[c-nsp] SD-WAN design for large scale
Guys I've just read the follow document: https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/white-paper-c11-743108.html So i am asking about the IPsec tunnel scalability in SD-WAN large deployments. One benefit of L3VPN in MPLS are the full mesh connectivity. >From point of view of CE one default route could be enough. Now in SDWAN data plane if I want a full mesh topology a lot of IPsec tunnels are established... maybe I am wrong but I will expect n(n-1)/2 IPsec Tunnels (without consider the second path) then for example if I have 300 branch I could expect 37350 tunnels... really? So hub-and-spoke will be the solution... comments please... maybe it is time to say goodbye to full mesh in SD-WAN deployments? -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Off-Topic VPNv6 design concern
Hi Folks, Traditionally the service MPLS/VPNv4 use private IPv4 address (based on RFC1918) the VPN could across many cities even countries and each country could to have an Internet provider, one firewall running NAT (Private to Public IPv4) and each country could surf on the Internet, meanwhile the private address is used to corporate communications (mail servers, ERP, etc, etc). However my concern is with IPv6 addressing. If one company receive one /48 from local ISP the company could addressing (if it afford it) all the branch in the world through subnettting. so my question is what should I do if one branch need to surf on the internet independently? Request one new /48 or /52 in each branch (or country) ? how works the VPNv6 service for internal services, will be my company transit for IPv6 public subnets? or should I use ULA IPv6 Address for corporate communications through VPNv6? but what about if my internal private server need to surf on the internet? (NAT66??) please your inputs will be appreciated... Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NTP DDoS
Folks, I've just noticed that my internet traffic has raised. After enable NBAR I found that NTP traffic is almost 20Mbps (output traffic). I've just put an ACL in order to block NTP outbound traffic. Rgds. On Tue, Feb 11, 2014 at 5:07 PM, Alan Buxey wrote: > Yep. Had a system on one of our ranges that was involved in yesterday's > cloudfare ddos. It's not anymore and won't be anymore. Open to all NTP > queries types from the world :/ > > Alan > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 VSS for campus L3 core?
Hi, I configured a VSS as L3 for Core Campus. In fact I had some issues regarding VSL links, for this reason we decided to improve the switch-to-switch communication using Quad-Supervisor. But in Cisco Docs suggest VSS on aggregation or services switches. Rgds. On Wed, Feb 13, 2013 at 11:55 AM, Andy Ellsworth wrote: > For those of you running 6500 VSS and using the traditional 3-layer campus > model (core/distro/access) with a layer 3 core...do you use VSS in your > core? > > We are using VSS in the core and distro layers today, but the more > $WEIRD_THINGS software bugs we encounter that affect the whole VSS pair on > our distros, the less inclined I am to keep VSS in the core. > > My thinking is that at the distro layer, you at least get some significant > benefits for your layer 2 downlinks to your access switches (MEC, no STP, > no FHRPs). But in the core, where all of your connectivity is > point-to-point L3 links to distros, we can get all of those same benefits > with EC + ECMP OSPF (and we don't have anything hitting the core that would > need FHRPs). > > The conclusion I've come to is that VSS at the distro layer has significant > benefits with some downsides, while VSS for a L3 core has very few benefits > but increased risk of software/human error failures. > > Has anyone else gone through this thought exercise? > > -Andy > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bracket character in SNMP community string // IOS-XR
Hello,
I've just found:
*CSCsq16921 Bug Details *
Principio del formulario
*SNMP Community-string rejects 'special characters' *
*Symptom:*
An SNMP community string which uses the '(' or ')' characters is rejected
in IOS XR.
RP/0/9/CPU0:YOK-P-C1(config)#snmp-server community te)ting ?
^ % Invalid input
*Conditions:*
Snmp-community string contains the characters '(' or ')'.
*Workaround:*
The issue can be addressed by entering an MD5 encrypted SNMP string
Rgds.
On Tue, Nov 20, 2012 at 1:23 PM, wrote:
> I tried this on IOS-XR 4.2.3 and it appears the close parenthesis is not
> permitted in the community string. It does seem to accept it if you
> surround the community string with double quotes, however. I'm unsure if
> that affects anything else, though. Give that a try.
>
> -Vinny
>
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:
> cisco-nsp-boun...@puck.nether.net] On Behalf Of omar parihuana
> Sent: Tuesday, November 20, 2012 1:33 AM
> To: cisco-nsp@puck.nether.net; Cisco certification
> Subject: [c-nsp] Bracket character in SNMP community string // IOS-XR
>
> Hi guys,
>
> I've just tried to configured a SNMP community string in IOS-XR 4.1.2
> without success I got the follow error:
>
> snmp-server community %test&)
>
>
> RP/0/0/CPU0:ex-RR1(config)#snmp-server community %test&)
> ^
> % Invalid input detected at '^' marker.
>
>
>
> RP/0/0/CPU0:ex-RR1(config)#snmp-server community %test&)fasar
> ^
> % Invalid input detected at '^' marker.
> RP/0/0/CPU0:ex-SISRR1(config)#
>
> This community string was working well in regular IOS. Maybe that is a
> bug, anyway have you experimented before that error? or maybe I'm wrong.
>
> Rgds.
>
> --
> Omar E.P.T
> -
> Certified Networking Professionals make better Connections!
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Omar E.P.T
-
Certified Networking Professionals make better Connections!
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Bracket character in SNMP community string // IOS-XR
Hi guys, I've just tried to configured a SNMP community string in IOS-XR 4.1.2 without success I got the follow error: snmp-server community %test&) RP/0/0/CPU0:ex-RR1(config)#snmp-server community %test&) ^ % Invalid input detected at '^' marker. RP/0/0/CPU0:ex-RR1(config)#snmp-server community %test&)fasar ^ % Invalid input detected at '^' marker. RP/0/0/CPU0:ex-SISRR1(config)# This community string was working well in regular IOS. Maybe that is a bug, anyway have you experimented before that error? or maybe I'm wrong. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IOS-XR version for CRS-3
Hi Guys: Please could you share which IOS-XR version are you running in production network for CRS-3 as PE/P router with full IPv6/IPv4 support for L3VPN / L2VPN MPLS Services... Thanks in advanced... Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS TE Load Balancing
Hi Xu Hu: I've tried to configure load-share unfortunately it is not supported :( RP/0/RSP0/CPU0:9K6-413(config-if)#load-share 100 RP/0/RSP0/CPU0:9K6-413(config-if)#interface tunnel-te501 RP/0/RSP0/CPU0:9K6-413(config-if)#load-share % Incomplete command. RP/0/RSP0/CPU0:9K6-413(config-if)#load-share 100 RP/0/RSP0/CPU0:9K6-413(config-if)#commit % Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed' from this session to view the errors RP/0/RSP0/CPU0:9K6-413(config-if)#show configuration failed Fri Mar 30 00:58:07.275 UTC !! SEMANTIC ERRORS: This configuration was rejected by !! the system due to semantic errors. The individual !! errors with each failed configuration command can be !! found below. interface tunnel-te501 load-share 100 !!% The requested operation is not supported: Feature not supported on this platform ! interface tunnel-te502 load-share 100 !!% The requested operation is not supported: Feature not supported on this platform ! end RP/0/RSP0/CPU0:9K6-413#show platform Fri Mar 30 00:59:35.525 UTC NodeType StateConfig State - 0/RSP0/CPU0 A9K-RSP-4G(Active)IOS XR RUN PWR,NSHUT,MON 0/0/CPU0A9K-2T20GE-B IOS XR RUN PWR,NSHUT,MON RP/0/RSP0/CPU0:9K6-413#show ver Fri Mar 30 00:59:41.689 UTC Cisco IOS XR Software, Version 4.0.3[Default] Copyright (c) 2011 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.05(20101118:025914) [ASR9K ROMMON], 9K6-413 uptime is 3 weeks, 3 days, 8 hours, 43 minutes System image file is "bootflash:disk0/asr9k-os-mbi-4.0.3/mbiasr9k-rp.vm" cisco ASR9K Series (MPC8641D) processor with 4194304K bytes of memory. MPC8641D processor at 1333MHz, Revision 2.2 ASR-9006 AC Chassis Rgds. On Thu, Mar 29, 2012 at 7:48 PM, Xu Hu wrote: > Check the load-share command under the tunnel configuration. > > > Thanks and regards, > Xu Hu > > On 30 Mar, 2012, at 8:43, omar parihuana wrote: > > RP/0/RSP0/CPU0:9K6-413#show run int tunnel-te 501 > Thu Mar 29 23:38:02.719 UTC > interface tunnel-te501 > ipv4 unnumbered Loopback0 > load-interval 30 > autoroute announce > !autoroute announce > destination 10.100.100.3 > fast-reroute > path-option 10 explicit name 413-312 > ! > > RP/0/RSP0/CPU0:9K6-413#show run int tunnel-te 502 > Thu Mar 29 23:38:12.446 UTC > interface tunnel-te502 > ipv4 unnumbered Loopback0 > load-interval 30 > autoroute announce > !autoroute announce > destination 10.100.100.2 > fast-reroute > path-option 10 explicit name 413-405 > ! > > ! > explicit-path name 413-312 > index 10 next-address strict ipv4 unicast 10.20.4.1 > index 20 next-address strict ipv4 unicast 10.100.100.3 > ! > > explicit-path name 413-405 > index 10 next-address strict ipv4 unicast 10.20.3.1 > index 20 next-address strict ipv4 unicast 10.100.100.2 > ! > > if you need aditional outputs let me know... > > Thank you! > > > > > On Thu, Mar 29, 2012 at 7:35 PM, Xu Hu wrote: > >> Can share your configuration? Recently I was also configuring the MPLS TE >> in asr9k. >> >> Thanks and regards, >> Xu Hu >> >> On 30 Mar, 2012, at 8:28, omar parihuana >> wrote: >> >> > Hi Group, >> > >> > I'm wondering about a strange behaviour about MPLS TE on ASR9K >> > >> > I have two MPLS TE tunnels (with autoroute announce): >> > >> > RP/0/RSP0/CPU0:9K6-413#show route 10.100.100.7 >> > Thu Mar 29 23:09:49.818 UTC >> > >> > Routing entry for 10.100.100.7/32 >> > Known via "isis BACKBONE", distance 115, metric 140, type level-2 >> > Installed Mar 29 22:58:29.392 for 00:11:20 >> > Routing Descriptor Blocks >> >10.100.100.2, from 10.100.100.7, via tunnel-te502 >> > Route metric is 140 >> >10.100.100.3, from 10.100.100.7, via tunnel-te501 >> > Route metric is 140 >> > No advertising protos. >> > RP/0/RSP0/CPU0:9K6-413# >> > >> > In accordance to RIB output I was hopping that traffic to 10.100.100.7 >> be >> > balanced between both tunnels... however I only see traffic over the >> first >> > tunnel... >> > >> > >> > RP/0/RSP0/CPU0:9K6-413#show mpls forwarding prefix 10.100.100.7/32detail >> > Thu Mar 29 23:05:13.320 UTC >> > Local OutgoingPrefix Outgoing Next Hop >> > Bytes >> > Label Label or ID Interface >> > Switched >> >
Re: [c-nsp] MPLS TE Load Balancing
RP/0/RSP0/CPU0:9K6-413#show run int tunnel-te 501
Thu Mar 29 23:38:02.719 UTC
interface tunnel-te501
ipv4 unnumbered Loopback0
load-interval 30
autoroute announce
!autoroute announce
destination 10.100.100.3
fast-reroute
path-option 10 explicit name 413-312
!
RP/0/RSP0/CPU0:9K6-413#show run int tunnel-te 502
Thu Mar 29 23:38:12.446 UTC
interface tunnel-te502
ipv4 unnumbered Loopback0
load-interval 30
autoroute announce
!autoroute announce
destination 10.100.100.2
fast-reroute
path-option 10 explicit name 413-405
!
!
explicit-path name 413-312
index 10 next-address strict ipv4 unicast 10.20.4.1
index 20 next-address strict ipv4 unicast 10.100.100.3
!
explicit-path name 413-405
index 10 next-address strict ipv4 unicast 10.20.3.1
index 20 next-address strict ipv4 unicast 10.100.100.2
!
if you need aditional outputs let me know...
Thank you!
On Thu, Mar 29, 2012 at 7:35 PM, Xu Hu wrote:
> Can share your configuration? Recently I was also configuring the MPLS TE
> in asr9k.
>
> Thanks and regards,
> Xu Hu
>
> On 30 Mar, 2012, at 8:28, omar parihuana wrote:
>
> > Hi Group,
> >
> > I'm wondering about a strange behaviour about MPLS TE on ASR9K
> >
> > I have two MPLS TE tunnels (with autoroute announce):
> >
> > RP/0/RSP0/CPU0:9K6-413#show route 10.100.100.7
> > Thu Mar 29 23:09:49.818 UTC
> >
> > Routing entry for 10.100.100.7/32
> > Known via "isis BACKBONE", distance 115, metric 140, type level-2
> > Installed Mar 29 22:58:29.392 for 00:11:20
> > Routing Descriptor Blocks
> >10.100.100.2, from 10.100.100.7, via tunnel-te502
> > Route metric is 140
> >10.100.100.3, from 10.100.100.7, via tunnel-te501
> > Route metric is 140
> > No advertising protos.
> > RP/0/RSP0/CPU0:9K6-413#
> >
> > In accordance to RIB output I was hopping that traffic to 10.100.100.7 be
> > balanced between both tunnels... however I only see traffic over the
> first
> > tunnel...
> >
> >
> > RP/0/RSP0/CPU0:9K6-413#show mpls forwarding prefix 10.100.100.7/32detail
> > Thu Mar 29 23:05:13.320 UTC
> > Local OutgoingPrefix Outgoing Next Hop
> > Bytes
> > Label Label or ID Interface
> > Switched
> > -- --- -- ---
> >
> > 16012 16014 10.100.100.7/32tt50210.100.100.2
> > 24438881830
> > Updated Mar 29 22:58:29.416
> > MAC/Encaps: 14/18, MTU: 9180
> > Label Stack (Top -> Bottom): { Imp-Null 16014 }
> > Packets Switched: 100987115
> >
> > 16018 10.100.100.7/32tt50110.100.100.3
> > 0
> > Updated Mar 29 22:58:29.416
> > MAC/Encaps: 14/22, MTU: 9180
> > Label Stack (Top -> Bottom): { 16020 Imp-Null 16018 }
> > Packets Switched: 0
> >
> >
> > What's happening? why not load balancing ? do i need a additional conf on
> > ASR9K in order to accomplish MPLS TE load balancing?
> >
> >
> > Thank you for your answer...
> >
> > Rgds.
> >
> >
> > --
> > Omar E.P.T
> > -
> > Certified Networking Professionals make better Connections!
> > ___
> > cisco-nsp mailing list cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Omar E.P.T
-
Certified Networking Professionals make better Connections!
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS TE Load Balancing
Hi Group,
I'm wondering about a strange behaviour about MPLS TE on ASR9K
I have two MPLS TE tunnels (with autoroute announce):
RP/0/RSP0/CPU0:9K6-413#show route 10.100.100.7
Thu Mar 29 23:09:49.818 UTC
Routing entry for 10.100.100.7/32
Known via "isis BACKBONE", distance 115, metric 140, type level-2
Installed Mar 29 22:58:29.392 for 00:11:20
Routing Descriptor Blocks
10.100.100.2, from 10.100.100.7, via tunnel-te502
Route metric is 140
10.100.100.3, from 10.100.100.7, via tunnel-te501
Route metric is 140
No advertising protos.
RP/0/RSP0/CPU0:9K6-413#
In accordance to RIB output I was hopping that traffic to 10.100.100.7 be
balanced between both tunnels... however I only see traffic over the first
tunnel...
RP/0/RSP0/CPU0:9K6-413#show mpls forwarding prefix 10.100.100.7/32 detail
Thu Mar 29 23:05:13.320 UTC
Local OutgoingPrefix Outgoing Next Hop
Bytes
Label Label or ID Interface
Switched
-- --- -- ---
16012 16014 10.100.100.7/32tt50210.100.100.2
24438881830
Updated Mar 29 22:58:29.416
MAC/Encaps: 14/18, MTU: 9180
Label Stack (Top -> Bottom): { Imp-Null 16014 }
Packets Switched: 100987115
16018 10.100.100.7/32tt50110.100.100.3
0
Updated Mar 29 22:58:29.416
MAC/Encaps: 14/22, MTU: 9180
Label Stack (Top -> Bottom): { 16020 Imp-Null 16018 }
Packets Switched: 0
What's happening? why not load balancing ? do i need a additional conf on
ASR9K in order to accomplish MPLS TE load balancing?
Thank you for your answer...
Rgds.
--
Omar E.P.T
-
Certified Networking Professionals make better Connections!
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR 1006 //
Hi guys, I'm disappointed with ASR 1k6, i tried to configure a management interface but this interface belong to vrf-management... I have two RP and I would like to configure a only virtual interface in order to tie both RP management interface (like ASR9K or CRS-1)... is it possible that configuration other question: is it possible to change the vrf for management Interface... Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multicast question
Henrry, MBGP for multicast would solve the issue... you can establish a mBGP session between R1 and R2 (using iBGP with IP wan interfaces) advertise the source and destination in the multicast address family after that you can change BGP attributes in order to handle the downstream traffic (I suppose that R1 is the closest router to the source). Rgds. On Mon, Dec 5, 2011 at 9:12 PM, henrry huaman wrote: > Hi Guys, > We have the next scenary: > > R1- e0/0---e0/0- R2 > \ e0/1---e0/1--/ > > And, we want to have differents groups multicast passing by its own path. > > Is possible to configure any feature "PBR" with multicast? > > R1 e0/0 --- only group 239.32.32.32 e0/0 R2 > R1 e0/1 --- only group 239.33.33.33e0/1 R2 > > Thanks. > > > > Henry > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7600 DC Power Supply Mix....
Hi list... Quick question... is it possible to use one power supply 2500W and other 4000W both DC in the same chassis 7609? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] VPLS redundancy design
Hi list, Please could you help me with this matter? I have three ASR9006 in Ring topology that provide L2VPN and L3VPN services. I would like to provide redundancy to a VPLS customer that uses conventional 35xx Switches in the remote office. The topology´s branch consist in two 3550 linked via L2 portchannel, now the idea is connect both switches to one PE using 802.1Q per uplink. we need that if one uplink fail the other one forward the traffic I mean a classic spanning tree between both 3550 and the ASR Ports.. is it possible that configuration? the customer's vlan must be forwarded to other PEs using L2VPN (VPLS) in brief we need to provide uplink redundancy to the customer office that use two switches running classic Spanning Tree. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QoS VLAN Marking is not working 7600
Arie, Indeed we have many VLANs and each VLAN should be marked with different EXP bits. I only copy a specific VLAN. The idea is don't trust in the source and remark with specific EXP bits to the upstream, the PE-P is mpls enabled. Anyway it's correct I have transit traffic originated by other devices connected to the 7600. Rgds. On Thu, Aug 25, 2011 at 6:55 AM, Arie Vayner (avayner) wrote: > Omar, > > What traffic do you expect to be marked with EXP 6? > > Do you have any transit traffic (i.e. traffic not originated by the > 7600, but sent from a remote client), which is marked with some other > (non EXP=6,0) value? > > Usually Prec 6 would be used for control traffic (routing protocols > etc), and this traffic is usually one hop only, and would not be > encapsulated with MPLS, so no EXP bits... > The only exceptions I can think of would be transit BGP or directed LDP > sessions terminated on a remote router (not the adjacent CRS) > > Arie > > -Original Message- > From: cisco-nsp-boun...@puck.nether.net > [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of omar parihuana > Sent: Thursday, August 25, 2011 02:08 > To: Leonardo Gama Souza > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] QoS VLAN Marking is not working 7600 > > Leonardo, > > Thank you for your answer, there is enable MPLS between CRS and 7600. > however, the PFC used is PFC3B. please do you have any doc regarding: > "Moreover only PFC3C/PFC3CXL supports ingress EXP marking at ip2mpls." ? > I'm reading > http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/gu > ide/mplsqos.html#wp1531487 > I didn't find details about the "EXP Marking at ingress". > > Rgds. > > > On Wed, Aug 24, 2011 at 4:07 PM, Leonardo Gama Souza < > leonardo.so...@nec.com.br> wrote: > > > Omar, > > > > You won't be able to mark EXP bits if your interface to CRS isn't MPLS > > > enabled. > > Moreover only PFC3C/PFC3CXL supports ingress EXP marking at ip2mpls. > > > > Cheers. > > > > > > -- > Omar E.P.T > - > Certified Networking Professionals make better Connections! > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QoS VLAN Marking is not working 7600
Leonardo, Thank you for your answer, there is enable MPLS between CRS and 7600. however, the PFC used is PFC3B. please do you have any doc regarding: "Moreover only PFC3C/PFC3CXL supports ingress EXP marking at ip2mpls." ? I'm reading http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/mplsqos.html#wp1531487 I didn't find details about the "EXP Marking at ingress". Rgds. On Wed, Aug 24, 2011 at 4:07 PM, Leonardo Gama Souza < leonardo.so...@nec.com.br> wrote: > Omar, > > You won't be able to mark EXP bits if your interface to CRS isn't MPLS > enabled. > Moreover only PFC3C/PFC3CXL supports ingress EXP marking at ip2mpls. > > Cheers. > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QoS VLAN Marking is not working 7600
Hi Guys, I have a 7600 connected to a CRS-1 via Giga Interfaces. The CRS is a "P" router and the7600 is a "PE" router. The 7600 has two line card: WS-X6724-SFP and WS-X6748-GE-TX. We're using the x6724 for Uplink to CRS and the x6748 connect to internal devices via 802.1Q trunks. I've configured policy maps applied to the vlan interface in order to set MPLS experimental bits per vlan. Here the relevant configuration: mls qos ! policy-map SET-EXP-SIG class class-default set mpls experimental imposition 6 ! ! interface GigabitEthernet1/3 description to CRS wrr-queue bandwidth percent 60 40 wrr-queue cos-map 1 1 5 wrr-queue cos-map 2 1 0 1 4 wrr-queue cos-map 2 2 2 3 priority-queue cos-map 1 6 7 ! interface Vlan120 ip vrf forwarding SIG ip address 10.11.16.2 255.255.255.192 no ip redirects no ip unreachables service-policy input SET-EXP-SIG end interface GigabitEthernet1/5 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 120,122 switchport mode trunk switchport nonegotiate logging event link-status logging event trunk-status logging event spanning-tree status load-interval 30 speed 1000 duplex full mls qos vlan-based mls qos trust extend mls qos trust dscp no cdp enable spanning-tree link-type point-to-point spanning-tree guard root end Unfortunately in the CRS we've noticed that the packets sourced in the VLAN120 hasn't EXP bits 6. Please any suggestion in order to solve this issue will be appreciated. PS. IOS Version: c7600s72033-advipservicesk9-mz.122-33.SRE2.bin Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] erase startup in CRS-1
Hi Guys, I'm new in CRS-1 (IOS XR) I'm trying to reconfigure a new router (non-production) so I decided to erase the running conf however I am not able to do that??? please how could I delete the run conf??? Thanks for your suggestion. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] off-topic NMS Suggestion
Hi List, Please could you suggest me a NMS for WAN/LAN? the WAN is a MPLS/VPN (300 remote offices) and the Switching is a campus LAN (aprox 1000 Network Devices) and three remote buildings (aprox Network 200 devices in each building). Before I tried Cisco Works but I faced some issues; HP Openview was difficult also. We need a easy web interface for monitoring and reporting (unfortunately no open source solutions are accepted). Thank you for your suggestions. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPSec problems
Hi, The router 1721 is an older router, could you check the CPU in the 1721, and check the BW usage in the ADSL side. Rgds. On Tue, Sep 28, 2010 at 8:35 AM, Stephane MAGAND wrote: > Hi > > i have a new problems with my IPSec tunnels ... > > Two routers: > > Cisco 2821 with AIM connected in FastEthernet at Internet > Cisco 1721 connected in Adsl. > > > When i ping from 2821 to 1721 and use public internet address no > problems: > > C2821#ping 84.xx.xx.1 size 600 repeat 150 > > Type escape sequence to abort. > Sending 150, 600-byte ICMP Echos to 84.xx.xx.1, timeout is 2 seconds: > !! > !! > !! > Success rate is 100 percent (150/150), round-trip min/avg/max = 44/46/68 ms > > > but when i ping using Ipsec tunnel : > > C2821#ping vrf VPN003 10.11.12.254 size 600 repeat 150 > > Type escape sequence to abort. > Sending 150, 600-byte ICMP Echos to 10.11.12.254, timeout is 2 seconds: > .!!....!.!..!.!!!..!!.!.!!.!!! > !!!.!.!.!!.!!.!.!!..!. > .! > Success rate is 81 percent (122/150), round-trip min/avg/max = 52/58/104 ms > > > > 20 percent of lost. > > Where i can debug the problems ? > > thanks > Stephane > > > > > > C2821: > crypto isakmp key l55xx8gjJ address 84.xx.xx.1 > > crypto isakmp profile VPN003 > keyring default > match identity address 84.xx.xx.1 255.255.255.255 > > crypto ipsec profile ipsec_vpn_vpn003 > set transform-set ipsec_tunnel_vpn003 > set isakmp-profile VPN003 > > interface Tunnel5 > ip vrf forwarding VPN003 > ip address 172.16.1.209 255.255.255.252 > ip mtu 1400 > ip tcp adjust-mss 1360 > tunnel source 78.xx.xx.92 > tunnel destination 84.xx.xx.1 > tunnel protection ipsec profile ipsec_vpn_vpn003 > > > > > > > > > C1721: > crypto isakmp key l5584jjHK8gjJ address 78.xx.xx.92 > > crypto isakmp profile vpn > keyring default > match identity address 78.xx.xx.92 255.255.255.255 > > crypto ipsec transform-set ipsec_tunnel esp-3des > mode transport > > crypto ipsec profile ipsec_vpn > set transform-set ipsec_tunnel > set isakmp-profile vpn > > interface Tunnel0 > ip address 172.16.1.210 255.255.255.252 > ip mtu 1400 > ip tcp adjust-mss 1360 > tunnel source Dialer0 > tunnel destination 78.xx.xx.92 > tunnel protection ipsec profile ipsec_vpn > > interface ATM0 > no ip address > no atm ilmi-keepalive > dsl operating-mode auto > pvc 0/38 > pppoe-client dial-pool-number 1 > > interface FastEthernet0 > ip address 10.11.12.254 255.255.255.0 > ip nat inside > ip tcp adjust-mss 1452 > speed auto > full-duplex > > interface Dialer0 > mtu 1492 > ip address negotiated > no ip redirects > no ip unreachables > no ip proxy-arp > ip nat outside > encapsulation ppp > ip route-cache flow > dialer pool 1 > dialer-group 1 > no cdp enable > ppp authentication chap callin > ppp chap hostname x...@adsllogin.co.uk > ppp chap password 0 yyy > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750 with Redundant power
3750X http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/data_sheet_c78-584733_ps10744_Products_Data_Sheet.html On Thu, Sep 16, 2010 at 2:03 PM, Keegan Holley wrote: > Does anyone know which 3750G models come with dual power if any. I can't > find it listed on the website directly. I'd like to avoid using the RPS > 2300 or using a more expensive platform just for dual power. I also need > POE. > > Thanks, > > Keegan > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] mix AC/DC power supply in Cisco 3945E
Hi Guys, Can I use two differents power supply (one DC and one AC) in the same 3945E chassis?? I mean in one slot PWR-3900-AC and in the other slot PWR-3900-DC I've checked the cisco DOC, but maybe I'm misunderstanding but I suppose that is possible to install or AC or DC and not AC and DC in the same chassis. Please your help will be appreciated. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Static Nat Route-map
Maybe this link can be useful: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html On Fri, Aug 13, 2010 at 10:59 AM, J Springer wrote: > IOS: c1841-advsecurityk9-mz.124-21.bin > > Does this version support static nat route-maps (to exclude nat for VPNs)? > > If not and another does, which release supports this option? > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] cisco1861 for Dial backup
Hi Group, I've just received a Cisco router 1861: http://www.cisco.com/en/US/prod/collateral/routers/ps5853/ps8321/product_data_sheet0900aecd806c4dce.html This router have two BRI ports. I've tried to configure a Dial Backup using this ports but I received the follow messages: R1861(config)#interface bri 0/1/0 R1861(config-if)#encp R1861(config-if)#encap R1861(config-if)#encapsulation ppp Encapsulation not allowed on voice only interface << R1861(config-if)# I have many 1841 with BRI Cards that works fine. please anybody know if is possible to use that router (1861) as dial backup for data traffic? or the BRI Ports are only destinated to voice? here the sh ver output: R1861#sh ver Cisco IOS Software, C1861 Software (C1861-ADVENTERPRISEK9-M), Version 12.4(24)T3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Tue 23-Mar-10 06:10 by prod_rel_team ROM: System Boottrap, Version 12.4(11r)XW3, RELEASE SOFTWARE (fc1) R1861 uptime is 3 hours, 57 minutes System returned to ROM by power-on System image file is "flash:c1861-adventerprisek9-mz.124-24.T3.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to exp...@cisco.com. Cisco C1861-SRST-B/K9 (MPC8358) processor (revision 0x202) with 249856K/12288K bytes of memory. Processor board ID FTX1225Y01B MPC8358 CPU Rev: Part Number 0x804A, Revision ID 0x20 12 User Licenses 10 FastEthernet interfaces 1 Serial(sync/async) interface 2 ISDN Basic Rate interfaces 4 Voice FXS interfaces 1 Voice MoH interface 128K bytes of non-volatile configuration memory. 125440K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102 R1861# -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QoS for MetroEthernet
Hi Pavel, Unfortunately I'm in a remote location but I'm thinking about install a WireShark in a client PC. Rgds. & Thanks. On Sun, Jan 31, 2010 at 12:34 PM, Pavel Skovajsa wrote: > Hi Omar, > > No you definively should not take any special considerations for Metro > link - you are the end customer the service is transparent to you - it > moves packets back and forth. > > Therefore it is hard to tell what is the actual problem. It is easy to > troubleshoot though - sniff it: > a) sniff the SQL activity with Serial link > b) sniff the SQL activity with Metro link > c) compare and find out what types of packets do not get on the other side. > > There could be number of things that can go wrong - like service > provider maximum MTU, certain TOS values being dropped etc. etc. > > -pavel > > p.s. For sniffing we usually use Wireshark. > > > > On Sun, Jan 31, 2010 at 5:31 PM, omar parihuana > wrote: > > Hello, > > > > I'm facing a strange problem I think that is a QoS configuration, I've > tried > > some conf without success. The situation is as follows: > > > > Actually I have a 1Mbps Serial link between two remote branchs and one > > application in particular: a SQL client/server application that works > fine. > > (there are other apps but is not relevant now). We've contracted a > > MetroEthernet Link at 1Mbps between the same branchs (in order to replace > > the current serial link) In each site I put a router after migrate the > SQL > > app didn't work (it got suck for a long time). Therefore I decided raise > a > > GRE tunnel between both sites, applied QoS conf, adjust the tcp mss > without > > success, all working well (additional apps and voice traffic) but SQL app > > didn't work. I don't know what's happenning with this app, but if you > have > > faced the same problem, or I need take special considerations for > > MetroEthernel Link please your comments will be appreciated. > > > > I paste my conf: > > > > ! > > ! > > policy-map child13 > > class VOIP-TRAFFIC > > priority 200 > > class DATA-IMPORTANT > > bandwidth percent 60 > > class class-default > > fair-queue > > policy-map tunnel13 > > class class-default > > shape average 1024000 > > service-policy child13 > > ! > > ! > > ! > > interface Tunnel13 > > bandwidth 1000 > > ip address 10.1.13.1 255.255.255.0 > > ip tcp adjust-mss 1440 > > load-interval 30 > > qos pre-classify > > tunnel source 172.21.1.17 > > tunnel destination 172.21.1.19 > > service-policy output tunnel13 > > ! > > interface FastEthernet0/0 > > description LAN interface > > ip address 172.16.96.6 255.255.252.0 > > no ip unreachables > > no ip proxy-arp > > load-interval 30 > > speed 100 > > full-duplex > > ! > > interface FastEthernet0/1 > > description MAN interface > > bandwidth 3000 > > ip address 172.21.1.17 255.255.255.248 > > no ip proxy-arp > > load-interval 30 > > speed 100 > > full-duplex > > > > > > -- > > Omar E.P.T > > - > > Certified Networking Professionals make better Connections! > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QoS for MetroEthernet
Hello, I'm facing a strange problem I think that is a QoS configuration, I've tried some conf without success. The situation is as follows: Actually I have a 1Mbps Serial link between two remote branchs and one application in particular: a SQL client/server application that works fine. (there are other apps but is not relevant now). We've contracted a MetroEthernet Link at 1Mbps between the same branchs (in order to replace the current serial link) In each site I put a router after migrate the SQL app didn't work (it got suck for a long time). Therefore I decided raise a GRE tunnel between both sites, applied QoS conf, adjust the tcp mss without success, all working well (additional apps and voice traffic) but SQL app didn't work. I don't know what's happenning with this app, but if you have faced the same problem, or I need take special considerations for MetroEthernel Link please your comments will be appreciated. I paste my conf: ! ! policy-map child13 class VOIP-TRAFFIC priority 200 class DATA-IMPORTANT bandwidth percent 60 class class-default fair-queue policy-map tunnel13 class class-default shape average 1024000 service-policy child13 ! ! ! interface Tunnel13 bandwidth 1000 ip address 10.1.13.1 255.255.255.0 ip tcp adjust-mss 1440 load-interval 30 qos pre-classify tunnel source 172.21.1.17 tunnel destination 172.21.1.19 service-policy output tunnel13 ! interface FastEthernet0/0 description LAN interface ip address 172.16.96.6 255.255.252.0 no ip unreachables no ip proxy-arp load-interval 30 speed 100 full-duplex ! interface FastEthernet0/1 description MAN interface bandwidth 3000 ip address 172.21.1.17 255.255.255.248 no ip proxy-arp load-interval 30 speed 100 full-duplex -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Serial link CTS=down link UP
I'll suggest that Provider change the CSU/DSU since that all signals are not open a syncronization problem can be there... Rgds. On Thu, Dec 17, 2009 at 1:04 PM, Marcelo Zilio wrote: > Hi, > > Has anyone seen this in serial interfaces before? > Link is UP and traffic is going through, however router shows CTS=down > besides a lot CRCs/Input Errors. > It doesn't make sense to me the parameter which should advise that the link > is "ready to go" is DOWN while there is traffic on it. > Users are complaining some application are slow. > > The router is a Cisco 2811 IOS 12.4(15)T10. > > Router#sh int s0/1/0 > Serial0/1/0 is up, line protocol is up > Hardware is GT96K Serial > MTU 1500 bytes, BW 256 Kbit/sec, DLY 2 usec, > reliability 255/255, txload 40/255, rxload 42/255 > Encapsulation FRAME-RELAY IETF, loopback not set > Keepalive set (10 sec) > CRC checking enabled > LMI enq sent 48, LMI stat recvd 48, LMI upd recvd 0, DTE LMI up > LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 > LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE segmentation > inactive > FR SVC disabled, LAPF state down > Broadcast queue 0/64, broadcasts sent/dropped 7/0, interface broadcasts 0 > Last input 00:00:00, output 00:00:00, output hang never > Last clearing of "show interface" counters 00:07:55 > Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 > Queueing strategy: dual fifo > Output queue: high size/max/dropped 0/256/0 > Output queue: 0/128 (size/max) > 30 second input rate 43000 bits/sec, 68 packets/sec > 30 second output rate 41000 bits/sec, 78 packets/sec > 34746 packets input, 2956769 bytes, 0 no buffer > Received 0 broadcasts, 0 runts, 0 giants, 0 throttles > 602 input errors, 602 CRC, 433 frame, 107 overrun, 0 ignored, 323 abort > 43237 packets output, 3308125 bytes, 0 underruns > 0 output errors, 0 collisions, 0 interface resets > 0 unknown protocol drops > 0 output buffer failures, 0 output buffers swapped out > 0 carrier transitions > DCD=up DSR=up DTR=up RTS=up *CTS=down* > > Thanks, > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OT: Router//Switches Hardware inventory
Hello List, Do you know an open source tool for router hardware inventory? I have many Cisco devices with many cards inserted, and manage the inventory via Excel Format is hard... please any suggestion? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] DLSW on Catalyst 4506-E is it possible???
Hi Guys, DLSW is supported in Catalyst 4500 platform I'm searching in Cisco Doc but it seems that DLSW doesn't run over Cat4500. Are there some way to run DLSW over CAT4500? (in 6500 a MSFC card will solve the problem). Here my sh version 4500# sh version Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 12.2(44)SG1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Wed 09-Jul-08 13:17 by prod_rel_team Image text-base: 0x1000, data-base: 0x11D1CA4C ROM: 12.2(31r)SGA1 Pod Revision 14, Force Revision 31, Tie Revision 32 4500 uptime is 2 days, 19 hours, 53 minutes System returned to ROM by reload System restarted at 14:17:22 Fri Mar 13 2009 System image file is "bootflash:cat4500-entservicesk9-mz.122-44.SG1.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to exp...@cisco.com. cisco WS-C4506-E (MPC8540) processor (revision 13) with 524288K bytes of memory. Processor board ID FOX1242H2PR MPC8540 CPU at 800Mhz, Supervisor V-10GE Last reset from Reload 20 Virtual Ethernet interfaces 70 Gigabit Ethernet interfaces 2 Ten Gigabit Ethernet interfaces 511K bytes of non-volatile configuration memory. Configuration register is 0x2101 Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] What does mean Unknown state in Online diag.. 7609 Router
Hi Folks, Recently I've installed a SPA-2XT3/E3 card (in module 7), but I get unknown state in online diagnostic, what does mean this "Unknow", because the led status in card is ok, and the sh diagbus also is ok: Mod Sub-Module Model Serial Hw Status --- -- --- --- --- 7/0 2xOC3 ATM SPA SPA-2XOC3-ATM JAE1217FPTR 1.1Ok 7/1 2xT3E3 SPA SPA-2XT3/E3JAE1219H6QE 1.1Ok Mod Online Diag Status --- 1 Pass 5 Pass 6 Pass 7 Pass 7/0 Not Applicable 7/1 Unknown << 8 Pass 8/0 Not Applicable 8/1 Not Applicable Slot 7: Logical_index 14 4-subslot SPA Interface Processor-200 controller Board is analyzed ipc ready HW rev 2.303, board revision C0 Serial Number: JAE1220HSI2 Part number: 73-10476-03 Slot database information: Flags: 0x2004 Insertion time: 0x17E48 (1w4d ago) Controller Memory Size: 832 MBytes CPU Memory 191 MBytes Packet Memory 1023 MBytes Total on Board SDRAM Cisco IOS Software, cwlc Software (sip1-DW-M), Version 12.2(33)SRB3, RELEASE SOFTWARE (fc1) SPA Information: subslot 7/0: SPA-2XOC3-ATM (0x46E), status: ok subslot 7/1: SPA-2XT3/E3 (0x40C), status: ok Thanks!! -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Accounting VPN PIX and ACS
Hi List, I'm facing a trouble, I have a PIX and one ACS 3.3. The pix act like VPN concetrator for the clients (Windows Based - Cisco VPN Client) and ACS like authenticator I'm using TACACS+. All were working well. But now my boss said: We need to get the VPN usage so I need:, who? when? and how long...? were connected... please could you provide me some suggestions, some samples, or docs... maybe to change to RADIUS? or is it possible with TACACS+? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OT: Linux Script for router management
Hi List, I'm facing a problem with routers management, near of 80 dispersed routers of differents providers with differents usr/pass , I would like to have a linux console with a Menu with router list, then when a choose a option, I can get into the router automatically, or maybe other way, for example before I used a Linux console where I write down the hostname and I get the router. Do you know some tool/script that can do it? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASA Device vs Checkpoint UTM 450
Hi List, We have a customer with a solution with Checkpoint UTM-1 450 (with all services enabled: webfilter, IPS, VPN and other in accordance to customer) now they're looking for a Cisco Solution. What Cisco devices can replace Checkpoint UTM-1 450 ? the customer network is small (10 users x 5 branch, with IPSec site-to-site and SSL Tunnels) Please, any suggestions will be appreciated. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] %SYS-4-NV_BLOCK_INITFAIL
Hi list, When I was installing a new router I had the follow error: Router# *Jan 31 16:27:46.067: NV: Invalid Pointer value(44AF40A0) in private configuration structure *Jan 31 16:27:46.107: NV: Invalid Pointer value(44AF40A0) in private configuration structure *Jan 31 16:27:46.107: %SYS-4-NV_BLOCK_INITFAIL: Unable to initialize the geometry of nvram In cisco Webpage I found the follow explanation: Error Message %SYS-4-NV_BLOCK_INITFAIL : Unable to initalize the geometry of nvram ExplanationThe software failed to initialize the NVRAM block geometry, which is a part of the NVRAM used to host nonconfiguration data files. Typically, these files are used by SNMP to store and retrieve nonconfiguration persistent data across a system reload. This failure may occur when the entire NVRAM is packed with the configuration, and the version of software that supports this feature could not find the minimum room in the NVRAM to initialize the block file system. Recommended ActionReduce the configurations in the NVRAM by at least by 2K. My question is: How can I performerd the Recommended Action, some command?, the file size of my configuration is 8767 bytes any ideas? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How to measuse the throughput on Internet Links
Hi Michael, thanks for your response I tried to use IPERF previously without success because set up the server was difficult for me. I'm looking for other options. Thanks again Rgds. On 1/9/08, Michael Long <[EMAIL PROTECTED]> wrote: > > iperf. http://dast.nlanr.net/Projects/Iperf/ > > Although you'll need a client and server setup. Plus it helps if the > server is somewhat close to the link you are trying to test. > > Mike > > omar parihuana wrote: > > Hi guys, > > > > I bought a new Internet Link 40Mbps 1:1 that is provide with > FastEthernet > > interface, now, I would like to check if I have the 40Mbps effective. > How > > can I measure the max capacity of my Internet link? any suggestions? > > > > Thanks in advanced... > > > > Rgds. > > > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] How to measuse the throughput on Internet Links
Hi guys, I bought a new Internet Link 40Mbps 1:1 that is provide with FastEthernet interface, now, I would like to check if I have the 40Mbps effective. How can I measure the max capacity of my Internet link? any suggestions? Thanks in advanced... Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGPoPPPoEoA ?!
Hi, mmmh maybe I'm wrong but the BGP session between CE-PE only can be eBGP and is necessary one peer directly connected... for iBGP is possible to use loopbacks, etc, etc... Rgds. On 11/15/07, Adam Greene <[EMAIL PROTECTED]> wrote: > > Lots of o's in that subject line ... > > I'm trying to set up a BGP session over a PPPoEoA DSL line. This is in the > context of setting up redundant DSL lines to a single provider router. I > control both ends (PE and CE). PE is 7200 NPE 200, IOS 12.3(15b). CE is > 1841, IOS 12.4(17). > > I can't establish the BGP session. Both sides are in active state, but > won't go further. > > The PE ATM interface is configured as IP unnumbered pointing to Loopback > 0. The CE BGP neighbor thus points to the PE Loopback IP address. The PE BGP > neighbor points to the IP address assigned to the CE Dialer (a /32 from the > /23 block on the PE Loopback). > > I saw that the CE was reporting that the external BGP neighbor is not > directly connected, so I issued "neighbor A.B.C.D disable-connected-check" > to no avail. > > I tried specifying the update-source interface on both ends (loopback 0 on > PE, Dialer1 on CE) again to no avail. > > I'm wondering if I have to do something at the neighbor A.B.C.D transport > level, like disabling path-mtu-discovery (this is a wild shot in the dark). > > Has anyone else successfully established BGP over PPPoEoA before? > > If this doesn't work, I'll set up redundancy by tracking objects ... but > that will involve an upgrade of the PE IOS. > > Thanks, > Adam > > > > > > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] snmp management
Hi guys, I'm facing a strange problem it must be simple, but so far I don't understand well why is it happening? I have two routers one router 2621XM and other one 851, I configured snmp in both devices, the same configuration (only different IP) and I can get the SNMP info only of first router (2621XM) and the 851 don't provide snmp info. the only configuration is: snmp-server community RO In my Linux box I use snmpwalk and only first router response. The diference between both routers is that internal IP, in 2621XM is physical interface, and 851 is SVI (Vlan 1) and of course the IOS, maybe is possible some bugs in IOS c850-advsecurityk9-mz.124-4.T7.bin? I'm planning to restart the 851 but I need to know what's happening... Have you ever seen this problem before? Ps. the IOS in 2621XM is: c2600-jsx-mz-123-14.T5 bin there are connectivity between NMS and both routers... no firewalls, no filter ports Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Error loading IOS onto Cisco2821
Hi all, Thanks a lot for your responses.. I've changed tftp by ftp and all is ok now! is faster and I dont´t have problems with timeout (I used direct connection via cross over cable) so TFTP ANYMORE!!! Thanks again! On 10/19/07, Winders, Timothy A <[EMAIL PROTECTED]> wrote: > > Are you loading via TFTP? It could be an issue with the size of the file > and the TFTP server implementation. Try to load via FTP. > > > Tim Winders | Associate Dean of Information Technology | South Plains > College > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > > [EMAIL PROTECTED] On Behalf Of omar parihuana > > Sent: Friday, October 19, 2007 11:38 AM > > To: Jonathan Charles > > Cc: cisco-nsp@puck.nether.net > > Subject: Re: [c-nsp] Error loading IOS onto Cisco2821 > > > > Hi, > > > > After load IP Base image (aprox 26MB), I formated the flash, and re- > > tried > > the load, and fail again!!! > > > > > > Router#sh flash: > > No files on device > > > > 63983616 bytes available (0 bytes used) > > > > Router# > > > > Loading c2800nm-advipservicesk9-mz.124-15.T1.bin from 66.86.36.233 (via > > GigabitEthernet0/0): > > !!! > > !!! > > !!! > > ! > > %Error writing flash:/c2800nm-advipservicesk9-mz.124-15.T1.bin (No > > space > > left on device) > > Sincerely, I'm so tired... and I need the load that image into the > > router... > > and I don't have one manner for that... pls... sugestions... > > > > Rgds. > > > > > > > > On 10/19/07, Jonathan Charles <[EMAIL PROTECTED]> wrote: > > > > > > Well, from rommon, there isn't much you can do... > > > > > > The goal was to format the flash, and then tftp (in IOS, after it > > > loaded)... > > > > > > The timeouts could be a network issue... or you are using an older > > > tftp server that doesn't support files larger than 18.4mb. > > > > > > > > > > > > Jonathan > > > > > > On 10/19/07, omar parihuana <[EMAIL PROTECTED]> wrote: > > > > Hi all, > > > > > > > > I erased the flash and rebooted the router after reset I tried load > > the > > > IOS > > > > in rommon mode, unfortunately the load didn't complete, I tried > > again > > > and > > > > failed again, I thought tftp failure because I get TFTP timeout: > > > > > > > > > > > > > !!! > > !!! > > !!!...! > > !!!..!!!.!.!!.!..!.!!.!!.!..!!.. > > > > [TIMED OUT] > > > > TFTP: Operation terminated. > > > > > > > > After that I think that my flash memory is incorrect, how can I > > know if > > > my > > > > flash is working well, or maybe is not working anymore!? > > > > > > > > Thanks for your response... > > > > > > > > PD. At this moment, my router is in rommon mode, and I don't know > > > > troubleshooting my flash... > > > > > > > > > > > > > > > > > > > > On 10/18/07, Jonathan Charles <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Well, build a tarball of your IOS and CME files and just archive > > tar > > > > > /extract it to the flash > > > > > > > > > > > > > > > > > > > > Jonathan > > > > > > > > > > On 10/18/07, Adrian Chadd <[EMAIL PROTECTED]> wrote: > > > > > > On Thu, Oct 18, 2007, Jonathan Charles wrote: > > > > > > > Issue a format flash: > > > > > > > > > > > > > > It takes about 2 seconds and wipes it clean... > > > > > > > > > > > > > > Besides, no one uses SDM anyway... > > > > > > > > > > > > "oh crap all of my CME files are gone!" > > > > > > > > > > > > Its generally fine to start with, but then stran
Re: [c-nsp] Error loading IOS onto Cisco2821
Hi, After load IP Base image (aprox 26MB), I formated the flash, and re-tried the load, and fail again!!! Router#sh flash: No files on device 63983616 bytes available (0 bytes used) Router# Loading c2800nm-advipservicesk9-mz.124-15.T1.bin from 66.86.36.233 (via GigabitEthernet0/0): !! %Error writing flash:/c2800nm-advipservicesk9-mz.124-15.T1.bin (No space left on device) Sincerely, I'm so tired... and I need the load that image into the router... and I don't have one manner for that... pls... sugestions... Rgds. On 10/19/07, Jonathan Charles <[EMAIL PROTECTED]> wrote: > > Well, from rommon, there isn't much you can do... > > The goal was to format the flash, and then tftp (in IOS, after it > loaded)... > > The timeouts could be a network issue... or you are using an older > tftp server that doesn't support files larger than 18.4mb. > > > > Jonathan > > On 10/19/07, omar parihuana <[EMAIL PROTECTED]> wrote: > > Hi all, > > > > I erased the flash and rebooted the router after reset I tried load the > IOS > > in rommon mode, unfortunately the load didn't complete, I tried again > and > > failed again, I thought tftp failure because I get TFTP timeout: > > > > > !.....!!!.!.!!.!..!.!!.!!.!..!!.. > > [TIMED OUT] > > TFTP: Operation terminated. > > > > After that I think that my flash memory is incorrect, how can I know if > my > > flash is working well, or maybe is not working anymore!? > > > > Thanks for your response... > > > > PD. At this moment, my router is in rommon mode, and I don't know > > troubleshooting my flash... > > > > > > > > > > On 10/18/07, Jonathan Charles <[EMAIL PROTECTED]> wrote: > > > > > > Well, build a tarball of your IOS and CME files and just archive tar > > > /extract it to the flash > > > > > > > > > > > > Jonathan > > > > > > On 10/18/07, Adrian Chadd <[EMAIL PROTECTED]> wrote: > > > > On Thu, Oct 18, 2007, Jonathan Charles wrote: > > > > > Issue a format flash: > > > > > > > > > > It takes about 2 seconds and wipes it clean... > > > > > > > > > > Besides, no one uses SDM anyway... > > > > > > > > "oh crap all of my CME files are gone!" > > > > > > > > Its generally fine to start with, but then strange crap happens. > Phones > > > > don't ring right, new phones don't get updated firmware, ATAs stop > > working, > > > > etc. Then you swear. Loudly. :) > > > > > > > > (And squeeze flash isn't supported everywhere iirc.) > > > > > > > > > > > > > > > > Adrian > > > > > > > > > > > ___ > > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > > > > > > > > -- > > Omar E.P.T > > - > > Certified Networking Professionals make better Connections! > > > > > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Error loading IOS onto Cisco2821
Hi all, I erased the flash and rebooted the router after reset I tried load the IOS in rommon mode, unfortunately the load didn't complete, I tried again and failed again, I thought tftp failure because I get TFTP timeout: !.....!!!.!.!!.!..!.!!.!!.!..!!.. [TIMED OUT] TFTP: Operation terminated. After that I think that my flash memory is incorrect, how can I know if my flash is working well, or maybe is not working anymore!? Thanks for your response... PD. At this moment, my router is in rommon mode, and I don't know troubleshooting my flash... On 10/18/07, Jonathan Charles <[EMAIL PROTECTED]> wrote: > > Well, build a tarball of your IOS and CME files and just archive tar > /extract it to the flash > > > > Jonathan > > On 10/18/07, Adrian Chadd <[EMAIL PROTECTED]> wrote: > > On Thu, Oct 18, 2007, Jonathan Charles wrote: > > > Issue a format flash: > > > > > > It takes about 2 seconds and wipes it clean... > > > > > > Besides, no one uses SDM anyway... > > > > "oh crap all of my CME files are gone!" > > > > Its generally fine to start with, but then strange crap happens. Phones > > don't ring right, new phones don't get updated firmware, ATAs stop > working, > > etc. Then you swear. Loudly. :) > > > > (And squeeze flash isn't supported everywhere iirc.) > > > > > > > > Adrian > > > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Error loading IOS onto Cisco2821
Hi lists, I'm trying load the c2800nm-advipservicesk9-mz.124-15.T1.bin image into Cisco2821, in accordance to Cisco WebPage the RAM and Flash required are: 256/64, my chassis has: Cisco 2821 (revision 53.51) with 249856K/12288K bytes of memory. Processor board ID FTX1115A1MX 2 Gigabit Ethernet interfaces 2 Serial(sync/async) interfaces DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 62720K bytes of ATA CompactFlash (Read/Write) and c2800nm-advipservicesk9-mz.124-15.T1.bin is almost 50MB, but when I loaded the image I have an error: GigabitEthernet0/0): !!! %Error copying flash:c2800nm-advipservicesk9-mz.124-15.T1.bin (No space left on device) Why appear this error if I have enough space in my device? any suggestion will be appreciated Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MIB Class-based-QoS
Thanks for your response.. Unfortunately, I'm using MRTG, we're going to migrate to Cacti, but meanwhile, I don't know if someone knows about addons/plugin/tool/anything for MRTG. Thanks again Rgds. On 9/26/07, Ed Ravin <[EMAIL PROTECTED]> wrote: > > On Wed, Sep 26, 2007 at 09:39:38AM +0200, Daniel Suchy wrote: > > There's addon for Cacti doing this. > > See http://forums.cacti.net/about12485.html > > Also for Cricket (genDevConfig and its predecessor genRtrConfig): > > http://acktomic.com/?p=4 > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MIB Class-based-QoS
Hi List, I configure QoS via MQC, now I need to get the utilization of each class-map created via SNMP. Is it possible? Exactly I'd like to get the: 30 second offered rate, in the example: 384000bps. What MIB can I use? I found Class-based-Qos-MIB but the offered rate is not provided. My intention is graph this value with MRTG by each class, so I can graph the class utilization. Class-map: CRITICAL-DATA (match-all) 205974 packets, 173823962 bytes 30 second offered rate 348000 bps, drop rate 0 bps Match: ip dscp af31 police: cir 2104000 bps, bc 263000 bytes conformed 207565 packets, 175035118 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: set-dscp-transmit af32 conformed 384000 bps, exceed 0 bps Thanks for your help.. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OFF TOPIC: EIGRP Multicast Flow timer
Hi guys, Recently, I was reviewing about EIGRP, and found one question that unfortunately Cisco web page don't help me, after check in google I found the follow explanation (extracted of cisco-nsp archives): "After a pair of routers become neighbors, they will send routing updates (and other packets) to one another using a reliable multicast scheme. For example, if router one has a series of packets which must be transmitted to routers two, three, and four, such as a routing table update, it will send the first packet to the EIGRP multicast address, 224.0.0.10, and wait for a acknowledgment from each of it's neighbors on it's ethernet interface (in this case routers two, three, and four). Let's assume that routers two and four do answer, but router three does not. Router one will wait until the multicast flow timer expires on the ethernet interface, then send out a special packet, a sequence tlv, telling router three not to listen to any further multicast packets from router one, then will continue transmitting the remainder of the update packets as multicast to all other routers on the network. The sequence tlv indicates an out-of-sequence multicast packet. Those routers not listed in the packet enter conditional receive (CR) mode and continue listening to multicast. While there are some routers in this mode, the conditional receive bit will be set in multicast packets. In this case, router one will send out a sequence tlv with router three listed, so routers two and four will continue listening to further multicast updates". *From:* Steve Pickavance (* [EMAIL PROTECTED]<[EMAIL PROTECTED]:%20Strange%20trafic%20to%20224.0.0.10&[EMAIL PROTECTED]> ) However I have some questions, in accordance to explanation above: if router one send to router three a TLV telling not listen to any further multicast packet, how router three learn new updates? special unicast? of course router three is UP and working fine again. Could you give more details about that? Thanks in advanced... Rgsd -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] default routing over ipsec
All is possible with IPSec/GRE... after GRE tunnel is up, the issue is only routing... Rgds. On 8/28/07, Gaurav Sabharwal <[EMAIL PROTECTED]> wrote: > > on 08/28/2007 04:51 AM matthew zeier said the following: > > I have a remote office in China that wants to split traffic such that > > domestic routes go out in the clear to the provider and all other > > traffic (or essentially, the default route) goes out across an IPSEC > tunnel. > > > > I'm not clear on how to make the latter work - do I specific a default > > route & next hop? Or does my crypto map need to include 0.0.0.0/0 ? > One option would be to use a VTI and PBR. > > Cheers, > - Gaurav > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP/private and public ASN mix trick
Hi, the command remove-private-as must be configured in all egress routers before the customer routes are advertised to other ISP. The IPS Upstreams don't notice about internal customer, AS_PATH, don't contain private AS, the remain BGP attributes won't be affected (of course if no changes were done) Rgds. On 8/25/07, Nick Kraal <[EMAIL PROTECTED]> wrote: > > Dear all, > > I have a tricky/creative arrangement here to provide to a customer. > > [1] The customer has their own prefixes [a.b.c.d/20], but no ASN. > [2] We plan to run private BGP with the customer to receive this > prefix, and for us to announce the global routing table. > [3] Objective is to then announce this prefix as originating from AS111 > to all AS111 public BGP peers. > [4] Sample configuration at the end of this e-mail. Any potential traps > here? > [5] Prefix list [TUN-CUST-CIDR-BLOCK] is then used in route-maps with > other BGP peers. Are removing private-as and the inbound route-map > sufficient for BGP to pick this prefix up and announce it as AS111? > > Thanks in advance, > > -nick/ > == > Current configuration: > > router bgp 111 > neighbor 200.100.1.10 remote-as 64001 > ! > address-family ipv4 > neighbor 203.100.1.10 activate > neighbor 203.100.1.10 next-hop-self > neighbor 203.100.1.10 remove-private-as > neighbor 200.100.1.10 soft-reconfiguration inbound > neighbor 200.100.1.10 route-map TUN-CUST-FILTER-IN in > neighbor 200.100.1.10 route-map TUN-CUST-FILTER-OUT out > ! > route-map TUN-CUST-FILTER-IN permit 5 > match ip address TUN-CUST-CIDR-BLOCK > set origin igp > ! > route-map TUN-CUST-FILTER-OUT permit 10 > match as-path 75 > ! > ip prefix-list TUN-CUST-CIDR-BLOCK seq 5 permit a.b.c.d/20 > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Possible BGP memory leak?
Try... sh ip route summary You get the total memory used by routing table... On 8/20/07, Ed Ravin <[EMAIL PROTECTED]> wrote: > > On a 7513 router running 12.0(S), we're running rather low on memory. > Yes, I know of the futility of fitting two full Internet feeds into 256M, > and I'm working on that, but in the meantime, this looks weird: > > Router# show proc mem | inc Hold|BGP > PID TTY Allocated FreedHoldingGetbufsRetbufs Process > 151 0 320352144 140361924 178607164 0 0 BGP Router > 152 0 328008 619156 6984 0 0 BGP I/O > 153 0 0 673324 9984 0 0 BGP Scanner > > Is the "BGP Router" process really holding 178 MB of memory? Why does it > only seem to be 51 MB in the listing below? > > > Router# show ip bgp summary > [...] > 185673 network entries using 20981049 bytes of memory > 369703 path entries using 19224556 bytes of memory > 73675/35141 BGP path/bestpath attribute entries using 9725100 bytes of > memory > 63197 BGP AS-PATH entries using 1662392 bytes of memory > 4 BGP community entries using 96 bytes of memory > 0 BGP route-map cache entries using 0 bytes of memory > 0 BGP filter-list cache entries using 0 bytes of memory > BGP using 51593193 total bytes of memory > BGP activity 522211/336538 prefixes, 1394152/1024449 paths, scan interval > [...] > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP as core routing protocol on MPLS network
I know that Traffic Engineering is only possible with IS-IS or OSPF... so EIGRP won't be a good option... Rgds. On 8/24/07, Kris Price <[EMAIL PROTECTED]> wrote: > > Hi, > > I've been trying to find out the implications of using EIGRP to > distribute the loopbacks for a BGP/MPLS network instead of the usual > OSPF or ISIS. But either it isn't a very well covered topic or my > Google-foo is seriously bad. > > I've lab'ed it up in a very simple environment and for typical Layer 3 > BGP/MPLS VPN applications everything seems to work fine as expected, LDP > continues distributing labels, and VPN packets are label switched across > the network. > > However, I assume the caveats are around using features that use > OSPF/ISIS for transporting additional information or for signalling, > e.g. perhaps taffic engineering info. > > Given there is no information on this on Google I guess it isn't > supported and the recommendation is simply "don't do it". > > But I'm curious, so has anyone done this in a production environment for > any reason, or has anything enlightening to say on the matter? > > Cheers > Kris > > PS: before anyone asks "Why on earth would you want to do that!?" I > don't particularly, but I'd like to know about it for arguments sake. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Session Timeout Cisco ACS
Hi List, I install Cisco ACS 4.1 but suddenly the graphical interface after 5 min is disconnected and I have to connect again, I'm using a direct connection no firewall between ACS and Management PC, I don't know why my session is disconnected, maybe un bug or some internal process is disconnecting the GUI configuration. I set up the Session idle timeout to 60min into Administration Control. Many thanks for your suggestions Rgds. -- Omar E.P.T - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Catalyst 3550 Faulty
Hi List, I've turned on one Spare switch, and opss... a error (see below output -WARNING MESSAGE-): Boot Sector Filesystem (bs:) installed, fsid: 3 Loading "flash:c3550-i9q3l2-mz.121-22.EA4/c3550-i9q3l2-mz.121-22.EA4.bin "...# File "flash:c3550-i9q3l2-mz.121-22.EA4/c3550-i9q3l2-mz.121-22.EA4.bin" uncompressed and installed, entry point: 0x3000 executing... Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 23-Mar-05 17:04 by yenanh Image text-base: 0x3000, data-base: 0x006CB95C Initializing flashfs... flashfs[1]: 350 files, 5 directories flashfs[1]: 0 orphaned files, 0 orphaned directories flashfs[1]: Total bytes: 15998976 flashfs[1]: Bytes used: 5008896 flashfs[1]: Bytes available: 10990080 flashfs[1]: flashfs fsck took 8 seconds. flashfs[1]: Initialization complete. ...done Initializing flashfs. POST: CPU Buffer Tests : Begin POST: CPU Buffer Tests : End, Status Passed POST: CPU Interface Tests : Begin POST: CPU Interface Tests : End, Status Passed POST: Switch Core Tests : Begin POST: Switch Core Tests : End, Status Passed POST: CPU Interface 2nd Stage Tests : Begin POST: CPU Interface 2nd Stage Tests : End, Status Passed POST: CAM Subsystem Tests : Begin POST: CAM Subsystem Tests : CAM reinitialization POST: CPU Buffer Tests : Begin POST: CPU Buffer Tests : End, Status Passed POST: CPU Interface Tests : Begin POST: CPU Interface Tests : End, Status Passed POST: Switch Core Tests : Begin POST: Switch Core Tests : End, Status Passed POST: CPU Interface 2nd Stage Tests : Begin POST: CPU Interface 2nd Stage Tests : End, Status Passed POST: CAM Subsystem Tests : Begin POST: CAM Subsystem Tests : CAM reinitialization POST: CPU Buffer Tests : Begin POST: CPU Buffer Tests : End, Status Passed POST: CPU Interface Tests : Begin POST: CPU Interface Tests : End, Status Passed POST: Switch Core Tests : Begin POST: Switch Core Tests : End, Status Passed POST: CPU Interface 2nd Stage Tests : Begin POST: CPU Interface 2nd Stage Tests : End, Status Passed POST: CAM Subsystem Tests : Begin POST: CAM Subsystem Tests : CAM reinitialization POST: CPU Buffer Tests : Begin POST: CPU Buffer Tests : End, Status Passed POST: CPU Interface Tests : Begin POST: CPU Interface Tests : End, Status Passed POST: Switch Core Tests : Begin POST: Switch Core Tests : End, Status Passed POST: CPU Interface 2nd Stage Tests : Begin POST: CPU Interface 2nd Stage Tests : End, Status Passed POST: CAM Subsystem Tests : Begin Data bus test failed for associated data POST: CAM Subsystem Tests : End, Status Failed INIT: failed CAM ASIC initializationcisco WS-C3550-24-PWR (PowerPC) processor (revision L0) with 65526K/8192K bytes of memory. Processor board ID CAT0921Y0PT Last reset from warm-reset Running Layer2/3 Switching Image The password-recovery mechanism is enabled. 384K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:14:69:77:68:80 Motherboard assembly number: 73-8100-09 Power supply part number: 341-0029-03 Motherboard serial number: CAT09211F0F Power supply serial number: DTH09196MM4 Model revision number: L0 Motherboard revision number: A0 Model number: WS-C3550-24PWR-SMI System serial number: CAT0921Y0PT !!! WARNING: The switch is not usable !!! Reason: Data bus test failed for associated data What kind of test can I realize for discard problems with that switch?? Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPPoE issues // ACS provide the same IP.
Thank you for your response! I configured the IPs pool into ACS, and the ACS assign dynamically the IPs. Rgds. On 7/23/07, Masood Ahmad Shah <[EMAIL PROTECTED]> wrote: > > How about the assigned ips pool? Where have you defined the pools? > > > Regards, > Masood Ahmad Shah > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of omar parihuana > Sent: Monday, July 23, 2007 11:33 PM > To: nsp > Subject: [c-nsp] PPPoE issues // ACS provide the same IP. > > Hi List, > > Currently, I have a problem with some PPPoE accounts. I configured a > Cisco3640 as NAS, and enable PPPoE. The users that use only one VLAN > working > fine. However, I have users that uses the same VLAN (different accounts) > and > the Cisco AAA ACS provide the same IP address: > > > Vi13 20761 PPPoE00:00:07 200.110.46.18 > Vi14 10080 PPPoE00:00:00 200.110.46.18 > > The VLAN (Subinterface) configuration is: > > ! > interface FastEthernet0/0.6 > encapsulation dot1Q 6 > ip access-group control-full in > no ip redirects > no ip proxy-arp > rate-limit input access-group 140 136000 25500 25500 conform-action > set-prec-transmit 5 exceed-action drop rate-limit input 72000 24000 24000 > conform-action transmit exceed-action drop rate-limit output access-group > 140 136000 25500 25500 conform-action set-prec-transmit 5 exceed-action > drop > rate-limit output 72000 24000 24000 conform-action transmit exceed-action > drop pppoe enable pppoe max-sessions 7 no cdp enable arp timeout 300 > end > ! > > Please any suggestion for resolve that issue? > > Thanks in advanced. > > Rgds. > > > -- > Omar E.P.T > - > Certified Networking Professionals make better Connections! > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPPoE issues // ACS provide the same IP.
Hi List, Currently, I have a problem with some PPPoE accounts. I configured a Cisco3640 as NAS, and enable PPPoE. The users that use only one VLAN working fine. However, I have users that uses the same VLAN (different accounts) and the Cisco AAA ACS provide the same IP address: Vi13 20761 PPPoE00:00:07 200.110.46.18 Vi14 10080 PPPoE00:00:00 200.110.46.18 The VLAN (Subinterface) configuration is: ! interface FastEthernet0/0.6 encapsulation dot1Q 6 ip access-group control-full in no ip redirects no ip proxy-arp rate-limit input access-group 140 136000 25500 25500 conform-action set-prec-transmit 5 exceed-action drop rate-limit input 72000 24000 24000 conform-action transmit exceed-action drop rate-limit output access-group 140 136000 25500 25500 conform-action set-prec-transmit 5 exceed-action drop rate-limit output 72000 24000 24000 conform-action transmit exceed-action drop pppoe enable pppoe max-sessions 7 no cdp enable arp timeout 300 end ! Please any suggestion for resolve that issue? Thanks in advanced. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PBR Strange behavior
Hi, I'm interesing in packets from 172.20.0.50, unfortunately I cannot test with that IP, so I used 172.20.0.49. Now if the ip policy route-map has no effect on 172.20.0.49, I'm wrong!! Thanks a lot! On 7/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Bear in mind 'ip policy route-map BLAH' has no effect on self generated > packets. > > In your test, are the packets matching the ACL sourced from 172.20.0.49 > (router itself) or 172.20.0.50? > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of omar parihuana > Sent: 03 July 2007 00:17 > To: nsp > Subject: [c-nsp] PBR Strange behavior > > Hi List, > > I've configured an policy routing, however the packets don't match the > policy. I re-checked the configuration and all seems fine, I don't know > why > that configuration don't work!!! (the packets traverse by default route > and > not by Next-hop configured into route-map. > > I've paste my configuration: > > ! > interface FastEthernet0/0.73 > encapsulation dot1Q 73 > ip address 172.20.0.49 255.255.255.252 > no ip redirects > no ip proxy-arp > ip policy route-map NEXT-HOP > no cdp enable > arp timeout 300 > end > ! > > ! > route-map NEXT-HOP permit 10 > match ip address 160 > set interface Serial1/0:0 > set ip next-hop 172.16.1.134 > ! > > ! > access-list 160 permit ip 172.20.0.48 0.0.0.3 any > ! > > Thanks > > *The router is a Cisco 3640 with CEF Enabled that works like MPLS-PE > router. > > -- > Omar E.P.T > - > Certified Networking Professionals make better Connections! > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NTP Issues // Strange behavior
Hi, I typed again the command and the counter "when" is increasing (15190 at this time), and I don't have way to stop. As per my previous post the ntp configuration was cleared. I also think that is a IOS BUG. CAT6506-BK>sh ntp associations address ref clock st when poll reach delay offset disp 172.24.129.254 127.127.7.1 8 15190640 0.8 -0.50 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured I'm using: System image file is "sup-bootdisk:s3223-adventerprisek9_wan- mz.122-18.SXF8.bin" Rgds. On 7/5/07, Dale Shaw <[EMAIL PROTECTED]> wrote: > > Hi Curtis, > > On 7/6/07, Curtis Doty <[EMAIL PROTECTED]> wrote: > > > > That's the definition of an ntp peer. The other ntp server/router is > > connecting to CAT6506-BK and saying "heya, I'm your time peer; let's do > > time" and your Cat is faithfully obliging. This is the nature of ntp. If > > you don't like it, use keys or ACLs. > > You may have missed this bit from the original post: > > > CAT6506-BK#sh run | inc ntp > > There is no NTP config. The switch should not be participating in NTP > in any way, shape or form (client, server, peer). > > Sounds buggy to me. > > Cheers, > Dale > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NTP Issues // Strange behavior
Hi, I've retired the ntp line configurations, however when I type show ntp associations then appear the older peer, why??? if the configuration was cleared. CAT6506-BK#sh run | inc ntp CAT6506-BK#sh ntp associations address ref clock st when poll reach delay offset disp 172.24.129.254 127.127.7.1 8 4759640 0.8 -0.50 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured CAT6506-BK# RGds. On 7/5/07, omar parihuana <[EMAIL PROTECTED]> wrote: > > Hi List, > > I've set up an NTP master over a Catalyst 6500, my routers 7204 update the > clock fine, but my Cisco 3640 don't update the clock, and I have an error: > > *Mar 7 04:29:12.713: NTP: packet from 172.24.129.254 failed validity > tests 20 > *Mar 7 04:29:12.713: Peer/Server Clock unsynchronized > > I don't kwow the reason for these errors, any suggestions? > > Rgds. > > -- > Omar E.P.T > - > > -- Omar E.P.T - Certified Networking Professionals make better Connections! http://omarept.blogspot.com/ Usysnet Corp Open Source Solutions www.usysnet.com.pe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NTP Issues
Hi List, I've set up an NTP master over a Catalyst 6500, my routers 7204 update the clock fine, but my Cisco 3640 don't update the clock, and I have an error: *Mar 7 04:29:12.713: NTP: packet from 172.24.129.254 failed validity tests 20 *Mar 7 04:29:12.713: Peer/Server Clock unsynchronized I don't kwow the reason for these errors, any suggestions? Rgds. -- Omar E.P.T - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PBR Strange behavior
Hi List, I've configured an policy routing, however the packets don't match the policy. I re-checked the configuration and all seems fine, I don't know why that configuration don't work!!! (the packets traverse by default route and not by Next-hop configured into route-map. I've paste my configuration: ! interface FastEthernet0/0.73 encapsulation dot1Q 73 ip address 172.20.0.49 255.255.255.252 no ip redirects no ip proxy-arp ip policy route-map NEXT-HOP no cdp enable arp timeout 300 end ! ! route-map NEXT-HOP permit 10 match ip address 160 set interface Serial1/0:0 set ip next-hop 172.16.1.134 ! ! access-list 160 permit ip 172.20.0.48 0.0.0.3 any ! Thanks *The router is a Cisco 3640 with CEF Enabled that works like MPLS-PE router. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TDP/LDP // SOLVED
Thank you!!! The problem was solved. I'm using TDP in older MPLS Network and LDP in new MPLS network. I had two problems (i) I had a mismatch in a subnet between one olde router and one new router. (ii) aggregate subnets from older network didn't allow pass traffic between customers sites (MPLS/VPN) I've read about LSP Failure with summarized address, after of remove the sumarization the problem was solved. Thanks again! On 6/9/07, Oliver Boehmer (oboehmer) <[EMAIL PROTECTED]> wrote: > > In addition, make sure you don't try to run Layer2 VPN on a PE running > TDP. Pseudowires (PW) require LDP.. Not sure what you mean by "VPN > tunnel", but if this is a PW, this could explain it.. > >oli > > Harold Ritter (hritter) <> wrote on Saturday, June 09, 2007 5:57 PM: > > > Omar, > > > > You should be able to mix and match LDP and TDP in your network. This > > is actually common in network transitions. The only restriction is > > that two routers on a given subnet use the same protocol. Otherwise, > > the session will obviously not be established. > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of omar parihuana > > Sent: Friday, June 08, 2007 10:36 PM > > To: nsp > > Subject: [c-nsp] TDP/LDP > > > > Hi Guys, > > > > We're migrating an older MPLS networt based on TDP, our current MPLS > > Net uses LDP, however so far I cannot establish an tunnel VPN between > > sites from old MPLS net to new MPLS new. My question is: TDP and LDP > > are incompatible?, is possible establish a VPN tunnel between sites > > that use LDP and sites that uses TDP? > > > > Thank you for your response! > > > > -- > > Omar E.P.T > > - > > Certified Networking Professionals make better Connections! > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] TDP/LDP
Hi Guys, We're migrating an older MPLS networt based on TDP, our current MPLS Net uses LDP, however so far I cannot establish an tunnel VPN between sites from old MPLS net to new MPLS new. My question is: TDP and LDP are incompatible?, is possible establish a VPN tunnel between sites that use LDP and sites that uses TDP? Thank you for your response! -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS VPN with two IGPs
Hi List, Maybe my question is stupid, and I'm wrong, but I need some suggestion, rightnow I have a MPLS network running OSPF, new sites has been added with IS-IS but now we need establish VPN between OSPF domain and IS-IS domain is possible it? I have connectivity with both domains. Thanks in advanced. Rgds. -- Omar E.P.T - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Version of Cisco IOS not supported on NPE300
Hi, I had the same issue witht 7204VXR, so I found the IOS c7200-advipservicesk9-mz.124-4.T1.bin and work well with NPE300 Rgds. On 5/25/07, Samit <[EMAIL PROTECTED]> wrote: > > Hi, > > I just tried to upgraded my cisco7206vxr with NPE300 with image > c7200-p-mz.123-22.bin but while booting it gives warning. > > -- > > This Version of Cisco IOS Software is not supported on NPE300. > > Please select a version of Cisco IOS software compatible with > > this processor from http://www.cisco.com. > > -- > > I didn't find anywhere in the cisco site that particular IOS is > supported in specific NPE. > > Does anyone know which version of service provider image shall i use? > > Regards, > Samit > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Traffic on PPPoE Sessions
Hi list, we're drawing the user traffic with MRTG, now we've implemented PPPoE and we need graph the user traffic, How can I graph the traffic of PPPoE Session? maybe are there some MIBs for that? pls any suggestion will be appreciated. Thanks. Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] default route Label
Hi List, I'm working on a pre-production MPLS network, I'm using ISIS as IGP and LDP, so far, the ISIS learned routes are labeled, and apparently all work fine. Rightnow I've generated a default route via default-information originate command into a PE router after the others P learned the default route, but I've figured out that default route is not labeled. Is it a well behavior? or maybe I'm a wrong. Is possible labeled a default route? (PE1)(P) Default route generate -> \ \ (P) PE Output: 7204-1#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 172.16.20.5 to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks i L2172.16.40.4/32 [115/25] via 172.16.20.5, FastEthernet0/0 i L2172.16.40.1/32 [115/35] via 172.16.20.5, FastEthernet0/0 C 172.16.40.2/32 is directly connected, Loopback0 i L2172.16.40.3/32 [115/20] via 172.16.20.5, FastEthernet0/0 i L2172.16.20.8/30 [115/25] via 172.16.20.5, FastEthernet0/0 i L2172.16.30.0/24 [115/10] via 172.16.20.5, FastEthernet0/0 i L2172.16.20.0/30 [115/15] via 172.16.20.5, FastEthernet0/0 C 172.16.20.4/30 is directly connected, FastEthernet0/0 i*L2 0.0.0.0/0 [115/10] via 172.16.20.5, FastEthernet0/0 7204-1# 7204-1#sh mpls for Local OutgoingPrefixBytes tag Outgoing Next Hop tagtag or VC or Tunnel Id switched interface 16 Pop tag 172.16.40.3/320 Fa0/0 172.16.20.5 17 Pop tag 172.16.20.0/300 Fa0/0 172.16.20.5 18 16 172.16.40.4/320 Fa0/0 172.16.20.5 19 Pop tag 172.16.30.0/240 Fa0/0 172.16.20.5 20 19 172.16.20.8/300 Fa0/0 172.16.20.5 21 18 172.16.40.1/320 Fa0/0 172.16.20.5 7204-1# 7204-1#sh mpls ldp bin tib entry: 0.0.0.0/0, rev 10 local binding: tag: imp-null remote binding: tsr: 172.16.40.3:0, tag: imp-null tib entry: 172.16.20.0/30, rev 12 local binding: tag: 17 remote binding: tsr: 172.16.40.3:0, tag: imp-null tib entry: 172.16.20.4/30, rev 4 local binding: tag: imp-null remote binding: tsr: 172.16.40.3:0, tag: imp-null tib entry: 172.16.20.8/30, rev 20 local binding: tag: 20 remote binding: tsr: 172.16.40.3:0, tag: 19 tib entry: 172.16.30.0/24, rev 18 local binding: tag: 19 remote binding: tsr: 172.16.40.3:0, tag: imp-null tib entry: 172.16.40.1/32, rev 22 local binding: tag: 21 remote binding: tsr: 172.16.40.3:0, tag: 18 tib entry: 172.16.40.2/32, rev 6 local binding: tag: imp-null remote binding: tsr: 172.16.40.3:0, tag: 17 tib entry: 172.16.40.3/32, rev 8 local binding: tag: 16 remote binding: tsr: 172.16.40.3:0, tag: imp-null tib entry: 172.16.40.4/32, rev 15 local binding: tag: 18 remote binding: tsr: 172.16.40.3:0, tag: 16 7204-1# Thanks in advanced! -- Omar E.P.T - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ACS Solution Engine 4.0 RDBMS tips
Hi List, Currently, we're using a Free Linux RADIUS for AAA ( mainly for PPPoE user authentication), Right now, we've bought a ACS Solution Engine, and we're going to import a large number of users. I've read about RDBMS for this task. In Linux enviroment text plain files allow load a large number of users. I would like create an CSV file and ready, but how can I build the CSV file? is it possible? RDBMS is suitable? I need only add/del/modify user accounts with their respective RADIUS-reply. Any sugestion will be very useful for me! Thanks! -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 3640 as PPPoE Server and PPPoE Client impossible???
Hi List, Currently I have a 3640 that works like PPPoE Concentrator, rightnow I would like configure that router as PPPoE client too, however I have an error: Celda201#config t Enter configuration commands, one per line. End with CNTL/Z. Celda201(config)#vpdn-group 2 Celda201(config-vpdn)#request-dialin Celda201(config-vpdn-req-in)#protocol pppoe *%Only one PPPoE VPDN group can be configured * Actually the router have the follow configuration: vpdn enable ! vpdn-group 1 accept-dialin protocol pppoe virtual-template 1 pppoe limit per-mac 10 pppoe limit per-vlan 10 ! Can I configure one router as PPPoE Server and PPPoE client simultaneously? How? Thanks! -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange behavior OSPF Default route
Thanks Harlod, I found a L3 Switch Extreme Networks advertising the default route. Thanks again!. Rgds. On 4/27/07, Harold Ritter (hritter) <[EMAIL PROTECTED]> wrote: > > Omar, > > This default route is most probably generated by some other device. Can > you do a "show ip ospf da ext 0.0.0.0" and check the advertising router. > It is probably different then the RID of the Central router. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of omar parihuana > Sent: Friday, April 27, 2007 5:55 PM > To: nsp > Subject: [c-nsp] Strange behavior OSPF Default route > > Hi Folks, > > I've figure out a strange behavior with OSPF Default route generation. > I have static routes then I redistributed into OSPF, but Default Route > also is redistributed, So far I know that the default route > generation is accomplished with default-information originate command. > Why default route is redistributed??? maybe some bug? I copy confs: > > Central Router: > > ! > router ospf 1 > log-adjacency-changes > redistribute static > network 172.16.1.0 0.0.0.255 area 0 > network x.x.x.96 0.0.0.31 area 0 > ! > ip route 0.0.0.0 0.0.0.0 x.x.x.97 > ! > > Remote Router: > > ! > router ospf 1 > log-adjacency-changes > network 172.16.1.0 0.0.0.255 area 0 > ! > > Remote#sh ip route | inc \* > ia - IS-IS inter area, * - candidate default, U - per-user static > route > O*E1 0.0.0.0/0 [110/21] via 172.16.1.53, 11:39:10, Serial0/0:0 > > The IOS used in Central site is: slot0:c7200-jo3s-mz.122-12.bin > > Rgds. > > -- > Omar E.P.T > - > Certified Networking Professionals make better Connections! > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange behavior OSPF Default route
Hi Folks, I've figure out a strange behavior with OSPF Default route generation. I have static routes then I redistributed into OSPF, but Default Route also is redistributed, So far I know that the default route generation is accomplished with default-information originate command. Why default route is redistributed??? maybe some bug? I copy confs: Central Router: ! router ospf 1 log-adjacency-changes redistribute static network 172.16.1.0 0.0.0.255 area 0 network x.x.x.96 0.0.0.31 area 0 ! ip route 0.0.0.0 0.0.0.0 x.x.x.97 ! Remote Router: ! router ospf 1 log-adjacency-changes network 172.16.1.0 0.0.0.255 area 0 ! Remote#sh ip route | inc \* ia - IS-IS inter area, * - candidate default, U - per-user static route O*E1 0.0.0.0/0 [110/21] via 172.16.1.53, 11:39:10, Serial0/0:0 The IOS used in Central site is: slot0:c7200-jo3s-mz.122-12.bin Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IS-IS or OSPF as IGP?
Hi list, We're redesigning a small MPLS Network (about 30 PE Routers and 2 P Routers -Link between P-PE: Ethernet-), so far the IGP is OSPF, however ISIS was proposed too. What is the best? IS-IS or OSPF? and Why? regarding the small network. Thank you for your suggestions... Rgds. -- Omar E.P.T - Certified Networking Professionals make better Connections! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
