Hi,
The customer uses two cat3750 as stack.
Suddenly slave switch was removed from stack and reset.
I think the cause of this phenomenon is failure of stack cable or failure slave
switch.
I have a question.
Before slave switch was removed from stack,
the duplicate message was generated.
--- sn
Thanks everyone for the responses.
What I am gathering is that I should move all remaining high-bandwidth
customer connections to a 6500 (or another hardware-based L3 switch) and
make use of the additional L2 features available on those platforms.
If anyone is curious, the specific device I "lost"
On (2007-11-06 15:53 -0500), Fred Reimer wrote:
> If we can get a bunch of people to log the same issue then
> there's a very slim chance to actually get this implemented in
> some far-future version of code...
Thanks Fred, I guess I'm not only one wanting this then (to me
this really seems like
Cliff,
Unless I am misunderstanding, this looks like a straightforward "routed
networks behind PIX" scenario. Depending on complexity and scale, this
could be as simple as a static route pointing back to the network(s) at
center "B" and appropriate NAT/ACL statements on the PIX.
Let me know if yo
It's good to see the local-port-preference of the MEC, though I'd be
interested in whether the same concept could be extended to include a
line-card/ASIC preference for 10GEC's across oversubscribed modules such as
6708 and 6716. (Not going to bother contorting my interphalangeal's to see
this on t
> > i have messed up my router (3640) with a config-reg value of 0x3922
> > disabling the break sequence. Now, I am unable to get into ROMMON mode
> > to change IOS. The current IOS does not detect my Ethernet module.
> > Also, when I try to enter config mode it says:
> >
> > Router>enable
> > % No
Hi,
On Nov 6, 2007 9:52 AM, Clinton Work <[EMAIL PROTECTED]> wrote:
>
> I'm trying to determine when blksize / rfc 2348 support was added to
> several Cisco IOS releases. It might have been added with defect
> CSCds46280, but the bug report doesn't provide any details. Support
> for tftp RFC234
Let me rephrase that:
How do we go about filing a PER so that a switch will accept the
same static MAC address configured for port security on two
different interfaces. For instance, say you have a customer that
has a bunch of client routers plugged into a switch. You want to
limit the number of
The VSS stuff does look very promising. I hope some of the SIP cards
are going to be supported down the line though. That would make this
much more workable for me.
Tim:>
On Nov 6, 2007 11:57 AM, Brandon Bennett <[EMAIL PROTECTED]> wrote:
>
> > Documentation for the VS-S720-10G-3C is starting to
Cain also has a feature that allows you to traceroute based on ICMP, TCP or UDP.
See www.oxid.it
Gustavo Novais
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Byron L. Hicks
Sent: terça-feira, 6 de Novembro de 2007 19:09
To: Jonathan Charles
Cc: ci
I am running the following with no problems:
5510s with 7.2(3) - static routing, NAT, stateful firewall, IPSEC
5505s with 8.0(2) - NAT, stateful firewall, IPSEC
PIX525s with 7.2(2)23 - static routing, NAT, stateful firewall, some
OSPF
Hope this helps,
Michael
> Date: Mon, 5 Nov 2007 13:01:19 +0
On Tue, Nov 06, 2007 at 01:02:52PM -0600, Jonathan Charles wrote:
> This is going to sound weird, but I am looking for a utility that will
> let me tracroute on a specific port to see if and where a port is
> being blocked on a network...
http://michael.toren.net/code/tcptraceroute/
> I run into
FreeBSD, Linux and MacOS X have this as the "-p" option. FreeBSD and
MacOS X wll also let you specify TCP/UDP, etc.
--Chris
On Nov 6, 2007, at 1:02 PM, Jonathan Charles wrote:
> This is going to sound weird, but I am looking for a utility that will
> let me tracroute on a specific port to se
On Tue, Nov 06, 2007 at 02:30:10PM -0500, Aaron Daubman wrote:
> > This is going to sound weird, but I am looking for a utility that will
> > let me tracroute on a specific port to see if and where a port is
> > being blocked on a network...
>
> Check out the man page for traceroute:
> http://deve
http://traceproto.sourceforge.net/
Traceproto is a traceroute replacement written in c that allows the user to
specify the protocol and port to trace to. It currently supports tcp, udp,
and icmp traces with the possibility of others in the future.
On 11/6/07, Peter Fiers <[EMAIL PROTECTED]> wrote
The Linux tracepath utility should do what you need; it's effectively a
traceroute using UDP on an arbitrary port:
http://linux.die.net/man/8/tracepath
Stretch
Jonathan Charles wrote:
> This is going to sound weird, but I am looking for a utility that will
> let me tracroute on a specific port
Already tried 'traceroute -T -p 80' on a Linux-box?
Am Dienstag, 6. November 2007 20:02 schrieb Jonathan Charles:
> This is going to sound weird, but I am looking for a utility that will
> let me tracroute on a specific port to see if and where a port is
> being blocked on a network...
>
> I run i
Hey Michael.
Here is something you can try out. Instead of using CoPP to limit ARP use
the hardwarebased ratelimiters.
mls rate-limit unicast cef glean 2 60 - This limits the number of
ARP-packets punted to the RP of the type glean. This will occur when traffic
is sent to a connected host fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonathan Charles wrote:
> This is going to sound weird, but I am looking for a utility that will
> let me tracroute on a specific port to see if and where a port is
> being blocked on a network...
TCPTraceroute:
http://michael.toren.net/code/tcptrace
Jonathan,
> This is going to sound weird, but I am looking for a utility that will
> let me tracroute on a specific port to see if and where a port is
> being blocked on a network...
Check out the man page for traceroute:
http://developer.apple.com/documentation/Darwin/Reference/Manpages/man8/tra
UNIX: http://michael.toren.net/code/tcptraceroute/
Windows: http://tracetcp.sourceforge.net/
Regards,
Masood Ahmad Shah
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Charles
Sent: Wednesday, November 07, 2007 12:03 AM
To: cisco-nsp@puck.nether
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
I run into issues where customers have ACLs on their network (that
they don't know about) and it is causing network failures... (us
Well, the good part is that the customers network being unusable took
away any heat from your device being unusable. Unless of course you had
multiple customers off that one router. You could front-end the router
with a hardware L3 switch (3550 or so) that can police stuff at
wire-rate. That sho
On (2007-11-06 17:14 +), Sam Stickland wrote:
> I'm sorry. I don't see how the configuration above would be different from
> a configuration command that said "limit the number of MAC addresses on
> this port to x". Can you explain?
Consider topology:
A --- Switch B
In normal confi
Apparently I forgot to click the Send button last night.
What process consumed the router's resources during the bcast storm? IP
Input? What's the router? The type of device will dictate our suggestions.
I'd take a number of steps to secure the interface and harden the
router. Assuming it'
Saku Ytti wrote:
> On (2007-11-06 16:56 +), Sam Stickland wrote:
>
>
>> switchport port-security
>> switchport port-security maximum x
>> switchport port-security aging time 5
>> switchport port-security violation restrict
>>
>> Port security doesn't permamently learn MAC addresses unless "s
On (2007-11-06 16:56 +), Sam Stickland wrote:
> switchport port-security
> switchport port-security maximum x
> switchport port-security aging time 5
> switchport port-security violation restrict
>
> Port security doesn't permamently learn MAC addresses unless "switchport
> port-security mac-
> Documentation for the VS-S720-10G-3C is starting to show up on Cisco's
> site. They are referring to it as Virtual Switching System 1440 by
> virtue of it being a multi-chassis solution. The Supervisor itself
> looks to be a rev of the SUP720.
Here is a little write up a friend of mine did on my
Saku Ytti wrote:
> In my opinion cisco is lacking some elementary L2 security features,
> like not being able to limit MAC addresses per port, without also
> having port-security on
>
I think the following config should limit the MAC addresses for you:
switchport port-security
switchport port-
> I use tftpd32 for windows platforms and freebsd or sol9.
I'll second that, lightweight, easy to use, and just works. We've had no
problem working with a mélange of 87x, a 3640A, PIX 512e, and 3com 5500
series switches.
~JasonG
--
___
cisco-nsp ma
On (2007-11-06 09:05 -0600), Michael Malitsky wrote:
> I have some customers connected to a 6500, and already run stormcontrol
> and portfast. I'll look into bpduguard as well, thanks.
>
> However, most of my customers are connected to "router" platforms (the
> one specifically affected is a 720
Yes, the V-E chassis is the "E" version of the 6509-NEB-A. It has
front to back cooling but aside from that is essentially the same as
the horizontal 9 slot E chassis.
Tim
At 09:35 AM 11/6/2007 -0500, Tim Durack observed:
>Some of the VSS1440 data sheets now refer to: "WS-C6509-V-E E-Series
>9-
We use the Livingston PM2. One could hook a modem to it for either
incoming or outgoing, but we telnet to it and attach to the serial ports
for various devices.
For your couriers, make sure you use the autoanswer dip switch setting
rather than solely the autoanswer init string.
On Mon, Nov 05,
> The homepage is here: http://www.cisco.com/go/vss
> There is a very interesting white paper about how it works:
>http://www.cisco.com/en/US/products/ps9336/products_white_paper0900aecd806ee2ed.shtml
>From the above URL:
"Additionally, note that no Cisco 7600 Series chassis will be
supported afte
I use tftpd32 for windows platforms and freebsd or sol9.
Aaron
On Nov 6, 2007 4:27 AM, Ian Dickinson <[EMAIL PROTECTED]> wrote:
> That matches my Solaris experience exactly.
> I can confirm RFC2348 support in 12.2SR and 12.4/12.4T (ie c3845) as well.
>
> Ian
>
> Clinton Work wrote:
> > Solaris 8
On Tue, 2007-11-06 at 10:33 -0500, Phil Bedard wrote:
> I saw a presentation on it some time ago and it looked very cool.
As did I, but what wasn't made clear at the time was that all the
linecards would need to be upgraded to DFC3C. In fact, I seem to recall
being *explicitly* told that only the
I don't have a 3845, but I know that it supports up to 1 gig and we have
a 2821 with 1 gig that does just fine.
We run a 2821 with 2 peers (full table) and it uses about 300 MB. The
out-of-the-box 256 MB wasn't enough so we upgraded to a gig and I guess
this should last for quite some time (hopefu
I saw a presentation on it some time ago and it looked very cool.
Phil
On Nov 6, 2007, at 9:14 AM, Tim Durack wrote:
> Documentation for the VS-S720-10G-3C is starting to show up on Cisco's
> site. They are referring to it as Virtual Switching System 1440 by
> virtue of it being a multi-chassis
I am building a router for a customer, a 3845, and the customer needs
a full routing table, how much RAM do I need?
They also have a remote location with a 2851 that they want to do the
same thing, is the 2851 capable of handling a full BGP feed?
Jonathan
___
I have some customers connected to a 6500, and already run stormcontrol
and portfast. I'll look into bpduguard as well, thanks.
However, most of my customers are connected to "router" platforms (the
one specifically affected is a 7200). As far as I know none of the
actual L2 features apply there
Some of the VSS1440 data sheets now refer to: "WS-C6509-V-E E-Series
9-slot vertical chassis"
Can't find any data sheets on this chassis yet though.
Tim:>
On Nov 3, 2007 9:52 AM, John Exum <[EMAIL PROTECTED]> wrote:
> Panduit makes a cabinet that does that. Their name for it is the Net-Access
>
Tim Durack a écrit :
> Documentation for the VS-S720-10G-3C is starting to show up on Cisco's
> site. They are referring to it as Virtual Switching System 1440 by
> virtue of it being a multi-chassis solution. The Supervisor itself
> looks to be a rev of the SUP720.
>
The homepage is here: http:
Documentation for the VS-S720-10G-3C is starting to show up on Cisco's
site. They are referring to it as Virtual Switching System 1440 by
virtue of it being a multi-chassis solution. The Supervisor itself
looks to be a rev of the SUP720.
Tim:>
___
cisco-
200+ switches 100 ish VLANs each on 10-50 swithches, thank goodness for
VTP!
Gert is dead right, been there, done that killed the switchblock.
VTP Golden Rule No 1
If you take a switch in/out of production, clear the VTP revision number!
Switch from server to trans or change the VTP domain.
VT
Hi,
On Tue, Nov 06, 2007 at 06:01:42PM +0500, Junaid wrote:
> i have messed up my router (3640) with a config-reg value of 0x3922
> disabling the break sequence. Now, I am unable to get into ROMMON mode
> to change IOS. The current IOS does not detect my Ethernet module.
> Also, when I try to ente
> Hi,
>
> On Tue, Nov 06, 2007 at 06:39:45AM -0500, Paul Stewart wrote:
> > I was kind of wondering the same thing... a couple hundred VLAN's
spread
> > across several 6500's and never had an issue in 7 years :)
>
> If you want fun, try this:
>
> - connect another switch, have it learn the
Hi,
On Tue, Nov 06, 2007 at 07:20:50AM -0500, Paul Stewart wrote:
> We'd never do that scenario so that's possibly one reason we've never gotten
> bit. One master across our network is all we have and all we want ;)
> Everything else is a client
Sure, VTP *is* quite useful, and most "VTP hor
Hi Rod,
You should do it to fix CSCef97738
>From CCO:
Even though the benefits of MDT SAFI are for SSM tree building, MDT SAFI
must also be configured when using MVPN with the default MDT group in PIM
sparse-mode. From the multicast point of view, the new BGP AF does not need
to be configured for
Hi,
i have messed up my router (3640) with a config-reg value of 0x3922
disabling the break sequence. Now, I am unable to get into ROMMON mode
to change IOS. The current IOS does not detect my Ethernet module.
Also, when I try to enter config mode it says:
Router>enable
% No password set
Router>
> I wonder, are the VTP horror stories from people who didn't set VTP
> passwords to stop random "new" switches (that somehow had a higher version
> number) from accidentally taking over the VLAN database?
Some of us have had 6500 boxes as VTP masters and experienced complete
meltdown of the net
Mike,
can you show your complete vtemplate config? What happens if you apply
"service-policy output policy-256" "manually" to the vtemplate
interface, i.e. on the CLI? do you get any errors?
Can you do a session without this attribute and do a "show int
virtual-access conf" to see what's applied
We'd never do that scenario so that's possibly one reason we've never gotten
bit. One master across our network is all we have and all we want ;)
Everything else is a client
Paul
-Original Message-
From: Gert Doering [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 06, 2007 7:18 AM
Hi,
On Tue, Nov 06, 2007 at 06:39:45AM -0500, Paul Stewart wrote:
> I was kind of wondering the same thing... a couple hundred VLAN's spread
> across several 6500's and never had an issue in 7 years :)
If you want fun, try this:
- connect another switch, have it learn the VTP database, make
Hi,
On Tue, Nov 06, 2007 at 05:06:28PM +0530, Raja Subramanian wrote:
> This thread has got me thinking twice about my setup. What do you guys
> recommend as an alternate to VTP?
"no VTP" - for a dozen switches, you should get by with manually configuring
VLANs on those switches where you need t
On Tue, 6 Nov 2007, Paul Stewart wrote:
> I was kind of wondering the same thing... a couple hundred VLAN's spread
> across several 6500's and never had an issue in 7 years :)
Same here...large number of VLANs, pretty good number of customer
aggregation switches all running VTP for the past
Folks,
some of you use MRV, some Cyclades, and now I hear Lantronix. Does anyone want
to comment (I can summarise if wanted) on how good these are when it comes to
loads of servers? The 16 ports or so of some MRV I was in contact with at my
previous employer were nice, but out of ports way too qui
I was kind of wondering the same thing... a couple hundred VLAN's spread
across several 6500's and never had an issue in 7 years :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Raja Subramanian
Sent: Tuesday, November 06, 2007 6:36 AM
To: cisco-nsp@
On 11/6/07, Ian Dickinson <[EMAIL PROTECTED]> wrote:
> I do agree though that VTP is horrible if you have more than a small office
> network with half a dozen vlans or so. I've made it my mission to eradicate
> it wherever I find it.
I have a network with a few dozen Cisco switches and ~ 50 VLANs
On Tue, Nov 06, 2007 at 04:39:52PM +0900, Daniel Hooper wrote:
> Changing the mode will delete the vlan database off the switch.
not on all models - there are some you have to delete vlan.dat from
the filesystem.
Usually it's a good idea to set transparent mode on _all_ switches
and to set the v
* I am a big fan of VTP.
Argh... It really isnt my day! That was meant to read "NOT a big fan!"
K.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/c
That matches my Solaris experience exactly.
I can confirm RFC2348 support in 12.2SR and 12.4/12.4T (ie c3845) as well.
Ian
Clinton Work wrote:
> Solaris 8 doesn't support blksize / RFC 2348 and there aren't any plans
> for releasing a patch. Solaris 9/10 are fine and you can download the
> Sun
Changing the mode will NOT delete the vlan database on 2900XL (nor any other
Cisco switches I've encountered). For paranoia, I also change the vtp domain
and password to something unique on every switch to reduce the impact if it is
ever enabled again.
The one thing you will possibly want to do p
> On Tue, Nov 06, 2007 at 03:38:21PM +1100, Kurt Bales wrote:
> > I am a big fan of VTP.
>
> This will change over time :)
Yesterdaaay. VTP probs seemed so faaar awayy..
> [..]
> > I guess my question is, can I simply change every switch to "transparent"
> > mode, and all will will operate happly
[EMAIL PROTECTED] (Daniel Hooper) wrote:
> Changing the mode will delete the vlan database off the switch.
>
> * I don't think I've met a network admin yet who is a fan of VTP :)
Every network admin is until the first showdown of all their switches
(happened to me around 2000, I'm cured).
Elmar
Hi,
On Tue, Nov 06, 2007 at 03:38:21PM +1100, Kurt Bales wrote:
> I am a big fan of VTP.
This will change over time :)
[..]
> I guess my question is, can I simply change every switch to "transparent"
> mode, and all will will operate happly, or will I need to make another
> switch set to server
Changing the mode will delete the vlan database off the switch.
* I don't think I've met a network admin yet who is a fan of VTP :)
-Dan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kurt Bales
Sent: Tuesday, 6 November 2007 1:38 PM
To: cisco-nsp@puck
66 matches
Mail list logo
