Do you need simulation/emulation or analysis?
And if simulation for proof of concept or training?
For simulation/emulation of a cisco IOS router environment and PIX/ASA
FW as far as i know there are no other/better/more cost effective
options than dynamips/dynagen/GNS3. Very suitable for routing
Hi All,
We right now have several bridged campus wide VLAN. It happens several
times a year where a loop in one of the VLAN will cause our backbone
to be unavailable. Now we are thinking to better architect the design.
If we migrate to some platform like ASR9K and use EoMPLS or VPLS, what
will
Thanks to all who replied.
I think the general consensus from the replies I saw is that there isn't
1 Gbps support as yet in software for the 5548P.
Pete, I wish I had a switch to test the below command on but I don't. I
was looking at reasonably priced available Cisco options for
On 09/02/2011 15:12, schilling wrote:
We right now have several bridged campus wide VLAN. It happens several
times a year where a loop in one of the VLAN will cause our backbone
to be unavailable. Now we are thinking to better architect the design.
If we migrate to some platform like ASR9K and
On Wed, 2011-02-09 at 10:12 -0500, schilling wrote:
We right now have several bridged campus wide VLAN. It happens several
times a year where a loop in one of the VLAN will cause our backbone
to be unavailable. Now we are thinking to better architect the design.
If we migrate to some platform
All,
I encountered some strange, but beneficial, behaviour in the lab. We connected
a server with teamed NICs to two 6500s running SXH2a. The NIC teaming is
active/standby using only a single MAC and IP address. The server joins a
multicast group and starts receiving traffic. We found that if
Maybe look at Arista Networks? Most of their folks are ex-Cisco so it tastes
just like chicken:) Gear is awesome, as is the support and pricing. Just a
thought-
Michael Balasko
CCSP, MCSE,MCNE,SCP
Network Specialist II
City of Henderson, Nevada
240 Water St.
Henderson, Nevada 89015
On 09/02/2011 17:14, Michael Balasko wrote:
Maybe look at Arista Networks? Most of their folks are ex-Cisco so it tastes
just like chicken:) Gear is awesome, as is the support and pricing. Just a
thought-
there are lots of top-of-rack 10G boxes, with different characteristics:
Cisco N5K,
On 09/02/11 16:57, Sam Stickland wrote:
All,
I encountered some strange, but beneficial, behaviour in the lab. We
connected a server with teamed NICs to two 6500s running SXH2a. The
NIC teaming is active/standby using only a single MAC and IP address.
The server joins a multicast group and
On 9 Feb 2011, at 17:51, Phil Mayers p.may...@imperial.ac.uk wrote:
On 09/02/11 16:57, Sam Stickland wrote:
All,
I encountered some strange, but beneficial, behaviour in the lab. We
connected a server with teamed NICs to two 6500s running SXH2a. The
NIC teaming is active/standby using only
Just taking a shot here but I don't think it's quite that if you have
port-channel configured on the switch side for the server link because the
hardware programing is not based on the receiver MAC it's based on the mcast
MAC. The MAC table will program a snooping entry for the mcast MAC to
Schilling,
You should be most likely looking at reducing these wide L2 domains, but
regardless of the L2 domain size, you should still deploy access layer
countermeasures to avoid loop creation and the effects of a potential
loop.
VPLS or any other transport would not help you if some user loops
Hi Ben,
We aren't using port-channels towards the servers. However, I've just seen
another issue on a 3560 where IGMP joins/reports aren't replicated to the SPAN
session. This has got me wondering if the server was reissuing the join all
along but I simply failed to capture it.
Sam
On 9 Feb
Thanks all for the info.
I am familiar with these features. I talked with Cisco TAC several
times, they are not recommending the storm control since it can not
differentiate control data from user data, this might cause
instability of layer 2 network. port-security to only allow specific
mac
Well, take a better look at BPDU guard for access ports.
Also storm control on desktop PC access ports would not affect any protocols...
Each feature should be used in the correct context...
Arie
--
Sent using BlackBerry
- Original Message -
From: schilling
On Wed, 2011-02-09 at 14:10 -0500, schilling wrote:
Thanks all for the info.
I am familiar with these features. I talked with Cisco TAC several
times, they are not recommending the storm control since it can not
differentiate control data from user data, this might cause
instability of layer
Am I the only one getting stupid auto-responses like these from
Qwest? :-)
On Wed, 2011-02-09 at 13:48 -0600, Qwest Autoresponse wrote:
Thank you for contacting Qwest, we appreciate your business. The email
address you have sent to is no longer accepting messages. We apologize
for the
On 09/02/2011 19:54, Peter Rathlev wrote:
Am I the only one getting stupid auto-responses like these from
Qwest? :-)
No, you're not the only one - I got a bunch of them today. I hjave to
say that this demonstrates an impressive level of cluenessness to 1)
ignore precedence: bulk, 2) to
Hi,
On 10 February 2011 04:12, schilling schilling2...@gmail.com wrote:
Hi All,
We right now have several bridged campus wide VLAN. It happens several
times a year where a loop in one of the VLAN will cause our backbone
to be unavailable. Now we are thinking to better architect the design.
On 09/02/2011 19:10, schilling wrote:
I am familiar with these features. I talked with Cisco TAC several
times, they are not recommending the storm control since it can not
differentiate control data from user data, this might cause
instability of layer 2 network.
This is true on core ports,
mcast packets are kinda tricky when it comes to SPAN and there are various
platform caveats. If I remember right some 3K series just wont show them as
they are punted to CPU before SPAN happens. 6500 can't get mcast on TX SPAN
when doing egress replication, etc. If you don't use port channel
We're in the middle of a project involving a server at each of several
remote sites that is being virtualized at a central location. The
virtual machine at the central location is in the same vlan as the
remote site. The network looks something like:
(remote side) 4506 - ATT CSME - 4507R
$quoted_author = Nick Hilliard ;
Also, don't use VTP unless you like living dangerously.
Nick, that sounds like you have a good war story or three. Care to share?
Can't say I've blown anything up with VTP ... yet. :-)
cheers
Marty
___
cisco-nsp
I've seen VTP fail spectacularly.
A customer was using it on about 30 switches distributed to about 10-15
wiring closets. They had a temp student come in who wanted to learn about
networking, so the student copied the core switch configuration and deployed
it on a lab switch. The student
Sorry for the slightly OT question, but my google-fu can't seem to find
a definitive answer for this.
We recently replaced our Checkpoint firewall with a Fortigate FW and our
business requirements have grown for the FW. We need to setup an
virtual domain with a new network to meet the new
You're going to want to use sub-interfaces for both VLAN's, use router on a
stick as your google-fu keywords.
-wil
On Feb 9, 2011, at 2:28 PM, Tim Donahue wrote:
Sorry for the slightly OT question, but my google-fu can't seem to find a
definitive answer for this.
We recently replaced our
1 gig support isn't until the e-rocks release coming up March 1st.
On Feb 9, 2011 12:32 PM, Nick Hilliard n...@foobar.org wrote:
On 09/02/2011 17:14, Michael Balasko wrote:
Maybe look at Arista Networks? Most of their folks are ex-Cisco so it
tastes just like chicken:) Gear is awesome, as is the
On 2/9/2011 2:46 PM, Wil Schultz wrote:
You're going to want to use sub-interfaces for both VLAN's, use router on a
stick as your google-fu keywords.
On Feb 9, 2011, at 2:28 PM, Tim Donahue wrote:
interface gigabitEthernet 0/0
ip address 10.1.10.1 255.255.255.0
!
interface gigabitEthernet
On Feb 9, 2011, at 3:00 PM, Jerry Bacon wrote:
On 2/9/2011 2:46 PM, Wil Schultz wrote:
You're going to want to use sub-interfaces for both VLAN's, use router on a
stick as your google-fu keywords.
On Feb 9, 2011, at 2:28 PM, Tim Donahue wrote:
interface gigabitEthernet 0/0
ip address
On 09/02/2011 22:10, Martin Barry wrote:
Nick, that sounds like you have a good war story or three. Care to share?
Mmm, my favourite relate to VTP pruning and the lurking horrors therein.
Until at least mid-way through SXF, VTP pruning on c6500s would cause
ipv6 simply not to work if the
On 2/9/2011 3:26 PM, Wil Schultz wrote:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a008014859e.shtml#configs
( 12.1(3)T and above)
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a008014859e.shtml#earlier
Good point. You've done a good job of mitigating the risks of VTP and STP.
I think it comes down to risk .vs reward. More often than not the vlan
configuration is static and doesn't change often. In that case I'd just
endure the pain of configuring new vlans on new switches with the help of
On Feb 9, 2011, at 4:17 PM, Jerry Bacon wrote:
On 2/9/2011 3:26 PM, Wil Schultz wrote:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a008014859e.shtml#configs
( 12.1(3)T and above)
It is not always as well known, but client mode will not prevent usurping
the vtp domains This article covers things in a bit more detail -
http://www.networkworld.com/community/node/19931
Ivan
I'd agree that vtp can cause major problems if not deployed with caution
mechanisms to mitigate
thanks, Ivan for the correction; that was a good read by the way; so to
clarify what we do on our end:
* (in addition to setting edge distribution switched to vtp client
or transparent mode) one should also delete the vlan db (akin to doing):
del flash:/vlan.dat
--
Regards,
Ge Moua
Network
...Thanks Ivan, as usual.
On a related yet separate note:
We are hearing horror-stories/cautionary-tales/VTP-horror-stories per-se..
1) There is nothing wrong with VTP(on the contrary, extremely
helpfulconvenient) as long as one understands how it really works and the
nuances therein( revision
36 matches
Mail list logo