Check out PVP
http://www.cisco.com/en/US/tech/tk39/tk48/technologies_q_and_a_item09186a008011a901.shtml#qa13
Regards
Brian
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of james edwards
Sent: lunedì 9 giugno 2008 5.38
To: cisco-nsp@puck.nether.net
On Sat, 2008-06-07 at 22:58 -0400, Luan M Nguyen wrote:
I wonder if you do this:
class-map tcp_traffic
match any
policy-map global_policy
class tcp_traffic
set connection random-sequence-number disable
Would you get TCP Sequence Prediction: Difficulty=0 (Trivial joke)?
Well, I tried
I have some fibre connections (non Cisco remote endpoints - not yet sure
of the brands) to an old WS-C4908G-L3 using GBICs that I would like to
move on to a new Cisco 3750-G using SFPs. I have been unable to get any
links to come up on the new Cisco 3750. The existing WS-C4908G-L3
interface
try: speed nonegotiate
Ivan wrote:
I have some fibre connections (non Cisco remote endpoints - not yet
sure of the brands) to an old WS-C4908G-L3 using GBICs that I would
like to move on to a new Cisco 3750-G using SFPs. I have been unable
to get any links to come up on the new Cisco 3750.
Hi,
I have some fibre connections (non Cisco remote endpoints - not yet sure of
the brands) to an old WS-C4908G-L3 using GBICs that I would like to move on
to a new Cisco 3750-G using SFPs. I have been unable to get any links to
come up on the new Cisco 3750. The existing WS-C4908G-L3
Hi Guys,
I am hoping to get some advice / experiences on the configuration of the ASA
IPS Module.
Mainly where should i start? I am currently reading the Installing and Using
Cisco Intrusion Prevention System Device Manager 6.0 guide but if anyone has
any further information for a newbie in
On Thu, June 5, 2008 8:45 am, Pelle wrote:
[1] this can either be configured as:
class X
priority bandwidth
In my experience, it's quite variable (by IOS, platform, phase of moon,
etc) as to whether this *actually* implements a policer or not. There's
no harm, and a degree of safety in:
Hi Tim,
These commands behave differently:
Once again, priority bandwidth would police only in case of congestion
while priority + police rate would police on rate configured.
Regards,
Jeff
-Original Message-
From: [EMAIL PROTECTED] [mailto:cisco-nsp-
[EMAIL PROTECTED] On Behalf
On Mon, June 9, 2008 11:26 am, Jeff Tantsura wrote:
These commands behave differently:
Once again, priority bandwidth would police only in case of
congestion while priority + police rate would police on rate
configured.
Good point, if you want the priority class to be able to gobble
-Original Message-
From: [EMAIL PROTECTED] [mailto:cisco-nsp-
[EMAIL PROTECTED] On Behalf Of Alex Howells
Sent: Sunday, June 08, 2008 11:15 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] 12.2SXH 'archive' / Configuration Management
Aloha :)
What is the collective opinion on
On Sun, Jun 08, 2008 at 04:38:23PM +0100, Simon Lockhart wrote:
On Sun Jun 08, 2008 at 04:14:33PM +0100, Alex Howells wrote:
That template makes fairly extensive use of the 'archive' command but
some older IOS doesn't include that functionality; I've also seen/heard
RANCID being deployed
Oh, well that changes things. I don't mean to make excuses for Cisco,
but the only TCP sessions TO the ASA should be from specific hosts or
segments that are considered safe or clean such as a management
subnet. In all likelihood, if your management stations are compromised
you're screwed
That is the newbie text. What part are you having difficulties with? I
could suggest the certification guide from Cisco Press for the IPS test.
It certainly has more information than you will likely ever use.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman
Hi all,
I would like to cluster two 6509 catalysts into a VSS-1440 system, and I would
like to know if anyone else tried that, to see some opinions about it.
The configuration would be:
2x 6509
6x 6748 in each
1x 6708 in each
1x Sup in each
I am a little bit surprised that they have such
No difficulty just wanting to hear from other peoples experiences and if I
am reading the right text.
Thanks,
Aaron.
-Original Message-
From: Fred Reimer [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2008 8:13 PM
To: aaron; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco ASA
On Mon, 9 Jun 2008, [EMAIL PROTECTED] wrote:
switchport nonegotiate?
I don't believe that has anything to do with speed/duplex negotiation.
I believe 'switchport nonegotiate' will prevent the port from negotiating
trunk settings.
jms
___
Vikas Sharma mailto:[EMAIL PROTECTED] wrote on Monday, June 09,
2008 5:29 AM:
Thanks oli,
Jeff - Yes I am working with carrier.
Refining my question, Generally what QoS mechanism Service Provider
choose? Short pipe mode or Pipe mode.
Many are actually using uniform.. pipe/short-pipe is
switchport nonegotiate does 2 main things:
1. What Justin said, will prevent a port from negotiating trunk settings
2. Turns off DTP frames!!
On Mon, Jun 9, 2008 at 11:33 PM, Justin M. Streiner [EMAIL PROTECTED]
wrote:
On Mon, 9 Jun 2008, [EMAIL PROTECTED] wrote:
switchport nonegotiate?
ssh disconnect # should clear your ssh sessions.
Cory Councilman
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi
Have you tried Kiwi CatTools http://www.kiwisyslog.com/kiwi-cattools-overview/
its a cheap alternative to Solarwind Cirrus.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Van Tol
Sent: 09 June 2008 12:03
To: 'Alex Howells';
Hi,
Posting this on behalf of someone else.
About 2 nites ago, around midnight, his network seemed like it imploded.
Its a WISP, and connected to GigabitEthernet0/1 is his Site A that is
192.168.25.1/24 . About 60% of the devices off the AP aren't contactable
anymore.
He has
For first timers, I always recommend 3 attack angles (or 2.5).
1) Start where you are starting. It will give you a nice warm and fuzzy and
will build your confidence.
2) Go where Fred recommended. The book is solid.
2.5/3) Start using it and document your specific requirements. Make sure
Hi there..
We have a 6509 (sup2) installed and about to bring up some T1 interfaces on
it.. confused over the configuration and only have a limited window of time
to try and implement off hours tonight ;)
WS-X6182-2PA port adapters with PA-MC-8T1 cards are installed in this box...
Currently,
Paul Stewart wrote:
Is this because I need to configure
timeslots still on the controller?
Yep.
controller t1 5/1
channel-group 0 timeslots 1-24
Then you'll get a serial 5/1:0
David
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On Mon, 9 Jun 2008, Paul Stewart wrote:
controller T1 6/0/0
framing esf
linecode b8zs
I expected to see serial interfaces further down in the configuration but
nothing is showing... I checked Cisco.com and it keeps referencing
configuration on the Serial interfaces (which is the way we have it
Yes, they will display in the configuration after your time slots are
provisioned.
On Mon, Jun 9, 2008 at 11:15 AM, Paul Stewart [EMAIL PROTECTED] wrote:
Hi there..
We have a 6509 (sup2) installed and about to bring up some T1 interfaces on
it.. confused over the configuration and only have
Hello,
I am not sure if this question has been asked before if so I apologize. I
was wanting some advice on aggregation. I have some customers that want
broadband but can not receive in this even T-1 or ISDN is an option. Of
course a T-1 is too expensive for the home user and the only option
It depends on how many customers you have that you'll use ISDN for. Since
you stated a T1 is too expensive for the customer loop, I'm going to assume
you're refering to a BRI at the customer premise.
Since ISDN is a switched solution, the customer's equipment will need to be
configured to 'call'
root net wrote:
Hello,
I am not sure if this question has been asked before if so I apologize. I
was wanting some advice on aggregation. I have some customers that want
broadband but can not receive in this even T-1 or ISDN is an option. Of
course a T-1 is too expensive for the home user and
Hello all,
I have more customers coming to my switch into one trunk port. One of
those customers has decided to have more than one vlan, and have to do
a dot1q for him. Is there a way to configure this:
- if a frame comes to my trunk trunk port with tag 10-100, make a
dot1q tunnel with some vlan
Hi All,
I've deployed rancid on a fairly large metro network, and am seeing some
pretty high CPU averages. When RANCID runs the CPU's on a large number of
our boxes spike to about 95% for several seconds. Although they have never
hit 100%, or caused any issues (dropped OSPF hello's, stp bpdu's)
Jay,
You are correct the ISDN PTP loop is confusing. I am talking a dedicated
ISDN line that dials only one other ISDN line on the ISP side to make up a
PTP loop if you will. Hopefully that clears. Unlimited ISDN BRI service is
what we will order for the customer cheaper and safer. After
7600 SUP720/RSP720 ES20 would probably help you.
But the price is getting high, unless you already have the first 2.
--
Tassos
Pavel Skovajsa wrote on 9/6/2008 10:44 μμ:
Hello all,
I have more customers coming to my switch into one trunk port. One of
those customers has decided to have
Nick,
I run RANCID on my SP network and I too see the high CPU spikes. Mine
actually clock in at 100% (high enough that it makes my 1m average
register 80% on some devices via sh pr cpu his (which means that it's
actually between 80 and 89%)). I have a couple devices in particular
that it
Hello,
I have a customer that wants a 100/1000 Mb/s pipe into our network for our
local customers. This customer is also a customer but he has a dedicated 10
Mb/s circuit to the Internet and is maxing out on bandwidth. Wishes to buy
the 100/1000 Mb/s pipe for our local network access only not
root net wrote:
Jay,
You are correct the ISDN PTP loop is confusing. I am talking a dedicated
ISDN line that dials only one other ISDN line on the ISP side to make up
a PTP loop if you will. Hopefully that clears. Unlimited ISDN BRI
service is what we will order for the customer cheaper
Hi folks,
The newest batch of vulnerabilities for ASA (and PIX) have references only
to 7.x and 8 ASA/PIX OS. There is however a vague remark that any earlier
versions than 7.x are vulnerable, but it is not clear whether it only refers
to the 7 train, or also 6.x.
The vulnerability
The advisory specifically says, Cisco PIX security appliances running
versions 6.x are not vulnerable.
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ariel Biener
Sent: Monday, June 09, 2008 3:26 PM
To: cisco-nsp@puck.nether.net
Subject: Re:
On Mon, 9 Jun 2008, Nick Davey wrote:
I've deployed rancid on a fairly large metro network, and am seeing some
pretty high CPU averages. When RANCID runs the CPU's on a large number of
our boxes spike to about 95% for several seconds. Although they have never
hit 100%, or caused any issues
loopback or another interface (usually a static route of last resort
to the loopback address/interface).
loopback or null?
In the old days, null was handled by CPU (software switched), so lots
of us old-timers got into the habit of using loopback instead of null.
On a modern platform it
Mon, Jun 09, 2008 at 03:56:08PM -0400, Nick Davey:
Hi All,
I've deployed rancid on a fairly large metro network, and am seeing some
pretty high CPU averages. When RANCID runs the CPU's on a large number of
our boxes spike to about 95% for several seconds. Although they have never
hit 100%, or
On Mon, 9 Jun 2008, root net wrote:
I have a customer that wants a 100/1000 Mb/s pipe into our network for our
local customers. This customer is also a customer but he has a dedicated 10
Mb/s circuit to the Internet and is maxing out on bandwidth. Wishes to buy
the 100/1000 Mb/s pipe for our
Justin M. Streiner wrote:
On Mon, 9 Jun 2008, root net wrote:
I have a customer that wants a 100/1000 Mb/s pipe into our network for
our
local customers. This customer is also a customer but he has a
dedicated 10
Mb/s circuit to the Internet and is maxing out on bandwidth. Wishes
to buy
Hi,
On Mon, 2008-06-09 at 11:51 -0400, Tuc at T-B-O-H.NET wrote:
cut
He did a debug arp and found this :
002005: .Jun 9 10:44:12.348 EDT: IP ARP: creating incomplete entry for
IP address: 192.168.25.2 interface GigabitEthernet0/1
002006: .Jun 9 10:44:12.348 EDT: IP ARP: sent req src
Hi,
On Mon, 2008-06-09 at 11:51 -0400, Tuc at T-B-O-H.NET wrote:
cut
He did a debug arp and found this :
002005: .Jun 9 10:44:12.348 EDT: IP ARP: creating incomplete entry for
IP address: 192.168.25.2 interface GigabitEthernet0/1
002006: .Jun 9 10:44:12.348 EDT: IP ARP: sent
The Metro 3750 supports selective q-in-q (vlan mapping) in several ways.
Note, its only supported on the two GigE ES ports.
1 to 1
2 to 2
2 to 2
3750 Metro configuration guide:
On Tuesday 10 June 2008, Deepak Jain wrote:
In the old days, null was handled by CPU (software
switched), so lots of us old-timers got into the habit of
using loopback instead of null. On a modern platform it
should make no operational difference provided you have
everything you need set up
On Tuesday 10 June 2008, root net wrote:
I have a customer that wants a 100/1000 Mb/s pipe into
our network for our local customers. This customer is
also a customer but he has a dedicated 10 Mb/s circuit to
the Internet and is maxing out on bandwidth. Wishes to
buy the 100/1000 Mb/s pipe
Tuc at T-B-O-H.NET wrote:
Hi,
Posting this on behalf of someone else.
About 2 nites ago, around midnight, his network seemed like it imploded.
Its a WISP, and connected to GigabitEthernet0/1 is his Site A that is
192.168.25.1/24 . About 60% of the devices off the AP aren't
49 matches
Mail list logo