uch buffering and are built to be
> cheap,
> thus limited support for a lot of the more advanced stuff.
>
[Ian MacKinnon] From
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml
:-
The PFC3 supports both ingress and egress policing. Traffi
You need to tunnel it :-)
GRE is one option, and there is some info about this in the Building MPLS Based
Broadband Access VPNs book
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Stefan Juon
Sent: 06 October 2009 13:04
Hi Andy,
Does your device support netflow? That is the best answer for this sort of
question.
If it does not, can you mirror the traffic to say a server and run ntop on that?
Ian
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On B
...@fast-serv.com]
Sent: 08 September 2009 12:13
To: Ian MacKinnon; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] service-policy on virtual interface
By 'not classify' I meant all of our traffic is in the same default class.
Could you verify that 'mls qos' is not needed global
violate-action drop
what do you mean you don't classify?
Ian
-Original Message-
From: Randy McAnally [mailto:r...@fast-serv.com]
Sent: 08 September 2009 11:54
To: Ian MacKinnon; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] service-policy on virtual interface
6500 platform.
Last time w
Hi Randy,
What platform?
On 6500/7600 the answer is yes, you need mls qos vlan-based on the physical
interfaces and then you can police on the SVI.
Ian
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Randy McAnally
Sent:
Hi Gert,
We looked into modular some time ago, but I don't imagine much has changed.
Patches were for as you say gaping security holes, not upgrades even of a point
release.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
Hi Frank,
You say maybe traps is the next step.
You can get an snmp trap when a peer changes state, you can then get nagios to
respond to the traps using traphandler
Some info at
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_bmibe.html
We are using nagios and traphandl
I haven't used a 2600 for a while, but I seem to remember they don't have a lot
of grunt.
Your sh proc cpu shows 61% interrupt, there is a good guide for tracking down
causes on the Cisco site somewhere http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a00800a70f2.shtml
I normally manage to find the release notes fairly simply, Support->IOS-> Pick
a version -> Release notes are then under General Information.
That's not to say I don't agree with the rest of your comments though :-)
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cis
Watch out!
If your bc and be are the same it might not apply to the tcam properly :-
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html#wp4208036
With Release 12.2(33)SXI and later releases where CSCso97991 is not resolved,
you must configure an appro
The biggie is 7600 only not 6500 :-(
As I am sure Gert will be along shortly to say.
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Rick Ernst
> Sent: 19 June 2009 15:55
> To: cisco-nsp@puck.nether.net
> Subject: [c
Don't know if this would work, but why not bar them from the controller command
instead
Ie
Conf t
Controller T3 1/0 -Block this command
shut
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Byrd, William
> Sent:
Thanks Gert, excellent answer.
> -Original Message-
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: 11 June 2009 16:17
> To: Ian MacKinnon
> Cc: Gert Doering; Jo Rhett; cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] full routing table / provider-class chas
Hi Gert,
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Gert Doering
> Sent: 11 June 2009 14:41
> To: Jo Rhett
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp
> "XL" or "non-XL" has nothing to do with the n
Is using IP SLA functionality on your routers an option?
Then graph the data with Cacti or mrtg.
Or smoke ping, http://oss.oetiker.ch/smokeping/
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Kasper Adel
> Sent: 08
Hi Seth,
I think the world is moving to ethernet for what traditionally was a leased
line, so you are only going to see more of it.
Don't forget in your cost calculations the CPE line card, compare the cost of a
router (or switch) with a spare Ethernet port and one with a 2Meg serial card.
Also
Hi Nick,
I did something similar a while ago, so here are some thoughts.
Plan for downtime :-(
Don't expect it to be totally transparent, so make the changes in a maintenance
window.
I think SXH and later do a real standards compliant version of MSTP with
interop with standard STP.
Are you plan
cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Ian MacKinnon
Lumison
t: 0845 1199 900
d: 0131 514 4055
P.S. Do you love Lumison?
p.s. Looking for remote access?
Chat to our team about our award winning broadban
and what is the default distance of OSPF?
yes its 110, so you need to make the floating route have a distance
higher than that!
So, all working now.
On 04/02/2009 11:37, Ian MacKinnon wrote:
Hi All,
I think my brain is misfiring today.
I am trying to provide some backup services between
Hi All,
I think my brain is misfiring today.
I am trying to provide some backup services between to gateway routers,
on one router I just have a simple route statetment, and on the second
router I have the same route with a metric on the end :-
router 1
ip route 10.0.0.0 255.255.255.0 10
On 02/02/2009 11:04, Phil Mayers wrote:
On Mon, Feb 02, 2009 at 10:21:11AM +, Ian MacKinnon wrote:
Hi All,
I am having an issue with policers on a 6500 not actually doing any
policing. Running 12.2(33)SXH
Silly question, but you do have the global "mls qos" set?
:-)
yup
swi
/12.2SX/configuration/guide/qos.html#wp1726124
Ian MacKinnon wrote:
Hi All,
I am having an issue with policers on a 6500 not actually doing any
policing. Running 12.2(33)SXH
I have config like :-
interface Vlan666
ip address 10.10.10.1 255.255.255.252
no ip redirects
logging ip access
Hi All,
I am having an issue with policers on a 6500 not actually doing any
policing. Running 12.2(33)SXH
I have config like :-
interface Vlan666
ip address 10.10.10.1 255.255.255.252
no ip redirects
logging ip access-list cache out
service-policy input 2MegPolice
service-policy output 2
Regards,
Nick.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ian MacKinnon
Sent: Thursday, 15 January 2009 3:07 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] GRE on Cat-4948 switch
Hi All,
Does anybody have any ide
Hi All,
Does anybody have any idea the impact of running multiple GRE tunnels on
a 4948 switch?
I can see that it will be processed by software rather than hardware,
but just how much of a problem is this likely to be?
I am only talking about a max of 100M of GRE traffic, amongst a couple
Hi All,
Has anybody had any success running Cisco E-DI against 6500Sup32 running
SXH?
Failing that, has anybody done any NETCONF XML to the same?
Thanks
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are
On 02/10/2008 10:40, Stephan Lochner wrote:
Hi Group,
we have a problem with our 7200 series router. We have a supplier that
handles our maintenance contracts. We want now to put some more devices into
maintenance.
Normally we use the "sh ver" command and get the serial number.
But the 7200 seri
Drew Weaver wrote:
What is the 'defacto' top of rack 10/100/1000 48 port access switch
most folks are buying up these days from the big C?
Some thoughts.
I want 1u dual power. Why is that so hard to do? If all your customer
servers have dual power from a and b feeds its not to much
hi Chip,
chip wrote:
So far all of the software that's been presented will autodiscover devices
and backup configs and such. Is there anything around that will actually
take inventory of a router. By inventory I mean, list of cards, model
numbers, serial numbers, pluggable optics, etc. I've be
Hi Frank,
check out
http://aharp.ittns.northwestern.edu/papers/copp.html
It says
remark BGP
permit tcp host [BGP neighbor addr] eq bgp host [local BGP addr]
permit tcp host [BGP neighbor addr] host [local BGP addr] eq bgp
ie source port=BGP as well as destination
Frank DiGravina wrote:
So,
Hi Tom,
The quick product guide says a 3825 will top out at 179.2Mbps
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
This is usually with no features turned on
3845 will go up to 256M
Are you looking at a POS interface to connect to the 155 ring? Ca
ebgp multihop?
Can you see the ttl in the traces?
Roy wrote:
Hi,
We are working with a new ISP for service. This one is via metro
ethernet. They require two BGP sessions. One goes between the ends of
the ethernet. The other BGP session is between a loopback interface on
our router and a loopba
Well not sure if this is what you are asking, but the Team Cymru guides
are very useful
http://www.cymru.com/Documents/secure-bgp-template.html
Ian
Drew Weaver wrote:
Hi there, there appear to be a few different ways (I'd almost say
"many") to announce/filter BGP prefix anno
Jon Lewis wrote:
> Having just gone past the end of software maintenance date for the 3550,
> and with the need to start at least looking at supporting IPv6 on our
> customer aggregation switches in the not so distant future, I suppose it's
> time to seriously consider the 3560-48TS as a replacemen
Hi All,
Pete Templin wrote:
> Jason Gurtz wrote:
>
>>> I think it's a challenge coming with any system that is
>>> perfect. The issue here is balance. This strikes a balance in
>>> favor of expecting a level of uptime from your ISPs. If they
>>> were rebooting once a month you might not be v
Ian MacKinnon wrote:
> Hi All,
>
> Any idea how much ipsec performance you might expect out of a Sup32
> without the Ipsec module?
>
>
> Can't see figures anywhere obvious.
>
> Ta
>
I have just found the answer from the nsp archives.
The answer is zero
Hi All,
Any idea how much ipsec performance you might expect out of a Sup32
without the Ipsec module?
Can't see figures anywhere obvious.
Ta
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are address
N with a 10G core and trying
> to plan for a possible 5-10 years out upgrade to 100G. We *don't* want to
> get stuck with a forklift upgrade if at all possible.
>
> Any advice appreciated.
>
> ~JasonG
>
--
Ian MacKinnon
Lumison
t: 0845 1199 900
d: 0131 514 4055
P.S. It&
578
> 0x613822B4 0x612F0A88 0x612EFAF0 0x612F08FC
> ####
> ###
>
>
> Kurt Bales
>
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.net
there are some really good Best practice guides on Cisco's website:-
http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml
And the config guide :-
http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_white_paper09186a00801b49a4.
it off.
>
> Jeff
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Ian MacKinnon
Lumison
t: 0845 1199 900
d: 0131 5
Peter Rathlev wrote:
> "Ian MacKinnon" <[EMAIL PROTECTED]> 11/01/07 7:13 AM GMT+2:
>> Just one oddity left, I cannot rename vlan 1002.
>> Any ideas?
>
> That's right, you can't delete/rename VLANs 1002-1005. They're the
> Cisco defaults for
Well a reboot seems to have fixed this, as Phil says.
Just one oddity left, I cannot rename vlan 1002.
Any ideas?
Phil Mayers wrote:
> On Wed, 2007-10-24 at 10:10 +0100, Ian MacKinnon wrote:
>> Hi All,
>>
>> I am trying to create some vlans on a 6500 Sup32 running 12.2SXH
Hi All,
I am trying to create some vlans on a 6500 Sup32 running 12.2SXH
When I try and create vlan 1010 and give it a name I get an error.
eg
conf t
vlan 1010
name myname
Gives
%Failed to commit extended VLAN(s) changes.
and the log shows
Oct 24 09:04:21.264: %PM-SP-4-EXT_VLAN_INUSE: VLAN 101
Thanks Rodney.
Rodney Dunn wrote:
> Estimate (always subject change) 11/23/07.
>
> Rodney
>
> On Mon, Oct 22, 2007 at 02:32:43PM +0100, Ian MacKinnon wrote:
>> Anybody heard of an SXH1 release date yet?
>>
>> The date on the current release notes keeps updating
Anybody heard of an SXH1 release date yet?
The date on the current release notes keeps updating with no visible
changes to the content...
Ian MacKinnon wrote:
> Phil Mayers wrote:
>> On Sun, 2007-09-16 at 08:46 +0200, Gert Doering wrote:
>>> Hi,
>>>
>>> On S
I have just plugged some non Cisco Copper SFP's into 3560's
I am getting
*Mar 1 00:00:31.826: %GBIC_SECURITY_CRYPT-4-VN_DATA_CRC_ERROR: GBIC in
port Gi0/1 has bad crc
I have tried the usual "service unsupported-transceiver" and no
"errdisable detect cause gbic-invalid"
But am still not gett
Hi all,
Does anyone have any suggestions on how to fail over between data centres ?
We have 2 data centres with a layer 3 connection between them
I need to have a customer in both DCs and announce an ip address from the
live DC.
This needs to move from the primary to the secondary when either t
Robert Boyle wrote:
> At 03:19 AM 10/2/2007, Terje Bless wrote:
>> On 10/1/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Cisco should make at least one 1U switch with real dual power
built into the chassis or bring back a real RPS.
>>> Ah, but they *do* make such a switch. It's called
Sridhar Ayengar wrote:
> Ian MacKinnon wrote:
>> I came across ATM25 in a previous life, and the best advice is to
>> start running now :-)
>>
>> Now having googled I have to say which ATM25?
>> I was using 8510's before with the C85MS-ATM25-4P
>>
>
I came across ATM25 in a previous life, and the best advice is to start
running now :-)
Now having googled I have to say which ATM25?
I was using 8510's before with the C85MS-ATM25-4P
I can see that there is now a dsl ATM25 card for the 3600
NM-1ATM-25
Which one are you talking about?
Sridha
Phil Mayers wrote:
> On Sun, 2007-09-16 at 08:46 +0200, Gert Doering wrote:
>> Hi,
>>
>> On Sat, Sep 15, 2007 at 05:28:35PM -0500, mack wrote:
>>> Does anyone have a tentative release date for 12.2(33)SXH1?
>> I haven't, sorry. But you have made me curious - anything wrong with SXH
>> that we shou
Steve Wright wrote:
>> Is there any way of using keys on routers so that a copy run scp: will
>> use them?
>>
>> Then I don't need the password but can use a public key
>>
>
> Unfrotuantely, I've never seen this.. generally what I now do is have
> everything authenticate off of a TACACS+ serve
Hi All,
Is there any way of using keys on routers so that a copy run scp: will
use them?
Then I don't need the password but can use a public key
Thanks
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they ar
seeing things though.
>
> Thanks
> Justin
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Ian MacKinnon
Lumiso
>
> Tim:>
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Ian MacKinnon
Lumison
t: 0845 1199 900
d: 0131 514 4055
--
This e
Hi All,
It's a while since I looked at Cisco Works.
I am considerigf LMS 3.0, does it still include the Access List Manager
functionality?
I am finding it hard to find reasonable documentation.
I have downloaded the eval copy, but not had the chance to find a server
to install it on.
Thanks
--
ate release than the top secret gear that keeps being name dropped
> in software release notes! ;-)
>
> alan
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cis
breaks up.
does anybody have this working?
- Done.
-- Forwarded message --
From: "Ian MacKinnon" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Tue, 19 Jun 2007 14:39:26 +0100
Subject: ADLS QOS on 7200
Hi All,
We are using BT for DSL here in the UK, an
th
all of that available as 2M priority voice.
It was non priority traffic that was being badly affected, but there was
not 2M of voice at the same time.
>
> Rodney
>
>
> On Thu, Jun 07, 2007 at 02:50:14PM +0100, Ian MacKinnon wrote:
>> Hi All,
>>
>> Given the co
Hi All,
Given the config below for a vpn tunnel, when I add the command "qos
pre-classify" to the crypto map and the tunnel interface, I get really
bad slowdown of traffic.
2. Questions, is anybody using qos pre-classify to prioritise voice?
And I just wonder if trying to shape the tunnel and sha
90 262196
> M:+44 (0)7786 278716
> E:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]>
>
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/
What does your virtual template look like?
I have in addition to your ppp group a group for l2tp:-
aaa authentication ppp l2tptunnel group radius
and then :-
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname
lcp renegotiation on-mismatch
l2tp tunnel passw
Jefri Abdullah wrote:
> On 5/29/07, Ian MacKinnon <[EMAIL PROTECTED]> wrote:
>> Hi All,
>>
>> I am running SXF8 on some switches in the lab, and I now see that SXF9
>> is out.
>
>
> try this:
>
> boot system flash path_to_ios_bin_image
>
&g
Hi All,
I am running SXF8 on some switches in the lab, and I now see that SXF9
is out.
I am running the modular versions of IOS.
The documentation is not very clear on the process for upgrading the image.
I can see that the "install file" command can only install to newsys,
sys, or oldsys
So
Hi,
WAAS may be what you are looking for
http://www.cisco.com/en/US/products/ps6474/products_data_sheet0900aecd8058218c.html
Pak Tong Poy wrote:
> Hi group,
> Anyone knows if there is any WAN optimization product for IP carrier
> environment? I know there are product for entreprise environment. I
The million dollar question, is how much money do you have to spend?
Something like Netcool and Concord eHealth would work.
Janine Booysen wrote:
> Hi Gents,
>
> Recently I've heard that s. ex at the work place can cause Jitter
> Fluctuations. Can someone confirm this?
>
> LOL on a serious n
Tim Franklin wrote:
> On Tue, May 8, 2007 3:51 pm, Ian MacKinnon wrote:
>
>> I have a simple access list
>> ip access-list extended testlogging
>> permit ip any any
>
> Surely without 'permit ip any any log' you don't have any ACL logging,
> opti
Rubens Kuhl Jr. wrote:
>> Cisco Optimized ACL logging, what is it good for?
>> I have 6500s with Sup32, so PFC3B as required according to
>> http://www.cisco.com/univercd/cc/td/doc/product/metro/me6500/122zu/sg/acl.htm#wp1035490
>>
>
> This document is for ME6500, which uses PFC3C, not PFC3B. Is O
Hi All,
More stupid questions to keep you busy.
Cisco Optimized ACL logging, what is it good for?
I have 6500s with Sup32, so PFC3B as required according to
http://www.cisco.com/univercd/cc/td/doc/product/metro/me6500/122zu/sg/acl.htm#wp1035490
I have a simple access list
ip access-list extende
Hi All,
I am about to install some new 6500's with Sup32.
Is software modularity a sensible path to take for IOS version?
Looking at the release notes, it doesn't support MPLS/OSM/some SIP/SPA
but that's ok, I don't need those.
I am looking at IP Services.
Thanks
--
This email and any files
thanks for the script, we are now using it to check our transit connections.
Thanks again.
Shaun R. wrote:
> Wow, i got about 10 requests for my script! Figured i would post it here
> too. http://unix-scripts.com/
>
> There are a few other check scripts i wrote for nagios on that url also.
>
Hi all,
Has anybody seen a tool for converting Junos firewall rules into Cisco
ACL's?
I know Juniper have one to go the other way.
I have several hundred to do, and manually will be a pain and liable to
error.
Junos rules look like :-
filter test-out {
term permit_tcp_established {
Kurt Bales wrote:
> Hey Guys,
>
> We are migrating our services to a MPLS VPN (on our providers network). We
> are using OSPF to route between the remote sites and the providers VRF. We
> can only seem to get the OSPF sessions to establish if we use the same OSPF
> process ID as our provider, but
75 matches
Mail list logo
