Hi,
The license actually opens up the ASA up to the maximum number of VPN sessions
that the box can support. BUT, you are only legally allowed to have as many
users that have the ability to use VPN as the number of user-based licenses you
have purchased.
So, there is a difference on what numbe
Hi Gustav,
Found this compatability matrix specifically for ASR 9000 the other day
(researching CWDM XFP:s for our 9001).
https://supportforums.cisco.com/document/12940551/asr9000-optics-support-matrix
According to this the DWDM SFP+ for 9001 should be coded as
DWDM-SFP10G-xx.yy
/Ulrik
-Or
r [mailto:jan.gre...@chronix.org]
Sent: den 15 juni 2016 00:47
To: Ulrik Ivers
Cc: Josh Baird ; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA VPN/AnyConnect Licensing
Hello Ulrik,
this has puzzled me for some time. When you purchase the license, you can
activate it on 9 devices, as tha
If you go with the new PER USER licenses you buy the number of licenses that
equals the total number of users in the organization that will use VPN (not
concurrent users). These are not bound to a specific HW, they are bound to the
company/organization. This means that it doesn't matter how many
Hi David,
Has the exact same config, including the shared secret, ever worked? With
another RADIUS server?
I ask because we had a similar problem getting Radius to work with our ASR 9001
when they were first deployed. Don't remember if we saw any errors on the
Radius server though.
Root caus
Ah, didn't know that they could be managed without a controller. We'll put them
back on the evaluation list, but I think our volume is too low to get a price
that will fit the budget.
Regards,
/Ulrik
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
t; quality
4. Price less then $100-$110 ($80-$90 if SFP based)
Regards,
/Ulrik Ivers
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
The ASR-920-12CZ-A comes with 6 of the 12 1Gb ports enabled, no need for the 6
port license if you need less than 6 ports.
For BGP you need the Metro IP Access License
http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-732079.html
Re
maybe it's possible to tweak it with a
template change, but I doubt it.
/Ulrik
From: M K [mailto:gunner_...@live.com]
Sent: den 31 mars 2015 23:13
To: cisco-nsp@puck.nether.net; Ulrik Ivers
Subject: RE: Limited number of VFIs
Even with a different IOS image ? or
Yep, only 26 VFIs on ME3600
/Ulrik
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of M K
Sent: den 31 mars 2015 22:59
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Limited number of VFIs
SW(config)#l2 vfi test autodiscovery
Maximum number of
Hi,
Yes, agree that the new ASR920 is the one you should be looking at.
http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-733397.html
If you go with the ASR-920-24SZ-IM you can add a 2-port 10G interface card to
get 6x10G on the bo
Hi,
Well, the "something" on the ME3600 is quite simple to achieve. Something like
this:
service instance 1001 ethernet
encapsulation dot1q 11 second-dot1q 100
rewrite ingress tag pop 2 symmetric
bridge-domain 222
service instance 1002 ethernet
encapsulation dot1q 11 second-dot1q 110
Regards,
/Ulrik Ivers
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Friedrich, Gregor
Sent: den 14 november 2014 09:44
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Sup 2T IOS 15.0SY or 15.1SY radius server for management auth
inside VRF
Hi
As I
Hi,
The configuration guide states a maximum of 8192 bridge domains
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-1/lxvpn/configuration/guide/lesc41/lesc41p2mps.html
/Ulrik
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf
Hi,
Two things to check:
1. Make sure you have the following in the config:
same-security-traffic permit intra-interface
2. Make sure you have a the NAT rules configured correctly so that the traffic
between the VPN clients and the remote LAN is NOT translated (or in fact are
NAT:ed to themsel
Hi,
1. Check the name of the group in AD. Look for spaces or non-ASCII characters
in the name.
2. Check the names of ALL groups the user is a member of in the same way as 1.
This might me a long shot, but things like this have been root cause for me in
similar cases (not with ACS 5.2 though, ne
ion untagged
rewrite ingress tag push dot1q 2014 symmetric
mtu 1510
l2vpn
xconnect group GROUP1
p2p CUST1
interface GigabitEthernet0/0/1/18.1
neighbor ipv4 1.1.1.12 pw-id 2014
----
Regards,
/Ulrik Ivers
___
cisco-nsp mailing list cisco
We've deployed a pair of Nexus 6001 as a L2/L3 Aggregation in a multi-tenant DC.
The Nexus 6001 runs vPC and HSRP for redundancy and multiple VRFs. They are
then connected to a pair of ASR9Ks. OSPF between Nexus 6001 and ASR.
So far we're very happy with the setup
/Ulrik Ivers
---
Hi,
We are also running HSRP on SVIs via service instances OK.
Regarding the ARP strangeness - there is a confirmed bug with ARPs on SVI:s
with psudowires (aka routed pseudowires)
CSCui90484
Affects 15.3(3), but fixed in 15.3(3)S2.
/Ulrik Ivers
-Original Message-
From: cisco-nsp
Hi,
Sounds like Unidirectional Link Detection Protocol (UDLD) could be something
for you to check out.
Here's a prey good explanation of how it works:
http://packetlife.net/blog/2011/mar/7/udld/
Regards,
/Ulrik Ivers
-Original Message-
From: cisco-nsp [mailto:cisco-nsp
address 10.1.1.1 255.255.255.0
xconnect vfi VPLS-120
However, I read your question as you have p2p xconnects in the bridge domain,
in addition to the vfi? That I have not implemented or tested.
Also, I think the SVI has to be UP for the VC to be brought up.
Regards,
/Ulrik Ivers
-Original
Hi Adam,
Thank you for your suggestion.
However, CE2 and CE2 are only running OSPF, not BGP. All PE routers are running
a full mesh iBGP, with OSPF as the underlying IGP. So I don't think your
suggestion works in our environment.
Regards,
/Ulrik Ivers
-Original Message-
From:
we need to manually create route-maps in PE2 to
set a higher cost for the subnet from CE1 when redistributing into OSPF?
Regards,
/Ulrik Ivers
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco
Hi,
Can't help you with the N7K, have no experience with them. But we deployed a
couple Nexus 6001 recently, running NX-OS 6.0(2)N2(2).
We use exclusively third party SFP and SFP+, from a local supplier, in these
without any problem. The SFPs are coded as Cisco in the EPROM, we don't need to
24 matches
Mail list logo
