Hi all,
I'm trying to configure two 2611XMs to do PBR and NAT. The relevant
config snippet is included below, but essentially one of the routers
is doing what I want, and the other isn't. I suspect I'm hitting an
IOS bug, or my config isn't quite right (hmmm, thanks captain
obvious.)
I have a PBR
Whisper wrote:
> Thanks for all the replies, they have been very enlightning.
>
> Are there any other methods people use to filter/block bogons?
>
> Its always good to hear about the relative real world pros & cons of
> implementing specific policy decisions.
>
Not precisely a bogon list, but t
Hi, Cisco friends, the issue was solved, the problem was a unmanaged dlink
switch, I changed it with a switch 3COM, now Cisco ASA works fine.
Regards.
On 3/6/08, Fields, Jesse <[EMAIL PROTECTED]> wrote:
>
> I have ran into a similar problem recently on a 5505 and kicked myself
> for overlookin
Running BFD on iBGP is probably not a good idea though, as iBGP is
multihop (unless you have an "interesting" network design). Relying on
the IGP and letting the IGP trigger BGP withdrawals is the way to go
for iBGP
On Mar 6, 2008, at 7:57 PM, Ben Steele wrote:
>
> On 07/03/2008, at 2:18 PM
On 07/03/2008, at 2:18 PM, Hiromasa Sekiguchi wrote:
> Hi,
>
> The cisco products have "bgp fast-external-fallover" function.
> It is available on only eBGP, isn't it?
Yes, only for eBGP
>
>
> We'd like to do same behabior like it on iBGP.
> So, is there any solutions?
Have a look at bfd for BG
Hi,
The cisco products have "bgp fast-external-fallover" function.
It is available on only eBGP, isn't it?
We'd like to do same behabior like it on iBGP.
So, is there any solutions?
Regards,
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https:/
I have ran into a similar problem recently on a 5505 and kicked myself
for overlooking it. Try hard setting your port speed/duplex on the ASA
and switch. GL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge
Evangelista
Sent: Thursday, March 06, 2008
I've experienced and tried this only on the supV's. I would assume, however
never tested to see the same results on the 4948 since they are pretty much
identical from a os/platform standpoint. A good hint is if the 4948 will
actually even LET you place "qos" commands on the port channel itself. If
Well, the Cucumber is ok, it combines CCM 6.X and CUC 6.X in a single
box, the downside is you can't integrate with AD and you can only have
5 remote sites.
Also, since it is a single server, there is no redundancy, so you may
need a big, fat router for SRST depending on how many users you have.
Hi,
On Wed, Mar 05, 2008 at 08:32:05PM -0600, Justin Shore wrote:
> I thought it was weird too but I pretty much copied that out of the new
> Router Security Strategies book, pages 210-211, just to be sure. The
> first sentence under the "No-negotiate mode" heading is:
>
> "Puts the LAN port i
On Thu, Mar 06, 2008 at 02:19:41PM -0500, Drew Weaver wrote:
> Hi there, we are going to be updating our phone system from a very
> old t1 unit to a new VoIP product and we are looking for advice from folks
> who have deployed Unified Communication Manager 6.1 in a single server MCS
> de
Hi there, we are going to be updating our phone system from a very old
t1 unit to a new VoIP product and we are looking for advice from folks who have
deployed Unified Communication Manager 6.1 in a single server MCS deployment (I
believe they call deploying it this way "Cisco Unified Co
On Thu, 6 Mar 2008, Phil Mayers wrote:
> It depends on the platform, but on 6500s at least I know you get an
> output interface of 0.
>
> Sadly you get an output interface of 0 for a whole lot of other stuff,
> including glean failures (i.e. couldn't arp for the next hop), RPF
> failures and also
Justin Shore wrote:
> Jeff Kell wrote:
>> Justin Shore wrote:
>>> Personally I'm still using ACLs on my border routers. At this point
>>> in time I want the ACE hit counters for those rogue packets
>> Hrmmm... will these show up in netflow in some identifiable fashion?
>
> That's a good question
On Thu, 6 Mar 2008, Justin Shore wrote:
> Jeff Kell wrote:
>> Justin Shore wrote:
>>> Personally I'm still using ACLs on my border routers. At this point
>>> in time I want the ACE hit counters for those rogue packets
>>
>> Hrmmm... will these show up in netflow in some identifiable fashion?
>
>
Jeff Kell wrote:
> Justin Shore wrote:
>> Personally I'm still using ACLs on my border routers. At this point
>> in time I want the ACE hit counters for those rogue packets
>
> Hrmmm... will these show up in netflow in some identifiable fashion?
That's a good question. I'm not sure if NF will
If you are using the base ASA license, there is a limitation of traffic flow
on 3 routed VLANS. You have to issue the following command to get the 3rd
vlan to work:
ASA(config-if)# no forward interface (vlan-number)
This limits you to being able to receive traffic on the VLAN but not sending
it.
On Thu, 2008-03-06 at 09:43 -0600, Dale W. Carder wrote:
> On Mar 5, 2008, at 5:36 PM, Ben Steele wrote:
> > I'm going to recommend rsync mainly for it's resume of transfer
> > ability over scp(given your files sound large), you can tunnel it via
> > ssh using a flag like "--rsh=ssh" or similar for
On Mar 5, 2008, at 5:36 PM, Ben Steele wrote:
> I'm going to recommend rsync mainly for it's resume of transfer
> ability over scp(given your files sound large), you can tunnel it via
> ssh using a flag like "--rsh=ssh" or similar for security
I would second the use of rsync for it's ability to b
Justin Shore wrote:
> Personally I'm still using ACLs on my border routers. At this point in
> time I want the ACE hit counters for those rogue packets
Hrmmm... will these show up in netflow in some identifiable fashion?
Jeff
___
cisco-nsp mailing lis
Do you see anything interesting in the debug logging?
What kind of packets is it dropping?
> icmp unreachable rate-limit 1 burst-size 1
is it dropping icmp packets?
have you checked the duplex settings?
everything talking the same?
can you do a mirror port on the switch to see via tcpdump wha
Hi Tim,
How about the egress policing on a 7600-SIP-400 and SPA-2X1GE-V2 combo?
Is egress policing done at the egress or still on the FE ingress interfaces?
Thanks
Rgds
Edwin
On Thu, Mar 6, 2008 at 1:24 AM, Tim Stevenson <[EMAIL PROTECTED]> wrote:
> The problem exists as long as there are mult
Hi guys,
I have configured a Cisco ASA 5505 with two LAN's one for inside (servers)
and other for business (users), I can do a ping from business to inside
and viceversa hosts, I can authenticate me in the domani MS only when I
connect a PC in ports of ASA with access vlan 3, however when I con
Personally I'm still using ACLs on my border routers. At this point in
time I want the ACE hit counters for those rogue packets. ACLs of
course consume more resources but it gives me what I want. I do ingress
and egress and I update my ACLs within a few days of IANA announcing the
allocation
Thanks very much INDEED.
It's working NOW
RGDS
/Bruno Filipe
- Original Message
From: Oliver Boehmer (oboehmer) <[EMAIL PROTECTED]>
To: Bruno Filipe <[EMAIL PROTECTED]>; cisco-nsp@puck.nether.net
Cc: [EMAIL PROTECTED]
Sent: Thursday, March 6, 2008 1:56:45 PM
Subject: RE: [c-nsp] Possib
Bruno Filipe <> wrote on Thursday, March 06, 2008 12:35 PM:
> Hi there...
>
> I'm facing a problem with a 3825 after upgrading from 256 RAM to two
> 512 DIMM modules...
>
> that's the OUTPUT from the console.
>
>
> *Mar 6 11:22:58.627: %SYS-4-NV_BLOCK_INITFAIL: Unable to initialize
> the geo
Thanks a lot for all the input RANCID seems to be the way to
go. Thanks for the template config I will look again at TACACS+.
Thanks & Regards
Kevin
On Mon, Mar 3, 2008 at 5:30 PM, Peter Rathlev <[EMAIL PROTECTED]> wrote:
> On Mon, 2008-03-03 at 10:18 -0600, Justin Shore wrote:
> > Assuming you'
Thanks for all the replies, they have been very enlightning.
Are there any other methods people use to filter/block bogons?
Its always good to hear about the relative real world pros & cons of
implementing specific policy decisions.
On Thu, Mar 6, 2008 at 5:51 PM, Matt Carter <[EMAIL PROTECTED]>
Hi there...
I'm facing a problem with a 3825 after upgrading from 256 RAM to two 512 DIMM
modules...
that's the OUTPUT from the console.
*Mar 6 11:22:58.627: %SYS-4-NV_BLOCK_INITFAIL: Unable to initialize the
geometry of nvram
*Mar 6 11:22:58.859: NV: Invalid Pointer value(6307D87C) in priv
Wyatt Mattias Ishmael Jovial Gyllenvarg wrote:
> Hi All
>
> Why is it that when you restart a 7600 or 6500 the "route-reflector
> client" statment is erased from the config?
>
> Highly frustrating feature too troubleshoot over the phone
>
> Anyone else have this?
No. It works fine in our co
Hi All
Why is it that when you restart a 7600 or 6500 the "route-reflector
client" statment is erased from the config?
Highly frustrating feature too troubleshoot over the phone
Anyone else have this?
What can I do to make this "more" permanent?!?
Best Regards
Mattias Gyllenvarg
Omnitron
_
31 matches
Mail list logo