luismi <> wrote on Monday, June 30, 2008 8:15 PM:
> Hi there,
>
> I have a dude I could solve using a lab enviroment but for several
> reasons I don't have enought time at this momment, neither I have the
> correct equipment here.
>
> I am thinking on collapse several routers configurations in n
Peder @ NetworkOblivion wrote:
I am getting the following on a new cT3 from a provider into a PA-MC-T3.
I think it indicates that there is an issue on their end, but they say
I have a config issue. Can anybody confirm or deny if this points to an
issue on my end, or if it is their end? I hav
access-list 199 permit tcp any any
access-list 199 permit icmp any any
:)
On Tue, Jul 1, 2008 at 3:34 PM, Michael Smith <[EMAIL PROTECTED]> wrote:
> Hey Matt:
>
>
> > From: matthew zeier <[EMAIL PROTECTED]>
> > Date: Mon, 30 Jun 2008 13:32:06 -0700
> > To: "cisco-nsp@puck.nether.net"
> > Subje
On Tuesday 01 July 2008 22:16:23 Rodney Dunn wrote:
> As a migration path 12.2(33)SRC1...
We've had some success with SRC in testing and partial
deployment - as well as some interesting experiences.
We like it because it's quite comprehensive, and runs across
all our NPE-G1/G2 and 7201 deploym
what is your hardware/software ver platform?
On Tue, Jul 1, 2008 at 5:19 PM, almog ohayon <[EMAIL PROTECTED]>
wrote:
> Hi,
> I have the following scenario :
> 1 specific source to 1 specific destination that needs to be limit to
> certain amount of bandwidth but
> still have minimum BW guarantee
Hi,
I have the following scenario :
1 specific source to 1 specific destination that needs to be limit to
certain amount of bandwidth but
still have minimum BW guarantee and minimum packet drops .
which method to use :
police ?
shape average/peak ?
priority ?
etc...
if you can give me a real life
What boxes?
I saw this once with the 3845 (I think it was) where the LAN interface
was not going in to promiscuous mode to rx all mac frames.
Check the VC and see if you only see tx or rx counters and on which
box.
Also check 'sh controller' to see if there is a promiscuous mode in it.
Rodney
> Then write an updated RFC that changes the standards to reflect this
> behavior, and get it published and accepted.
Looks like 5821 will have to do (3821/4821 already taken) and be great
when everyone's compliant by the year 2030. In the meantime, BATV (draft
is: draft-levine-smtp-batv-01) can
I've got an L2TPv3 tunnel set up between our central location and one of our
remote sites. Everything looks OK, but data is only flowing one way (from the
central side to the remote side, it looks like). Has anyone seen anything like
this?
Thanks!
Steve Pfister
Technical Coordinator,
The Offi
I am getting the following on a new cT3 from a provider into a PA-MC-T3.
I think it indicates that there is an issue on their end, but they say
I have a config issue. Can anybody confirm or deny if this points to an
issue on my end, or if it is their end? I have other DS3's into other
equipm
I'm coming under some pressure to enable ethernet flow-control and
modify our network topology to keep a Dell iSCSI SAN engineer happy.
(We already have several years successful experience with another
iSCSI SAN, so this isn't new to us.)
>From what I can tell ethernet flow-control probably doesn'
I can buy the comprising argument for a reason not to do this.
I think the reason most people here want to be able to do outbound
telnet is for troubleshooting - checking port connectivity and protocol
banners. Many times administrators are insistent that a server is
listening on such and such
This is normal behavior from what I've seen, as you don't have a PVC
configured for the main interface so it has no bandwidth on the ATM
layer.
This is the view from a 7500, but I see the same results. Look at the
0.0 interface instead.
ifIndex IfDescr ifType ifMtu ifSpeed
5 ATM0/0/0-atm la
Hi all,
I am trying to monitor a Cisco router (7206) using OpenNMS and SNMP.
It is running: 7200 Software (C7200-IS-M), Version 12.2(19b), RELEASE
SOFTWARE (fc3)
There is an ATM fiber interface on this router.
The sub-interfaces report the correct speed via the SNMP agent.
The following interf
Jay Hennigan wrote:
Damn both the spammers and the broken mail servers that accept the mail
first and then bounce it back to the forged "sender", thus being a
secondary source of spam.
The receiving mail system upon getting mail for an unknown user, mailbox
full, or anti-spam detection shoul
DLSw uses UDP port 0 by default. There is a feature that allows you to disable
this.
http://www.cisco.com/en/US/tech/tk331/tk336/technologies_tech_note09186a0080093eca.shtml
matthew zeier <[EMAIL PROTECTED]> wrote:
> I keep seeing stuff with a udp src or dst port of 0. Anyone else see
On Tue, Jul 1, 2008 at 10:47 AM, Jay Hennigan <[EMAIL PROTECTED]> wrote:
> Rogelio wrote:
>
>> I've got an interesting problem. I've got some non-Cisco wireless units
>> that are VLAN tagged, and for whatever reason, they're not working, and I'm
>> going to need to pull them down from a roof and
On Tue, Jul 1, 2008 at 10:47 AM, Jay Hennigan <[EMAIL PROTECTED]> wrote:
>
> Crossover cable and ifconfig on any *nix box or Macintosh to set up the
> appropriate VLAN.
Wow, this is perfect. Thanks!
___
cisco-nsp mailing list cisco-nsp@puck.nether.ne
Rogelio wrote:
I've got an interesting problem. I've got some non-Cisco wireless units
that are VLAN tagged, and for whatever reason, they're not working, and
I'm going to need to pull them down from a roof and troubleshoot them.
Any ideas on what I might do to see them if I were to use a lay
I've got an interesting problem. I've got some non-Cisco wireless units
that are VLAN tagged, and for whatever reason, they're not working, and
I'm going to need to pull them down from a roof and troubleshoot them.
Any ideas on what I might do to see them if I were to use a layer 2
non-VLAN-f
Ziv Leyes wrote:
I have the same fixed IP address at home for 3 years now and I also get mailer error
messages lately claiming that MY message didn't reach the recipient and the reasons are
many, such as unknown user, mailbox over quota, out of office auto reply, some are from
anti-spam system
matthew zeier wrote:
I keep seeing stuff with a udp src or dst port of 0. Anyone else see
that in the wild?
If you're getting that from netflow, it's probably IP fragments.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net
I keep seeing stuff with a udp src or dst port of 0. Anyone else see
that in the wild?
Michael Smith wrote:
Hey Matt:
From: matthew zeier <[EMAIL PROTECTED]>
Date: Mon, 30 Jun 2008 13:32:06 -0700
To: "cisco-nsp@puck.nether.net"
Subject: [c-nsp] bcp on edge filtering & udp
Trying to find a
> Tony Varriale wrote:
> > Any chance you could give the group more details before saying it
> > can't be trusted?
> >
> I'm afraid I don't have any concrete details to add, but I've found
> capture expressions on Firewall Service Modules to be quite
> inconsistent. Presumably this is something
Last I checked CoPP was not VRF aware and it applied to any traffic
punted to the RP that we could match on so it would apply to PE-CE
links.
Rodney
On Tue, Jul 01, 2008 at 08:57:09PM +0530, Vikas Sharma wrote:
> Hi,
>
> I want to understand the impact of mpls vpn (vrf) control traffic on CoPP.
Hi,
I want to understand the impact of mpls vpn (vrf) control traffic on CoPP.
Can I block vrf contol plane packets (PE-CE) using CoPP? If yes, what is the
impact? Another idea is to use infrastructure acl. but I am more interested
if I can block PE-CE control traffic using CoPP?
Regards,
Vikas S
there is no need to have a firewall be an ssh/telnet client, that is not a
firewall's purpose... if you want to source ssh/telnet from the same subnet
your firewall is on, build a jump box/bastion host..IMO- no network device
is a place to be using a remote access protocol (telnet, ssh, rsh), no
m
On Mon, Jun 30, 2008 at 08:50:35PM -0700, Chris Cappuccio wrote:
> I've got 12.2(25)S8 on various 7200 NPE-G1 and NPE-400 boxes in core and edge
> NSP roles. The last NPE-400 is about to get upgraded to a G1 or G2.
>
As a migration path 12.2(33)SRC1 towards IOX-XE on ASR is a good looking
path.
You also can't ssh from a PIX, but you can of course ssh to it.
So it's not IMHO likely to be a case of "telnet being insecure", but avoiding
-all- client sourced access from a PIX out to anything else which the PIX could
potentially connect to.
I suspect the thinking is that the PIX itself,
Dual-active cases (VSL down) cannot be detected by below.
We need to use the 'vswitch vsl' trap for that.
sukumar
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Koen
Sent: Tuesday, July 01, 2008 4:40 PM
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-n
Hi Anthony,
I was just looking for this too and found out the following you can use
to make a check:
MIB CISCO-VIRTUAL-SWITCH-MIB
Object cvsChassisEntry
OID 1.3.6.1.4.1.9.9.388.1.2.2.1
TypeCvsChassisEntry
Description "An entry describes the pre
For Complete VSL failure, we have SNMP trap, that can be configured using:
vss(config)#snmp-server enable traps vswitch ?
vsl Enable SNMP Virtual Switch Link (VSL) notification
For Active supervisor failure, you can monitor the following syslog message:
PFREDUN-SW2_SPSTBY-6-ACTIVE: Initializ
Hi,
As we all know Telnet is plaintext and insecure. I assume they have disabled
telnet from the firewall to encourage secure communication?
I don't see why else they would have disabled it. Having said this they
still enable telnet to the device which is a complete contradiction :P
Cisco?
Che
Hi,
Does anybody know what syslog messages are supposed to be sent when a VSS
failover occurs?
Would it be easier to monitor it through SNMP traps? In that case what kind
of traps should I enable and what are the corresponding OID to handle from
the server?
The main idea is to detect any failures
vince anton wrote:
Hi list
Im looking for some advice in troubleshooting a flat layer 2 network, made
up of a number of L2 interconnected/cascaded switches running ip multicast.
currently, such network has about 50 video streams (or multicast groups)
from a single source at around 3-4Mbps each,
35 matches
Mail list logo