Re: [c-nsp] ACE and AAA ACE Version A2(3.5)

Hi Keti, Don't know which TACACs server you're using. I use tac_plus with ACE authentication method. Inside each user or group you should have the user role and a domain privilege in order to successfully authenticate. Thought you should have something similar in your TACACs server flavor. s

Re: [c-nsp] PBR + NAT route-map issue

Hi Max, You might want to combine pbr with object tracking (and add some nat statements to this mix). To make a long story short, you can configure ip sla and object tracking to monitor your gateway(s) availability and use a route-map with the "verify-availability" statement to select the preferre

Re: [c-nsp] Long Uptime

Is this suppose to be a good thing? (not patching your systems for almost 10 years?)... Gustavo. On Fri, Jun 19, 2009 at 10:22 AM, Nic McCartney wrote: > Not techy, just interesting anyone beat this uptime? > > Liverpool_St_A#sho ver > Cisco Internetwork Operating System Software IOS (tm) 3000 S

Re: [c-nsp] Export routes from VRF to the global routing table

Hello Leonardo, I guess you'll use route leaking to accomplish what you want. http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml Gustavo. On Mon, Mar 2, 2009 at 10:08 PM, Leonardo Gama Souza wrote: > Hi list, > > I am almost confident this is

Re: [c-nsp] Internet Routing Table Size

On Sat, Oct 11, 2008 at 12:15 AM, Sridhar Ayengar <[EMAIL PROTECTED]> wrote: > Richard A Steenbergen wrote: >> >> You guys need to control your deaggreates, I'm announcing 264114 to >> customers currently. :) > > I don't get it. > I think Richard mean that instead of announcing four /22 prefixes,

Re: [c-nsp] Surviving denial of service from certain IPs

Hello Mario, uRPF would be my first choice (between ACL, route-maps or whatsoever). For example, I used to block denial of service attacks in the 7500 platform using only uRPF without performance issues (and routing around 140 Mbps through the box). Gustavo. On Fri, Jul 25, 2008 at 9:31 AM, Mari

[c-nsp] IPSec VPN problem with Cisco 831

Hi, I have a vpn tunnel established between two cisco 831 boxes. Both boxes are connected to the internet through an dsl/atm connection and there's a linksys modem in place to convert from dsl/atm signaling to ethernet in order to properly connect to the cisco router. After some time without traf

[c-nsp] Policing Layer3 traffic in 6500/sup720

Hi, I'm trying to policy layer 3 traffic that pass through a 6500/sup720 (native IOS 12.2(18)SXF7). I've tried two things: - Policy the traffic with class-default, was unsuccessfully because it polices layer 2 and layer 3 traffic (and, as I said, I want to policy just layer 3). - Policy the traf