Ben Steele <> wrote on Thursday, March 27, 2008 6:41 AM:
> I seem to recall there was a command that allowed a router to still
> cef switch packets when the next hop was an interface rather than an
> ip address, ie an ADSL client dialer interface with ip route 0.0.0.0
> 0.0.0.0 d0
>
> Am I dreami
[EMAIL PROTECTED] <> wrote on Wednesday, March 26, 2008 7:58 PM:
> Hi,
>
> Investigating scalability of this feature (and potential issues). Any
> real field example?
>
> http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_subcv.html
>
I've implemented mcast FC in some networks, and go
Gert Doering wrote:
> Hi,
>
> On Wed, Mar 12, 2008 at 09:07:51AM -0400, Joe Maimon wrote:
>
>
>>- In theory, one virtual template can be used for all mlppp customers,
>>as they will establish seperate bundles with their endpoint
>>discriminators, correct?
>
>
> Yes.
>
>
> How do you prote
I seem to recall there was a command that allowed a router to still
cef switch packets when the next hop was an interface rather than an
ip address, ie an ADSL client dialer interface with ip route 0.0.0.0
0.0.0.0 d0
Am I dreaming or was there a command which still allowed this to be
cef s
Gary
Wasn't this router Wednesday only a month or so worth of updates, if that?
If so, imagine 6 months worth!
I guess we get to find out what it is really like at the end of September
2008.
On Thu, Mar 27, 2008 at 1:18 PM, Buhrmaster, Gary <[EMAIL PROTECTED]>
wrote:
>
> > For example one of t
> For example one of the vulnerabilities was a DLSw issue. If
> you're not running DLSw anywhere, then there's not much need
> to continue reading that bulletin.
>From Microsoft Tuesday experience, that is not an entirely
safe approach. You have to read far enough into the advisory
so that you
On Thu, 27 Mar 2008, Whisper wrote:
> I've decided I do not like Router Wednesday
>
> 1 or 2 advisories in a day and you will probably read them thoroughly, like
> you should.
>
> 5 or more of them more or less altogether and I think a lot of people will
> only start binning them, as we don't have
On Thursday 27 March 2008, Tassos Chatzithomaoglou wrote:
> I still haven't found any reason for keeping a low MTU on
> L2 switches (although i don't know if any L2 protocols
> can generate such large "frames" which could possibly get
> dropped in a 1500 link).
We have gone with 9,000 bytes acros
Unfortunately, we're using ME3400s, and you cannot specify MTU on a per
interface basis...
Ben Steele wrote:
> Your better off just running system mtu 1504(if you want to deliver
> QinQ to customers) and then specifying the larger mtu frames on your
> trunk interfaces, this still restricts y
Your better off just running system mtu 1504(if you want to deliver
QinQ to customers) and then specifying the larger mtu frames on your
trunk interfaces, this still restricts your customer access ports to
1504 while allowing you to run what you need, jumbo frame mtu on an
interface will ov
I've decided I do not like Router Wednesday
1 or 2 advisories in a day and you will probably read them thoroughly, like
you should.
5 or more of them more or less altogether and I think a lot of people will
only start binning them, as we don't have the time to dedicate to reading 5
fairly long e-
The reason I don't want to raise it too high - is if we're selling TLS
services to a customer, (ie a VLAN provisioned on 2 ports on different
switches, carried across our core/trunks) - I don't want them being able
to send any packet larger than 1500 byes.
A bit bigger wouldn't be a problem, b
Since 1500 is the default and 1504 is by default "supported" on 802.1q trunk
links, i guess 1504
should be the correct value for 802.1q tunneling. I guess the ethernet header
is not counted by default.
My proposition? Use something that covers all of them (i.e. 1600 for GE, 1546
for FE) and (a
1504 is the system mtu you want, however i'd find a higher common
value between your switches incase you choose to run mpls down the
track, or anything else that is going to add to your frame size.
Ben
On 27/03/2008, at 9:31 AM, Dan Armstrong wrote:
> I've been bashing my head against the wa
I tend to run into this table often and has been a good reference for
me.
This table relates specifically to system MTU:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note
09186a00801350c8.shtml#topic2
This would suggest 'system mtu 1504' would be appropriate.
-Origina
Before applying the policy under your pvc specify the bandwidth in
your ATM subint and make sure it's within the reserved range,
otherwise use max-reserved-bandwidth x to accommodate it, I feel your
pain as i've experienced the whole apply the policy it takes it then
when you go to view it
On Wed, 2008-03-26 at 19:01 -0400, Dan Armstrong wrote:
> I've been bashing my head against the wall all day for a definitive
> answer on this:
>
> On a Cisco switch that supports QinQ (3550, 3750, ME3400, 3560 etc)
>
>
> What is the _minimum_ value I need to set the system MTU to, to do
> Qin
I've been bashing my head against the wall all day for a definitive
answer on this:
On a Cisco switch that supports QinQ (3550, 3750, ME3400, 3560 etc)
What is the _minimum_ value I need to set the system MTU to, to do
QinQ? 1504? 1522? 1526? 1546?
I can't seem to find one concise answer.
Dear All,
I am having to mix fabric and non-fabric enabled line cards on a single
chassis.
These are my line cards:
WS-X6704-10GE
WS-X6408A-GBIC
WS-X6148-GE-TX
What's the theoretical maximum expected throughput in running with mix
fabric line cards ?
Also, what will be the optimal and the r
Absolutely, that's why I said if you need it now it is probably not an
option. However, that will change with time. I expect the feature list to
be mostly complete a year from now. If it is a question of long-term
planning then the platform should be considered.
Fred Reimer, CISSP, CCNP, CQS-VP
> ...snip...snip...
>
> >
> > The answer to this may be "no way". :-) If you have a peering
> session
> > with the customer, why not only announce your routes from your two
> other
> > providers so that the customer doesn't see the routes from the one
> they
> > want to avoid? Wouldn't that acc
We just upgraded our sup from 720-3B to 720-CXL on 6500 running
12.2-33SXH1
We were using User Based Rate Limiting UBRL and all was working.
QOS is enabled.
I have a class map to match just the source address of hosts on a
subnet that have a dst to any.
The policy-map matches the class an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael K. Smith - Adhost wrote:
...snip...snip...
>
> The answer to this may be "no way". :-) If you have a peering session
> with the customer, why not only announce your routes from your two other
> providers so that the customer doesn't see th
Hello All:
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:cisco-nsp-
> [EMAIL PROTECTED] On Behalf Of Bruce Pinsky
> Sent: Tuesday, March 25, 2008 3:54 PM
> To: Wayne Lee
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] bgp transit, selecting providers based on source
> IP
>
Router 1(AS65501) -> Router 2 (AS123) -> Router 3 (AS456) -> Router4
(AS65504)
> I would use the *neighbor x.x.x.x remove-private-as ***command but
> understand that this doesn't work if you have public and private AS numbers
> in the path.
I think it would work ok, but this command shoudl be
Be very mindful of features here. The feature list for all but certain
large carriers is pretty slim pickens.
> From: Fred Reimer <[EMAIL PROTECTED]>
> Date: Wed, 26 Mar 2008 13:22:37 -0400
> To: Gert Doering <[EMAIL PROTECTED]>, Paul Stewart <[EMAIL PROTECTED]>
> Cc:
> Conversation: [c-nsp] BG
Hi folks.
I have a chance to pickup some WS-SVC-NAM-1 modules at a *very* good price -
have looked at them before and think they'll meet some of our needs..
Anyways, the WS-SVC-NAM-2 is later, greater etc. but according to Cisco's
website the WS-SVC-NAM-1 is still current product but just with
Hi,
Investigating scalability of this feature (and potential issues). Any
real field example?
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_subcv.html
Tks,
Alaerte
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether
Thanks for the information. Do the routers maintain a timestamp of when
they last updated their MIB. The time difference between the updates
will give me a good indication of the average traffic being observed by
the router.
Thanks,
-Proveen
-Original Message-
From: [EMAIL PROTECTED]
[ma
On Wed, March 26, 2008 4:34 pm, neal rauhauser wrote:
> !production box - will have nothing to do with a policy being placed on
> the
> PVC
> interface ATM2/0.98004 point-to-point
> description Irritated Customer, LLC
> ip address 192.168.209.253 255.255.255.252
> pvc 5/54
> protocol ip 192.1
Check the TX Ring limit. The TX Ring is the number of particles/packets
that queue in the hardware queue before being transmitted out of the
interface. If this is set too big you can experience problems with packets
seeming to be placed and process through the Priority queue, when in fact
they ar
I have the following topology
Router 1(AS65501) -> Router 2 (AS123) -> Router 3 (AS456) -> Router4
(AS65504)
Router 1 is my site (private AS)
R2 is network provider (public AS - I cant change config)
R3 is my other site (public AS)
R4 is end customer (private AS)
Router 1 advertises network 10.1
Or you may want to look into the new ASR routers. They are supposed to be
positioned between the 7200's and the 7600's, but it doesn't sound like you
are really pushing that much traffic through the system. If you need it
"now" it's probably not an option, but if you are looking to what would be
Thanks Gert... appreciate your "open" approach to this ;) I'm hoping to
sell some ideas internally on a "5 year plan" long time to justify
anything it seems anymore...
Is there a GSR/switch combo I could use intead? We've had GSR's and they
are rock solid, turn them on and forget them boxes
Hi,
On Wed, Mar 26, 2008 at 12:02:15PM -0400, Paul Stewart wrote:
> What I'm considering is removing the 12012 because of the space it consumes
> (does all BGP today) and replacing it with a pair of 7606's Sup720-3BXL etc
>
> For BGP edge that's feeding 3 full BGP transit feeds and a couple hundr
This one is a real head scratcher for me. I've got two 7206s, both running
c7200-p-mz.123-22.bin, both with identical PAs. One is in production, the
other is a hot spare. I got frustrated enough with trying to get QoS set up
that I pulled this config line for line from an example on CCO:
class-m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network
Denial of Service Vulnerability
Advisory ID: cisco-sa-20080326-pptp
http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
Revision 1.0
For
Hi folks.
Looking for some input on a network design. Today, pair of 6509's with
Sup2/MSFC2 and a Cisco 12012 GSR make up the distribution and core routing.
What I'm considering is removing the 12012 because of the space it consumes
(does all BGP today) and replacing it with a pair of 7606
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS
VPN, and Supervisor 32, Supervisor 720, or
Route Switch Processor 720
Advisory ID: cisco-sa-20080326-queue
http://www.cisco.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network
(MVPN) Data Leak
Advisory ID: cisco-sa-20080326-mvpn
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Revision 1.0
For Public Release
Those are both commands available in Native IOS. I don't know if they are
available in Hybrid, although it would be nice to know if they were.
--
http://dcp.dcptech.com
> -Original Message-
> From: Tassos Chatzithomaoglou [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 26, 2008 6:4
Optics have to be DOM Compliant.
http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compa
tibility/matrix/OL_8031.html
http://tinyurl.com/2jedp2
David
--
http://dcp.dcptech.com
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
What I'll add to this is that just like any other Cisco product, if you
know of a feature that really should be available, dont hesitate to let
your account team know about them. I've been in regular contact with them
to try to get a handle on some things that could be improved in the SNMP
imp
Dmitry Kiselev <> wrote on Wednesday, March 26, 2008 3:06 PM:
> Hello!
>
> On Wed, Mar 26, 2008 at 02:15:46PM +0100, Reinhold Fischer wrote:
>
>>>I there any way to set some dscp value to packets originating
>>> from Cisco IOS itself? I mean syslog messages, netflow data export,
>>> snmp mes
Hello!
On Wed, Mar 26, 2008 at 02:15:46PM +0100, Reinhold Fischer wrote:
> >I there any way to set some dscp value to packets originating
> > from Cisco IOS itself? I mean syslog messages, netflow data export,
> > snmp messages, icmp and so on. I know about default cs6 marking
> > for routing
Hi,
I would like to monitor the Optical Power in the Ten Gigabit interface.
I use this command : show int teX/y transceiver.
On some interfaces I've a answer :
1#sh int te2/1 transceiver
Transceiver monitoring is disabled for all interfaces.
ITU Channel not available (Wavel
Hi,
The FWSM works really at high bandwidth rates and integrates quite
well into a Catalyst (no cabling, your choice of being in front of
MSFC or behind, etc.) as long as you do not exceed limits on ACEs, see http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/specs.html
I believe those commands are for Native IOS, to get to the switch processor,
where you can do nifty things like a packet capture if you know the
commands. For Hybrid CatOS/IOS you'd have to go from the SP to the RP.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Techno
The FWSM isn't a half-assed ASA. It is a firewall-only module. It doesn't
have the VPN capabilities of the ASA, obviously does not have modules you
can add like an IPS or CSC, and is strictly a firewall. It also lags behind
in features; you'll notice that the FWSM is one or two features "behind"
Thanks, Peter!
- Original Message -
From: "Peter Rathlev" <[EMAIL PROTECTED]>
To: "Adam Greene" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, March 25, 2008 6:42 PM
Subject: Re: [c-nsp] pvst+ & r-pvst (WAS Re: mst & pvst)
> On Tue, 2008-03-25 at 17:53 -0400, Adam Greene wrote:
>> OK, I made m
On Wed, Mar 26, 2008 at 02:36:56PM +0200, Dmitry Kiselev wrote:
> Hello!
>
>I there any way to set some dscp value to packets originating
> from Cisco IOS itself? I mean syslog messages, netflow data export,
> snmp messages, icmp and so on. I know about default cs6 marking
> for routing protoc
Hi,
You need "isakmp ikev1-user-authentication none" under "tunnel-group
myGROUP ipsec-attributes". It is advisable to have another group for
Easy VPN peers and not mix them with users if you use XAUTH - the
latter is used for user authentication while IKE is used for device
authenticati
Hello!
I there any way to set some dscp value to packets originating
from Cisco IOS itself? I mean syslog messages, netflow data export,
snmp messages, icmp and so on. I know about default cs6 marking
for routing protocols, but it is not all traffic :)
Could anybody point me to right directi
Hi,
I have a setup which consists of a IOS based router connecting to a
ASA5500 firewall device.
I've got it working in network extension mode but it requires user
interaction on the router, heres a cut from the log:
*Mar 3 02:50:28.823: EZVPN(EASYVPN): Pending XAuth Request, Please
enter the f
The following two could probably help you too:
remote command switch xxx
remote login switch
--
Tassos
David Prall wrote on 25/3/2008 11:05 μμ:
> Switch console can only be done from catos. You want to find and entry that
> has a mac address within the cisco range. What does "sh cdp neighbor" g
Always keep in mind there's the Linux option, one day it might be the right
choice for admins...
Users? They'll get used to it, they're like farm animals, they'll eat what you
give them and eventually learn to love it... :)
Ziv
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMA
Well the original script that I just posted also has the option to check
powersupply's,fans and temp using the "cisco" option instead of "ciscoSW"
further more I check:
Routing Engine CPU
Routing Engine Memory
Supervisor Engine CPU
Supervisor Engine Memory
some BGP sessions and some interfaces
BT
57 matches
Mail list logo
