Re: [c-nsp] Old C2950 Strangness..

I think your right, I did a reset, I got pulled away and need to look at the conf file, but that was a cute one. The funny thing is, it was internal at a client's site, and they really thought the switch had gone bad, so tossed it in the junk pile and replaced it. So it wasn't the IT guy pull

Re: [c-nsp] ASA Query

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/20/2013 5:52 PM, Ryan West wrote: > On Wed, Mar 20, 2013 at 17:49:48, Dave Brockman wrote: >> Subject: Re: [c-nsp] ASA Query >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 3/20/2013 5:34 PM, Ryan West wrote: >>> On Wed, Mar 20, 201

Re: [c-nsp] ASA Query

On Wed, Mar 20, 2013 at 17:49:48, Dave Brockman wrote: > Subject: Re: [c-nsp] ASA Query > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 3/20/2013 5:34 PM, Ryan West wrote: > > On Wed, Mar 20, 2013 at 17:08:48, Dave Brockman wrote: > >> Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp]

Re: [c-nsp] ASA Query

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/20/2013 5:34 PM, Ryan West wrote: > On Wed, Mar 20, 2013 at 17:08:48, Dave Brockman wrote: >> Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASA Query >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 3/20/2013 11:05 AM, Muhammad

Re: [c-nsp] ASA Query

On Wed, Mar 20, 2013 at 17:08:48, Dave Brockman wrote: > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] ASA Query > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 3/20/2013 11:05 AM, Muhammad Jawwad Paracha wrote: > > Hello > > > > Three zones/interface are used on ASA > > > > Int

Re: [c-nsp] ASA Query

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/20/2013 11:05 AM, Muhammad Jawwad Paracha wrote: > Hello > > Three zones/interface are used on ASA > > Internet - security level 0 Inside - security level 100 with ipsec > configured for vpn clients DMZ - security level 100 > > Traffic from Ins

Re: [c-nsp] Old C2950 Strangness..

F22.2 . from my HTCZZZAO - Reply message - From: "Chris Adams" To: Subject: [c-nsp] Old C2950 Strangness.. Date: Tue, Mar 19, 2013 08:59 Once upon a time, Howard Leadmon said: > Cisco Internetwork Operating System Software > IOS (tm) C2950 Software (C2950-C3H2S-M), Versi

Re: [c-nsp] Question about SVI interface acl counters + way of working

On 20/03/13 15:12, Gert Doering wrote: Hi, On Wed, Mar 20, 2013 at 03:42:09PM +0100, "Rolf Hanßen" wrote: Does that ACL not filter all traffic passing the interface or why does the delta of ACL hits not match the number of incoming pps ? The ACL only counts (and lots) packets punted to the RP

Re: [c-nsp] Question about SVI interface acl counters + way of working

On my SUP720s, I've used "sh tcam int vlan xxx acl out ip" with some success. -dan On 3/20/2013 11:12 AM, Gert Doering wrote: Hi, On Wed, Mar 20, 2013 at 03:42:09PM +0100, "Rolf Hanßen" wrote: Does that ACL not filter all traffic passing the interface or why does the delta of ACL hits not m

Re: [c-nsp] Question about SVI interface acl counters + way of working

Hi, On Wed, Mar 20, 2013 at 03:42:09PM +0100, "Rolf Hanßen" wrote: > Does that ACL not filter all traffic passing the interface or why does the > delta of ACL hits not match the number of incoming pps ? The ACL only counts (and lots) packets punted to the RP, and not "all of it". At least on Sup

[c-nsp] ASA Query

Hello Three zones/interface are used on ASA Internet - security level 0 Inside - security level 100 with ipsec configured for vpn clients DMZ - security level 100 Traffic from Inside to Internet works fine without ACL. Traffic from DMZ to Internet works when ACL is applied. As per my knowledge

Re: [c-nsp] Question about SVI interface acl counters + way of working

On 20/03/13 14:42, "Rolf Hanßen" wrote: Hello, Just wanted to drop some UDP flooding with an interface ACL. I configured: interface Vlan1373 ip access-group block-flood in exit Access-list is very simple: edge1-ams3#sh ip access-lists block-flood Extended IP access list block-flood 10 d

[c-nsp] Question about SVI interface acl counters + way of working

Hello, Just wanted to drop some UDP flooding with an interface ACL. I configured: interface Vlan1373 ip access-group block-flood in exit Access-list is very simple: edge1-ams3#sh ip access-lists block-flood Extended IP access list block-flood 10 deny udp any host 1.2.3.4 (589878 matches)

Re: [c-nsp] asr1002-f monitor esp performance

On Mar 20, 2013, at 5:18 PM, MKS wrote: > The bottom line shows processing load in % Another way is via NetFlow. --- Roland Dobbins // Luck is the residue of opportunity and design.

Re: [c-nsp] VSS to vPC - vPC to Etherchannel

Hi, > Can the n5k, n7k do pagp+ yet? No, unfortunately not. We're using a c2960G for pagp+ because of that... Sander ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.

Re: [c-nsp] asr1002-f monitor esp performance

You can use the command "show platform hardware qfp active datapath utilization" to see current QFP/ESP utilization. >From an SNMP perspective you're looking for CISCO-ENTITY-QFP-MIB http://www.cisco.com/en/US/docs/routers/asr1000/mib/guide/asr1mib3.html#wp2129069 which will be OID 1.3.6.1.4.1.9

[c-nsp] asr1002-f monitor esp performance

>Is it possible to monitor the performance of the ESP in the ASR 1000 series. >We have the asr 1002-F andThe ESP is listed at 2.5Gbps. We would like to see >when were getting close to that. We use this command on a asr 1001 show platform hardware qfp active datapath utilization The bottom lin