[c-nsp] 6548 Line cards

The 6548 line is limited by the port ASICs as well as the 8:1 over subscription to the fabric. When configuring a port-channel it warns the port channel is limited to 2gbits for the ASIC ports. However there is old discussion that the ASIC is limited to 1gbit. Are there differences between revisi

Re: [c-nsp] Max performance 6148(A--GE-TX boards

We have been experiencing high input packet drops on interfaces on 6148a's when we are less than ~200mb/s on the 8 ports combined in one case and <100Mb/s in another, not anywhere close to the 8-1 over subscription as advertised. It also got much worse when we went from catos to IOS last week, not

Re: [c-nsp] About duplicate message

Hi, > Which stack member logged which messages? It was logged on master switch. > Is the mac address on the switch that got removed? No. The mac address didn't exist under the switch. Regards, Hiromasa Dale W. Carder wrote [2007/11/08 0:45(JST)]: > > > On Nov 6, 2007, at 11:13 PM, Hiromas

[c-nsp] IOS Upgrades

Hi there... Looking for an automated software package to perform IOS upgrades to routers in mass Alterpoint has been suggested at one point.. looking for other options as well.. Thanks, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https

Re: [c-nsp] 6500 12.2SX* Port-Channel Private VLAN support

On Nov 7, 2007 6:02 PM, Matt Buford <[EMAIL PROTECTED]> wrote: > > Good to know. I actually want to do something like: > [...] > >> interface Port-channel1 > >> switchport trunk encapsulation dot1q > >> switchport mode dynamic desirable > >> switchport private-vlan host-association 44 400 > >>

Re: [c-nsp] Useful HSRP feature additions WAS:Rate limiting questions

> As the the other side of things, I do have a number of 2 - 4 routers > HSRP groups where the actual routers are miles apart and usually on > different legs of the spanning tree star. Unless I cannot do so for > some reason (large number of very stupid clients) all of the HSRP > speaking interfac

Re: [c-nsp] 6500 12.2SX* Port-Channel Private VLAN support

> Good to know. I actually want to do something like: [...] >> interface Port-channel1 >> switchport trunk encapsulation dot1q >> switchport mode dynamic desirable >> switchport private-vlan host-association 44 400 >> switchport mode private-vlan host I'm confused about something else here. W

Re: [c-nsp] Max performance 6148(A--GE-TX boards

> Can anyone comment on this ? Does this mean we can get a max of 6 Gig > throughput on a 6148A card and max 2 Gbit on a 6148 ? Or do these > numbers only apply to etherchannels ? I don't seem to find the right > performance figures for these cards. Issue 1: Each group of 8 ports only supports a

[c-nsp] SIP-200 / SIP-400

Hi list I have been trying to read about SIP-200 and SIP-400, but the info I find is somewhat misleading The data sheet for SIP-200 says: 1.1-Mpps bidirectional packet-forwarding performance with 46-byte packets. (link

Re: [c-nsp] Help with simple QoS configuration

Did you policy have a 'priority' statement in it? I don't think those are supported on the subinterfaces. You might need to split it up, and put your policing policy on the subint, and a similar one for priority on the main interface. Chuck -Original Message- From: [EMAIL PROTECTED] [ma

Re: [c-nsp] Help with simple QoS configuration

Hi Otis, thanks for your example. Unfortunately it is in the wrong "direction" :-) I meant to give the customer a GUARANTEED bandwidth on the 100M link instead of shaping them to a specific bandwidth. Of course I could shape every other customer to a appropriate bandwidth so that x percent are al

Re: [c-nsp] About duplicate message

On Nov 6, 2007, at 11:13 PM, Hiromasa Sekiguchi wrote: > %IP-4-DUPADDR: Duplicate address A.B.C.D on Vlan1000, sourced by > ... > %STACKMGR-6-SWITCH_REMOVED: Switch 2 has been REMOVED from the stack > --- snip --- > > Why is it generated? > The Vlan1000 and ip address A.B.C.D is con

Re: [c-nsp] Port Traceroute utility?

On Wed, 7 Nov 2007, Joe Shen wrote: lft is another choice , see http://pwhois.org/lft/ tcptraceroute also comes to mind. --- Phil Mayers <[EMAIL PROTECTED]>: On Tue, 2007-11-06 at 13:02 -0600, Jonathan Charles wrote: > This is going to sound weird, but I am looking for a utility that will >

Re: [c-nsp] Cisco IOS support for blksize / rfc 2348

Solaris 8 patch for TFTP "#108964-04" has fixed the 16MB limitation On Nov 6, 2007 4:07 PM, Dale Shaw <[EMAIL PROTECTED]> wrote: > Hi, > > On Nov 6, 2007 9:52 AM, Clinton Work <[EMAIL PROTECTED]> wrote: > > > > I'm trying to determine when blksize / rfc 2348 support was added to > > several Cisco

Re: [c-nsp] Port Traceroute utility?

lft is another choice , see http://pwhois.org/lft/ --- Phil Mayers <[EMAIL PROTECTED]>: > On Tue, 2007-11-06 at 13:02 -0600, Jonathan Charles > wrote: > > This is going to sound weird, but I am looking for > a utility that will > > let me tracroute on a specific port to see if and > where a por

Re: [c-nsp] Help with simple QoS configuration

Why the .1q link between the 3548XL and the 2811? Are there other customers on other VLANs on the 3548XL that also get trunked to the 2811? The proper place to start QoS would be on the 3548XL switch. However, the QoS capabilities of that switch are limited, IIRC, so you may need to replace that

Re: [c-nsp] traffic flow in 6500 switch with FWSM and IDSM

There are many ways that you can configure the 6500 with a FWSM and IDSM. It depends on what you want to do with it. You can place the MSFC (routing entity) inside or outside of the FWSM. I prefer inside unless there is a really good reason to have it outside (such as routing sessions to provide

[c-nsp] Help with simple QoS configuration

Folks, maybe someone could push me into the right direction for some QoS related stuff. We have a setup like this: 7206VXR| 100M |c2811| .1q | 3548XL | Access Router | -- | CPE | --- | Switch | VLAN x >From right to left: a public IP network is connected to a switch.

Re: [c-nsp] Help with simple QoS configuration

Hi Sascha, Our QoS is done via the distribution / aggregation points (7206VXR as well). Here is a sample for sub / VLAN interfaces. class-map match-any all-traffic match ip dscp default match access-group 2000 ! ! policy-map 2Mbit-in class all-traffic police 2936000 91750 91750 confo

[c-nsp] Designing for WAN failover - OSPF/STP

Hi, I have a quite agreeable problem :-) I have an MPLS/OSPF network on one site. I am setting up a new site, interconnected to the old one by two 100Mbps WAN fiber links. It's not dark fiber but it might as well be, MPLS and VLANs work as desired over the links (MTU OK etc.) On each of the two s

Re: [c-nsp] Port Traceroute utility?

On Tue, 2007-11-06 at 13:02 -0600, Jonathan Charles wrote: > This is going to sound weird, but I am looking for a utility that will > let me tracroute on a specific port to see if and where a port is > being blocked on a network... hping has a traceroute mode, and is a generally excellent utility

Re: [c-nsp] Input errors between PE - P

Thanks a lot ; ) On 11/7/07, Simon Lockhart <[EMAIL PROTECTED]> wrote: > On Wed Nov 07, 2007 at 11:34:03AM +0100, Kike wrote: > > OK, and after setting that configuration how is your ip mtu? I mean > > "sh ip int gix/x" > > csw0.ixn>sh ip int ten 1/1 | incl MTU > MTU is 9216 bytes > csw0.ixn>sh

Re: [c-nsp] Input errors between PE - P

On Wed Nov 07, 2007 at 11:34:03AM +0100, Kike wrote: > OK, and after setting that configuration how is your ip mtu? I mean > "sh ip int gix/x" csw0.ixn>sh ip int ten 1/1 | incl MTU MTU is 9216 bytes csw0.ixn>sh int ten 1/1 | incl MTU MTU 9216 bytes, BW 1000 Kbit, DLY 10 usec, Simon _

Re: [c-nsp] Input errors between PE - P

OK, and after setting that configuration how is your ip mtu? I mean "sh ip int gix/x" On 11/7/07, Simon Lockhart <[EMAIL PROTECTED]> wrote: > On Wed Nov 07, 2007 at 09:56:32AM +0100, Kike wrote: > > In the "sh ip int" output both routers have 1500 in the MTU... > > So they'll use 1500 for IP packe

Re: [c-nsp] Input errors between PE - P

On Wed Nov 07, 2007 at 09:56:32AM +0100, Kike wrote: > In the "sh ip int" output both routers have 1500 in the MTU... So they'll use 1500 for IP packets - but you also need to allow for MPLS tags. > Your interfaces are set in 9216 with the command "mtu 9216" or "ip mtu 9216"? "mtu 9216" Simon

Re: [c-nsp] Input errors between PE - P

In the "sh ip int" output both routers have 1500 in the MTU... Your interfaces are set in 9216 with the command "mtu 9216" or "ip mtu 9216"? On 11/7/07, Simon Lockhart <[EMAIL PROTECTED]> wrote: > On Wed Nov 07, 2007 at 09:38:19AM +0100, Kike wrote: > > Well... I'm a little lost with the MTU conc

Re: [c-nsp] Input errors between PE - P

On Wed Nov 07, 2007 at 09:38:19AM +0100, Kike wrote: > Well... I'm a little lost with the MTU concept here... because I > configured two different MTUs, but I don't understand which exactly is > the function of the following commands: > > tag-switching mtu 1508 <-- P Router > > mtu 1508 <--

Re: [c-nsp] Input errors between PE - P

On Wed Nov 07, 2007 at 09:00:19AM +0100, Kike wrote: > PE#sh int gi0/0 > GigabitEthernet0/0 is up, line protocol is up > MTU 1508 bytes, BW 100 Kbit, DLY 10 usec, > > PE#sh int gi2/0 > GigabitEthernet2/0 is up, line protocol is up > MTU 1508 bytes, BW 100 Kbit, DLY 10 usec, > > P#sh int g

Re: [c-nsp] Input errors between PE - P

Well... I'm a little lost with the MTU concept here... because I configured two different MTUs, but I don't understand which exactly is the function of the following commands: tag-switching mtu 1508 <-- P Router mtu 1508 <-- PE Router ip mtu 1500 <-- PE Router IOS images: P <-- s72033-p

[c-nsp] traffic flow in 6500 switch with FWSM and IDSM

Hi, I have FWSM and IDSN-2 on 6500 switch. Since I am not a security guy I am not able to visualize how traffic flow will take place in this situation. My requirement is to secure internal traffic from external / DMZ traffic and inspect malicious traffic. Can someone give me the logical picture ho

[c-nsp] Input errors between PE - P

Hi, Here is the picture: two multimode direct fibers between PE - P We are trying to figure out what is causing these erros. No physical issue, we changed both fibers and Gbics... Here are the "sh int" outputs: PE#sh int gi0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is Pinnacle GE