that it is used for
Anybody out their have any ideas on this issue?
Jeff Fitzwater
OIT Network Systems
Princeton Univesity
---
vlan group
To create or modify a VLAN group, use the vlan group command in global
configuration mode. To remove a VLAN list from the
no way to enable logging for MLS RATE LIMITERS.
Any ideas?
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.
se a really new proto called DHCP, that
should do it.
Thanks,
Jeff Fitzwater
OIT Network Systems
Princeton University
On Mar 21, 2011, at 14:02 , Nick Hilliard wrote:
> On 21/03/2011 17:50, Jeff Fitzwater wrote:
>> Since the NXOS only supports RIP V2 (from what I have read), is t
have read), is there any
undocumented support for RIP V1?
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
from what I see.
>
> -Vinny
>
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net
> [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeff Fitzwater
> Sent: Monday, February 28, 2011 3:40 PM
> To: Bill Blackford
> Cc: cisco-nsp@puck.nether.net
> Subjec
to a new VRF is
> anything like changing a hostname, then you're require a reboot.
>
> -b
>
>
>
> On Mon, Feb 28, 2011 at 11:08 AM, Jeff Fitzwater wrote:
>> Running 12.2.33-SXI3 on 6500
>>
>>
>> Config had one IP interface.
>>
>&g
key zeroize rsa switch-core1.ox.co
and the phantom key will be gone.
----
Need help... any ideas???
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/ma
propagates through?
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net
difficult to
change 100s of switches.
Is there some way around this issue ?
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco
ean I have to reset the switch for it all to take effect?
Thanks for any help.
Even more confused than yesterday!
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/ma
Does anybody know what the new SXI spanning tree command does ...
spanning-tree portfast network
I understand and use PORTFAST but the NETWORK option has me stumped.
The doc does not explain what the NETWORK option really does.
Thanks for any help.
Jeff Fitzwater
Princeton University
a non cisco box, which does not support UDLD, so if
LACP can deal with a unidirectional link I won't have to worry about UDLD.
Thanks,
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nethe
Is there any problems with running LACP with CWDM equipment inline with one
port of a channel? Also if both ports go through CWDM?
Just need to make sure it works as advertised.
Thanks for any help.
Jeff Fizwater
Princeton University
___
cisco-
Amber right on
interface. I would think that normal operation (most cases) would indicate
all green, but then again I don't know the equipment.
Anybody have a manual?
Thanks in advance.
Jeff Fitzwater
Princeton University
___
cisco-nsp ma
Thanks all . It's fixed ;~)
Jeff
On Jun 2, 2010, at 12:04 , Harold 'Buz' Dale wrote:
> I think it's something like "crypto key generate rsa"
> Buz
>
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net
> [mailto:cisco-nsp-boun
t doing it right.
I tried clearing the keys and re-generating them, but I still get
AUTHENTICATION failed on client, and on router I get logs ...
SSH2 1: RSA_sign: privae key not found
SSH2 1: signature creation failed, status -1
Any ideas.
Thanks in advance.
Jeff Fitzwater
O
Does that device support the FORMAT command to redo the NVRAM?
Jeff
On Jun 1, 2010, at 10:55 , Mohammad Khalil wrote:
> The issue is that i can start the router and the IOS is loaded successfully
> when i type anything and save it such as a hostname or interface description
> and reload the rou
I am guessing you are in ROM MON mode and need to get the IOS loaded and then
the config.
I believe you need to do...
boot system flash (any sub device goes here)
Jeff
On Jun 1, 2010, at 09:45 , Mohammad Khalil wrote:
>
> The current IOS is c2600-advipservicesk9-mz.124-18e.bin
>
> i tried
in the order they
were entered.
Doesn't RANCID only compare the current running to a saved running config.
So in our case we still have to keep a commented file history around.
Not sure what the best solution is, and in our case mistakes can be made.
Jeff Fitzwater
OIT Ne
not clarify how it
should be configured.
Thanks for any help.
Jeff Fitzwater
OIT Network & Communications Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archiv
?
Stumped ?;~(
Jeff Fitzwater
OIT Network & Communications Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
the input vlan 4001 traffic that contains IPSec
traffic and passes it out the I1 vlan 4051.
The issue is only with IPSec traffic.
Has anybody seen this?
Thanks in advance.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp
e replaced the older 63xx/62xx
>>> series cards.
>>> - Jared
>>> On Nov 17, 2009, at 10:22 AM, Rubens Kuhl wrote:
>>>> SXI2a running fine with MPLS, QoS, SVIs (no BFD on those... :-(),
>>>> OSPF, BGP. PFC3C-only, no WAN cards/modules, no DFC.
>>
I have been running the SXI(3) on a test router with 100M MM 6324, which it did
not recognize in previous versions, and so far no complaints but then again
it's not in a real world yet.
Does anyone else have GOOD or BAD new on SXI(3)?
Jeff Fitzwater
OIT Network Systems
Princeton Unive
EtherType, and MAC addresses.
--
Thanks for the help.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Oct 29, 2009, at 11:40 AM, Phil Mayers wrote:
Jeff Fitzwater wrote:
My goal is to block IPV4 MDNS (This works) and now block all IPV6
from crossing between vlan
-mdns-data 5
match mac address vsix
action drop
!
vlan access-map block-mdns-data 10
match ip address ipv4-mdns-data
action drop
!
vlan access-map block-mdns-data 20
match ip address ipv4-any
action forward
vlan filter block-mdns-data vlan-list 2000
Need help!!!
Thanks
Jeff Fitzwate
MAJ, GOLD, TestErrorCounterMonitor: ID:
82 IN:0 PO:255 RE:1252 RM:255 DV:2 EG:2 CF:1 TF:5
76: 10/27/09 04:24:297/-1: MAJ, GOLD, TestErrorCounterMonitor: ID:
82 IN:0 PO:255 RE:1252 RM:255 DV:1 EG:2 CF:1 TF:4
--
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton
.
Any ideas on this issue? How else can it be done?
Thanks in advance>
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at h
Why do you say "TX does not support UDLD"? The doc and port configs
support it. Am I missing something?
Jeff
On Oct 2, 2009, at 11:14 AM, Nick Hilliard wrote:
[100% agreed on rant. ghods, it is so depressing to fork out for
cisco optics and find that they don't work on other cisco gear
According to the doc if I am using a TX port the DEFAULT is UDLD
DISABLED, so I have to enable it and also it states that I need to run
in AGGRESSIVE MODE when using TX.
I think I read that correct!
Jeff
On Oct 2, 2009, at 11:30 AM, Jeff Fitzwater wrote:
Why do you say "TX doe
converters because the Cisco ZX optics are very
expensive and the converters with 30KM optics are much cheaper than
the 60 KM ZX optics.
Thanks in advance...
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp
down state.
I don't want to turn any knobs unless I really understand what they do.
Jeff
On Sep 25, 2009, at 10:59 AM, Chris Griffin wrote:
try "no mls qos channel-consistency" under the port channel...
On Fri, 2009-09-25 at 10:33 -0400, Jeff Fitzwater wrote:
I have t
advance...
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
9-16 at 11:48 -0400, Jeff Fitzwater wrote:
I have a 3750 running 12.2.44
I have one or two units that I cannot https into because the
certificate cannot be trusted.
Everything seems to point to the keys on the switch and even after
generating new keys it still fails https.
I can ssh in to CLI,
oized keys and disabled ip http secure-server and reenabled
it, but still no luck.
I did not reset the switch yet.
Does anybody have any ideas on this.
I'am stuck.
Thanks in advance for any help.
Jeff Fitzwater
OIT Network Systems
Princeton
We have sup-7203C-10G and it show the module being supported.. It
also works in SXI just not SXI1 or 2
We are not running VSM
Jeff
WS-X6324-100FX-MM
1.52 a...@42 V
24-port 100FX Ethernet
•Single mode and multimode MT-RJ
•128-KB per-port packet buffers
•QoS port architecture (Rx/Tx): 1
Forgot to note that with SXI they work. Its the version 1 and 2
that have the problem.
Jeff
On Aug 27, 2009, at 5:42 AM, Jeff Fitzwater wrote:
We have 24 port 100FX MM boards WS-X6324-100FX-MM in a 13 slot
chassis, and none of these modules come up all the way with SXI1 or 2.
In
reload, but the status of module stays in OTHER and ports
are non functional.
The fix was suppose to be in rev SXI 2.
Has anybody else seen this?
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp
minutes ... But I just had it occur on less than 5 minutes
from
having the far end router and radio rebooted. And apparently my
attempt to
hardcode the MAC addresses on both ends didn't fix it. I am going
to start
blaming the radios I think ...
On 8/13/09 2:55 PM, "Jeff Fitzwat
u are saying? This would seem to say that the wireless
device may have some local proxy arp enabled so it responds to arp
requests on the local net.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Aug 13, 2009, at 3:08 PM, Rodney Dunn wrote:
I can't follow the problem.
ingle
lookup in cef issue".
Jeff Fitzwater
OIT Network Systems
Princeton University
On Aug 10, 2009, at 8:43 AM, Tony wrote:
Hi all,
I want to route traffic from one VRF to another VRF on the same
router. I did some searching and came across a prior discussion of
this very same top
Use the Entity MIB to map physical to index.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Jul 27, 2009, at 2:14 PM, Jeff Bacon wrote:
Hi folks -
I don't have fancy Ciscoware, I'm just using RTG to poll my 6500s.
Snmpwalk reports 4 different CPUs, indexes 1001,
Make sure you don't have "local proxy-arp " enabled on the SVI.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Jul 27, 2009, at 4:27 AM, PW wrote:
Hi All,
Recently we are seeing some unusual behaviour with one of our 6500
switches,
where it is broadcasting AR
fragged if larger than 1500, or dropped if the DF bit
is set. If you have defined an SVI to a 9k+ MTU, that will force the
L2 interfaces on that vlan to be the same since they must carry that
size packets.
Well its sounds good anyway, but nobody knows everything ;~)
Jeff Fitzwater
OIT
rely on the NMS (HP NNMi ) to build our layer 2 topo based
on those MIBS, and also TRAP correlation which uses the L2 topo to
isolate the problem.
Jeff Fitzwater
OIT Network & Communications Systems
Princeton University
On Jul 24, 2009, at 9:49 AM, Bill Blackford wrote:
You hit on
failure.
UDLD is needed for exactly the case you mention, or for cases where
one side of the link is "braindead" but does not bring the physical
link down (ie, software problem).
HTH,
Tim
At 07:57 AM 6/30/2009, Peter Rathlev stated:
On Tue, 2009-06-30 at 09:59 -0400, Jeff Fitzw
still thought it was connected.
I then disabled the UDLD and disconnect the fiber again and still had
both ends show link failure.
Q> So why does both ends go down? Is this a new code feature for
gig fiber ports or did I miss something?
Jeff Fitzwater
OIT Network Syst
Thanks for all the info. Thats what I thought, but I have people
checking on me.
Case closed.
Jeff
On Jun 11, 2009, at 1:13 PM, Peter Rathlev wrote:
On Thu, 2009-06-11 at 09:44 -0400, Jeff Fitzwater wrote:
We have the need to run two 3750 switches with jumbo frames (9000),
for a high
there isn't any impact for hosts with a 1500 MTU, its
just that the switch can now pass 9k frames if present. The switch
management was the other key issue.
Thanks
Jeff
On Jun 11, 2009, at 9:44 AM, Jeff Fitzwater wrote:
We have the need to run two 3750 switches with jumbo frames
the
management interface MTU at 1500 so the switch will use 1500 as packet
size for all management, is there any NEGATIVE ISSUES I should be
aware because of them being connected to the non-jumbo environment?
Thanks for any help,
Jeff Fitzwater
OIT Network Systems
Princeton University
Use an SVI for the routing and the L2 port for the trunking.
! SVI
interface vlan 100
ip address 10.10.10.10 255.255.255.0
interface gi1/0/1
switchport
switchport mode trunk
! Use the following if you need to use a native vlan.
! switchport trunk native vlan
!Use the following to restrict
I might mention that the "set vrf" is also in the SXI code and works
on 6500 with 720-CXL.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Mar 13, 2009, at 1:42 AM, Lincoln Dale wrote:
Jeff Kell wrote:
Aren't PBR and VRF mutually exclusive on all Catalys
Hello Jeff.
I just implemented VRF and PBR on a 6500 720-CXL running SXI code,
and have pushed 600Mb so far with switch CPU and Router CPU showing no
increase.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Mar 12, 2009, at 10:20 PM, Jeff Kell wrote:
Aren't PBR an
The mismatch in natives should work as long as you have CDP disabled
on those ports and maybe even STP disabled for vlan 1 and 200 on both
boxes.
What error message do you get when you have mismatched natives?
Jeff Fitzwater
OIT Network Systems
Princeton University
On Mar 11, 2009, at 7:59
many tunnel ports as you need. The ISP can now send what
ever VLANs they want and you do not need to change anything.
Read the doc and be aware of oversized packet handling within tunnel
switches.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Mar 4, 2009, at 9:46 AM, Charles
atic next hop
is not reachable then it does not get installed).
Well I thought it sounded good.
Jeff
On Mon, Feb 23, 2009 at 10:55 AM, Jeff Fitzwater
wrote:
This question was posted earlier, before I opened ticket with CISCO.
Router is 6500 with 720-CXL running SXI code.
1. I have rou
physical ports on vrf. This will not work for
us.
Does anybody know how to get statics working between VRF and global
table, if its even possible.
Really stuck!
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp m
Hello Jared,
We use only snmp V2.
Here is the URL
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800948e6.shtml
Jeff
On Feb 10, 2009, at 2:27 PM, Jared Mauch wrote:
On Tue, Feb 10, 2009 at 02:22:13PM -0500, Jeff Fitzwater wrote:
We are running 12.2.SXI on sup
uch faster but it doesn't help tools that must use snmp.
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
anyway).
Can I peer directly with the VRF without doing an import from the
global table so only it has the ESNet routes?
Does anybody have any suggestions on this issue?
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
TFLOW and SNMP that I
can't use.
Our next upgrades may not be CISCO and I know we are not the only ones.
Jeff Fitzwater
OIT Network systems
Princeton University
On Dec 12, 2008, at 12:25 PM, Phil Mayers wrote:
I haven't looked into it, but perhaps you can find a cisco specific
mi
nd push it to a host, but cannot find
any reference to it now. Any ideas on this?
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman
SHUN?
I thought that using the SHUN would be simpler than modifying an ACL,
but it might be faster.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailma
I believe if you just add the vlan to any trunk it will come up, even
if you don't need that vlan on the trunk port.
On Oct 1, 2008, at 9:02 AM, Bagosi Rómeó wrote:
Hi,
Is there a way to force a VLAN interface (ex.: interface vlan 400)
to UP/UP state on a Cisco UC520 (router, switch...),
FWSM's. Here's the bug id: CSCsI39710. We had to
upgrade the
code to SXH4 to resolve this. It may be something else but the
experience
sounds similar to what he was experiencing.
On Tue, Sep 30, 2008 at 9:41 AM, Jeff Fitzwater
<[EMAIL PROTECTED]> wrote:
I have FWSM running 4.0
problem or know of fix?
I have ticket open with CISCO support.
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
-46SG).I had to load it on the flash card and
then boot from flash.
The other trick is the default route must be entered as follows...
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 n.n.n.n
Also... ntp server vrf mgmtVrf
Jeff Fitzwater
OIT Network Systems
Princeton University
On Sep 10, 2008, at 2
PIX ASA or FWSM?
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
transmitted traffic to RP CPU.)
(config-mon-local)no shutdown (This is needed to turn on monitor)
(config-mon-local) exit (Must exit in order for no shutdown to take
effect)
Thanks for any advise on this config.
Jeff Fitzwater
OIT Network Systems
Princeton University
Small correction to question.
The counter in question, is a per host counter not the overall shun
stats counter.
If I have 20 hosts as SHUNed Inever see the counter per host go over
65K.
Jeff
On Sep 8, 2008, at 3:07 PM, Jeff Fitzwater wrote:
Can anyone confirm that the counter for
Can anyone confirm that the counter for "show shun statistics" on a
FWSM, is a 16 bit counter wrapping at 65K entries? If so is there
any way to change it (which I doubt)?
We are running 4.02 code and use the SHUN heavily.
Thanks for any info.
Jeff Fitzwater
OIT Netwo
Does anyone know if VTY and snmp ACLs are implemented in hardware or
software on a 6500 with 720-CXL running 12.2(33)SXH.
I am trying to understand COPP and move away from the VTY and SNMP ACLs.
Thanks for any info.
Jeff Fitzwater
OIT Network Systems
Princeton University
DNS
and the inside IP is unreachable.
Is this error just telling me that there is no corresponding flow for
the initial flow and some timer has expired within the DNS-GUARD code
of the FWSM.
I sure could use some help on this one.
Thanks in advance.
Jeff Fitzwater
OIT Netwo
: Cannot HALT Dic#1
17:22:40.691 FW[Mod 12]: ME_AR#0 WARNING: Cannot FLUSH Dic#1
17:22:40.735 FW[Mod 12]: AR#1 WARNING: Cannot HALT Dic#1
17:22:40.743 FW[Mod 12]: ME_AR#1 WARNING: Cannot FLUSH Dic#1
Thanks for any help;
Jeff Fitzwater
OIT Network Systems
Princeton University
Is there another CISCO MIB that can be accessed without using
indexing that contains the BRIDGE FDB with vlan info?
It sure would be nice to have this work since all our other switches
support it.We are trying to come up with an accurate way to model
L2 VLANs .
Thanks for any inpu
Rubens, what issues do you mean? I am running H2a on 5 720-cxls.
Very interested!
Jeff Fitzwater
OIT Network Systems
Princeton University
On Jun 22, 2008, at 6:20 PM, Rubens Kuhl Jr. wrote:
After less than enthusiastic responses to 12.2(33)SXH2a (see the two
messagens in the cisco-nsp
to do the summarization. Not sure
exactly how this might impact the BGP route injection.
Is it possible for our IGP (RIP) to inject something into the table
that might do this ?
Thanks for the help.
Jeff
On Jun 5, 2008, at 5:29 PM, Deepak Jain wrote:
Justin Shore wrote:
Jeff Fitzwater
2a release, but I wanted to get this out to the list first.
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archi
Take a look at this doc, some version of CISCO had POE PINOUT incorrect.
http://pinouts.ru/Net/poe_pinout.shtml
Jeff Fitzwater
OIT Network Systems
Princeton University
On May 15, 2008, at 2:34 PM, Jeff Cartier wrote:
> No Phones are connected to the switchports which are having the
>
If you have Spanning tree enabled on the CISCO (which is default )
then you need to add "spanning-tree portfast " to all access ports.
This will speed up initial boot of machine instead of going through
the LISTENING LEARNING FORWARDING states.
Well this sounds like your probl
I sure hope Justin lets us know what the problem really was, after all
this..
Jeff Fitzwater
OIT Network Systems
Princeton University
On May 15, 2008, at 3:56 AM, Whisper wrote:
> Justin, I have alwasy been under the impression that Network Engineers
> primary role was going
local
connection if hardwired.
9 Lasts but not least, don't worry we will have a new President soon.
Good luck
Jeff Fitzwater
OIT Network Systems
Princeton University
On May 13, 2008, at 11:15 AM, Rick Martin wrote:
>
> I know this is not really a Cisco specific qu
On May 7, 2008, at 1:42 PM, Dale W. Carder wrote:
>
> On May 7, 2008, at 10:37 AM, Jeff Fitzwater wrote:
>> We currently have two FWSM running 3.2 and are awaiting new code to
>> fix some transparent mode issues.
>
> I would like to know what you're seeing.
Our FWS
. I thought the FWSM was the
latest and greatest and came from the ASA.
Anybody heard anything like this?
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/lis
orrect in my interpretation of your question?
>
> Thanks
> jms
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Jeff
>> Fitzwater
>> Sent: Friday, May 02, 2008 17:06
>> To: cisco-nsp@puck.nether.n
Does anybody know how a numbered standard ACL that is applied to snmp
traffic via commands shown below, actually works?
Does the SNMP process still get touched when a DENY is hit?
snmp-server community RO 99
snmp-server community RW 99
Thanks for any info.
Jeff Fitzwater
OIT
Now that was fun... wasn't it!
You are now an official NDE club member. ;~}
Jeff
On Apr 30, 2008, at 2:52 PM, Andy Ellsworth wrote:
> Aaron Fabiani wrote:
>> Try adding:
>>
>> mls flow ip interface-full
>>
> Aaron just sent me the above suggestion privately (thanks Aaron!), and
> it's looking li
Looking at your config again, I don't see the command which enables
the PFC flows "mls netflow" just those two words.
Jeff Fitzwater
OIT Network Systems
Princeton Univesity
On Apr 29, 2008, at 10:28 AM, Andy Ellsworth wrote:
> I'm pulling my hair out with TAC's l
. The issue there is the TCAM flow mask conflict.
I did not have time to get the config posted but when I get a chance I
will.
Our first run also only produced routed flows but we finally got the
L2s working which smoked the flow collector and sporadically caused
90% spikes in CPU .
Jeff
Oops I misspoke ont the VLAN-BASED. That is only need for QOS
microflow policing. The problem we had is that QOS (microflow
policing ) and NDE are exclusive. One or the other.
Then again CISCO changes how it works every release.
Good luck.
Jeff Fitzwater
On Apr 29, 2008, at 12:33
flow layer2-switched vlan ###" command.
You will probably want to reduce the netflow cache timers to get the
flows exported without missing any.
Hope some of this helps but I might have missed something for your IOS.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Apr 29,
That is how I have all ports confgured as stated in my original mail.
Jeff
On Apr 17, 2008, at 4:32 PM, Saku Ytti wrote:
> On (2008-04-17 15:29 -0400), Jeff Fitzwater wrote:
>
>> I have been seeing ports transitioning from TRUNK to NON-TRUNK in
>> logs.I don't know wh
find info on this anywhere, but it appears DTP is running or the
switch downstream is doing something.The downstream is NOT CISCO.
We are running 12.2(37)SE1
Need some help on this one.
Thanks
Jeff Fitzwater
OIT Network Systems
Princeton
NG
and NDE at same time.
What works in one version may not work in another. We have had many
headaches with NDE configs.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Apr 17, 2008, at 11:49 AM, virendra rode // wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
&
Great, but I would keep an eye on your SWITCH and ROUTER CPU.
We were seeing spikes of 70% on Router CPU because he is the guy that
exports the flows.
We were using sup 720-3B but now have 720-CXL and haven't enabled NDE
yet.
Jeff Fitzwater
OIT Network Systems
Princeton University
On A
BRIDGED flows to be
included, (port to port within switch) but don't remember what they
are.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Apr 16, 2008, at 12:20 PM, Paul Stewart wrote:
> Hi there...
>
> I am trying to turn up netflow reporting on a 6500 - ra
.
Q. Does anybody have any ideas on this before I submit it to TAC?
Its been a long day so maybe I missed something.
Thanks for any help.
Jeff Fitzwater
OIT Network Systems
Princeton University
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
.
Without more details that's all I know.
Jeff Fitzwater
OIT Network Systems
Princeton University
On Mar 7, 2008, at 10:27 AM, Andrey O.Sokolov wrote:
>
>
>Good day!
>
>I have cisco7606 with sup32, IOS 12.2(33)SRB2, c7600s3223_rp-
> ADVIPSERVICESK9-M
>
>Peri
We are upgrading our sup-720-3Bs to the 720-CXL with 10G ports, which
requires the SXH code.
Makes me a little nervous ~
Jeff Fitzwater
On Jan 29, 2008, at 2:46 PM, Gregori Parker wrote:
> Crippled indeed - I had 5sec-CPU samples spiking to 80% and above,
> causing packet loss
experience with the version of code or know of
an issues with the modular version.Maybe its way to earlier to go
modular.
Thanks for any help.
Jeff Fitzwater
OIT Network & Communication Systems
Princeton University
___
cisco-nsp mailing
1 - 100 of 125 matches
Mail list logo