The fact that Rapid STP is an active protocol (rather than the old
listen / learn / wait) implies that workarounds like uplinkfast are
nolonger required. MST uses RSTP as the STP within the instances and
as such gains all the benefits that rapid gives you.
David
...
On 27/08/2009, at
On Thu, 2009-08-27 at 00:07 +0200, Gert Doering wrote:
HSRP with IPv6 is there on IOS, VRRP with IPv6 is there on JunOS and
(as far as I understand) coming soon to IOS.
yep, works like a charm on Junos, same sub-second failover as on VRRP
for v4.
dan...@jun1. show vrrp interface
Hi David,
Thanks for the reply...
With MST deployed across our network now, the access layer switches take
20-30seconds before they start switching traffic via the redundant link.
Prior to this we were using PVST+ and with uplinkfast enabled on these
access layer switches, once the primary link
On Wed, 2009-08-26 at 21:23 +0100, Alexander Clouter wrote:
Some of us would disagree rather strongly with one or more of those
points. For instance, for us DHCPv6 is a hard requirement.
Why the hard requirement?
DHCPv6 prefix delegation. And DNS assignment. And a bunch of other
Daniel Verlouw wrote:
No real experience with HSRP though, can anyone shed some light on that?
I understand it only works for link-local addresses?
Yes, unfortunately it is only link-local. I am just trying to figure it
out how to marry link-local with our global ipv6 assignments.
--
Some of us would disagree rather strongly with one or more of those
points. For instance, for us DHCPv6 is a hard requirement.
Why the hard requirement? Is this for a MAC-IP association table?
I'm working on a method (might not work mind you) to make a SLAAC
network forfill this
Hi,
I'm wondering if any of you have run across a tool that will audit a cisco
configuration file (or files as the case may be) against a standard template?
we've written a few of our own scripts to check for settings,
presence and absence of values etc.
We have a configuration file
Daniel Verlouw dan...@bit.nl writes:
(does anyone actually implement RFC 5006 yet?)
Sure they do. radvd can announce RDNSS and rdnssd (part of the ndisc6
toolbox) can be used on the client side: http://www.remlab.net/ndisc6/
When it comes to real routers, I don't know... The Juniper ERXes
On Thu, 27 Aug 2009, Bjørn Mork wrote:
When it comes to real routers, I don't know... The Juniper ERXes have
support for setting IPv6 DNS servers via RADIUS, but this seems to only
configure the local dhcpv6 server running on the ERX.
Cisco DHCPv6 server in 12.4(24)T can hand out DNS server
sth...@nethelp.no writes:
Some of us would disagree rather strongly with one or more of those
points. For instance, for us DHCPv6 is a hard requirement.
Why the hard requirement? Is this for a MAC-IP association table?
I'm working on a method (might not work mind you) to make a SLAAC
Grzegorz Janoszka wrote:
Daniel Verlouw wrote:
No real experience with HSRP though, can anyone shed some light on that?
I understand it only works for link-local addresses?
Yes, unfortunately it is only link-local. I am just trying to figure it
out how to marry link-local with our global
We have 24 port 100FX MM boards WS-X6324-100FX-MM in a 13 slot
chassis, and none of these modules come up all the way with SXI1 or 2.
In Version 1 the modules were not even recognized yet were a supported
device. In rev 2 they are recognized and indicate that they pass the
diags after
On Thu, Aug 27, 2009 at 08:59:17AM +0100, sth...@nethelp.no wrote:
Some of us would disagree rather strongly with one or more of those
points. For instance, for us DHCPv6 is a hard requirement.
Why the hard requirement? Is this for a MAC-IP association table?
I'm working on a method
Hi,
* Bjørn Mork bj...@mork.no [2009-08-27 11:31:08+0200]:
sth...@nethelp.no writes:
Some of us would disagree rather strongly with one or more of those
points. For instance, for us DHCPv6 is a hard requirement.
Why the hard requirement? Is this for a MAC-IP association table?
Phil Mayers wrote:
Grzegorz Janoszka wrote:
Daniel Verlouw wrote:
No real experience with HSRP though, can anyone shed some light on that?
I understand it only works for link-local addresses?
Yes, unfortunately it is only link-local. I am just trying to figure it
out how to marry link-local
Phil Mayers wrote:
Grzegorz Janoszka wrote:
Daniel Verlouw wrote:
No real experience with HSRP though, can anyone shed some light on that?
I understand it only works for link-local addresses?
Yes, unfortunately it is only link-local. I am just trying to figure
it out how to marry link-local
Grzegorz Janoszka wrote:
Phil Mayers wrote:
Grzegorz Janoszka wrote:
Daniel Verlouw wrote:
No real experience with HSRP though, can anyone shed some light on that?
I understand it only works for link-local addresses?
Yes, unfortunately it is only link-local. I am just trying to figure
it out
Forgot to note that with SXI they work. Its the version 1 and 2
that have the problem.
Jeff
On Aug 27, 2009, at 5:42 AM, Jeff Fitzwater wrote:
We have 24 port 100FX MM boards WS-X6324-100FX-MM in a 13 slot
chassis, and none of these modules come up all the way with SXI1 or 2.
In
On Thu, 2009-08-27 at 11:20 +0100, Phil Mayers wrote:
I don't understand; all link-local IPs are
fe80::/64
link local unicast range is FE80::/10
--Daniel.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Hi,
On Wed, Aug 26, 2009 at 08:40:37PM +0200, Peter Rathlev wrote:
On Wed, 2009-08-26 at 13:00 -0500, Justin Shore wrote:
I'm suspect that the interface MTU of the 1841 may not go above 1500.
It's even worse, it doesn't seem to support MTU != 1500 at all on the
built in FE interfaces.
Hi,
We have 24 port 100FX MM boards WS-X6324-100FX-MM in a 13 slot chassis,
and none of these modules come up all the way with SXI1 or 2.
In Version 1 the modules were not even recognized yet were a supported
device. In rev 2 they are recognized and indicate that they pass the
diags
Hi,
On Thu, Aug 27, 2009 at 09:35:54AM +0100, Phil Mayers wrote:
IPv6 emulated the then-state-of-the-art IPX autoconfig mechanisms, and
seems reluctant to admit it's missed out the last decade of operational
knowledge acquired with IPv4.
SLAAC should die the death it so richly deserves
Phil Mayers wrote:
Do you have any plans for such IP division? I just thought about
replacing first 16 bits of public v6 address with fe80, but maybe you
have better ideas.
I don't understand; all link-local IPs are
fe80::/64
i.e. link-local are always fe80::::the mac
You can't
On Wed, Aug 26, 2009 at 12:59:02AM -0700, Seth Mattinen wrote:
Justin Shore wrote:
andr...@one.net wrote:
I'm getting ready to install some RPS 675's in order to dual cord some
3750's and ran across this in the manual:
Don't forget rebooting to go back to internal power. Except on 2088
Gert Doering wrote:
Hi,
On Thu, Aug 27, 2009 at 09:35:54AM +0100, Phil Mayers wrote:
IPv6 emulated the then-state-of-the-art IPX autoconfig mechanisms, and
seems reluctant to admit it's missed out the last decade of operational
knowledge acquired with IPv4.
SLAAC should die the death it so
We have sup-7203C-10G and it show the module being supported.. It
also works in SXI just not SXI1 or 2
We are not running VSM
Jeff
WS-X6324-100FX-MM
1.52 a...@42 V
24-port 100FX Ethernet
•Single mode and multimode MT-RJ
•128-KB per-port packet buffers
•QoS port architecture (Rx/Tx):
On 27/08/2009 11:41, Gert Doering wrote:
SLAAC works *very* well for the things it was made for: zero-conf
environments, with no dedicated DHCP server - as in home networks or
office networks.
No it doesn't. After 13 years of ipv6 development, I still can't plug my
mac or my windows box into
Hi,
On Thu, Aug 27, 2009 at 05:42:58AM -0400, Jeff Fitzwater wrote:
We have 24 port 100FX MM boards WS-X6324-100FX-MM in a 13 slot chassis,
and none of these modules come up all the way with SXI1 or 2.
In Version 1 the modules were not even recognized yet were a supported
device. In rev
Hi,
On Thu, Aug 27, 2009 at 12:51:42PM +0200, Grzegorz Janoszka wrote:
Link-local IP's are fe80::/10, so I planned to use fe80::/16 in my
network just by replacing first 16 bits of our public IP's.
Can anyone say whether this is bad or wrong idea? :)
Bad *and* wrong.
Link-locals are
Hi,
On Thu, Aug 27, 2009 at 12:11:46PM +0100, Phil Mayers wrote:
But some people seem to think DHCP is a mistake, and DHCP options a
mistake and allocating fixed IPs a mistake. I cannot share that view.
Well, as always there's more than one way to do it. The fact that
you like DHCP more, and
Hi,
On Thu, Aug 27, 2009 at 12:27:35PM +0200, Gert Doering wrote:
On Wed, Aug 26, 2009 at 08:40:37PM +0200, Peter Rathlev wrote:
On Wed, 2009-08-26 at 13:00 -0500, Justin Shore wrote:
I'm suspect that the interface MTU of the 1841 may not go above 1500.
It's even worse, it doesn't seem
On Thu, 2009-08-27 at 12:51 +0200, Grzegorz Janoszka wrote:
Link-local IP's are fe80::/10, so I planned to use fe80::/16 in my
network just by replacing first 16 bits of our public IP's.
Can anyone say whether this is bad or wrong idea? :)
VRRPv6 (on Junos at least) requires you to
Gert Doering wrote:
A bit more tolerance and less my solution is the only one that has any
right to survive! would have helped a lot here.
You're right, and my language was unhelpful. Basically I'm venting ;o)
and I'm sorry if I've offended you Gert - particularly as I've a lot of
respect
Daniel Verlouw wrote:
On Thu, 2009-08-27 at 12:51 +0200, Grzegorz Janoszka wrote:
Link-local IP's are fe80::/10, so I planned to use fe80::/16 in my
network just by replacing first 16 bits of our public IP's.
Can anyone say whether this is bad or wrong idea? :)
VRRPv6 (on Junos at least)
On Thu, 2009-08-27 at 14:13 +0200, Grzegorz Janoszka wrote:
Why did they make v6 so complicated? What is wrong with public IP's on
vrrp/hsrp?
VRRPv6 -does- use global unicast addresses, so you can just tell your
clients to point to the global unicast address.
--Daniel.
While I agree the dearth of RA/DNS support is annoying, in all reality the
environments that we are talking about aren't v6 only.
Atleast, the environments I work in, that is.
They still have v4 (even if RFC19181/NATed), and can rely on DHCP(v4) to get
DNS (and other) information and SLAAC can and
Hello Everyone,i wondered if anyone knows how to monitor 3560 interface vlan
traffic ?
i have only 1 uplink interface and lots of vlan through it and i don't know
which
vlan is busy and which one is not..
thanks.
___
cisco-nsp mailing list
Daniel Verlouw wrote:
On Thu, 2009-08-27 at 14:13 +0200, Grzegorz Janoszka wrote:
Why did they make v6 so complicated? What is wrong with public IP's on
vrrp/hsrp?
VRRPv6 -does- use global unicast addresses, so you can just tell your
clients to point to the global unicast address.
Could
Hi,
No it doesn't. After 13 years of ipv6 development, I still can't plug my
mac or my windows box into an ipv6 only network and actually expect it to
work, because RA/RDNSS client support is so hit and miss.
..whereas I cant plug my Mac into an IPv4 network and actually expect it to
Hi,
I wonder that the point of force DHCPv6 on everbody, just because DHCP
is liked more by some is...?
..that warm fuzzy feeling of familiarity in an alien world...plus knowing that
you've
already got logging/billing/etc sorted
sure, you can pull info or get polled about SLACC etc but that
On Thu, 2009-08-27 at 14:40 +0200, Grzegorz Janoszka wrote:
VRRPv6 -does- use global unicast addresses, so you can just tell your
clients to point to the global unicast address.
Could you please point me a cisco.com webpage confirming that?
Cisco doesn't support VRRPv6 yet afaik (?). For
On Thu, 27 Aug 2009, Nick Hilliard wrote:
No it doesn't. After 13 years of ipv6 development, I still can't plug
my mac or my windows box into an ipv6 only network and actually expect
it to work, because RA/RDNSS client support is so hit and miss.
It works with DHCPv6, at least with Windows
Phil Mayers wrote:
Hmm. So in theory you can configure a router to advertise
fe80:something::/64 as the link prefix?
Ok; why would you want to? Link-local prefixes are still link-local, it
just requires an extra link of config to make bits 11-64 the same as the
unicast prefix.
You cannot
On Thu, 2009-08-27 at 14:45 +0200, Grzegorz Janoszka wrote:
You cannot have the same link-local IP's on different ifaces, can you?
sure you can, that's what link-local is for.
dan...@jun1. show interfaces | match fe80::2$ | count
Count: 16 lines
--Daniel.
Press what button?
Sent from handheld.
On Aug 27, 2009, at 7:23 AM, Mateusz Blaszczyk blah...@gmail.com
wrote:
On Wed, Aug 26, 2009 at 12:59:02AM -0700, Seth Mattinen wrote:
Justin Shore wrote:
andr...@one.net wrote:
I'm getting ready to install some RPS 675's in order to dual cord
Daniel Verlouw wrote:
On Thu, 2009-08-27 at 14:45 +0200, Grzegorz Janoszka wrote:
You cannot have the same link-local IP's on different ifaces, can you?
sure you can, that's what link-local is for.
dan...@jun1. show interfaces | match fe80::2$ | count
Count: 16 lines
So, can I have
Grzegorz Janoszka wrote:
Phil Mayers wrote:
Hmm. So in theory you can configure a router to advertise
fe80:something::/64 as the link prefix?
Ok; why would you want to? Link-local prefixes are still link-local, it
just requires an extra link of config to make bits 11-64 the same as the
Hi,
On Thu, Aug 27, 2009 at 01:05:11PM +0100, Phil Mayers wrote:
Gert Doering wrote:
A bit more tolerance and less my solution is the only one that has any
right to survive! would have helped a lot here.
You're right, and my language was unhelpful. Basically I'm venting ;o)
and I'm
On 27/08/2009 14:13, Gert Doering wrote:
(OTOH: if you plug your laptop with 'a random choice of IPv6-enabled
operating system' into an IPv6 only network with DHCPv6, does it work?
I seem to remember that MacOS X doesn't do any DHCPv6, just SLAAC and
mDNS...)
I'm not pointing fingers or
http://unix.freshmeat.net/projects/nipper
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I have run into the exact same problem here.
===
Eric Gregory
Network and Telecommunications Services
University of Maryland
===
Jeff Fitzwater wrote:
We have 24 port 100FX MM boards WS-X6324-100FX-MM in a 13 slot
Hi all,
I just configured a cisco 1841 to create a ipsec vpn against another
network (exactly against a PFSense box) and I am seeing a lot messages
like
%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer
at 11.22.33.44
%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode
almog ohayon wrote:
Hello Everyone,i wondered if anyone knows how to monitor 3560 interface vlan
traffic ?
i have only 1 uplink interface and lots of vlan through it and i don't know
which
vlan is busy and which one is not..
The Cisco Catalyst 3560 platform doesn't update VLAN interface
I recently configured two Catalyst 6509 switches in a VSS
cluster. When I am issuing the command “show mac-address-table dynamic”, I’m
getting the following output:
Legend: * - primary entry
age - seconds
since last seen
n/a - not
available
vlan mac address
type
Hi folks...
We have a site that runs a Cisco 2800 with a IOS VPN server. Users connect
via their Cisco VPN clients to gain access to an internal network there...
I would like to start auditing it a bit more and have a way to tell who
logged in and when. Is this difficult? I've searched
On Thu, 27 Aug 2009, Nick Hilliard wrote:
On 27/08/2009 11:41, Gert Doering wrote:
SLAAC works *very* well for the things it was made for: zero-conf
environments, with no dedicated DHCP server - as in home networks or
office networks.
No it doesn't. After 13 years of ipv6 development, I
That and having the free IPV6 porn as a motivator sooner might have helped
too.;)
- Original Message -
From: Nick Hilliard n...@inex.ie
To: Gert Doering g...@greenie.muc.de
Cc: cisco-nsp@puck.nether.net
Sent: Thursday, August 27, 2009 7:01 AM
Subject: Re: [c-nsp] IPV6 in general was
It does however, count traffic routed between VLANs.
--
Randy
www.FastServ.com
-- Original Message ---
From: Harald Firing Karlsen maill...@thelan.no
To: almog ohayon almog.purep...@gmail.com
Cc: cisco-nsp@puck.nether.net
Sent: Thu, 27 Aug 2009 17:25:54 +0200
Subject: Re: [c-nsp]
On Thu, 2009-08-27 at 16:21 +0200, luismi wrote:
I just configured a cisco 1841 to create a ipsec vpn against another
network (exactly against a PFSense box) and I am seeing a lot messages
like
%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with
peer at 11.22.33.44
No, we actually carve out one or more subnet for each VPS host and assign
individual IPs to each VPS. Few IPs are wasted.
The only drawback is that a VPS must change IP to be shifted to an alternate
node.
--
Randy
-- Original Message ---
From: Shaun R.
Hi,
On Thu, Aug 27, 2009 at 02:45:29PM +0200, Grzegorz Janoszka wrote:
You cannot have the same link-local IP's on different ifaces, can you?
You can. As it is link-*local*, whatever is on one interface has no
relevance to what is on other interfaces.
gert
--
USENET is *not* the
Hi,
On Thu, Aug 27, 2009 at 10:00:35AM -0700, Michael K. Smith - Adhost wrote:
ipv6 address v6 address::1/64 anycast
That's cool. How exactly does it work?
I assume that the anycast suffix will suppress DAD, and then the
client will use whichever router answers first on the ND request for
First of all,
Thanks to everyone, after a detailed review of my Cisco config as well
several coffee I fixed it.
The problem was some errors in the ACLs related with the crypto map.
Now everything is ok :-D
Thanks again.
___
cisco-nsp mailing list
Does anybody know why when using EEM to write to syslog after an event there is
an extra blank line written? And if so how to stop that from happening.
I have an quick applet that just checks to see if the routers was configured by
snmp and then writes a log message but every time it also
Hi,
On Thu, Aug 27, 2009 at 10:00:35AM -0700, Michael K. Smith - Adhost
wrote:
ipv6 address v6 address::1/64 anycast
That's cool. How exactly does it work?
I haven't been able to find anything specifically on Cisco's website
about how it really works. Even the tech docs just say it
Hi,
Can someone guide me if I can use WLC 5508's all the the 8 ports connected to a
VSS with 4 links to each chassis? The reason I am asking this question is; in
the documentation of VSS it says, not to turn off LACP or PAgP for creating
MEC. But, for WLC LAG, the portchannel negtiation must
Hi All,
I have noticed that with MST and rapid failover that those ports which
are not boundary ports or do not have portfast enabled go through the
blocking, listening and learning states again before forwarding.
Here's me shutting off the primary link Gi0/49. You can see the
redundant link on
On 28/08/2009, at 9:18 AM, Andy Saykao wrote:
I have noticed that with MST and rapid failover that those ports which
are not boundary ports or do not have portfast enabled go through the
blocking, listening and learning states again before forwarding.
whether its PVRST+ or MST used, you
Good evening!
I read through RFC2373 and it doesn't detail how it works either - it just
specifies what you can and cannot do. The main point is that anycast only
works on routers, not hosts. I can tell you that the router shows that DAD
is *not* enabled on either interface. But, this is
Hi Licoln,
We may have to do what you have suggested - thanks for the suggestion.
I labbed all this up today with mixed results. Basic access layer switch
with an access port (laptop pulgged into it) and two links out (one to
dist1-switch and one to dist2-switch). Each dist switch connecting to
70 matches
Mail list logo