Dear Zaid,
You can use LACP for port-chanel failure detection if your router supports it.
Thanks & Best Regards, Umair SaeedAM IP Operations Core South ,
Pakistan Telecommunication Company Ltd,
Phone # +92 333 2354591
> Date: Tue, 25 Oct 2011 06:58:48 -0700
> From: zaidoo...@yahoo.com
> To: ci
diag was rejected - here's a link to it instead:
http://i1137.photobucket.com/albums/n511/johnelliot67/new_pop_propA.jpg
From: johnellio...@hotmail.com
To: cisco-nsp@puck.nether.net
Date: Thu, 27 Oct 2011 09:04:28 +1100
Subject: [c-nsp] Alternate setup for "better" HA
Hi Guys,
About to rol
Hi Guys,
About to roll out a new "mini-pop" witth a a pair of 2851's and pair of 2960's
- They will be handling ~50 ethernet tails from a couple of carriers via
individual vlans on trunk ports from carriers->2960(So 2960 only does L2), then
trunking those vlans up to 2851 for L3(Tails will be
Hi,
On Wed, Oct 26, 2011 at 10:57:31AM -0700, Jared Gillis wrote:
> Along similar lines, I investigated to see whether it was possible
> to manually assign a VLAN id to the lo1 interface, but there does
> not seem to be any switchport or vlan-related commands available
> on that if:
Well, Loopbac
On 10/26/2011 09:58 AM, Peter Rathlev wrote:
> On Wed, 2011-10-26 at 09:41 +0200, Michele Bergonzoni wrote:
>> You might try to trade the Lo1 for a VLAN:
>>
>> vlan 4000
>> exit
>>
>> no spanning-tree vlan 4000
>>
>> int Vlan4000
>> description Primary Management/Peering IP
>> ip address a.b.c.
Can you not generate a new key?
On Tue, Oct 25, 2011 at 13:58, Jeffrey G. Fitzwater wrote:
> I am running SXI3 which has the SSH bug that stops SSH logins from working if
> you change the HOSTNAME.
>
> Well... I went and changed the hostname and now ssh fails and have to use
> Telnet until I f
Hi,
On Wed, Oct 26, 2011 at 11:58:43AM -0200, Persio Pucci wrote:
> I have read somewhere that GRE tunnels need exclusivity on their loopbacks
> (can't share it with other tunnels), does that really apply?
Only on 6500/7600 (every tunnel needs a distinctive local address,
otherwise processing wi
On Wed, 2011-10-26 at 09:41 +0200, Michele Bergonzoni wrote:
> You might try to trade the Lo1 for a VLAN:
>
> vlan 4000
> exit
>
> no spanning-tree vlan 4000
>
> int Vlan4000
> description Primary Management/Peering IP
> ip address a.b.c.d 255.255.255.255
I don't think SVIs can take /32 mas
Ding ding ding, we got a winner!
"tunnel vrf" did the job.
Thank you for all your input!
On Wednesday, October 26, 2011, Peter Rathlev wrote:
> On Wed, 2011-10-26 at 11:29 -0200, Persio Pucci wrote:
>> Here is the rundown on the configs (again, my side but I assume the other
>> side is fine and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Security Agent Remote Code Execution
Vulnerabilities
Advisory ID: cisco-sa-20111026-csa
Revision 1.0
For Public Release 2011 October 26 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx
Player
Advisory ID: cisco-sa-20111026-webex
Revision 1.0
For Public Release 2011 October 26 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Unified Communications Manager Directory Traversal Vulnerability
Advisory ID: cisco-sa-20111026-cucm
Revision 1.0
For Public Release 2011 October 26 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
Advisory ID: cisco-sa-20111026-camera
Revision 1.0
For Public Release 2011 October 26 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Unified Contact Center Express Directory Traversal Vulnerability
Advisory ID: cisco-sa-20111026-uccx
Revision 1.0
For Public Release 2011 October 26 16:00 UTC (GMT
Are all of the vrf-specific commands in the crypto map and isakmp policies?
I last worked on this about 8 months ago, and it was flaky and/or looked
like it should be working until we specified the VRF in the places it's
needed.
Chuck
-Original Message-
From: cisco-nsp-boun...@puck.nethe
On Wed, 2011-10-26 at 11:29 -0200, Persio Pucci wrote:
> Here is the rundown on the configs (again, my side but I assume the other
> side is fine and there's not much on the tunnel cfg to be wrong). IPs
> removed to protect the innocent.
...
> interface Loopback100
> description LOOPBACK GRE
> ip
oh well I will have to check with the other party, not sure what are they
using...
On Wed, Oct 26, 2011 at 12:01 PM, Phil Mayers wrote:
> On 26/10/11 14:58, Persio Pucci wrote:
>
>> I'll try some of those later, for now I think they are doing something
>> on the other side as phase 1 is not estab
On 26/10/11 14:58, Persio Pucci wrote:
I'll try some of those later, for now I think they are doing something
on the other side as phase 1 is not establishing anymore.
I have read somewhere that GRE tunnels need exclusivity on their
loopbacks (can't share it with other tunnels), does that really
On Wednesday, October 26, 2011 04:06:31 PM Nikolay Shopik
wrote:
> I've got two borders connected via ibgp, both receving
> full-view via uplinks, and I notice one of borders
> receiving about 190K prefixes via ibgp. But I'm clearly
> sure there no filters at all. Configuration between
> borders
I'll try some of those later, for now I think they are doing something on
the other side as phase 1 is not establishing anymore.
I have read somewhere that GRE tunnels need exclusivity on their loopbacks
(can't share it with other tunnels), does that really apply?
On Wed, Oct 26, 2011 at 11:45 AM
On 26/10/11 14:29, Persio Pucci wrote:
crypto ipsec transform-set CUSTOMER_CERT esp-3des esp-sha-hmac
I think you want "mode transport" here
interface Loopback100
description LOOPBACK GRE
ip vrf forwarding CUSTOMER
ip address y.y.y.y 255.255.255.255
You might need the "crypto map" here
>
> VPN#sh crypto engine connections active
> ID InterfaceIP-Address State Algorithm
> Encrypt Decrypt
> 1478 Fa0/0.100mypeer setHMAC_MD5+3DES_56_C0
> 0
> 2011 Fa0/0.100mypeer set3DES+SHA 0
>224
> 201
Phill,
3745 on my side, using 12.4(25c).
Here is the rundown on the configs (again, my side but I assume the other
side is fine and there's not much on the tunnel cfg to be wrong). IPs
removed to protect the innocent.
ip vrf CUSTOMER
rd 1:25
route-target export 1:25
route-target import 1:25
On 26/10/11 14:15, Persio Pucci wrote:
Hi all,
I am trying to get a GRE tunnel to work over IPSEC but as expected I am
running into problems, just not the expected ones.
Phase 1 is fine and established, Phase 2 is fine, SAs are in place. We can
mutually ping our loopbacks, and we see encaps/dec
Hi all,
I am trying to get a GRE tunnel to work over IPSEC but as expected I am
running into problems, just not the expected ones.
Phase 1 is fine and established, Phase 2 is fine, SAs are in place. We can
mutually ping our loopbacks, and we see encaps/decaps increasing as we ping
the loopbacks.
Thanks everybody for your responses and information. I have a couple
things I'm going to try. First thing I'm going to try is setting the
ports to edge ports for spanning tree. My thought is that maybe fcoe is
trying to communicate before the port is actually up. I'm also going to
ask the server gu
On 26/10/11 13:28, Gert Doering wrote:
This is a FAQ... BGP only forward-announces the best prefix it knows.
So if you have:
ExtA - Ra - Rb - Extb
and "Ra" thinks that 150k prefixes are "best via Rb/ExtB", then it will only
announce the rest (190k via ExtA) to Rb.
Prefixes preferred over Rb w
On 26/10/2011 10:28, Gert Doering wrote:
> There is research going on to extend BGP here, but that's "the default
> behaviour" and I'm not sure whether there's already implementations
> out there that support announcing multiple paths
there's add-paths support in XR 4.1.0 and recent releases of J
Hi,
On Wed, Oct 26, 2011 at 12:06:31PM +0400, Nikolay Shopik wrote:
> I've got two borders connected via ibgp, both receving full-view via
> uplinks, and I notice one of borders receiving about 190K prefixes via
> ibgp.
This is a FAQ... BGP only forward-announces the best prefix it knows.
So
Hey,
I've got two borders connected via ibgp, both receving full-view via
uplinks, and I notice one of borders receiving about 190K prefixes via
ibgp. But I'm clearly sure there no filters at all.
Configuration between borders are pretty simple and consist just two lines.
neighbor x.x.x.x rem
Il 25/10/2011 21.39, Jared Gillis ha scritto:
VLAN Usage
1006 Loopback1
interface Loopback1
description Primary Management/Peering IP
ip address a.b.c.d 255.255.255.255
You might try to trade the Lo1 for a VLAN:
vlan 4000
exit
no spanning-tree vlan 4000
int Vl
31 matches
Mail list logo
