Re: [c-nsp] DMVPN breaks when IPSEC protection is applied to tunnels

Howdy ho, How about putting on the outbound to make sure that you are sending it the the hub? good idea - add this to the hub router :- adsl-nhrp-hub#show access-lists check_packets_in Extended IP access list check_packets_in 10 permit ahp any any 20 permit esp any any 30 permit u

Re: [c-nsp] NAT/ACL options in a PIX

Correct, you are doing NAT as a straight 1 to 1 translation for traffic. Using PAT, you can specify either TCP or UDP traffic and the outside and inside port numbers. This is still accomplished with the static statement. You'll still need the access-list entry as well unless you have another rul

Re: [c-nsp] NAT/ACL options in a PIX

Here's an example of port redirection that I know works with PIX OS 7.0(4). I've never tried it with 6.3(5). # Access lists for the outside interface is configured to allow traffic from the Internet to 172.16.1.10 for web, terminal services and ftp. # You will see from the static commands later

[c-nsp] NAT/ACL options in a PIX

--CORRECTION--- As a part of my 2nd question I made a mistake on the internal host IP. This is the correction: I need to allow P.P.P.3 to access the same internal host (10.10.10.110). I tried to assigned a different Public ip address(Q.Q.Q.11)... Thanks --- On Tue, 8/26/08, John Ra

[c-nsp] NAT/ACL options in a PIX

Version 6.3.5 PIX 515 We have been assigned 25 Public IP addresses by our ISP and I want administer them in the most efficient way. We get a lot of requests for external access to different hosts in our private network. For example: Public trusted IP address requesting access: P.P.P.2 Public I

Re: [c-nsp] LLQ + MLPPPoE -> ?

Remove the service policy from your ATM int's and just leave it on your Dialer, then do a "sh users" and you should see an interface listed as the MLP Bundle, this is the one you want to be watching, if for example it is Vi4 then do a "sh policy-map int vi4" Also given you are running pppoe, you s

Re: [c-nsp] VPN Client to 1841, default route into tunnel with exceptions

> With this configuration, a client cannot communicate at all > outside the tunnel, which is a desired feature in this setup. > OTOH, some teleworkers would appreciate to be able to talk to > their networked printers on the local LANs. It's been a while but from memory you need to put the "include

Re: [c-nsp] Configuring VWIC-1MFT-E1 for Data

> I would like a reference to an online documentation that explains > the configuration of the data features of a cisco VWIC-1MFT-E1 card. Ok then: http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/intserv.html B. ___ cisco-nsp mailing list cisco-nsp@

Re: [c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?

Tim Franklin wrote: On Thu, August 21, 2008 12:59 am, Brandon Price wrote: Other than just saying "its bad" can you give some specifics as to the problems you've run into using private addresses for PE-CE links? As long as the SP hands out unique addresses across all of the links, what does it m

Re: [c-nsp] which IOS supports sup720 + FlexWAN + PA-POS-OC3?

On Aug 26, Ian Cox <[EMAIL PROTECTED]> wrote: > PA-POS-OC3 has been supported in both FlexWANs since they FCS'd. Maybe > that particular PA has the idprom messed up. Try doing a sh diagbus with > it inserted and see what the PA idprom is telling the system. This is the output for card back in the

[c-nsp] SNMP auth failure and malloc issues

I was wondering if anyone has seen a similar issue. 7609 Sup720 running 7600s72033-advipservicesk9-mz.122-33.SRB3.bin I am seeing lots of malloc errors after seeing a long running SNMP querier who is unable to query my router. Aug 26 12:00:38.136 EST5EDT: %SYS-2-MALLOCFAIL: Memory allocation of

Re: [c-nsp] Improved queuing in 12.4(20)T?

On Tue, Aug 26, 2008 at 16:28, Rodney Dunn <[EMAIL PROTECTED]> wrote: > The difference I suspect is how the time intervals are handled. I worked > on an issue once where we actually would slightly burst above the > configured shape rate and it got worse the smaller the Tc was. > With HQF the exces

Re: [c-nsp] which IOS supports sup720 + FlexWAN + PA-POS-OC3?

PA-POS-OC3 has been supported in both FlexWANs since they FCS'd. Maybe that particular PA has the idprom messed up. Try doing a sh diagbus with it inserted and see what the PA idprom is telling the system. bourke#sh diagbus ... Slot 8: Logical_index 16 2 port adapter Enhanced FlexWAN contr

[c-nsp] Configuring VWIC-1MFT-E1 for Data

HI, I would like a reference to an online documentation that explains the configuration of the data features of a cisco VWIC-1MFT-E1 card. Any references would be deeply appreciated. Regards, Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] DMVPN breaks when IPSEC protection is applied to tunnels

How about putting on the outbound to make sure that you are sending it the the hub? On Tue, Aug 26, 2008 at 1:37 AM, Nic Tjirkalli < [EMAIL PROTECTED]> wrote: > Howdy ho, > > > Maybe try to put in an ACL or could use netflow for this as well... >> ip access-list extend check_packets_in >> permi

Re: [c-nsp] VPN Client to 1841, default route into tunnel with exceptions

Sounds like a routing issue, is your ippool handling out IP addr to the clients. I recently set a similar config on a 1811 and this works fine. I can send you the working config if you're intersted. Regards, Ge Moua | Email: [EMAIL PROTECTED] Network Design Engineer University of Minnesota |

[c-nsp] VPN Client to 1841, default route into tunnel with exceptions

Hi, this is strictly a client issue and not appropriate for cisco-nsp, but I haven't found any mailing list with this clue level for other cisco-related aspects. If there is one, I'd like to learn about it. I have a bunch of Windows clients with the Cisco VPN Client 5.0.01.0600 and an 1841 runnin

Re: [c-nsp] which IOS supports sup720 + FlexWAN + PA-POS-OC3?

On Tue, 26 Aug 2008, Marco d'Itri wrote: Works for me on 12.2(18)SXE6b but all are eFlexwans: Slot 4: Logical_index 9 2 port adapter Enhanced FlexWAN controller Board is analyzed ipc ready HW rev 0.1, board revision A01 Serial Number: Part number: 73-6348-01

Re: [c-nsp] Improved queuing in 12.4(20)T?

On Tue, Aug 26, 2008 at 01:32:23PM +0200, Oliver Boehmer (oboehmer) wrote: > Per Carlson wrote on Tuesday, August 26, 2008 > 1:16 PM: > > > Hi Oli. > > > >> I haven't looked at HQF for a while, but I recall the H-QoS scenario > >> you're using benefits especially from H

[c-nsp] LLQ + MLPPPoE -> ?

Have a scenario whereby I've an LLQ policy applied to a CE router doing MLPPPoE with following configuration: ! class-map match-any REALTIME match ip dscp ef class-map match-any CRITICAL-DATA match ip dscp cs6 ! ! policy-map LLQ class REALTIME priority percent 35 class CRITICAL-DATA ban

[c-nsp] which IOS supports sup720 + FlexWAN + PA-POS-OC3?

When I plug in the PA I get this: SLOT 5/0: 00:00:03: %PA-2-UNDEFIO: Unsupported I/O Controller (type 65535) in I/O Bay. The I/O Controller network interfaces will be unavailable. a normal fast ethernet PA works fine. cisco.com says that the PA is supported even by non-enhanced FlexWANs. IOS (

Re: [c-nsp] VTP and Vlan 1

Hi Paul Dont worry, I did the same at the beginning :-) So UDLD on dot1Q uses the native VLAN while with ISL it stays within VLAN 1 no matter if we changed the native vlan or not? This means that with ISL trunks UDLD behaves similar to CDP/VTP ? Thanks best regards Michel On 26/08/2008, Paul

Re: [c-nsp] IOS VPN Client Group Issue

You're spot on. I came across that yesterday afternoon, it does require the 12.2T train. Guess I should learn to read a little better. :) Thanks to those that responded, much appreciated Tom. Ge Moua wrote: I'm doing a simlar config with IOS: 12.4(15)T6 I wonder if you need the "T" code tra

Re: [c-nsp] VTP and Vlan 1

Hi Michel, Appologies for confusing the issue. You are of course correct about VTP, which does use vlan 1. UDLD is not sent with a dot1q tag, but is associated with vlan 1 on ISL trunks. Changing the (dot1q) native vlan on the trunk has no effect on how UDLD is sent over ISL, it is still sent on

Re: [c-nsp] Improved queuing in 12.4(20)T?

Per Carlson wrote on Tuesday, August 26, 2008 1:16 PM: > Hi Oli. > >> I haven't looked at HQF for a while, but I recall the H-QoS scenario >> you're using benefits especially from HQF as the parent shaper is >> aware of the LLQ within the child, but not entirely sure ab

Re: [c-nsp] WS-X4506-GB-T Ports not connected

howdy ho, * Sebastian Wiesinger <[EMAIL PROTECTED]> [2008-08-26 12:30]: Hello, I'm having a little problem here with a new Cisco 4510R-E. It's running the following configuration: Problem solved. Someone hinted that I should not assume that the linecard does have auto MDI/X detection. Which

Re: [c-nsp] WS-X4506-GB-T Ports not connected

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian, > interface GigabitEthernet10/1 > no switchport > ip address dhcp > no keepalive > media-type rj45 > ! > interface GigabitEthernet10/2 > no switchport > ip address dhcp > no keepalive > media-type rj45 > ! > > Is there anything I'm

Re: [c-nsp] WS-X4506-GB-T Ports not connected

* Sebastian Wiesinger <[EMAIL PROTECTED]> [2008-08-26 12:30]: > Hello, > > I'm having a little problem here with a new Cisco 4510R-E. It's > running the following configuration: Problem solved. Someone hinted that I should not assume that the linecard does have auto MDI/X detection. Which apparen

Re: [c-nsp] Improved queuing in 12.4(20)T?

Hi Oli. > I haven't looked at HQF for a while, but I recall the H-QoS scenario > you're using benefits especially from HQF as the parent shaper is aware > of the LLQ within the child, but not entirely sure about this. It would > explain the improved behaviour, though. I have always had the impres

[c-nsp] WS-X4506-GB-T Ports not connected

Hello, I'm having a little problem here with a new Cisco 4510R-E. It's running the following configuration: Mod Ports Card Type Model ---+-+--+- 5 6 Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E

Re: [c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?

On Thu, August 21, 2008 12:59 am, Brandon Price wrote: > Other than just saying "its bad" can you give some specifics as to the > problems you've run into using private addresses for PE-CE links? As > long as the SP hands out unique addresses across all of the links, what > does it matter whether t

Re: [c-nsp] Web Caches

I second Alan's suggestion. I've seen this product in a POC we did and it works great. I've also seen some graphs of one of their biggest customers and the saved bandwidth rates were impressive. My bests to Aviad, the man! Ziv -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PR

Re: [c-nsp] Improved queuing in 12.4(20)T?

Per Carlson <> wrote on Tuesday, August 26, 2008 10:47 AM: > Hi. > > I'm doing some QoS-testings and notice a remarkable change in the > latencies on a priority queue (as well as some improvement on other > queues) in 12.4(20)T compared with 12.4M (19, 19b and 21) and > 12.4(15)T7. The scenario i

[c-nsp] ES20 crashing on bad DWDM

Hi, has anybody experienced ES20 2x10G cards crashing when DWDM link quality degrades? Usually when the error rate increases so that IGP and PIM start flapping, the card stops responding to CPU heartbeats and is rebooted. We have seen this at two customers now, TAC is failing to reproduce... I'd

Re: [c-nsp] CoPP Service Policy

Aftab Siddiqui <> wrote on Tuesday, August 26, 2008 10:29 AM: > Dear All, > > > I would like to know the difference in performance and implementation > if I put the service-policy within the specified interface (e.g. > gix/x) or with in the control-plane in globally. > *First Option:* > > Route

[c-nsp] Improved queuing in 12.4(20)T?

Hi. I'm doing some QoS-testings and notice a remarkable change in the latencies on a priority queue (as well as some improvement on other queues) in 12.4(20)T compared with 12.4M (19, 19b and 21) and 12.4(15)T7. The scenario is H-QoS with a parent doing "shape average" and a child with 4 queues:

[c-nsp] CoPP Service Policy

Dear All, I would like to know the difference in performance and implementation if I put the service-policy within the specified interface (e.g. gix/x) or with in the control-plane in globally. *First Option:* Router(config)# *control-plane * Router(config-cp)# *service-policy input* *service-p