On (2008-12-16 13:37 -0800), bill fumerola wrote:
Hey Bill,
> why does adding an external community to a route (via a route-map)
> impact the neighbor itself? i realize in later versions of IOS this
> command was added to the per-{neighbor,peer-group,peer-policy} stanzas.
I'm trying to think how
Tim,
Another option is to attach the existing network to the relevant VPN as
a CE, and maintain connectivity to the non-migrated sites through the
old topology, while every migrated site would become reachable via the
VPN.
In this case you just connect the old network through an "ASBR" to a
major
Hi,
anyone who has experienced or encountered this ?
HSRP configuration has no problem and root bridge as well.
but this logs only happened in Sw1. whereby sw2 has no suspicious error symptom
found.
Dec 12 15:40:24.556 CCT: %STANDBY-6-STATECHANGE: Vlan10 Group 1 state Standby
-> Active
Dec
You could run routing protocol inside the (DMVPN) tunnel like OSPF and
redistribute using MP-BGP.
router ospf 1 vrf CUSTOMER1 <---VRF instance of OSPF
network [tunnel interface ip network] area 0
redistribute bgp 65535 subnets route-map redis-bgp-vrf-CUSTOMER1-to-ospf
!
Router ospf 2
Network [t
Are there any technical differences between the HWIC-3G-GSM in an 1841 and a
881G (with 3G) ?
Better performance? Technically or anything?
Thanks.
--
Skeeve Stevens, RHCE
ske...@skeeve.org / www.skeeve.org
Cell +61 (0)414 753 383 / skype://skeeve
eintellego - ske...@eintellego.net - www.eintell
You can use OSSEC (http://www.ossec.net/) to monitor your log files for
you. It's pretty easy to set up and then you can set up your own custom
filters like below. When OSSEC finds a match in the log it will email
you.
For example we have OSSEC monitoring a few syslog messages like:
%SEC-6-I
Splunk is really good for that used to use Swatch years ago, not sure if
it's still around at all
We're looking at integrating Splunk into our monitoring platform in the next
year or so (Cittio Watchtower).
Paul
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:
On Wed, 2008-12-17 at 15:54 -0500, Tuc at T-B-O-H wrote:
> We are going to be monitoring the syslog output (We already have
> a product (Zenoss)). Does anyone know of a repository of the "Watch
> for these regular expressions" to decide what is worth looking into,
> and whats worth ignoring.
I don
Hi Everton,
On Thu, Dec 18, 2008 at 5:08 AM, Everton Diniz wrote:
>
> How can i set bandwidth on Sw running CatOS?
>
> Like IOS:
> int f1/1
> band 1
The "bandwidth" command in IOS doesn't actually change the bandwidth
of an interface -- it's used by other higher layer processes like
routing
Hi,
We are going to be monitoring the syslog output (We already have
a product (Zenoss)). Does anyone know of a repository of the "Watch
for these regular expressions" to decide what is worth looking into, and
whats worth ignoring.
Thanks, Tuc
_
Has anyone has success implementing L2TP over IPSec remote access VPN
using machine certificate for phase 1 negotiation (instead of
pre-shared key)? If we use pre-shared key for the phase 1 negotiation,
the VPN connection is successful. But once we switch over to using
certificate for phase 1 negot
On Wed, 17 Dec 2008, Spencer Barnes wrote:
I removed all ACLs and Netflow but that did not have an effect. I think
I can move NAT to the core router for testing purposes, I'll try and do
that tomorrow morning. IOS version is (C7200-JK9O3S-M), Version
12.4(21).
If you're tunneling over 1500 m
"Jose Conceicao" wrote on 12/11/2008 06:14:02
AM:
> Hi
>
> Under what conditions would it be deemed wise to tweek SPD or disable it
> altogether?
Since noboby else seems to want to touch this.. I wouldn't disable SPD
since it allows extra input buffering for things like routing packets that
On Wed, Dec 17, 2008 at 12:25 PM, Luan Nguyen wrote:
> Let me try thinking out loud :)
> There BGP support for IP prefix import into VRF table:
> http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_bgivt.htm
> l
> You could use static routes as well.
Looked at that. Trouble is the
Hi all,
How can i set bandwidth on Sw running CatOS?
Like IOS:
int f1/1
band 1
Tks All
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Some platforms support the "police rate x pps" command, but i don't know if this should be
used for CoPPs exclusively.
"storm-control unicast" should block all unknown unicast, which is probably not what
Primoz wants (besides the vlan/trunk matter).
--
Tassos
Ross Vandegrift wrote on 17/12/
My Cisco SE told me lat week 32b ASN will be supported in:
12.2(33)SRE for 7600 and 7200, due Q3 2009 :-(
12.4(24)T for ISR 28xx/38xx and 7200, due april 2009
Martin
cisco-nsp-boun...@puck.nether.net <> wrote on 17/12/2008 17:32:
> Thanks Brian.
>
> IOS-XR and NX-OS seem the only OS's in the
I removed all ACLs and Netflow but that did not have an effect. I think
I can move NAT to the core router for testing purposes, I'll try and do
that tomorrow morning. IOS version is (C7200-JK9O3S-M), Version
12.4(21).
Spencer
-Original Message-
From: Church, Charles [mailto:cchur...@
Isn't it about time for a 13.0? Or is Cisco superstitious? :)
Chuck
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Skeeve Stevens
Sent: Wednesday, December 17, 2008 10:57 AM
To: 'Luan Nguyen'; 'Antonio Soares'; cisco
Try removing the ACLs and NetFlow one at a time, see if any of those
help. The NAT you probably can't get rid of I'm guessing. Is this an
older IOS version? Older ones couldn't do NAT in the CEF path, from
what I remember. An upgrade might help. Although newer ones might
complain about the NPE
On 2008-12-17 16:56, Skeeve Stevens wrote:
Any dates announced for 12.5T?
The 4-byte ASNs will still hit in the 12.4T line. 12.5T will be
created after 12.5M, which still is somewhere in the future.
--
"Don't expect me to cry for all the | Łukasz Bromirski
reasons you had to
Let me try thinking out loud :)
There BGP support for IP prefix import into VRF table:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_bgivt.htm
l
You could use static routes as well.
For dynamic, some people create two tunnels, same router, same subnet,
sourced from different lo
Any dates announced for 12.5T?
...Skeeve
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Luan Nguyen
Sent: Thursday, 18 December 2008 2:34 AM
To: 'Antonio Soares'; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] 32 bit ASN
I included several replies in this that didn't make the list because I
thought the information might be helpful.
"You are talking about disabling the VPN connection, are you only
routing traffic at that point or are you still using some form of
tunneling? (gre/ipip)"
Pure routing. I setup a serv
Thanks Brian.
IOS-XR and NX-OS seem the only OS's in the Cisco family that support this.
IOS-XR since release 3.4.0 and NX-OS since 4.0(1).
By the way, i found this document written by Jeff Doyle about this subject:
http://www.networkworld.com/community/node/35767
Thanks.
Regards,
Antonio
On Wed, Dec 17, 2008 at 04:00:56PM +0100, Primoz Jeroncic wrote:
> Hi guys
>
> Does anyone have any idea if rate limiting traffic based on packet
> count would be possible on Cat3550/3560/3570 or any Cisco router?
> I would need to limit some users which don't generate much of
> traffic (only abou
Looking for some "creative" ideas on how best to accomplish this:
We are migrating a traditional enterprise-style IP network to an
MPLS-VPN network. All the infrastructure MPLS/IGP/MP-BGP work is
essentially done (it's a purely PE-PE network, no P routers anywhere.)
All "customer" networks are st
Maybe give storm-control with pps keyword a try.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/1
2.2_25_see/configuration/guide/swtrafc.html#wp1241484
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: cisco-nsp-
Here's an old post on this topic:
http://puck.nether.net/pipermail/cisco-nsp/2008-August/053334.html
Also, I heard it's going to be implemented beginning 12.5T
Regards,
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net
-Original Message-
From: cisco-nsp-boun...@puck.nether
Hi guys
Does anyone have any idea if rate limiting traffic based on packet
count would be possible on Cat3550/3560/3570 or any Cisco router?
I would need to limit some users which don't generate much of
traffic (only about 5 or 6Mbps), but packet count is huge (30k+ per sec).
So is there some opt
Has anybody managed to get the http package working?
I want to do an HTTP POST, for some reason I can't load the http.tcl
package inside system:lib/tcl (is this something to do with the safe
execution mode?)
I've tried
require package http
require package http 2.4.7
require package ioshttp (tryi
Thanks a lo Howard, just the last question, On my sup2 I have a sup-bootflash
(bootflash in rommon mode) of 32MB and in this sup-bootflash is the corrupted
IOS.
Befote to buy a PCMCIA i was trying to recover and load a new IOS (20MB) from
xmodem but always it stop to transmit. I don't know if th
I recently brought up the same question on NANOG. Here is the thread
http://mailman.nanog.org/pipermail/nanog/2008-August/003347.html
As far as I can tell Cisco is really dragging their feet on this one, unless
you are buying one of their Super-Deluxe model devices that runs on a
different IO
Hello group,
Anybody knows if the 32-bit ASN feature is already available on Cisco IOS ? I
didn't find this feature on Feature Navigator. It's
quite strange the fact no information seems to be available. RIPE will start
assigning 32-bit ASN's in 1/1/2009.
Thanks.
Regards,
Antonio Soares, CCI
Hi
I am testing an NNI connection between a 7600 and a 7200 - test environment at
the moment
I have a scenario where a provider network allocates IPP 7 for voice, whereas
we allocate IPP5
I devised a simple service policy to swap IPP in and out, i.e.
policy-map NNI-VOICE-IN
class NNI-VOICE-I
bill fumerola <> wrote on Wednesday, December 17, 2008 01:04:
> config:
> bgp bestpath as-path multipath-relax
> bgp dmzlink-bw
>
> neighbor aa.bb.cc.73 dmzlink-bw
> neighbor xxx.yyy.zzz.77 dmzlink-bw
>
> interface bandwidth settings:
>
> rtr1#show ip route aa.bb.cc.73 | i direct
> * di
Hi Spencer,
All encryption is done in software on the CPU (no dedicated encryption
hardware) unless you have a special module for that.
You config isn't exactly minimal (ie, gathering flow statistics & NAT also eats
CPU), also notice that you are referring to 5 minute averages on the
bandwidth,
37 matches
Mail list logo