On 08/26/2010 12:58 AM, Jason Lixfeld wrote:
I'm fiddling with my lab, attempting to edumacate myself on L3VPNs.
I'm trying to figure out the best way to get a default route into my
test vrf. Since I'm doing BGP between all my PEs, it seems sensible
that I try to originate the default route in B
On 8/25/10 10:59 PM, "Mikael Abrahamsson" wrote:
> On Wed, 25 Aug 2010, Security Team wrote:
>
>> Any gurus still awake?
>
> Have you enabled "mls qos" globally? Are you doing "mls qos trust dscp" on
> the interface?
I have mls qos there globally, yes. Sorry I omitted that important fact.
>
On Wed, 25 Aug 2010, Security Team wrote:
Any gurus still awake?
Have you enabled "mls qos" globally? Are you doing "mls qos trust dscp" on
the interface?
"mls qos" should be on to do what you want, mls qos trust dscp needs to be
not there, otherwise the 6500 won't change anything (trust d
I have really enjoyed learning about QoS, it's challenging. But I ran
across something so simple today that doesn't work that I'm questioning
whether I have learned anything at all
All I wanted to do on a 6500 with Sup2's is mark all incoming traffic into
my gig1/1 from a certain source addre
On Thu, 26 Aug 2010 10:42:28 +1000
Ben Steele wrote:
> Out of curiosity can you tell me what led you to wanting 2FA for these
> devices, and how the traditional acl/tacacs method failed your
> requirements?
We are using RSA SecurID on P and PE Routers to secure the core network
and fullfil custo
Hello Ben:
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Ben Steele
> Sent: Wednesday, August 25, 2010 5:42 PM
> To: Mark Tech
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Router 2 factor authentication
>
On 24/08/2010, at 8:59 PM, Saku Ytti wrote:
> First CSCO box to support policing unknown unicast is EARL7.5 but it is
> per chassis instead of per port. I'm not sure if any Cisco can support
> per port unknown unicast policing, but if Nexus7k/EARL8 doesn't do it,
> I'm betting there isn't any box
Out of curiosity can you tell me what led you to wanting 2FA for these
devices, and how the traditional acl/tacacs method failed your requirements?
Of course anyone who has implemented it is free to chime in, just generally
interested in peoples security concerns around this and how you feel it
mi
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/command/reference/cli2.html#wp7675790
The joys of express setup... somebody held down the mode button for 10+
seconds. There should be files on the flash containing the old boot config and
vlan.dat.
I'm fiddling with my lab, attempting to edumacate myself on L3VPNs. I'm trying
to figure out the best way to get a default route into my test vrf. Since I'm
doing BGP between all my PEs, it seems sensible that I try to originate the
default route in BGP instead of redistributing it from anothe
Hello Mark:
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Mark Tech
> Sent: Wednesday, August 25, 2010 1:06 PM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Router 2 factor authentication
>
> Hi
> I am looki
On Wed, Aug 25, 2010 at 01:06:24PM -0700, Mark Tech wrote:
> I am looking for a 2FA solution in order to connect to Cisco devices. I would
> like to use either Radius or TACACS as the AAA part, however I'd like to know
> whether/how I could interconnect this to a 2nd auth such as a token based RS
>> I am looking for a 2FA solution in order to connect to Cisco devices. I
>> would
>> like to use either Radius or TACACS as the AAA part, however I'd like to
>> know
>> whether/how I could interconnect this to a 2nd auth such as a token based
>> RSA
>> securID platform
>>
>> I'd appreciate any in
Hi,
>
> One of potential problem to have only one single stack is the downtime
> during OS upgrade (and other maintenance).
>
> Two stack and backup each other via VRRP/HSRP could provide higher
> availability to clients (machines/customers) under them, provided those
> clients equips two up link
Hello,
we have an asr1000 acts as an LNS. Two weeks ago we upgraded it to XNF2,
but the packet forwarding was not working at half of the pppoe sessions.
We tested it with ping, the cpe received the icmp packet, and it sent the
icmp replay, but the asr1000 was unable to handle it, so the pppo
How about users appending the token digits to the password? Of course this
would mean your storing plain text passwords on the tacacs server
somewhere..
On 25 August 2010 21:06, Mark Tech wrote:
> Hi
> I am looking for a 2FA solution in order to connect to Cisco devices. I
> would
> like to us
Hi
I am looking for a 2FA solution in order to connect to Cisco devices. I would
like to use either Radius or TACACS as the AAA part, however I'd like to know
whether/how I could interconnect this to a 2nd auth such as a token based RSA
securID platform
I'd appreciate any input if this is possi
Hi,
I have never seen anything about 'HRPC' before, but some googling suggests
that its some Remote Procedure Call component they are using.
RPC basically provides access for calling software functions a device, from
another device. It might be what is being used in the stack for interswitch
softw
Keegan Holley wrote:
> Well the cisco is getting LMI from the juniper. Do you see the lmi counters
> incrementing on the Juniper side?
>
Nope.
LMI type ANSI
T391 LIV polling timer 10
T392 polling verification timer 15
N391 full status pol
Hi,
I've been asked to design a storage solution where I work (which is a ISP),
I have been considering using one of the 2 equipments
- Cisco MDS 9148 Multilayer Fabric Switch
- Cisco MDS 9222i Multiservice Modular Switch
Could anyone with experience/knowledge point out the difference between
t
On Wed, Aug 25, 2010 at 12:55 AM, Alan Buxey wrote:
> Hi,
> StackWisePlus is a 32G full duplex bidirectional ring (when cables all
> installed properly this means you should still be better ff using
> it rather than having 2 stacks and trying to link the 2 together using
> eg expensive 10G et
On Wed, 2010-08-25 at 11:30 -0400, Tim Durack wrote:
> Interestingly NX-OS allows a decimal point:
>
> "storm-control {broadcast | multicast | unicast} level percentage[.fraction]"
So does the 6500 actually. The fraction can be specified with two
decimal digits. :-)
(It'll be many years before I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Presence Denial of Service
Vulnerabilities
Advisory ID: cisco-sa-20100825-cup
Revision 1.0
For Public Release 2010 August 25 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20100825-cucm
Revision 1.0
For Public Release 2010 August 25 1600 UTC (GMT
On Wed, Aug 25, 2010 at 10:37 AM, Jon Lewis wrote:
>
> Even clearer than that:
>
> "Each port has a single traffic storm control level that is used for all
> types of traffic (broadcast, multicast, and unicast).
>
> Traffic storm control monitors the level of each traffic type for which you
> enab
On Wed, 25 Aug 2010, Peter Rathlev wrote:
On Wed, 2010-08-25 at 08:22 +0200, Jens S Andersen wrote:
I just found out I can't set different levels for broadcast and multicast
storm control
Cisco hints at this in the documentation, e.g. for the "storm-control
broadcast level" command:
"Enables
Hi All,
This maybe a simple solution but I have a quick question about the compact
flash adapter. I was reading the guide and getting ready to install it when I
noticed that there was a small yellow label on the adapter that says "Min. SP
RMON: 8.4(2) Min. RP RMON: 12.2(17r)S4". When I exe
On Wed, 25 Aug 2010, Peter Rathlev wrote:
I would actually very much like to have something like BFD for L2. When
constructing EoMPLS paths through the network failover (seen from
between two "CE" devices) can be oh-so-slow, with RSTP (~6 sec) and UDLD
(~5 sec) being the quickest to discover loss
On Wed, 2010-08-25 at 08:22 +0200, Jens S Andersen wrote:
> I just found out I can't set different levels for broadcast and multicast
> storm control
Cisco hints at this in the documentation, e.g. for the "storm-control
broadcast level" command:
"Enables broadcast traffic storm control on the in
Priority 15 is the important part.
Cannot remember details, but first switch numbered 9 became a standard when
merging two stacks long time ago.
With all switches at default priority highest numbered switch will be master.
To avoid having to do this with scheduled downtime this configuring maste
Hi
I just found out I can't set different levels for broadcast and multicast
storm control
I tried this on a C6503-E/Sup32/WS-X6516A running 12.2(33)SXI4a
and a C6506-E/VS-S720-10G/WS-X6724-SFP running 12.2(33)SXI3
Looks like a bug.
-Jens
>Thank you everyone. I will set the broadcast and mul
You can use the "logging discriminator" command..
Initially you create a discriminator and then you enable it on the
syslog,buffer or console logging
*logging discriminator YOURNAME msg-body drops YOURTEXT
logging host x.x.x.x discriminator YOURNAME
logging buffered discriminator YOURNAME*
You
On Wed, 2010-08-25 at 01:02 -0500, Richard A Steenbergen wrote:
> BFD is an IP based protocol, it's completely ignorant of L2 multipath
> and will almost always get hashed over a single link arbitrarily.
Cisco may view it as only L3 relevant, but from RFC 5882 section 2:
> Its sole purpose is to
Hi,
* Alan Buxey [2010-08-25 08:55:00+0100]:
>
> > Interesting, Cisco told us it is generally a bad idea going much above
> > five switch stacks. Something to do with the fact that at the rear of
> > the switch you have a token ring-esque system and 40Gbps of backplane
> > (off the top of my
Hello,
yesterday, a stack of three WS-C3750G-24TS-S IPBASE 12.2(50)SE3 reloaded
after having erased its configuration... i tried to find the issue but i
haven't found anything. I just have syslog messages as following:
Notice 2010-08-2414:36:584606: 004527: Aug 24 14:36:57.301:
%SYS-5-
Hi,
> Interesting, Cisco told us it is generally a bad idea going much above
> five switch stacks. Something to do with the fact that at the rear of
> the switch you have a token ring-esque system and 40Gbps of backplane
> (off the top of my head). In the early code they only had a single
>
Hello @all,
I hope I've just a problem I'm not getting rid of by simply not having
found the according doc or command/option yet.
IOS 12.2.(33)SRE1 running on 7200 and 7600 is creating a log entry each
time a config session is closed:
>> Aug 24 10:03:46.988 CEST: %SYS-6-EXIT_CONFIG: User ha
37 matches
Mail list logo