Dear All,
I have 7204 for l2tp sessions, i have average ~1,5 - 2k users online
and 500-700Mb/s bandwidth via this device.
Load average ~90-100%, sometime in peak time i have customers
disconnected from line, and also device works very slow via SSH.
I have another one 7204... same as
Hi,
So it possible to devide incoming customers to 2 devices 1k per device
for example. ?
Yes, it's possible, however that load-balancing has to happen on the
LAC - i.e. where the L2TP sessions originate. Once the session hits a
7204 it's too late to do any load-balancing.
If you have
On 02/16/2011 08:19 AM, Gert Doering wrote:
Hi,
On Tue, Feb 15, 2011 at 11:57:32PM +0100, Peter Rathlev wrote:
It works like a charm. When you need to service a machine you just stop
the BGPd and do your thing, nobody notices. (Unless they're really smart
and look carefully of course.)
Which
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Deric Kwok
Sent: Monday, February 14, 2011 2:34 PM
To: Cisco Network Service Providers
Subject: [c-nsp] ASA
Hi
How can I be easy to do?
1/ disable httpd access
Hi David
GET VPN neighbor are via service provider. Any work around to it?. We have a
customer whose devices are not visible in LMS due to this issue.
Regards
Jawwad Paracha
IBM
On Tue, Feb 15, 2011 at 7:39 PM, David Prall d...@dcptech.com wrote:
Your neighbor in GET VPN is the Service
Hi,
On Wed, Feb 16, 2011 at 09:04:49AM +, Phil Mayers wrote:
Which makes monitoring whether everything is fine a somewhat more
interesting challenge :-) - if the machine is up, but bgpd fails, the
service might silently fall over to another instance and things like
does this anycasted DNS
On 16/02/11 13:39, Gert Doering wrote:
Hi,
On Wed, Feb 16, 2011 at 09:04:49AM +, Phil Mayers wrote:
Which makes monitoring whether everything is fine a somewhat more
interesting challenge :-) - if the machine is up, but bgpd fails, the
service might silently fall over to another instance
In LMS you'll need to configure it to use another form of discovery then
CDP.
I found this: https://supportforums.cisco.com/message/671976
David
--
http://dcp.dcptech.com
-Original Message-
From: Muhammad Jawwad Paracha [mailto:jawwa...@gmail.com]
Sent: Wednesday, February 16, 2011
On Wed, Feb 16, 2011 at 6:42 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 16/02/11 13:39, Gert Doering wrote:
Hi,
On Wed, Feb 16, 2011 at 09:04:49AM +, Phil Mayers wrote:
Which makes monitoring whether everything is fine a somewhat more
interesting challenge :-) - if the machine
sounds scary, if i were your manager I'd be concerned and full of doubt about
your intentions. you want to allow remote administration of the device at a
company (i assume) and are not sure how to do 'day 1 of school' configurations.
the next question will be my terminal froze when
Hi,
Having a weird issue where NAT on a Cisco 1841 (IP Base 12.4(22)T)
prevents traffic from flowing through multiple models of Sonicwalls.
On the 1841: ip nat inside source list 102 interface Dialer1 overload
The NAT works. Clients on the LAN can get to anything out on the
Internet. But
I think someone got canned this morning. 8(
-g
Begin forwarded message:
From: Qwest Autoresponse qwest...@qwest.commailto:qwest...@qwest.com
Date: February 16, 2011 11:10:18 AM EST
To: Greg
Subject: Re: [c-nsp] ASA [AR]
Thank you for contacting Qwest, we appreciate your business. The
Hi,
Yes, it's possible, however that load-balancing has to happen on the
LAC - i.e. where the L2TP sessions originate. Once the session hits a
7204 it's too late to do any load-balancing.
If you have control over the LAC then you can use radius to
load-balance across two different LNSes:
If you look at the spec sheets you will notice a few differences. MAC table
size, default DRAM, routing performance, etc
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html
Most of the other differences are very small and scenario specific.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Management Center for Cisco Security Agent
Remote Code Execution Vulnerability
Advisory ID: cisco-sa-20110216-csa
Revision 1.0
For Public Release 2011 February 16 1600 UTC (GMT
On Wed, 16 Feb 2011, Adam Greene wrote:
Anyone seen this behavior before?
We have set MTU to 1404 on all interfaces of the 1841 ... does not help.
Is there some feature I should enable on the 1841? Stumped ...
have you tried ip tcp adjust-mss 1360 on the interfaces?
Regards,
John
MTUroute is your friend :)
http://www.elifulkerson.com/projects/mturoute.php
On Wed, Feb 16, 2011 at 10:02 AM, Adam Greene maill...@webjogger.netwrote:
Hi,
Having a weird issue where NAT on a Cisco 1841 (IP Base 12.4(22)T) prevents
traffic from flowing through multiple models of Sonicwalls.
On 2/16/11 8:49 AM, Benjamin Lovell wrote:
If you look at the spec sheets you will notice a few differences. MAC table
size, default DRAM, routing performance, etc
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html
Most of the other
Config looks fine to me. Just would just note that you should make sure
WANgateway is IP address not an interface. If you cannot ping the WAN IP on the
871 when this is happening I would guess this is really a problem with the
access circuit to your ISP. You should be able to confirm this in
Hi,
On Wed, Feb 16, 2011 at 09:11:59AM -0500, Harold 'Buz' Dale wrote:
For your ipv6 peers could you add some source routing to the header to make
sure that you can test each specific resource?
You could do that, to reduce the number of probes needed - like source-route
to Frankfurt, then see
Hi,
On 17 February 2011 05:15, Sheremet Roman ro...@kharkov.org.ua wrote:
Hi,
Thank you for your reply, can you please advice, which device i
can use for swap 7204... for handle more connection and bandwidth ?
With this sort of bandwidth and number of sessions you're into the
ASR1k
On 2/16/2011 10:49 AM, Benjamin Lovell wrote:
If you look at the spec sheets you will notice a few differences. MAC table
size, default DRAM, routing performance, etc
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html
Most of the other
I had a similar issue with one of my tunnels, and it turned out to be bad
hardware on one end.
Q
On Mon, Feb 14, 2011 at 3:36 PM, schilling schilling2...@gmail.com wrote:
I have an ISR 871 behind Comcast residential cable modem with static
IP address, and have GRE tunnel back to our headend.
Hi,
On 16 February 2011 19:12, Jason Lixfeld ja...@lixfeld.ca wrote:
{cut}
2. See what drops the NP is registering:
RP/0/RSP0/CPU0:bfr01.60hudson01#show controllers np counters np1 location
0/0/CPU0 | i DROP|DISCARD|NOT
Wed Feb 16 00:59:26.456 EST
31 PARSE_INGRESS_DROP_CNT
We just replaced the ISR 871 with a brand new ISR881. The issue
persists. We have a dozen other tunnels terminated on the same head
end. None of them has issue.
I did run Ben suggested debug ip icmp. The ISR871 is still sending out
icmp reply even we are not able to get it from out end during
That helps a lot. Any idea what those counters actually count? We seem
to have a very high PARSE_INGRESS_DROP_CNT (around 1000pps) and
UIDB_TCAM_MISS_AGG_DROP (another 1000pps)?
I'm not an expert, but these two could be related: UIDB_TCAM_MISS_AGG_DROP
reports packets hitting the main
Double checked as it has been a while. Any LC is allowed but whoever is doing
the forwarding lookup must be 3C. i.e If you have DFCs they must be 3C but any
CFC card will do.
-Ben
On Feb 16, 2011, at 2:34 PM, Pete Templin wrote:
On 2/16/2011 10:49 AM, Benjamin Lovell wrote:
If you look at
Last step, if possible, before going to ISP would be a wireshark capture on 871
WAN interface. Start up a continuous ping from 871 WAN IP to headend WAN IP.
Get a few GRE keepalives during working and broken and few pings from working
and broken.
Check DMAC en such between working and broken.
Hi,
On 17 February 2011 09:48, Oliver Boehmer (oboehmer) oboeh...@cisco.com wrote:
That helps a lot. Any idea what those counters actually count? We seem
to have a very high PARSE_INGRESS_DROP_CNT (around 1000pps) and
UIDB_TCAM_MISS_AGG_DROP (another 1000pps)?
I'm not an expert, but these
On 17/02/2011, at 7:48 AM, Oliver Boehmer (oboehmer) wrote:
That helps a lot. Any idea what those counters actually count? We seem
to have a very high PARSE_INGRESS_DROP_CNT (around 1000pps) and
UIDB_TCAM_MISS_AGG_DROP (another 1000pps)?
I'm not an expert, but these two could be related:
Greetings everyone,
We have a 6509 switch with sup2 engines. For upgrade capability, we
have the 2500W DC power supplies in this. I have an A/C unit with the
same engines/cards at a separate location, therefore I expect this
unit to require the same amount of power. Here is the show power
from
Hi,
I'm looking for a router recommendation for a very small ISP. The
router will terminate two ethernet circuits from two upstream ISPs - a
total of around 100mbit between the two ISPs. The router will have a
BGP session with each provider and should be able to handle full
tables from both.
For investment protection I recommend Cisco ASR1001, It is an ISP class gear
that allows you to add services as you grow without performance degradation.
Check it out.
http://www.cisco.com/en/US/products/ps10878/index.html
On Thu, Feb 17, 2011 at 1:31 AM, Josh Baird joshba...@gmail.com wrote:
On 2/16/11 3:52 PM, Luke Pack wrote:
Greetings everyone,
We have a 6509 switch with sup2 engines. For upgrade capability, we
have the 2500W DC power supplies in this. I have an A/C unit with the
same engines/cards at a separate location, therefore I expect this
unit to require the same amount
This ASR1001 makes the 1002-fixed a bit useless no?
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mounir Mohamed
Sent: donderdag 17 februari 2011 1:10
To: Josh Baird
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp]
Hi,
we've been asked by a customer to configure their CSC with the new
user/group web filtering features. I've seen them in the current version
of the CSC software, but have never used them to date, apart from some
tests with IP-based filtering which I got to work ... As we ourselves do
not have
Hi Rens,
Actually there is no statement saying that but I believe this should be the
case soon, Cisco ASR1001 is a totally fixed device, it comes with a mixing
of 4xGE/4xT3/2xPOS-OC3 SPAs which are not filed upgradable, meanwhile Cisco
1002-Fixed gives you the option of installing a single SPA
It's not even that old.
PS: you can also install SPA in asr1001 no?
From: mounir.moha...@gmail.com [mailto:mounir.moha...@gmail.com] On Behalf
Of Mounir Mohamed
Sent: donderdag 17 februari 2011 8:40
To: Rens
Cc: Josh Baird; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Router
38 matches
Mail list logo