, 2011-07-24 at 21:43 -0500, Dan Letkeman wrote: After about 12-15 machines start the image transfer the server gets over utilized and the tftp download from the server starts to take a lot longer on the rest of the machines that need to download the imaging software, not the image itself. Is there a simple way on these switches to prioritize the tftp traffic over the actual image transfer? Possibly some simple QOS commands? tftp is UDP-based, have you checked the whole network to make sure you don't have a duff link producing errors and dropping UDP packets? Are you suffering over-utilization at any point? Is the initial software download happening in a machine's PXE environment? If so, the timeout for tftp packets may be a lot larger than you expect, hence a single packet being dropped equates a much larger impact. Have you looked at a multicast-based solution for imaging the machines? Peter -- Peter Hicks peter.hi...@poggs.co.uk ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NAT over Two different providers
On 11 Jul 2011, at 14:59, jacob miller wrote: I have two Internet service providers each of which has provided a /29 set of public IP addresses. I would like to use Link A (ISP A) as the main link and Link B (ISP B) as my back up. I would like to do this automatically such that users on the LAN do not detect that one link is down. Is this a frequently asked question that demands its on website explaining the pitfalls and 'how to do it'? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] relation between heat and packet-loss
On 26 May 2011, at 10:54, Martin T wrote: I have a 1U server in the data-center, which is connected trough digital distribution frames to ISP Cisco 4500 series switch and from this switch to Cisco 7200 series router. ISP switch and router are in the same room(room A). Server is in another room(room B). Previous weekend I noticed heavy packet loss to my server and when I connected to the server over out-of-band management(another ISP, no equipment in room A) and pinged the default gateway of my server(Cisco 7200 in room A) results were around 90% packet loss. I'm aware, that there was some sort of AC malfunction in room A and that was the reason ISP provided to me in order to explain this heavy packet loss, but how could increase of temperature cause such packet loss? Maybe look wider - what if one of their switches failed upstream and you and others were going through an alternate switched path with insufficient bandwidth to cater for failover - say, 10Mbps in failover versus 1Gbps in live. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] relation between heat and packet-loss
On 26 May 2011, at 13:46, Martin T wrote: This is a good point. However, what might cause switch failure in case of high temperature? Insufficient cooling. Try this simple test - take the heatsink and fan off the processor in your desktop machine, and do something processor-intensive. Let us know how long before your computer shuts down :) Network equipment generates a lot of heat, and if the heat can't be dissipated in to the room, said equipment will generally malfunction or its lifetime will be reduced. There's a reason why Cat6500s have industrial-sized fans! Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] spam from gallant systems llc
On 25 May 2011, at 15:34, Mike wrote: Galant systems llc is trolling the cisco nsp list and sending unsolicited commercial email solicitations to email addresses culled from it. I promise never to do business with gallant, or any other spamvertiser who sends me unsolicited junk email in response to public mailing list postings. +1 - although I wouldn't say trolling, so much as blatantly spamming. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ADSL errors
On Sat, 2011-04-02 at 15:52 +0300, Mohammad Khalil wrote: Dears i am facing disconnections on ADSL sessions i made debug ppp error Some more information, such as the platform, IOS, uptime of the box, changes made recently, free memory etc.? We can't read your mind! Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router Loosing Encapsulation on Subinterfaces
On Mon, 2010-12-27 at 07:02 -0500, Righa Shake wrote: Am having a problem with a router losing vlan information on subinterfaces. The encapsulation command on subinterfaces has disappeared from config. We need more detail: * Platform and IOS? * Example configuration * Does the encapsulation disappear from the startup-config, or just the running-config? * How long before this happens? Is it predictible? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Failed ADSL retrains on 1801 + 15.1(1)T
All, I have a Cisco 1801 with an ADSL2+ circuit in to ATM0 and PPPoE. With IOSes later than 15.1(1)T, the ADSL interface refuses to retrain and a 'debug atm errors' gives: *Sep 10 21:57:48.821: (atm_vc_is_bridged_dot1q)ATM: VC with handle 0x0 not found *Sep 10 21:57:48.821: VC micro block get: Invalid vc handle *Sep 10 21:57:53.337: DSL(ATM0): No retrain. sleep 20 seconds Has anyone else experienced the same problem? 15.1(1)T is fine, anything later throws up this behaviour. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hiding MPLS L3VPN hops from the CE
On Sat, 2010-08-21 at 20:19 -0400, Jason Lixfeld wrote: Suppose a CE is connected to an MPLS network that has 6 hops between the PE this said CE connects to and the edge of the MPLS network. If a user traces from behind the CE through the MPLS network, is it possible to hide all the hops in between? So we're talking about a CE to its local PE, rather than another PE accessed through the MPLS cloud? If you want to hide the IP address of each hop, you could disable ICMP 'TTL expired in transit' messages, but you'd get asterisks on traceroutes. If you want to hide the presence of the hops, you could look at a GRE tunnel - with its associated MTU reduction issues - or maybe an L2TPv3 pseudowire. Just out of interest - is this for marketing reasons, or technical? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] High SNMP ENGINE CPU usage on VXR 7206
On Sun, 2010-07-25 at 23:13 +0800, bharath kondi wrote: Please help me on the below issue I am facing right now with my Cisco VXR 7206 router. There is a high CPU utilization on SNMP ENGINE, please help me if you are already faced the issue. I give all the information below from our router Is it affecting the performance of the router at all? What SNMP traffic is there to and from the router? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Multiple E1s on 2821
All, We have three E1 voice circuits on a 2821 - two from the same provider on on E1 0/0/0 and E1 0/0/1, and a third from a different provider on a E1 0/1/0 - a separate VIC. After fixing a broken fan on the router, the third E1 is experiencing slip seconds. The other two are clean, and I suspect this is due to the router being configure to use the clock from E1 0/0/0. There is no loss of service, however I'm keen to sort out this problem as it might affect service in the future. How can I resolve the problem? Is it possible to use a different clock for each VIC? Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750E 12.2(53)SE2 swallows blank lines for banner motd
On 03/06/2010 11:20, Sascha Pollok wrote: Any more ideas? I had this problem on some 3560s running a similar IOS. Our standard banner message includes blank lines, so I merely enclosed it with an ASCII art box made of +, - and | characters. Low-tech solution. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BRI network-side configuration
All, Has anyone tried the BRI network-side configuration as shown on CCO[1]? I have a 1760V and 3845 and I can't work out from the Voice Hardware Compatibility Matrix[2] whether the VWIC2-2BRI-NT/TE cards will support network-side configuration on these routers. Can anyone help? Regards, Peter [1] http://www.cisco.com/en/US/tech/tk652/tk653/technologies_configuration_example09186a008010ef6c.shtml [2] http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a00800e73f6.shtml ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nagios config frontends
Ryan Goldberg wrote: We went with opsview. So did we, and then went back to writing the configs for Nagios ourselves through sheer frustration at the equivalent of painting fine art with gardening gloves and a fat brush. Poggs ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 65/7600 Switch Module Blanks
Asbjorn Hojmark - Lists wrote: WS-X6K-SLOT-CVR=Catalyst 6000 Blank Line Card Slot Cover WS-X6K-SLOT-CVR-E= Catalyst 6500 Enhanced chassis line card slot cover I have to ask. What's 'enhanced' about the second piece of metal? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network Technical Audit
Mohammad Khalil wrote: i want to know what are the ways or methods or tools to use in order to accomplish auditing on a network the network is a wimax network with ME3750 and ME6524 switches we have sce and cache engine ospf is the routing protocol What do you want to audit? What format do you want it presented in? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] training classes
Ryan Lambert wrote: FWIW, for instructor-led classes, I have heard recommendations for Firefly and GlobalKnowledge. I can't personally vouch for either, so I'll maybe let someone follow up to this with their relevant testimony. :) All training courses are only as good as the tutor (unless you're in to your food, in which case the quality of the vending machine and/or cafeteria may be an important metric). The ones who have real-world experience are the best. The ones who merely learn and impart facts without explanation aren't so good. Unless you have a 'favourite' by whom you've already been trained, it's pot luck. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] find window's machine from Cisco Router
Alan Buxey wrote: tcpdump listening to a PSAN intance on that subnet...very soon you'll see all the pretty broadcast rubbish from the windows hosts +1 for that. Windows machines are the ones wearing loud hawaiian shirts being very loud. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPP CHAP spoofed challenges
All, We have a DSL circuit here terminated on an 1801 with IOS 15.1(XB). It's having trouble authenticating through to our ISP's LNS: Jan 25 22:14:42.653: Vi2 PPP: Phase is AUTHENTICATING, by both Jan 25 22:14:42.653: Vi2 CHAP: O CHALLENGE id 1 len 36 from test-php...@a.1 Jan 25 22:14:42.653: Vi2 LCP: State is Open Jan 25 22:14:42.681: Vi2 CHAP: I CHALLENGE id 1 len 29 from sov.lac0 Jan 25 22:14:42.681: Vi2 PPP: Sent CHAP SENDAUTH Request Jan 25 22:14:42.681: Vi2 PPP: Received SENDAUTH Response FAIL Jan 25 22:14:42.681: Vi2 CHAP: Using hostname from interface CHAP Jan 25 22:14:42.681: Vi2 CHAP: Using password from interface CHAP Jan 25 22:14:42.681: Vi2 CHAP: O RESPONSE id 1 len 36 from test-php...@a.1 Jan 25 22:14:44.021: Vi2 LCP: I CONFREQ [Open] id 0 len 15 Jan 25 22:14:44.021: Vi2 LCP:MagicNumber 0x71F64BD1 (0x050671F64BD1) Jan 25 22:14:44.021: Vi2 LCP:AuthProto CHAP (0x0305C22305) Jan 25 22:14:44.025: Vi2 PPP DISC: PPP Renegotiating Jan 25 22:14:44.025: Vi2 LCP: Event[LCP Reneg] State[Open to Open] Jan 25 22:14:44.025: Vi2 LCP: Event[DOWN] State[Open to Starting] ... Jan 25 22:14:44.061: Vi2 PPP: Phase is AUTHENTICATING, by both Jan 25 22:14:44.061: Vi2 CHAP: O CHALLENGE id 1 len 36 from test-php...@a.1 Jan 25 22:14:44.061: Vi2 CHAP: Redirect packet to Vi2 Jan 25 22:14:44.061: Vi2 CHAP: I CHALLENGE id 1 len 30 from doubtless Jan 25 22:14:44.061: Vi2 CHAP: Ignoring spoofed Challenge Jan 25 22:14:44.061: Vi2 LCP: State is Open Jan 25 22:14:46.021: Vi2 CHAP: I CHALLENGE id 1 len 30 from doubtless Jan 25 22:14:46.021: Vi2 CHAP: Ignoring spoofed Challenge Jan 25 22:14:48.021: Vi2 CHAP: I CHALLENGE id 1 len 30 from doubtless Jan 25 22:14:48.021: Vi2 CHAP: Ignoring spoofed Challenge Jan 25 22:14:50.021: Vi2 CHAP: I CHALLENGE id 1 len 30 from doubtless Jan 25 22:14:50.021: Vi2 CHAP: Ignoring spoofed Challenge Jan 25 22:14:52.021: Vi2 CHAP: I CHALLENGE id 1 len 30 from doubtless Jan 25 22:14:52.021: Vi2 CHAP: Ignoring spoofed Challenge Here, sov.lac0 is the DSL provider's LAC, and 'doubtless' is the ISP's LNS - which restarts LCP when it receives a new L2TP session from the LAC. The 1801 here is unhappy at receiving a CHAP challenge from a different hostname, and thus refuses to authenticate. The Dialer interface has 'ppp authentication chap callin' set, and I've tried 'ppp direction dedicated', but it doesn't help. Can any shed some light on this and/or suggest a workaround either on our end or the ISP's end? Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Is annual reloads of Cisco 6500 necessary
Thilak T wrote: How important or significant is to schedule reloads of Data Center /Campus switches with uptime over 1 year ? What is the logic/reason behind this advice from Cisco. I've had switch and routers up for anything between 2 and 5 years with absolutely no problems. If an upgrade is required, we carry out an upgrade. If not, we don't reboot kit unless it's part of scheduled work - e.g. moving racks. Where did you hear this advice from Cisco? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 (Sup7203-bxl / 6724-SFP) Input queue drops
Drew Weaver wrote: I'm noticing that almost constantly there is Protocol 17 (UDP), TTL 1 traffic in the buffer: ... The sources so far have always been a local host downstream from the core and the destination is always a host on the Internet. Has somebody left an mtr running set to use UDP rather than ICMP? Poggs ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Centralized OOB Server / Appliance
Eric Cables wrote: The current solution deployed is a single server with a single modem physically attached, using a shared minicom dialing directory as the dialer. Obviously another system at another geographic location is preferred, but that leads to the next hurdle -- virtualization. Not only are systems quickly being virtualized, but once virtualized VMotion and the lack of physical serial/USB ports makes physically connecting modems to a single host server a non-option. Have you looked at OpenGear? Pop a modem or two on the 8-port version, script something to dial a site, and ta-da. They also support RFC2217, although I've never used it. Alternatively, and I've used this before - a modem on the AUX port of a Cisco router, and reverse telnet to access it. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Using SNMP to monitor NAT usage...
Rodney Dunn wrote: How many of you are doing or have attempted/wanted to do it? Done it in $JOB-1. Very useful as one indicator of Windows machined infected by malware. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat6500 Waiting for supervisor to come online in other slot when booting
All, Peter Hicks wrote: I have a pair of 6504Es with Sup32s here, running 12.2(33)SXH6. When they boot, the bootloader loads and I am presented with: ==cut=== ... Cisco IOS Software, s3223_sp Software (s3223_sp-BOOT-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Thu 15-Oct-09 11:59 by prod_rel_team Image text-base: 0x40231348, data-base: 0x41B62000 MAC based EOBC installed Waiting (slot 1) for supervisor to come online in other slot. iteration = 0 Next Retry will be done after 6 seconds ==cut=== For the archives - because somebody else is likely to have this problem, the problem was that I had a modular software image and the boot variables weren't set properly. http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd80313e09.html explains how to install modular images. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network Liberation Movement???
Jay Hennigan wrote: If you're targeting techies pretending to be a techie and are shown to be a sales guy before you make your pitch it's a lot harder sell. And further, DON'T SHOUT ON A WEBSITE, and check your choice of logo :-) Poggs ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Scratching the surface of SNMP
Hi Charlie Charlie Greenaway wrote: Cross reference the ARP table, IfTable and IP Table. From these you will be able to eliminate the locally configured IP addresses and MAC addresses (the intersection of ARP and IP tables). Whatever is left in the ARP table is what is connected to the interface (intersect with remainder of ARP table and IF table). I've already implemented that - great for physical interfaces with an IP address attached, but it doesn't do what I need for VLAN or SVI interfaces. All the ARP entries are associated with the SVI - the lack of dot1dBridgeFdbTable support means I can't tell which physical port a device is connected to. Here's an example - I have an 1801 with three unmanaged switches connected to it, and I can't tell which port on the 1801 a particular MAC address appears on. Please do keep me posted on how you get on. I'm going to be writing some MPLS/VRF-Lite based tools soon. Check out NetHorus - www.nethorus.org - which I am writing. I have a load of commits to sort out in the coming weeks plus a new layout based on feedback from people who grok usability. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Scratching the surface of SNMP
All, I am writing an NMS and coming unstuck on a few things: * Determining which devices are on a port on a device that doesn't support BRIDGE-MIB::dot1dTpFdbTable, e.g. Cisco 1801 or 877W * Listing the VRFs and RDs configured on a router, and which interfaces are a member of which VRF * Finding out which VLANs are configured on a device, and which are tagged on a port Can anyone help me out with their experiences, or in the direction of a forum more suitable? Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Crypto tunnel issue or undocumented feature?
Hi Jonas Jonas Jonsson wrote: It was a bit puzzling until after looking at the remote config we allowed icmp and the tunnel now stays up. Hence is this an undocumented feature or a bug? Can you post the ACLs at either end, and provide software versions for both ends? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IOS 15.0 - why the numbering jump?
All, Just noticed IOS 15.0 is out... but why the sudden jump in image naming?! Poggs ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS 15.0 - why the numbering jump?
Simon Lockhart wrote: Took a look at 15.0 for my 877... ADVANCED IP SERVICES c870-advipservicesk9-mz.150-1.M.bin Release Date: 01/Oct/2009 Size: 23554.10 KB (24119396 bytes) Minimum Memory: DRAM:192 MB Flash:36 MB My 877 is fairly new (couple of months old), and only has 128M of RAM and 24M of flash. Gah, bloat. IIRC, 128Mb DRAM and 24Mb flash was the most you could fit in an 877W, although I recall having one with 192Mb after an accidental oh, it works with a 128Mb DIMM. Poggs ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Download manager hell and latest Windows VPN Client?
Justin Shore wrote: I've been in situations where I had to download an IOS image with the el cheapo browser in my data phone that does not have Java support, save it to the MicroSD card and then use a card reader to transfer that to my laptop so I could fix a critical network issue. Java isn't a universal way of leveling the playing field. It's the bastion of lazy programmers and buzzword-loving PHBs. I prepared a set of links on an internal Wiki page to IOS images for a new datacentre I am planning. The idea was that one of my team can download the images when they are ready. Guess what doesn't work at all now? That's right - I have to go back and redo the work, and the team member needs to go hunt down the right IOS. Javascript is one thing, but full-blown Java is wholly unnecessary. I notice Dell.com have a 'download manager' now - but why? What is wrong with a simple HTTP download without all this extra faff? Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ifType of 877W ATM and ADSL interfaces
Hello I have an 877W with IOS 12.4(22)T1 here, and I am writing some code to interpret ATM and ADSL stats from the router. IF-MIB::ifTable shows ATM0 as being of type adsl(94), ATM0-atm layer as being of type atm(37) and ATM0-adsl as being of type adsl(94). ATM-MIB::atmVclTable has entries for ATM0, even though this is an 'adsl' interface. This seems wrong - should the entries not be indexed for the 'atm(37)' interface? Also, if there are two interfaces with type 'adsl(94)', why is it that the second - ATM0-adsl - only has entries in the ADSL-LINE-MIB? ISTM the ifTypes are set incorrectly, and maybe ATM0 should have an ifType to more accurately reflect what it is. I am thoroughly confused - is this a bug in the SNMP agent? Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Re-pack IOS
Hello Aleksandr Gurbo wrote: I know, but I know about ability to re-pack IOS on 26xx series( on russian - http://betep.wpl.ru/2009/02/cisco.html). I tried repeat steps for images on 28xx/38xx/76xx series but nothing happened. My image is c7600s72033-adventerprisek9-mz.122-33.SRD2.bin You might be asking the wrong question. You might have wanted to ask Can I load an IOS image over TFTP?, for example. Or, Can I expand the flash on my router? - or better still, This image is too big for my device, what options do I have? Personally, I've found non-Cisco CF to be exceedingly cheap. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 827 noise margin
Hi Dan Dan Letkeman wrote: I have an 827 router that seems to have noise issue's after a while and i'm wondering if it is the device or the line? The noise margin drops down after a week or two of use. If I restart the router the noise margin is back up to about 7 dB. What happens if you shut/no shut the ATM interface? What does the DMT bin loading table (enable the training log on ATM0, show dsl int atm0) look like before and after retraining? Are you getting noise on specific bins? I have a script that you can run on a Linux system that will dump 5-second readings for the US and DS SNR, speed, and number of ESes and present it graphically - I can make this available to you if you like. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How to improve C3750G switch uplink speed?
Darren Yang wrote: When I plug wire into c3750g port, it would wait about 30sec then change to uplink status. Are there any method can cut down uplink time? spanning-tree portfast on the port, providing that the port connects to a single end device that isn't bridging. Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Desktop PoE switch for CME
Hello I have a requirement for a number of low-cost 8 or 24-port PoE switches on which Cisco 7940 and 7941 IP phones will work successfully. Ideally they need to support a few VLANs and dot1q, and don't *have* to be Cisco. Does anyone have recommendations, to save me spending ages buying and testing? Peter __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network Management System
Mario Spinthiras wrote: I find it hard to believe that people still use nagios or cacti. I can't even begin to tell you how superior Zenoss is compared to what is out there today. I've used Nagios and Cacti to good effect, although I will freely admit the biggest problem (and that of many NMSes) is the lack of a single, central, extensible CMDB (or inventory database, or simply a list of 'stuff you have'). At $JOB-1, I wrote my own CMDB which I believe is still in use. Sure, you can use Rancid to back up your configs - I wrote my own tool - but it all comes back to a central database of 'stuff you have'. I've yet to see a really, really good off-the-shelf CMDB. Peter __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IPSec SA + EzVPN conflict
Hello One of my customers has an IPSec VPN to Company A, and wants to migrate his existing client-based VPN to Company B to the same router (3725 with 12.4(12) Advanced Enterprise Services on it). After putting the EzVPN config on, the VPN to Company B came up and hosts there were reachable. Nothing at Company A was reachable, yet the SAs were still established. Further digging showed that the SAs for Company B's VPN specified a remote network of 0.0.0.0/0, tunnelling all traffic and not just to the subnet we're interested in. Is there a way around this? Peter -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0x5DA31330 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ARP and less specific interface entries
Frank Bulk wrote: Why won't overlapping subnets work on an interface? What does that have to do with the router's ability to ARP for an unknown MAC address? It's the clients that are key, right? If they have the right mask and point to the right gateway, the packets should be accepted by the router. And as for the router forwarding traffic to the clients, if they're locally connected, whether they are more broadly or narrowly defined as being locally connected, it just needs to ARP? Do a debug arp - are ARP who-has packets being broadcast for the addresses on one of the secondary subnets that is causing you a problem? Do you see replies coming back? Are they being rejected? Peter -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0xE7C839F4 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ARP and less specific interface entries
Frank Bulk - iNAME wrote: We have some devices with management IPs in the 10.1.0.0/16 range that I manage and I needed to split up into two groups. All the devices were statically assigned an IP address in the form of 10.1.3.x/255.255.0.0, so I added two more secondaries for router interface fa0.5: 10.1.3.1/24 and 10.1.4.1/24, the two desired groups. We then re-IPed the devices from 10.1.3.x/16 to 10.1.3.x/24 and 10.1.4.x/24. NAGIOS went ballistic, claiming that devices from both 10.1.3.x and 10.1.4.x were down. If we attached a PC in that network with a 10.1.3.x/16 address it could ping them just fine. If we rebooted the device we were sometimes able to ping it for a while, but not always. That led me to believe it was an ARP issue on the router. The 1721 running 12.4(6)T (c1700-ipbase-mz.124-6.T.bin) had all kinds of incomplete ARP entries for those unpingable IPs. There are only two types of ARP entry - complete and incomplete. Can you post your interface configuration, please? It's not clear whether you're using secondary addresses or sub-interfaces. It appears that you're trying to work with overlapping subnets on interfaces the same router, which won't work (unless you're using different VRFs). Peter -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0xE7C839F4 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] copy tftp flash gives OOOOOO!OOOOOO!
Jon Lewis wrote: On Thu, 20 Dec 2007, Jonathan Charles wrote: The Os mean out of order. Which means what you are TFTPing is over 18.4MB and crappy TFTP servers (Solarwinds, Cisco...) reset their sequence number to 0 after 18.4MB... Get 3CDaemon Or use copy ftp://user:[EMAIL PROTECTED]/pathtoios as it'll run faster anyway and not have any issues with IOS file sizes. I second that - especially on high latency paths, copying through FTP or HTTP is more responsive and robust than TFTP. I also make a habit of squeeze-ing flash before TFTPing - a bunch of 3500XL switches were painfully slow at copying IOS off a TFTP server until I squeezed the flash, then they worked like a dream. Peter -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0xE7C839F4 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Managing/robustifying CPE behind firewalls
Hello I have a number of 850/870 series routers dotted about the globe, usually behind various types of firewall or NAT device. They run an EzVPN back to either a PIX or an IOS router in the UK. A number of them are running on poorly performing connectivity, e.g. flaky DSL or cable, or perhaps behind a consumer NAT box that frequently falls over. Since I have no access to them when they're behind a firewall, can anyone offer advice on how to make the configuration robust, so: * If they lose their DHCP-assigned IP address on the Internet-facing side, they will continually try for a new address * If they lose IPSec connectivity, they will aggressively try to reconnect * If they lose IPSec connectivity for longer than one hour or so, they will reload * Syslog events are stored locally so they're preserved across a reboot (which may be asking too much). What do other people do when you have call-home-only devices? Currently, some of the routers use an IP SLA operation to ping a device included within the IPSec SA, but is this optimal? Parallel discussions welcomed - if it saves having to call a guy in a foreign country to reboot the router, it will be well received :) Peter -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0xE7C839F4 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco IP SLA - DHCP and VRFs
All, Peter Hicks wrote: I'm attempting to use IP SLA on an 877W with IOS 12.4(11)XJ3 to run DHCP requests from a specific VRF. I'm setting rttMonEchoAdminVrfName to the correct VRF, but when performing a set operation, I get NOSUCHINSTANCE returned. I found the issue. Not all the SLA probes are VRF-capable[1]. Peter [1] http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00802d5efe.shtml -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0xE7C839F4 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco IP SLA - DHCP and VRFs
Hello I'm attempting to use IP SLA on an 877W with IOS 12.4(11)XJ3 to run DHCP requests from a specific VRF. I'm setting rttMonEchoAdminVrfName to the correct VRF, but when performing a set operation, I get NOSUCHINSTANCE returned. More detail: I can ping successfully from the same VRF when set-ting as follows: rttMonCtrlAdminStatus4 rttMonCtrlAdminRttType 1 rttMonEchoAdminProtocol 1 rttMonEchoAdminTargetAddress ip-address rttMonEchoAdminVrfName vrf-name rttMonScheduleAdminRttStartTime 1 rttMonScheduleAdminRttTime 1 However, replacing rttMonCtrlAdminRttType with 11 (dhcp) and rttMonCtrlEchoAdminProtocol to 29 (dhcpAppl) doesn't appear to be valid. I'm stumped - can anyone else point me in the right direction? Best wishes, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Old Aironet Gear Issus
Hello Ivor Coons wrote: I have two old Aironet 1200 series APs which are causing me fits. I tried to upgrade the IOS on each of them and they have both now gone into a continuous reboot cycle. Did you accidentally upgrade them to an LWAPP image? Peter -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0xE7C839F4 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/