David,
> >> In newer releases (where the import code was rewritten), the
command is
> >> "import path limit "
>
> Would be interested to know what visible differences there are in the
> behaviour of this (existing vs rewrite)
take a look at "BGP Event-Based VPN Import" feature doc
(http://www.c
> -Original Message-
> From: Deric Kwok [mailto:deric.kwok2...@gmail.com]
> Sent: Thursday, August 05, 2010 9:44 PM
> Subject: Re: [c-nsp] pix vs asa
>
> Hi
>
> Thank you so much for reply.
> AS A works fine but I have problem about vpn. I am using ciscoasdm to
> configure it.
>
> I ge
Hi
Thank you so much for reply.
AS A works fine but I have problem about vpn. I am using ciscoasdm to
configure it.
I get ipaddress in ippool after connection.
But I can not ping out eg: gw and any servers in the same pool network
Any example about vpn config too to let me check
Thank you agai
Yes. That sounds like loads of fun. We always use passwords on our
switches, but it is always good to check.
Thanks.
-Troy
On Aug 5, 2010, at 3:05 AM, Garry wrote:
On 05.08.2010 02:09, Troy Beisigl wrote:
After reading up on VTP server configurations at Cisco, I wanted to
get someone's r
If your pix runs 7.0 or higher, the commands are virtuall identical for the
same corresponding code of ASA. In fact for a long time, the binaries were
the same.
If it's 6.3 on the pix, there's some changee.
If this is for a migration, your best using the configuration migration tool
found on CCO
Deric,
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Deric Kwok
> Sent: Thursday, August 05, 2010 8:46 PM
> Subject: [c-nsp] pix vs asa
>
> Hi all
>
> Just wandering whether any different to configure vpn in pix
Hi all
Just wandering whether any different to configure vpn in pix and asa
Any example
Thank you
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco
> Very cool discussion - thanks for sharing info
Indeed, thanks to all who have replied
>>
>> In newer releases (where the import code was rewritten), the command is
>> "import path limit "
Would be interested to know what visible differences there are in the
behaviour of this (existing vs rew
> ack, the "import " option is very important. You don't actually need
> the "ibgp unequal-cost" with it, unless you want to do unequal-cost ibgp
> load-sharing.
>
> In newer releases (where the import code was rewritten), the command is
> "import path limit "
>
>oli
>
>
Very cool discussio
On 08/05/2010 07:52 PM, Youssef Bengelloun-Zahr wrote:
Hello Peter,
Have you read this :
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a008086ed2e.shtml
I have been through this situation several times and OIR really works... but
hey, you never what c
So, here's the deal.
It works. With caveats.
1) the Cisco 6500 loopback has a fixed mtu of 1514. This isn't enough to
accommodate a GRE-encapsulated packet. So you have to take the path-MTU
hit.
2) per the release notes, GRE tunnels are hardware-accelerated - except
for packets which require e
Hello Peter,
Have you read this :
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a008086ed2e.shtml
I have been through this situation several times and OIR really works... but
hey, you never what can happen out there ;-)
Maybe you should cut-off power f
>
> Taking this even further, you may also want to investigate the command
> "maximum-paths ibgp unequal-cost" which can be used to protect against
> route-reflector failure. For example, you could use "maximum-paths
ibgp
> unequal-cost 2 import 4" to ensure your VRF's will import 4 BGP
routes.
Hi,
>I'm running into an issue where I have a 7204 that is timing out the vty
>login page on the client side but not closing the line on router side.
>Has anybody run into this issue before? Any ideas where I can start
>looking? I've checked the Cisco site.
while ago we had the same on a 7304
I need to remove a STANDBY HOT redundant SUP720-3BXL from a 6506-E chassis
tonight and want to minimize any possibility of a reload or traffic
interruption. Other than just yanking the card from the chassis and relying
on OIR, is there any suggested steps to take to make this cleaner?
I want to
On Thu, Aug 5, 2010 at 11:54 AM, Kenny Sallee wrote:
> This is a pretty cool config, but I'm having a hard time seeing why you'd
> want to do this? Why not just route-target import/export between VRF's you
> want to share routes with? And use import-maps to filter as necessary?
>
> I did the sam
multicast, perhaps?
or there are cases where you just need an interface to apply something to, such
as an ACL, PBR...
(sorry for not indenting and replying inline, the message came in html and
outlook is pretty dumb in switching back to plaintext)
--
deejay
From: Kenny Sallee [mailto:kenny
Using multiple RD's is important for convergence when you are using
route-reflectors as a route-reflector will only advertise the "best" BGP route
to it's clients. If you use the same RD for a VPN across two (Or more) PE's
then the route-reflector will see that route as the same and only pick th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nick Chettle wrote:
> Using multiple RD's is important for convergence when you are using
> route-reflectors as a route-reflector will only advertise the "best"
> BGP route to it's clients. If you use the same RD for a VPN across
> two (Or more) PE's t
David,
> would be interested on some expansion of oli's comments on
convergence,
> and why differing RDs for the same prefix would be a good thing (I'm
> imagining perhaps if you want to do multipath then they are considered
> multiple paths as opposed to simply just selecting one because RD is
th
> > The tunnel source and destination are between different loopbacks
> > within the global table, but one end of the tunnel is within the
> > global and one end within the VRF table. You might be able to NAT
> > across the GRE tunnel.
>
This is a pretty cool config, but I'm having a hard time see
We generally do one RD, RT per VRF, same RD across multiple PEs the VRF
is configured (extended import/export policies aside)
We also attach standard communities to VRF prefixes (yes, astonishing
thing to do) since our standard community scheme does all the stuff like
identifying the originating r
AFAIK this is not possible.
If the test servers are on the same subnet only L2 switching is
possible, not L3 routing.
And upon the configuration of the protected switchport the traffic will
be disrupted.
___
cisco-nsp mailing list cisco-nsp@puck.nether
On Thu, 5 Aug 2010, Daniel Bradler wrote:
There are two test servers connected to port 1/0/13 and 1/0/14. These
servers have IP adresses from 80.83.122.0/24 and 80.83.123.0/23 with
255.255.255.255 as subnet mask and use 80.83.127.1 as default gateway.
Sorry, there was not netmask not configure
Hi,
I have a routing issue on a C3750G-24TS-E (SW version 12.2(53)SE2) with
the switchport procted feature enabled.
In short, my configuration looks as follows:
interface GigabitEthernet1/0/13
switchport access vlan 910
switchport mode access
switchport protected
!
interface GigabitEthernet1
On 05.08.2010 02:09, Troy Beisigl wrote:
> After reading up on VTP server configurations at Cisco, I wanted to
> get someone's real life experience sign off on this.
Whatever you do, make sure you set up VTP passwords ... we had an
instance where a switch was not configured for VTP password ... w
Actually changing domain name will reset config revision, so the step
with transparent isn't necessary.
On Thu, Aug 5, 2010 at 9:57 AM, Holger wrote:
> On 04.08.10 17:09, Troy Beisigl wrote:
>> After reading up on VTP server configurations at Cisco, I wanted to
>> get someone's real life experien
On 04.08.10 17:09, Troy Beisigl wrote:
> After reading up on VTP server configurations at Cisco, I wanted to
> get someone's real life experience sign off on this.
>
> Cisco docs state that you can have more than one VTP server in a VTP
> domain and that updates on one will update the other and vi
On 08/05/2010 07:48 AM, Oliver Boehmer (oboehmer) wrote:
I strongly advise using a unique RD per VRF per PE. This gives you
load-sharing and improves routing convergence when the same VRF prefix
is exported by multiple PEs (i.e. for multi-homed CEs), even when you
use route reflectors. Unique RD
Hi,
On 5 August 2010 15:48, Kenny Sallee wrote:
{cut}
>
> I believe the route-target exported needs to be unique across the entire
> routing domain (else you could have one customer import other customers
> routes). RD can be different per PE router - but I'm not sure why anyone
> would want to
You're right, but OTOH, if it's working perfectly there is no reason to upgrade
to 15.0.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of LM
Sent: Wednesday, August 04, 2010 9:05 PM
To: cisco-nsp@puck.nether.net
Subject:
31 matches
Mail list logo