Try permitting based on IP address only, e.g.
access-list 199 permit ip x.x.x.x 0.0.0.255 host y.y.y.y
still the same result, all the ip's are blocked.
Well you are allowing TCP port 22 from x.x.x.x/24 to any destination, which
will be any IP address on the router. But that doesnt
Aaron Riemer [EMAIL PROTECTED] wrote: Hi,
I was under the impression that vty ACL's only filter by source addresses.
i.e. standard ACL's only.
At first I thought that since VTY lines are for SSH access, there is no need to
add an extended access-list, to allow ssh on those lines.
I found on
Aaron Daubman [EMAIL PROTECTED] wrote: Catalin,
...
Is this a normal behavior of the IOS, to block access to all the ip's,
including to the one that is supposed to be allowed?
While not explicitly called out, I believe the intent is to use a
'standard' access list with one's vty
Problem: Since we cannot run BGP on any network smaller than a /24, how do
we connect all the networks together, so that we can route internet
connectivity to the small subnets (smaller than class C)?
I'm very new to this game, but from my understanding I will try. Please
correct me if I am
Hi
I would like to pass ss7 signaling from two providers using T-CCS clear
channel configuration. Anyone done it and works for him I could use a few
tips if not the running sample.
Wycliffe
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.487 / Virus
Packeteer packet shaper is bestGo for it...
Interesting, we've not deployed anything as yet, but others have looked
at Packeteer here and I hear they were not best impressed.
The next thing we'll probably look at is Allot's Netenforcer product.
Anyone have any experience with that on
Hello!
On Thu, Sep 13, 2007 at 10:21:38AM -0700, Michael K. Smith - Adhost wrote:
Hello Dmitry:
snip
Sep 13 18:38:00.091: idbman_get_agport: 14/4 Po2A(O)
Sep 13 18:37:59.762: %EC-SP-5-CANNOT_BUNDLE_LACP: Gi1/11 is not
compatible with aggregators in channel 2 and cannot attach to them
Hi,
yes, but since the extended access-list range is 100 - 199, this means that
extended access lists are supported:
#access-class ?
1-199 IP access list
1300-2699 IP expanded access list
WORD Access-list name
Catalin
Tom Storey [EMAIL PROTECTED] wrote: Expanded access-lists
Is there any compelling reason why SSH should only be allowed to
one
particular IP on the router?
Yes, if you have VRF's setup and only want to allow inbound
traffic to particular interfaces in a particular VRF (or
default/global)...
Fred Reimer, CISSP
Senior Network Engineer
Coleman
On 9/14/07, Giles Coochey [EMAIL PROTECTED] wrote:
Packeteer packet shaper is bestGo for it...
Interesting, we've not deployed anything as yet, but others have looked
at Packeteer here and I hear they were not best impressed.
The next thing we'll probably look at is Allot's
Of course, having all the clocks synchronized really makes knowing what
happened when easier from logs.
Aaron
On 9/12/07, Michael K. Smith - Adhost [EMAIL PROTECTED] wrote:
Hello Kim:
-Original Message-
From: [EMAIL PROTECTED] [mailto:cisco-nsp-
[EMAIL PROTECTED] On Behalf Of
On Fri, 2007-09-14 at 11:59 +0100, Harkins, Darren wrote:
Has anyone had experience using draft Rosen M-VPN, using GRE tunnels
and/or IP encapsulation, on Cisco (and cross vendor - gin-fixated!)
boxes? (Current mix of 7200 and 6500 + and M7i or two)
Yes, on 6500s. It just works (tm).
HOWEVER:
We've been using Allot NetEnforcer for years, but have decided to build our
own *nix solution because the hardware and support contract costs are just
too high with Allot.
The Allot is a great product, in my opinion. Just can't afford it!
Someone mentioned the Ellacoya product line ... I
The issue is we cannot advertise to the net any sub /24 nets. Thus, we need
to control those some how with an internal mesh - but the old and the new
locations are not physically connected in anyway (yet), except through the
internet.
-Original Message-
From: Steve Bertrand [mailto:[EMAIL
Build an basic IP tunnel or IPSec connection between the two locations
and treat it as a point to point for EIGRP, OSPF or BGP?
Dan Troxel wrote:
The issue is we cannot advertise to the net any sub /24 nets. Thus, we need
to control those some how with an internal mesh - but the old and the
Hi folks...
This is a long shot but we have some clients who are connected via PPPOE on
ADSL2+ who are randomly dropping off once in a while. On the same system,
we have a number of clients who are online for weeks with no issues. Same
equipment, identical modems at CPE etc they are all
FYI -
I knew I wasn't crazy.
It ended up being a bad 6509 chassis/backplane =/
-Drew
-Original Message-
From: Ed Ronayne [mailto:[EMAIL PROTECTED]
Sent: Monday, September 10, 2007 1:14 PM
To: Drew Weaver; 'King, Rick'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] [Retrieved] Fiber
Hi all,
Has anyone experienced issues with both SRB and SRB1 and RSP720 3CXL and
the ip local policy route-map feature not matching?
I have a policy defined as follows:
ip local policy route-map Netflow-Priority
!
!
route-map Netflow-Priority permit 10
match ip address 190
set ip
On Fri, Sep 14, 2007 at 04:51:27PM +, Anton Smith wrote:
Hi all,
Has anyone experienced issues with both SRB and SRB1 and RSP720 3CXL and
the ip local policy route-map feature not matching?
I am fairly sure that it has not been setting the IP precedence on any
of the packets. We
On Fri, September 14, 2007 17:49, Jared Mauch wrote:
On Fri, Sep 14, 2007 at 04:51:27PM +, Anton Smith wrote:
Hi all,
Has anyone experienced issues with both SRB and SRB1 and RSP720 3CXL and
the ip local policy route-map feature not matching?
I am fairly sure that it has not been
Phil,
Just a clarification. The interop issue only comes into play if you run
SSM in the P domain. There is no interop issue if ASM is used in the P
domain.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil Mayers
Sent: Friday, September 14, 2007
Paul:
Same thing here: clean lines, just some customers.
We're generally using Comtrend 5621 or 536+, but we have a lot of Draytek in
the field, too.
We using c7200-is-mz.122-26.bin, what's yours?
Since only one customer has called and complained, and that appeared to be
fixed by putting in
Hmm.. Yes, this would be one common factor for sure Strange that we have
hundreds of Comtrends in production though - possibly a firmware issue
though...
c7200-ik9o3s-mz.124-13b.bin here I think we may swap a few of these
client modems and see if there's some common ground. So far I
23 matches
Mail list logo
