Re: [c-nsp] route table lookup on leaking between vrfs

On 13/12/2007, Oliver Boehmer (oboehmer) [EMAIL PROTECTED] wrote: {cut} Sounds like a good plan. In fact we have much more then a bunch of routes (currently there are about 3k prefixes) and we try to simplify that. Do we need to do anything more then the simple aggregate-address statement

Re: [c-nsp] ACL Filtering for Passive FTP Server..

This one is pretty common. Here is a good reference: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_e xample09186a0080100548.shtml#passiveftp Shows examples for both incoming and outgoing ACLs, active/passive, etc. -Original Message- From: [EMAIL PROTECTED]

Re: [c-nsp] Traffic Analyzing?

Sure.. Check out stager http://software.uninett.no/stager or FlowViewer http://ensight.eos.nasa.gov/FlowViewer/ coupled with netflow data exports.. both have nice web front ends to allow you to slice and dice your netflow data. Of course your router will need full routes so it knows

Re: [c-nsp] ACL Filtering for Passive FTP Server..

if you use cbac you need to permit only port 21. The rest will be handled by cbac. if you use extended only acls (no reflexive, no cbac) you need to permit a lot more: example: active (port) outacl (to server) client gt 1023 - server eq 21 client gt 1023 - server eq 20 established

Re: [c-nsp] Bridging two VLANs together

Vlan translation could be a possible way to achieve it. Switchport vlan mapping command ... HiH Rachid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk Sent: Wednesday, December 12, 2007 9:15 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp]

Re: [c-nsp] Flowmask Config?

Hi, On Mon, Dec 10, 2007 at 10:33:58AM -0500, Jeff Fitzwater wrote: I hate to say it but if you look hard enough the doc states that QOS and NDE don't work together. Not at all or only if you use user-based rate limiting? gert -- USENET is *not* the non-clickable part of WWW!

Re: [c-nsp] Using a ? in a URL

Try pressing CTRL-V before the ? Check on: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008044036c.html Arie On 12/13/07, Jeffrey Ollie [EMAIL PROTECTED] wrote: Is there a way to use a ? in a URL from the IOS command line? I'd like to be able to do

Re: [c-nsp] Using a ? in a URL

On 12/13/07, Ian MacKinnon [EMAIL PROTECTED] wrote: Hi Jeffrey, I was looking at something similar the other day, I have not tried it myself. You need to escape the ? with ctrl-v when entering it. Yep, that works... Not sure how this translates to the actual running config :-) I only need

[c-nsp] Using a ? in a URL

Is there a way to use a ? in a URL from the IOS command line? I'd like to be able to do something like: copy http://10.0.0.1/config-gen.php?hostname=switch-hostname start But IOS is interpreting the ? as a request to provide context-sensitive help. Quoting the URL or trying to escape the ?

[c-nsp] Catalyst 6500 - Cisco 7600 conversion technicalities

When Cisco started enforcing the IOS platform split with 12.2(33)SRB, they also offered the option for customers to convert their Catalyst 6500 chassis to Cisco 7600 in order to allow them to run router IOS (SRB). This conversion is mostly an administrative process and doesn't involve actual

Re: [c-nsp] Using a ? in a URL

Do a ctrl-v before hitting the '?'. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Ollie Sent: Thursday, December 13, 2007 10:40 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Using a ? in a URL Is there a way to use a ? in a URL

Re: [c-nsp] Catalyst 6500 - Cisco 7600 conversion technicalities

Next question is about supported IOS SR version in the future. As we talked with our account there will be SRB and SRC images available, but not SRD. David On 12/13/07, Simon Leinen [EMAIL PROTECTED] wrote: When Cisco started enforcing the IOS platform split with 12.2(33)SRB, they also

Re: [c-nsp] Using a ? in a URL

Hi Jeffrey, I was looking at something similar the other day, I have not tried it myself. You need to escape the ? with ctrl-v when entering it. Not sure how this translates to the actual running config :-) Jeffrey Ollie wrote: Is there a way to use a ? in a URL from the IOS command line?

Re: [c-nsp] underruns error locally inputs errors, runts and abort on remote interface

Yeah. I meant Clock s line On Dec 12, 2007 7:05 PM, Niels Bakker [EMAIL PROTECTED] wrote: * [EMAIL PROTECTED] (Aaron) [Wed 12 Dec 2007, 16:57 CET]: You should try clock s internal first if you have SDH gear in the middle. Um, no. Exactly the opposite. Please read what I actually wrote:

Re: [c-nsp] Using a ? in a URL

You could always enter the URL as follows: http://10.0.0.1/config-gen.php%3Fhostname=switch-hostname a URLencoded ? results in %3F. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian MacKinnon Sent: Thursday, December 13, 2007 9:50 AM To: Jeffrey

Re: [c-nsp] Cisco ASA and LDAP (AD)

For anyone with similar plans I got this one figured out. Thanks, nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicholas Weaver Sent: Tuesday, December 11, 2007 5:08 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco ASA and LDAP (AD) Has

Re: [c-nsp] Bridging two VLANs together

The command bridge 2 protocol ieee is not available in the 12.2SR software release on this router. Bridging isn't really bridging if it's Layer-3 aware, is it? ;) Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Collins, Richard (SNL US) Sent:

[c-nsp] policy routing not working reliably?

Hello, I have what seems like a simple policy routing set-up, and which I thought was working well to allow gradual migration of our internal subnets one at a time from one firewall to a replacement firewall, but now it seems it's just not working reliably. I haven't opened a tac request yet