Re: [c-nsp] PPP Authentication on Serial T1 Interface with PPP

> From: "Oliver Boehmer (oboehmer)" <[EMAIL PROTECTED]> > Date: Wed, 6 Feb 2008 05:13:56 +0100 > To: Nick Voth <[EMAIL PROTECTED]>, > Conversation: [c-nsp] PPP Authentication on Serial T1 Interface with PPP > Subject: RE: [c-nsp] PPP Authentication on Serial T1 Interface with PPP > > Nick Voth <>

Re: [c-nsp] BFD aware VRF

Hi, I have configured BFD but it is showing down. I have used BGP to configure BFD. Client Router - a05-2821-3#sh bfd neighbors OurAddr NeighAddr LD/RD RH/RS Holddown(mult) State Int 172.16.1.5172.16.1.6 4/0Down 0(0 ) Down Gi0/0 172.16.1.1172.16.1.2

Re: [c-nsp] PPP Authentication on Serial T1 Interface with PPP

Nick Voth <> wrote on Tuesday, February 05, 2008 11:14 PM: > Hello folks, > > Sorry for hammering on the list again for help, but this is my first > T1 done this way. We have a channelized DS3 coming in on a PA-MC-T3 > card on a 7206. We are getting LCP errors from the far end. I suspect > it's b

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

Peter Rathlev wrote: > On Tue, 2008-02-05 at 21:48 +0100, Gert Doering wrote: > >> On Tue, Feb 05, 2008 at 02:15:40PM -0600, Justin Shore wrote: >> >>> I'm in a similar boat as Jose. What options for EoMPLS do we people >>> with 6700s have? I'm trying physical to physical with no luck.

Re: [c-nsp] Help getting started

On Monday 04 February 2008, Whisper wrote: > Moreover, you need to provide a "show version" if you > want people to comment on whether an IOS versions > supports a specific feature or not. My gut says though, > that a 2600-NonXM with 12.2 is not going to have VPN > support. Actually, 12.3(25) on

Re: [c-nsp] Untagged packets on trunk interfaces

Kristian Larsson wrote: > On Tue, Feb 05, 2008 at 10:53:49PM +, Phil Mayers wrote: >> Brandon Price wrote: >>> Thanks for the reply!! >>> >> Please don't remove the list from the Cc: - the replies in the archived >> may help others >> >>> >From the link you sent: >>> >>> "The vlan dot1q tag na

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

Chris Griffin wrote: > For 12.2SR there is mux-uni, which allows you to run ports in switchport > mode, but then create a subinterface to support eompls. > > http://tinyurl.com/hfb5p > > Says its supported by normal LAN cards, but haven't tried it yet. Chris, That's definitely interesting. I

Re: [c-nsp] ASA & dropped packets from NMS

Do you have an IPS module installed (ie AIP-SSM-10 etc.)? If not then it maybe something being caught by ip audit if you have that configured to drop packets upon a match, "sh ip audit count" will give you stats on that, is there any rate-limiting configured? Probably best you show us your conf

Re: [c-nsp] NetFlow Vs. SPAN (mix?) for detecting less than savory application behavior.

check out Richard Bejtlich's book - extrusion detection, very good read, and tons of usefull tips/tools in there... http://www.informit.com/store/product.aspx?isbn=0321349962 On Feb 5, 2008 9:17 AM, Drew Weaver <[E

Re: [c-nsp] Untagged packets on trunk interfaces

On Tue, Feb 05, 2008 at 10:53:49PM +, Phil Mayers wrote: > Brandon Price wrote: > > Thanks for the reply!! > > > > Please don't remove the list from the Cc: - the replies in the archived > may help others > > >>From the link you sent: > > > > "The vlan dot1q tag native command is a global

Re: [c-nsp] static route with higher AD preferred over BGP

Thanks. i missed the weight part !! On 2/5/08, Oliver Boehmer (oboehmer) <[EMAIL PROTECTED]> wrote: > > Atif Sid <> wrote on Tuesday, February 05, 2008 4:53 AM: > > > I have a static route configured with Higher admin distance, intially > > BGP route does does not install int routing table. after

Re: [c-nsp] Untagged packets on trunk interfaces

Brandon Price wrote: > Thanks for the reply!! > Please don't remove the list from the Cc: - the replies in the archived may help others >>From the link you sent: > > "The vlan dot1q tag native command is a global command that configures > the switch to tag > native VLAN traffic, and admit only

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

For 12.2SR there is mux-uni, which allows you to run ports in switchport mode, but then create a subinterface to support eompls. http://tinyurl.com/hfb5p Says its supported by normal LAN cards, but haven't tried it yet. Thanks Chris Justin Shore wrote: > Bill, > > I'm in a similar boat as Jos

[c-nsp] PPP Authentication on Serial T1 Interface with PPP

Hello folks, Sorry for hammering on the list again for help, but this is my first T1 done this way. We have a channelized DS3 coming in on a PA-MC-T3 card on a 7206. We are getting LCP errors from the far end. I suspect it's because I haven't set up any PPP authentication on the 7206 end, BUT I do

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

Peter Rathlev wrote: > On Tue, 2008-02-05 at 21:48 +0100, Gert Doering wrote: >> On Tue, Feb 05, 2008 at 02:15:40PM -0600, Justin Shore wrote: >>> I'm in a similar boat as Jose. What options for EoMPLS do we people >>> with 6700s have? I'm trying physical to physical with no luck. >> physical t

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

Gert Doering wrote: > Hi, > > On Tue, Feb 05, 2008 at 02:15:40PM -0600, Justin Shore wrote: >> I'm in a similar boat as Jose. What options for EoMPLS do we people >> with 6700s have? I'm trying physical to physical with no luck. > > physical to physical should work, according to the documenta

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

That should be SRC, not SXC... Phil On Feb 5, 2008, at 4:41 PM, Phil Bedard wrote: > I've setup port mode between a RSP720 SXC to a 6500 SUP720 SXH and > it worked fine. The lack of VPLS support on the 6500/7600 without > an expensive upstream linecard is a huge oversight imho. > > Phil >

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

I've setup port mode between a RSP720 SXC to a 6500 SUP720 SXH and it worked fine. The lack of VPLS support on the 6500/7600 without an expensive upstream linecard is a huge oversight imho. Phil On Feb 5, 2008, at 4:05 PM, Peter Rathlev wrote: > On Tue, 2008-02-05 at 21:48 +0100, Gert Doer

Re: [c-nsp] Router or Layer3 Switch

On Mon, 2008-02-04 at 15:47 -0600, Duracom Lists wrote: > Arie thanks for the information. I have another thing before I make a > decision. I have my network setup as follows: > > > 7206VXR > Int f0/0 has several (50 or so) /28 subnets > > F0/0 <> 2950 port 1 > > > Now if I had a L

Re: [c-nsp] Untagged packets on trunk interfaces

Hi Brandon, On Tue, 2008-02-05 at 12:56 -0800, Brandon Price wrote: > Simple question. I do not want any UNTAGGED packets to traverse my trunk > ports.. > > Some on this list have said to assign the native vlan to an unused vlan, > but I don't even want to do that. > > I want ALL untagged packet

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

On Tue, 2008-02-05 at 21:48 +0100, Gert Doering wrote: > On Tue, Feb 05, 2008 at 02:15:40PM -0600, Justin Shore wrote: > > I'm in a similar boat as Jose. What options for EoMPLS do we people > > with 6700s have? I'm trying physical to physical with no luck. > > physical to physical should work

Re: [c-nsp] Untagged packets on trunk interfaces

Brandon Price wrote: > Simple question. I do not want any UNTAGGED packets to traverse my trunk > ports.. > > Some on this list have said to assign the native vlan to an unused vlan, > but I don't even want to do that. > > I want ALL untagged packets on trunks to be dropped... > > Possible? So

[c-nsp] Untagged packets on trunk interfaces

Simple question. I do not want any UNTAGGED packets to traverse my trunk ports.. Some on this list have said to assign the native vlan to an unused vlan, but I don't even want to do that. I want ALL untagged packets on trunks to be dropped... Possible? This is one of my interfaces right now:

Re: [c-nsp] multicast routing to VLAN1?

Did you check whether your IGMP querier is doing its job ? > -Message d'origine- > De : [EMAIL PROTECTED] [mailto:cisco-nsp- > [EMAIL PROTECTED] De la part de William > Envoyé : lundi 4 février 2008 16:30 > À : Ziv Leyes > Cc : [c-nsp] > Objet : Re: [c-nsp] multicast routing to VLAN1? > >

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

Hi, On Tue, Feb 05, 2008 at 02:15:40PM -0600, Justin Shore wrote: > I'm in a similar boat as Jose. What options for EoMPLS do we people > with 6700s have? I'm trying physical to physical with no luck. physical to physical should work, according to the documentation. I haven't tried it yet, t

Re: [c-nsp] USB to serial converter

My bad, Flash PC card, not CF. Frank -Original Message- From: Gert Doering [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 05, 2008 9:44 AM To: Frank Bulk Cc: 'Daniel Hooper'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] USB to serial converter Hi, On Mon, Feb 04, 2008 at 02:26:12P

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

Bill, I'm in a similar boat as Jose. What options for EoMPLS do we people with 6700s have? I'm trying physical to physical with no luck. Sub-interface isn't an option for a particular design that I'm working on either. Thanks Justin Bill Wade (wwade) wrote: > Jose, > > SVI (vlan interfa

Re: [c-nsp] PA-2T3+ don't want to use anymore multilinks

Joseph, If the channels are consecutive, just define your channel-group to cover all the channels that go to a site as one serial interface. channel-group # timeslots 1-8 speed ##k Cory Councilman [EMAIL PROTECTED] wrote: > Date: Mon, 4 Feb 2008 15:25:21 -0800 > From: "Joseph Jackson" <

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

Jose, SVI (vlan interface) based EoMPLS requires an OSM, SIP-400, SIP-600 or ES-20 as core facing interface. Bill > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jose > Sent: Tuesday, February 05, 2008 11:16 AM > To: Cisco > Subject: [c-nsp] EoM

Re: [c-nsp] QoS limiting on 10Ge ports

MKS wrote on Tuesday, February 05, 2008 5:56 PM: >> well, the question was for policing, and this is how to do it. >> What do you mean wrt DS policy? You can obviously also police traffic >> based on DSCP using appropriate class-maps, so not sure what you >> mean.. > >

Re: [c-nsp] QoS limiting on 10Ge ports

> well, the question was for policing, and this is how to do it. > What do you mean wrt DS policy? You can obviously also police traffic > based on DSCP using appropriate class-maps, so not sure what you mean.. Well yes, when you are basically fixing the bandwidth for each class (class-map) What I

Re: [c-nsp] EoMPLS between 7600 & 7200 config clarification

> Is this the only way to get EoMPLS to work between these two devices? > I'm sure I've seen the xconnect command used on VLAN interfaces before > and it has worked fine. Use VLAN interfaces on both sides, or subinterfaces on both sides, or ports on both sides. Some platforms/versions also don't

Re: [c-nsp] QoS limiting on 10Ge ports

MKS wrote on Tuesday, February 05, 2008 5:17 PM: >> Wyatt Mattias Ishmael Jovial Gyllenvarg <> wrote on Tuesday, >> February 05, 2008 9:58 AM: >> >>> Hi all >>> >>> Im looking too limit a 10Ge too ~3Gb using policing. >>> Platform is 650X/760X Sup32 10Ge PFC3 MSFC 2A.

Re: [c-nsp] QoS limiting on 10Ge ports

>Wyatt Mattias Ishmael Jovial Gyllenvarg <> wrote on Tuesday, February >05, 2008 9:58 AM: > >> Hi all >> >> Im looking too limit a 10Ge too ~3Gb using policing. >> Platform is 650X/760X Sup32 10Ge PFC3 MSFC 2A. >> Is this possible at these speeds? > >yes, it's done in hardware on the PFC3 without p

[c-nsp] EoMPLS between 7600 & 7200 config clarification

Hi everyone. I'm doing some preliminary testing in our lab in order to deploy EoMPLS on our ethernet network but I've run into a little bit of a snag and was wondering if anyone could clarify something for me. The setup I have is 3550---7603-SUP32---7204VXR---3550 I have VLAN 800 setup to cros

Re: [c-nsp] USB to serial converter

Hi, On Mon, Feb 04, 2008 at 02:26:12PM -0600, Frank Bulk wrote: > Yes, I did use the USB function on the last pair of 3640's. The old one in > the pair didn't have USB support, so I used the USB key on the new 3640 to > load the newest firmware and ROM, copied that over to a CF card, then used >

Re: [c-nsp] Multipoint L2TPV3 tunnel / MPLS VPN over IP Tunnel

Masood Ahmad Shah wrote on Tuesday, February 05, 2008 3:23 PM: > Well, router is 7507 running with 12.4(16) > rsp-jk9o3sv-mz.124-16.bin... I > believe that 12.4 enterprise image is supporting such features... no, it is not. You need 12.0S, which is the only train curre

Re: [c-nsp] BFD aware VRF

I'm speaking with our account rep today about the ME6524, and I'll bring this up. If anyone with Cisco Process Clue(tm) could share with me the direction I should point her, please let me know off-list. -- Stephen Rubens Kuhl Jr. wrote: >>> I did try with an ethernet link between PE and CE, an

Re: [c-nsp] NetFlow Vs. SPAN (mix?) for detecting less than savory application behavior.

On Feb 5, 2008, at 9:17 PM, Drew Weaver wrote: > I would welcome suggestions on whether NetFlow Vs. SPAN (possibly > using some SNORT implementation at the aggregation points would > allow us to detect some of the more obvious annoyances) would be the > best course of action or if possibly

Re: [c-nsp] Multipoint L2TPV3 tunnel / MPLS VPN over IP Tunnel

Well, router is 7507 running with 12.4(16) rsp-jk9o3sv-mz.124-16.bin... I believe that 12.4 enterprise image is supporting such features... Is there any special release to get the advantages of multipoint L2TPV3 tunnel over 7500 or 7200... Regards, Masood Ahmad shah -Original Message-

[c-nsp] NetFlow Vs. SPAN (mix?) for detecting less than savory application behavior.

Aside from having "strong written policy", some ACLs, and a good "response team" we are trying to come up with some proactive monitoring we can do to detect certain behavior outbound from our network (sort of like a reverse Intrusion Detection System [EDS?]) to minimize the impac

[c-nsp] ATM SPA and SIP-200 QoS

Hi list Can someone give me an reasonable answer why the he*# cisco has to make every product different and out-of-sync with each other. E.g. migrating from c720x ATM cards to c7600 ATM SPA has become some pain. What I need to achieve is the QoS per vc for point-to-point subinterfaces. e.g. fro

Re: [c-nsp] NAT Detection with netflow or anything.

Joseph, > I've been thinking about NAT detection for security purposes (rogue wireless > AP's, etc). After some searching on the google > I haven't been able to come up with much. Other than a page with a few dead > links to papers/tools you can use I've come up empty. > Anyone have any solutions

Re: [c-nsp] IP SLA - "dns operation: Error code=4"

> > I had one similar where the source IPs being used from CLI and SLA were > different. > > The CLI source was correctly set to a mgmt loopback which did have access > to > DNS & the internet. The SLA monitor was using a source that didn't - fixed > by specifying the source for the SLA probe. >

Re: [c-nsp] Question about ip rtp header-compression

The problem is I'm not using NONE of the possible queuing strategies at all right now! So why the line can't just use the whole 2Mb for RTP? My question wasn't about if you want to dedicate a specific bandwidth with some QoS policy then you'll be obviously limited to 75% or 80% of the total band

Re: [c-nsp] IP SLA - "dns operation: Error code=4"

I had one similar where the source IPs being used from CLI and SLA were different. The CLI source was correctly set to a mgmt loopback which did have access to DNS & the internet. The SLA monitor was using a source that didn't - fixed by specifying the source for the SLA probe. Regards Dean

Re: [c-nsp] Question about ip rtp header-compression

Ziv Leyes <> wrote on Tuesday, February 05, 2008 11:50 AM: > Hi, > I have a problem I can't figure out myself. > I have two 7206VXR connected between them with serial interface over > satellite. The bandwidth is 2Mb (clockrate of the controller shows > 2047212 on both sides) > This link is exclu

Re: [c-nsp] Question about ip rtp header-compression

Well, Satellite IP is a fun task in itself to get right. I'd suggest looking at QoS policy/class maps and getting yourself up to scratch on the different methods of queueing that are available. There's plenty of good documentation on QoS and the Cisco Way Of Doing It on the Cisco website. Go look

Re: [c-nsp] IP SLA - "dns operation: Error code=4"

Giles Coochey <> wrote on Tuesday, February 05, 2008 11:07 AM: > Hello, > > I'm testing various aspects of IP SLA, and have been trying to set up > an HTTP get url operation - unsuccessfully. > > My configuration is as follows: > > ip sla monitor 300 > type http operation get url http://www.ex

[c-nsp] Question about ip rtp header-compression

Hi, I have a problem I can't figure out myself. I have two 7206VXR connected between them with serial interface over satellite. The bandwidth is 2Mb (clockrate of the controller shows 2047212 on both sides) This link is exclusively used for VoIP, and the ip rtp header compression is activated on

Re: [c-nsp] NAT Detection with netflow or anything.

On Feb 5, 2008, at 5:08 PM, Joseph Jackson wrote: > Anyone have any solutions to this? NetFlow-based anomaly-detection systems should potentially be able to infer NAT or proxy behavior due to analysis of source/dest IPs/ protocols/port pairings, port incrementalization, and so forth. I don

[c-nsp] NAT Detection with netflow or anything.

Hey all, I've been thinking about NAT detection for security purposes (rogue wireless AP's, etc). After some searching on the google I haven't been able to come up with much. Other than a page with a few dead links to papers/tools you can use I've come up empty. Anyone have any solutions to this?

[c-nsp] IP SLA - "dns operation: Error code=4"

Hello, I'm testing various aspects of IP SLA, and have been trying to set up an HTTP get url operation - unsuccessfully. My configuration is as follows: ip sla monitor 300 type http operation get url http://www.example.com name-server cache disable threshold 5000 frequency 300 ip sla monitor

Re: [c-nsp] QoS limiting on 10Ge ports

Wyatt Mattias Ishmael Jovial Gyllenvarg <> wrote on Tuesday, February 05, 2008 9:58 AM: > Hi all > > Im looking too limit a 10Ge too ~3Gb using policing. > Platform is 650X/760X Sup32 10Ge PFC3 MSFC 2A. > Is this possible at these speeds? yes, it's done in hardware on the PFC3 without performanc

[c-nsp] QoS limiting on 10Ge ports

Hi all Im looking too limit a 10Ge too ~3Gb using policing. Platform is 650X/760X Sup32 10Ge PFC3 MSFC 2A. Is this possible at these speeds? Any experience too share? Best regards Mattias Gyllenvarg Skycom AB ___ cisco-nsp mailing list cisco-nsp@puck.