[c-nsp] Hiding SCP Password Using Archive Feature

Hi Guys What I'm trying to achieve: 1. Every time an engineer runs the write-memory command, a copy of the running config is sent to my SCP server. 2. Every 7 days, a copy of the running config is sent to my SCP server. 3. The password in configuration is not shown in clear text. It's just #3

[c-nsp] Cisco 4k Performance and Boost Licensing

Hi Guys Quick question regarding the above. Can I activate a boost license independent of a performance license or do I need to activate the performance license and then the boost license? I was hoping I could just activate the boost license on a 4451 to give me 4Gb, rather than activate the

Re: [c-nsp] Dual Homed Site with L2 Backup

LAN one hop before (or anywhere >> it makes sense). >> >> This way you just run a vxlan extension over a layer 3 redundant path. >> >> On Sun, Dec 23, 2018, 02:48 Richard Clayton > >> > Hi Arie >> > >> > I did encounter the MTU requirem

Re: [c-nsp] Dual Homed Site with L2 Backup

ed (i.e. terminate it with >> layer 3 ports on both ends), and run the VXLAN one hop before (or anywhere >> it makes sense). >> >> This way you just run a vxlan extension over a layer 3 redundant path. >> >> On Sun, Dec 23, 2018, 02:48 Richard Clayton > >&

Re: [c-nsp] Dual Homed Site with L2 Backup

interesting to see how others would meet the requirement with this particular set of constraints. Thanks Rick gamma.co.uk On Sat, 22 Dec 2018, 20:29 Arie Vayner Vxlan is the future...  > Be very careful with the mtu implications. > > Tnx, Arie > > On Sat, Dec 22, 2018, 03:25 Richard

[c-nsp] Dual Homed Site with L2 Backup

Hi Guys Scenario Customer has dual homed geographically seperated site into mpls wan. They also have a single layer 2 circuit running between the two. The requirement is to backup the layer 2 over the wan circuits. The wan hardware at both sites is cisco 4k ios xe. I'm interested to know how

Re: [c-nsp] 4431 - L2TPV3 xconnect inside Service Instance

; https://www.cisco.com/c/en_in/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html > > > On Sat, 8 Dec 2018 at 10:27, Richard Clayton wrote: > >> Config snippet from both routers >> >> CE R1 >> interface GigabitEthe

Re: [c-nsp] 4431 - L2TPV3 xconnect inside Service Instance

/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html On Sat, 8 Dec 2018 at 10:27, Richard Clayton wrote: > Config snippet from both routers > > CE R1 > interface GigabitEthernet0/0/3 > description POP1-CE02 3750SW-1 > mtu 1600 > no ip addre

Re: [c-nsp] 4431 - L2TPV3 xconnect inside Service Instance

2018 at 18:04, Richard Clayton wrote: > Hi Guys > > I have two main sites, HQ and DR, the site has layer 2 p2p between them > and a 4431 on each for the WAN. They want layer two backup over the 4431 > WAN circuits for their existing layer 2 p2p. > I have tested L2TPV3 xconnect

[c-nsp] 4431 - L2TPV3 xconnect inside Service Instance

Hi Guys I have two main sites, HQ and DR, the site has layer 2 p2p between them and a 4431 on each for the WAN. They want layer two backup over the 4431 WAN circuits for their existing layer 2 p2p. I have tested L2TPV3 xconnect inside LAN facing Service Instance, the L2TPV3 session establishes,

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

The reason this particular customer wants to extend layer 2 is Vmotion. On 1 Feb 2018 17:04, "Aaron Gould" wrote: > So I think (I could be wrong as I'm not a server guy) that all this L2 > network emulation is because of server virtualization and moving vm's or > vmotion or

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

but was good to play with OTV in a lab environment. May come across it one day out in the wild. Thanks Rick On 26 January 2018 at 15:23, Richard Clayton <sledge...@gmail.com> wrote: > Hi Guys > > I have configured Multihomed OTV in a virtual lab on EVE-NG using Cisco > CSR's. The lab

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

an answer on that it would be great. For now I am happy to design OTV into my customer solution. Thanks Rick On 26 January 2018 at 15:23, Richard Clayton <sledge...@gmail.com> wrote: > Hi Guys > > I have configured Multihomed OTV in a virtual lab on EVE-NG using Cisco > CSR's.

[c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

WAN/Overlay interface, it does not send out a TCN, I had wireshark running. Thanks Rick -- If you try to reinvent the wheel you will end up with something non-round and should expect an uncomfortable ride. The wheel has no copyright. Richard Clayton - 17/11/2014

Re: [c-nsp] NTP DDoS

Nobody is safe now Jared :-) On 13 February 2014 13:59, Jared Mauch ja...@puck.nether.net wrote: Yeah, but I didn't mean for you to make that public :( - jared On Feb 13, 2014, at 5:10 AM, Nick Ryce n...@fluency.net.uk wrote: You can check for open ntp servers within your AS with the

Re: [c-nsp] NTP DDoS

The details of the attack I was involved with were - upstream bandwidth spike from customer to Internet (only flatlined due to CPE buffer). - downstream bandwidth towards customer didn't really show any significant change but did hurt our edge buffers. - 1000's of inbound NTP connections from

[c-nsp] NTP DDoS

Seems to be doing the rounds, had a fault open for a couple of days with a 100Mb Ethernet customer, reported fault was packet loss, Cacti showed an upstream flatline of 30Mb and an increase in downstream, as the circuit traffic had recently increased 1st line support presumed that the BT Wholesale

[c-nsp] Route Target Export Propagation Time

scenario On a single PE with two VRF's, I create a RT export on VRF A and a RT import on VRF B, VRF A has some prefixes to export which appear in VRF B after approx 20 seconds, what process dictates the 20 seconds and is it configurable. Thanks Sledge

Re: [c-nsp] Route Target Export Propagation Time

awesome, thanks for the info. On 10 January 2014 11:34, Oliver Boehmer (oboehmer) oboeh...@cisco.comwrote: Richard, On a single PE with two VRF's, I create a RT export on VRF A and a RT import on VRF B, VRF A has some prefixes to export which appear in VRF B after approx 20 seconds, what

Re: [c-nsp] Weird problem with 2960S and desktop switch

By higher priority did you mean lower bridge priority or higher bridge priority? On 10 January 2014 14:14, Garry g...@gmx.de wrote: Just a followup on this problem ... I was on site, and it turns out the desktop switch indeed tried to take over as root bridge of the STP. Anyway, even when

Re: [c-nsp] Weird problem with 2960S and desktop switch

or the new switch has a lower bridge priority. On 10 January 2014 15:03, a.l.m.bu...@lboro.ac.uk wrote: Hi, if the burnt in MAC address is lower then it will take overso i guess the new switch has a higher mac address than your switch. alan

Re: [c-nsp] 3rd party alternative to MEMUSB-1024FT for ISR G2

After spending a small fortune on sticks I found one that works from romon and IOS for the whole ISR G2 range Corsair Flash Survivor Stealth - USB flash drive - 16 GB - USB 3.0 Its also waterproof, sturdy and comes in matt gangsta black. On 2 December 2013 22:42, Richard Clayton sledge

Re: [c-nsp] Maximum Throughtput Cisco Router

with NAT and packet marking I get 260Mb/s synchronous with G711 size frames (75% CPU) with NAT, packet marking and ZBF I also get 260Mb/s synchronous with 512byte frames (75% CPU) On 26 December 2013 14:48, Darwin Santana d...@casainteligente.com.dowrote: Hi All, Can I handle a 400 Mbps or

Re: [c-nsp] MPLS/VPN Loadbalancing with 2 CPE routers

Nicolas Can I please ask what benefits you want to achieve by load balancing the two WAN circuits and also using IBGP between the two CPE. Thanks Rick On 21 December 2013 12:10, Chris Stand cstand...@gmail.com wrote: Bonjour, I do not know your exact topology well enough, but could you

[c-nsp] 3rd party alternative to MEMUSB-1024FT for ISR G2

Thought I would ask you guys as I'm on the 3rd stick that doesn't work, the only one that 100% works is my Corsair survivor 32GB but I am looking for other alternatives for this platform. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] Effect of simultaneous TCP sessions on bandwidth

Whats the cpe cpu running at with both streams, have you tried adjusting the window sizes on the servers, could help with bandwidth delay product. On Sunday, 10 November 2013, Youssef Bengelloun-Zahr wrote: 2013/11/10 Phil Mayers p.may...@imperial.ac.uk javascript:; On 11/10/2013 05:42 AM,

Re: [c-nsp] Configuring Multiple Cisco Devices

I use Solarwinds NCM On 31 October 2013 12:02, Ahmet Uncu uncuah...@gmail.com wrote: Hello all, I need to configure about 300 cisco routers/switches same time. Could you offer me a free software that can do this?IT looks like ciscocmd can do this, but it has lack of documentation since I am

Re: [c-nsp] Configuring Multiple Cisco Devices

Since I didn't read the email properly, it's very good though. On 3 November 2013 11:09, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Since when was that free? -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp

Re: [c-nsp] Customer access to PE

I've worked in a couple of ISP's and MPLS VPN environments and have friends that currently work in other providers, we've never had experience of customers having configuration CLI access to what I presume is a PE with multiple customers configurations on, I believe Provider Edge should be just

Re: [c-nsp] qos plan - advice please

Identify the QoS capabilities of all the kit in the hops, identify any pinch points, identify the traffic you would like to prioritise, by how much and in which direction, identify which points will be using L2, L3 and mpls exp as the classification, if you get it all on paper it might start

Re: [c-nsp] MPLS down to the CPE

They will always have a job for you there with that design. On 25 July 2013 13:04, Adam Vitkovsky adam.vitkov...@swan.sk wrote: I see so the islands are stitched together over the CsC L3VPN, since all islands have the same AS together they act like a common AS. And the CsC L3VPN is provided

Re: [c-nsp] router selection......

I got 300Mb synchronous throughput on the 2951 @ 512byte frames with packet marking enabled (50% CPU) 140Mb synchronous @ 214byte frames with packet marking enabled (50% CPU) 45Mb synchronous @ 214byte frames with packet marking and NAT enabled (50% CPU) 20Mb synchronous @ 214byte frames with

Re: [c-nsp] router selection......

it depends on your traffic profile, how much is voice and how much is data, packet sizes and how much of the traffic will traverse the ZBFW On 24 May 2013 15:53, Scott Voll svoll.v...@gmail.com wrote: Sorry for the cross post. But I wasn't sure which was the better forum to post in. I

Re: [c-nsp] ipsla - latency - related to cellular backhaul

I would use udp-jitter, like this ip sla 1 udp-jitter 1.1.1.1 16384 codec g711alaw codec-numpackets 600 codec-interval 100 tos 184 tag probe my remote site ip sla schedule 1 life forever start-time now The tos is optional, we use it to test for voice media quaility, udp traffic should not

Re: [c-nsp] ipsla - latency - related to cellular backhaul

** ** ** ** *From:* Richard Clayton [mailto:sledge...@gmail.com] *Sent:* Friday, April 26, 2013 6:27 AM *To:* Tony *Cc:* Aaron; cisco-nsp@puck.nether.net *Subject:* Re: [c-nsp] ipsla - latency - related to cellular backhaul ** ** I would use udp-jitter, like this ip sla 1 udp

Re: [c-nsp] NAt issue - two isp connections, need to nat 2nd isp for two dest addresses only

I had an ALG bug which I raised with TAC, took 8 months and 4 TAC Engineers (I use the word Engineers loosely) but finally they released an IOS with a specific fix, we got there in the end. On 19 April 2013 09:57, Reuben Farrelly reuben-cisco-...@reub.net wrote: Yes it certainly should work,

Re: [c-nsp] ISRG2 'right to use' licensing

After 60 days does the router need a reload to change the 'Type' field from Evaluation to Permanent or does it happen dynamically. Thanks Rick On 21 February 2013 20:49, Lukasz Bromirski luk...@bromirski.net wrote: On Feb 19, 2013, at 11:51 AM, Richard Clayton sledge...@gmail.com wrote: Hi

[c-nsp] ISRG2 'right to use' licensing

Hi Does anybody know the exact process to activate 'right to use' licencing on the ISRG2 platform, we currently install permanent licensing and it's a long, drawn out, time consuming process. Thanks Sledge ___ cisco-nsp mailing list

Re: [c-nsp] ISRG2 'right to use' licensing

Tim Thanks for that, can the licenses be disabled at will or after this process do they become permanent 'right to use'. On 19 February 2013 11:00, Tim Franklin t...@pelican.org wrote: Does anybody know the exact process to activate 'right to use' licencing on the ISRG2 platform, we

Re: [c-nsp] ip tcp adjust-mss

Eric I needed to use this command the other day, I have an 887VA-M and the BT FTTC product, I bypassed the BT modem and connected directly into the BT wall socket with the 887VA-M as it has a VDSL interface (just a config tweek) The config I was using was PPPOE which adds 8 bytes to the frame so

Re: [c-nsp] ISR G2 Interface RX Performance

On 25 January 2013 23:11, Nathanael Law nathanael@aimco.alberta.cawrote: Hello all, We're having some issues with a 3925 and real-time UDP traffic bursts. The bursts are approximately 1500 packets long and are sent in 5.7 ms for an effective rate of ~250 kpps (~375 Mbps). The steady

Re: [c-nsp] VPN on 7200

You could forget supporting the VPN on the 7200 and run an openvpn tunnel between a Linux host at the site and one where you are, a simple p2p would work between the two servers (I use an inexpensive Linux plug server as its only management traffic), it would be secure as far as the wan is

Re: [c-nsp] Cisco 867 SIP NAT

I am currently running SIP ALG on 1000 devices without any problems, a mixture of 857 and 887VA-M. I originally had a problem with the 887VA-M but a bug fix was released after I raised a TAC case. Cheers Sledge On 9 January 2013 00:12, Jared Mauch ja...@puck.nether.net wrote: IOS

Re: [c-nsp] ISR G2 Licenses - Permanent vs Right To Use

All ours say Index 2 Feature: securityk9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium On 28 November 2012 11:52, Steve McCrory smccr...@gcicom.net wrote: Hi Group,

Re: [c-nsp] ISR G2 Licenses - Permanent vs Right To Use

Reuben How do I activate a RightToUse licence, I have only ever used the permanent process before. Thanks Sledge On 28 November 2012 12:23, Reuben Farrelly reuben-cisco-...@reub.netwrote: On 28/11/2012 10:52 PM, Steve McCrory wrote: Hi Group, RightToUse (RTU) license are licenses that

[c-nsp] Interface Buffer and Queue Limit ISRG2

Good Evening Does anybody know what the default buffer is on the Gig interface of an ISRG2, also, if the answer is 1000 packets is there any point in having a queue-limit higher than 1000 packets in the default-queue of a QoS shaping policy attached to one of the interfaces. Will having a

Re: [c-nsp] ME3600X Output Drops

George I believe you will be able to specify a % of the available buffer for queue-limit in a future release and you will also be able to specify 100% of the buffer for each individual queue-limit. Thanks Sledge On 23 August 2012 11:57, George Giannousopoulos ggian...@gmail.com wrote: If I

Re: [c-nsp] Troubleshooting uncategorized output drops and errors on the 6500

John Could your drops be due to microburst On 26 July 2012 18:37, John Neiberger jneiber...@gmail.com wrote: I've got another strange issue brewing. We have a 1-gig interface on a 6500 (6748 blade) that has a high number of output errors and output drops. The drops are not queue drops. Here

Re: [c-nsp] DHCP NAT router limitations

I know that with Packet Marking, NAT and Firewall enabled with 512byte frames you will get 50Mbps (symmetric) throughput out of a 2921 (cpu running at 75%) If this were a router to provide Internet to end users then you would have more traffic dowload than upload and with 50Mb download and say an

Re: [c-nsp] L2TP IP TOS Reflect

This is my config and it works fine vpdn-group 1 request-dialin protocol l2tp domain me.com initiate-to ip 192.168.50.50 local name me l2tp tunnel password 0 password l2tp tunnel receive-window 10 ip tos reflect On 3 May 2012 10:54, ar ar_...@yahoo.com wrote: Anyone tried this in l2tp? ip

Re: [c-nsp] ISRG2

Ah, somebody asked me this on a previous post and I forgot to answer, I have extensive testing results which I will post to you in raw format now. Any questions on the format just ask. On 30 March 2012 14:57, harbor235 harbor...@gmail.com wrote: I am having the hardest time finding docs on

Re: [c-nsp] routerperformance

I have performed extensive testing of this platform with different features enabled if you need anything specific. On 23 March 2012 21:40, Keegan Holley keegan.hol...@sungard.com wrote: Does anyone have the throughput numbers for the new cisco 29XX/39XX routers? I see they continue to omit

[c-nsp] QoS - Fair Queue effect on CPU

I have been searching for any real world examples or information on the effect the 'fair queue' process has on router cpu, does anybody have any experience of this particularly with multiple high bandwidth flows on the ISRG2 platform. I know it's not an exact science and I am being specific with