Thomas N wrote:
>
> I got a lab setup simulating DMVPN with IPSec over GRE. I
> would like to
> apply an access control list to the outside interface of the
> routers to
> block everything, except for TCP/UPD ports that are needed for
> GRE, IPSec,
> IKE and those related to DMVPN implementation.
looks like tcp 47, 50 and udp 500
http://www.cisco.com/en/US/customer/products/hw/routers/ps4081/products_tech_note09186a0080094267.shtml
Mike
Thomas N wrote:
>
> I got a lab setup simulating DMVPN with IPSec over GRE. I
> would like to
> apply an access control list to the outside interface of
You have the correct formula, the statement you need if you use policing
should look something like this.
police 300 375000 conform-action transmit exceed-action drop
You may want to consider shaping instead of policing as it will most likely
give you better performance. With policing or sha
The third number is excess burst which should be 0 in this case. My
understanding is if you do not specify it should be 0, but you could put it
in to be on the safe side. The second number is committed burst and if you
don't put it in the router calculates what it thinks is best. Please let me
know
Traffic policing allows you to control the maximum rate.
Traffic shaping is used to avoid congestion.
a good site that explains this
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt4/qcfpolsh.htm#22120
alaerte Vidali wrote:
>
> If you specify maximum burst
The DR is elected first by highest priority, the tie breaker is highest RID.
Then the process is repeated for the BDR.
http://www.cisco.com/warp/customer/104/2.html#10.1
My understanding is that if the DR goes down then the BDR is promoted to DR
and an election is held for the new BDR. This means
I agree with Larry. We support 6500 + devices and have had our far share of
connectivity issues. Last year we had a few NICs that generated lots of
errors when they were hard set to match the switch. We tried every
combination of negotiation and the only setting the eliminated the errors
was auto/a
I agree with Larry. We support 6500 + devices and have had our far share of
connectivity issues. Last year we had a few NICs that generated lots of
errors when they were hard set to match the switch. We tried every
combination of negotiation and the only setting the eliminated the errors
was auto/a
Larry Letterman wrote:
>
> All of our cisco campus devices work just fine with auto/auto
> and
> Multiple hardware types with various nics don't have any
> issues...
>
> If your nics are not auto/auto capable or it does not work
> well, then as
> Fred
> Says, hard code it...However I use auto/aut
I have seen this problem before with frame. LMI being local to the frame
switch means the interface does not go down and backups routes do not kick
in. One way to overcome this is to monitor layer 2 by using the
“frame-relay end-to-end keepalive mode bidirectional” command
within a map class on bot
I have seen a similar issue with a VPN connection. The problem was caused
when an NT admin wrote a batch file that did a large FTP across the link
every 45 minutes. The large volume of traffic caused the router cpu to spike
due to the encryp/decryp load… hence slow performance.
I would try to chec
11 matches
Mail list logo