Can you post "show proc cpu | exc 0.0"
show proc cpu-usage sorted non-zero
Mike
On Tue, Jun 4, 2024 at 7:02 PM harbor235 wrote:
> What features do you have enabled? NGFW and/or NGIPS? These features can
> limit the box to 450Mbps.
>
> Mike
>
> On Tue, Jun 4, 202
What features do you have enabled? NGFW and/or NGIPS? These features can
limit the box to 450Mbps.
Mike
On Tue, Jun 4, 2024 at 6:53 PM Lee Starnes via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:
> Hello Everyone,
>
> I have an odd issue trying to track down. We are seeing issue whereby
>
Hi all,
Looking for a Cisco CPE that can do up to 2Gbps, basic routing nothing
fancy.
4451 w/2Gbps license and 2xSM-X's could do the trick, thoughts, better
choice?
Needs to be Cisco , eng group is finicky
Mike
___
cisco-nsp mailing list
:45 AM Gert Doering wrote:
> Hi,
>
> On Fri, Oct 14, 2022 at 10:27:16AM -0400, harbor235 via cisco-nsp wrote:
> > How are you integrating NTP into your infrastructures? Is it part of your
> > management network(s)?
>
> NTP servers (appliances from Meinberg and regular F
To all,
How are you integrating NTP into your infrastructures? Is it part of your
management network(s)?
In the past it used to be that the management network was a flat network,
now we deploy north of the FW security zone management network and south of
the FW security zone management network.
ert Doering via
> juniper-nsp" juniper-...@puck.nether.net> wrote:
>
> [External Email. Be cautious of content]
>
>
> Hi,
>
> On Thu, Jul 07, 2022 at 08:41:56AM -0400, harbor235 via juniper-nsp
> wrote:
> > Since Flowspec arrived, are there an
Since Flowspec arrived, are there any uses for SRTBH?
Anyone using TrinityCyber, them use a different approach to IDS and is not
strictly signature based but more TTPs? Write up appear to be good, curious
if anyone is using their products?
Mike
___
Hi all,
Anybody out there integrating production environments (real-time service
delivery), test, and development labs into a single architecture? I do not
like this idea if it is avoidable. I understand supposed savings, but the
cost of an unplanned event negates the implied savings.
thoughts?
How are your organizations dealing with Cisco equipment and usage of third
party optics?
1) Cisco or "third party"?
2) Cisco policy regarding third party components?
Is it worth the risk?
Hello,
What is your replacement strategy for Cisco gear reaching EOL milestones?
I prefer not to replace at the end of SW maintenance releases but prefer
the end of vulnerability/Security support. My assumption is by then all the
major bugs and fixes should be remedied/ fixed by then and the
How are you IP'ng your connector networks between core and distribution?
Public space or private? I do not like the potential overlap with
management networks and I cannot DNS mike connector networks making my
traceroutes look pretty.
I also like loopbacks publicly routable as well? Some
Hi,
Has anyone established a remote access vpn inside another remote access vpn?
Does it work? any challenges, do you need the same VPN client?
thanks in advance,
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Thanks for the follow up Rob, I have really loved your site over the years,
first started using the site while at Digex in late 90s early 2000s.
Mike
On Mon, Dec 30, 2019 at 2:08 PM Rabbi Rob Thomas wrote:
> Dear Mike,
>
> > Does anyone have any updated router hardening guidelines, some of the
Does anyone have any updated router hardening guidelines, some of the sites
I reference have not been updated for some time. e.g. www.team-cymru.org
thanks in advance,
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Hi everyone,
What are your experiences with Nexus5K ISSU and VPCs. Do you see service
interruptions? ISSU is never quite ISSU. During role changes and/or VPCs
reforming I see short duration losses. Is this standard?
Mike
___
cisco-nsp mailing list
Hi noggers,
I have a UCS/Bladeserver that i want to understand how management traffic
is handled to and from VMs. The UCS/Bladeserver has a dedicated management
interface and can be connected to the management network for configuration
purposes. My question is how is management taken care of for
Looking for real word experiences virtualizing router and firewall services
with rates above 1Gbps on x86 platforms. Most testing I have been involved
with virtualizing routers and firewalls, performance drops
dramatically above 1Gbps.
Connections per second are critical for a firewall in
Gents,
I have a green field IPv6 infrastructure that I am standing up, I plan on
allocating unique IPv6 net block ranges for infrastructure nets
(loopbacks/routerid, pt-to-pts), service delivery allocations (customer
services), North of the security boundary layer, south of security boundary
Doering wrote:
> Hi,
>
> On Sun, Jul 22, 2018 at 01:02:19PM -0400, harbor235 wrote:
> > Can anyone clarify if hard bounce messages types can singularly be
> > configured to soft bounce (e.g Soft_bounce=yes, postfix) or is it an all
> or
> > nothing configurati
Hi Noggers,
Can anyone clarify if hard bounce messages types can singularly be
configured to soft bounce (e.g Soft_bounce=yes, postfix) or is it an all or
nothing configuration change.
Also, is there any definitive guide to improve your Internet mailer
reputation?
steps to correct, I am aware of
Has anybody configured a GRE tunnel between a Cisco router and a NSX Edge?
I am going to give it a try, hopefully someone can confirm its possible?
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
In a HA configuration (dual rail) do I really need two route processors per
chassis? What does the extra cost really get me? ISSU that does not always
work?
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
d neither side
> has to work about DR. Internally we use RRI into our IGP to steer traffic
> to the proper router.
>
> On Thu, Feb 8, 2018 at 5:34 PM harbor235 <harbor...@gmail.com> wrote:
>
>> I am looking to implement a highly available IPSEC route based VPN.
>> T
I am looking to implement a highly available IPSEC route based VPN.
Traditionally I would bring up multiple tunnels with multiple BGP peers in
a dual router setup.
IPSEC HSRP design appears to be the flavor of the day, failover times
appear to be lengthy compared to failover times via BGP. IS
oncerned that the 6500 would stop switching VLAN101 after it's
> been assigned to the svclc.
>
> Just wanted to get confirmation on that before I drop all my traffic
> accidentally :-)
>
> On Tue, Aug 16, 2016 at 2:20 PM, harbor235 <harbor...@gmail.com> wrote:
>
>> Confi
Config looks good for the 6500 portion of the config as long as the vlans
you have specified for vlan-group 10 are unused?
I also assume you have created the vlans as well?
Mike
On Tue, Aug 16, 2016 at 8:07 AM, Chris Knipe wrote:
> Hi Guys,
>
> Quick question... I'm about
Anybody have experience with network devices in covered areas not directly
exposed to the elements but exposed to external temperature variations?
Do I need an enclosure or is there exterior models that cam withstand the
elements?
Google-fu revealed Cisco 3010.
Mike
Thanks, your responses jogged my memory!
Mike
On Wed, May 13, 2015 at 6:07 AM, Mikael Abrahamsson swm...@swm.pp.se
wrote:
On Tue, 12 May 2015, harbor235 wrote:
I want to ensure that enabling multicast does not overwhelm my router
memory resources, does anyone know how to estimate memory
I want to ensure that enabling multicast does not overwhelm my router
memory resources, does anyone know how to estimate memory requirements for
multicast?
Specifics:
PIM Sparse mode, Auto RP feature enabled, and 24 RPs. I realize that this
is a function of sources and streams. I want to
I am curious in regards to which supervisor you are using with this
configuration? I have a ws-x6516-GBIC I would like to use
with a 720-3B and would like to verify it can be used. My card has a DFC3
daughter card that has been installed, I am in the process
of removing that card and my fingers
:02, harbor235 harbor...@gmail.com wrote:
I am trying to understand the VLAN mapping feature specifically on the
7600. I read a bit but would like confirmation on how it works once
implemented.
When the feature is enabled it effects all ports on the linecard port
ASIC,
so
I am trying to understand the VLAN mapping feature specifically on the
7600. I read a bit but would like confirmation on how it works once
implemented.
When the feature is enabled it effects all ports on the linecard port ASIC,
so it is linecard dependent.
My Question:
1) Do all ports have to
Anybody have any experiences they want to share with Level3's L2VPN service?
I am looking for performance, stability, and support issues?
thank you,
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
I wanted to start a discussion around the design of a VPN Exchange in a
MPLS environment. For a particular organization that may possess numerous
L3VPNs is there a standard design practice for inter VPN traffic flows?
Obviously any such exchange would be a natural security enforcement point
as
Right, I saw that one, not sure exactly what it means, does it require
DFCs, we do not have DFCs so thats why I am a little gun shy.
Mike
On Tue, Sep 18, 2012 at 1:04 PM, Steven Raymond
sraym...@acedatacenter.comwrote:
On Sep 18, 2012, at 10:56 AM, harbor235 wrote:
My google fu has
I am being told that InfoBlox management is restricted to one interface
only. For example,
once the management GUI is bound to an interface all management traffic is
now bound to
that same interface only, e.g. SNMP, SYSLOG, SSH, etc ..
I am hoping this is not the case and this is configurable
My thoughts are that this group is very knowledgeable about all networking
topics and it makes sense to me
that someone may have ran across this issue.
Mike
On Wed, Apr 24, 2013 at 10:08 AM, Gert Doering g...@greenie.muc.de wrote:
Hi,
On Wed, Apr 24, 2013 at 09:08:40AM -0400, harbor235
Can anyone provide insight into how to defeat DNS amplification attacks?
thanks,
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I hope someone has seen something like this:
%SW_MATM-4-MACFLAP_NOTIF: Host .. in vlan 111 is flapping
between port Fa0/15 and port Fa0/8
Fa0/15 and F0/8 are server ports,the servers connected to the ports are
sending Ethernet frames destined to the all zero's mac address.
What is
Anyone know of any low cost reliable alternatives to the
Cisco-WS-G5483-GBIC?
thanks,
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Aivars,
Best practice would be to remove VLAN 1 from the list of trunked VLANs.
Mike
On Mon, Dec 10, 2012 at 10:39 AM, Aivars aiv...@ml.lv wrote:
Hi,
I thought that CDP essence is to help understand what device you
have at the other end of the wire no matter what. You just plug one
Has anyone connected a Juniper EX series switch with a Cisco switch (I have
a 3550)?
Do you use a standard crossover cable? MDIX?
Any Layer 2 issues with RSTP and PVST+?
Any specific configuration required to make it work?
Stability?
thanks in advance,
Mike
Can anyone shed some light on the Level 3 issues ? I see the Level3
NTT interchange is experiencing issues, anyone else having problems?
Miek
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
Can anyone point me to a reputable custom fiber patch supplier,
looking for an Internet based company with quick response times.
thanks,
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
, harbor235 harbor...@gmail.com wrote:
Can anyone point me to a reputable custom fiber patch supplier,
looking for an Internet based company with quick response times.
thanks,
Mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
Can anyone tell me the requirements for rack clearances in all directions
when building server rooms (too small for datacenter size)
I seem to remember 3 feet in any direction? Of course you have equipment
loading and unloading so front and back clearances
may be different?
Mike
My google fu has not turned up anything definitive on the 7600 PBR
performance, is it done in hardware
or is it down in software? With or without DFCs. Can anyone provide any
insight into sup720 PBR performance?
My feeling is if we enable PBR it may negatively impact the box, assume PBR
related
Installed fllowd, from debug I see that am receiving V9 records, however
flow records are not
being written to /var/log/flowd. Has anyone experienced this or could you
offer up
any suggestions?
thanx,
Mike
___
cisco-nsp mailing list
I am having the hardest time finding docs on ISRG2 performance comparisons
for the 3900 and
the 3900E models. I am interested in the 3925/3925E, Before anyone
lmgtfy.com's typical marketing
data I found, there are slot differences, built-in LAN interfaces
differences, etc ...One uses the SPE100
Herro91 (what kind of name is that?),
Looks like the ASA 1000v and the Nexus 1000v should be able to do this as
part
of a clear data center strategy for Cisco. But .
IPV6 ACLs are still not supported on the *1000v products, doh
Your best bet may be to police the vlans on the
I am sure it will do V6, but is the hardware optimized for V6?
V6 hardware forwarding and TCAMs able to handle the tens of millions of
routes
expected. Perhaps there will be incremental updates so they can soak us
thoroughly
So, will it do V6 well is the real question?
Mike
2012/2/10 Łukasz
As far as the tens of millions of routes comment goes, my thoughts
are along the lines of no real hardware out there designed for V6
from the get go. Its all old V4 designed hardware retro-fitted for V6
with a few exceptions.
My rant did proceed with thoughts on the edge forgetting it was a
Take a look into importing routes from one vrf into another using an import
map.
check out a previous thread:
http://puck.nether.net/pipermail/cisco-nsp/2005-November/025500.html
https://supportforums.cisco.com/thread/2097252
Mike
On Fri, Feb 3, 2012 at 9:00 AM, Covalciuc Piotr
The provider is using compression to get you the 50/5 number. The 2811
represents the true bandwidth allocation.
Did they ask you to go to a provider site to optimize your laptop?
Verizon did that to me, they told me I have 25 symteric although
I only get 8 symetric when I use my *NIX box to
http://lmgtfy.com/?q=cisco+anyconnect+software+Upgrade
I have always wanted to do this!!! Not trying to be mean ;-}
Mike
On Mon, Dec 19, 2011 at 1:38 PM, Scott Voll svoll.v...@gmail.com wrote:
easy question I'm sure. How do you turn off the feature on the ASA that
forces the upgrade
it comes to
throughput.
- -Vinny
On 12/19/2011 1:21 PM, harbor235 wrote:
The provider is using compression to get you the 50/5 number. The 2811
represents the true bandwidth allocation.
Did they ask you to go to a provider site to optimize your laptop?
Verizon did that to me, they told
I would love to take all my denied syslog events and summarize the attacks.
Does anyone know of open source that can do that? I am not talking about
summarizing
the log messages but for instance the attempts on port 5060, SQL injection,
etc
Mike
Assuming you have a recent version of code (8.2.1 and up) you should enable
netflow version 9
support. This will give you a five tuple of releveant flow
information: Protocol,
Src Address, Src Port, Destination Address, Destination Port, perhaps
netflow coupled with user info via accounting will
Depends, if the two ISP peers were located at two different POPs and your
layer one connectivity
was diverse this would help your AS in more failure scenarios than a single
threaded design. Of course
I would also diversify the connections onto different linecards/slots as
well.
Mike
On Tue,
Robert,
That's why I replied it depends, I wanted to ensure Zaidoon was aware of
scenarios
where it was appropriate.
Mike
On Tue, Aug 23, 2011 at 9:02 AM, Robert Raszuk rob...@raszuk.net wrote:
Well of course.
But I assumed that the question is about connecting the given pair of
ASBRs over
So here is my scenario, I have a primary Internet gateway service at
location X
and a backup gateway service at location Y. To add resiliency to my design I
am
thinking about adding a layer 2 device into the mix at location X that uses
a large
SP layer 2 service connecting the two sites at layer2.
Anyone tested a reliable 10 GigE traffic generator capable of layer 2-7
that can also simulate client server type conenctions? I have purchased
one such simulator with mixed results, hopefully someone in the community
has had success somewhere else?
thanx in advanced,
Mike
Did you really daisy chain your switches like that?
mike
On Thu, Apr 21, 2011 at 10:36 AM, Martin T m4rtn...@gmail.com wrote:
I have a following setup:
http://img534.imageshack.us/img534/7190/lanparty.png
I can manage all the switches + Cisco 2801 router. Cisco 7206VXR is
managed by
Sounds like an mtu issue.
mike
On Thu, Apr 14, 2011 at 12:48 PM, Bunny Singh jump2fl...@yahoo.com wrote:
I'm having a problem with incoming SfTP hanging. I can see the
initial handshake occuring but directory listing not coming and giving
timeout, Users trying access our sftp
Thanx for all the replies, I kicked off xmodem last night and when i cam
back in this morning the IOS was on the flash. I am not sure why I could not
tftpdnld the image with a tftp server that supports large file tansfers, but
at least the router is up.
thanx again,
harbor235
On Tue, Jun 15
.
harbor235 ;}
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
The entire contents of the flash is erased, or so says the dialogue when you
initiate tftpdnld. It is a 64M compact flash card.
The cf card reader sounds interesting .
Xmodem is ongoing, this will be very painful,
harbor235
On Tue, Jun 15, 2010 at 2:45 PM, Peter Rathlev pe...@rathlev.dk
tftpdnld should have worked, IOS
size, checksum, etc all good ...
harbor235 ;}
On Tue, Jun 15, 2010 at 4:40 PM, Andriy Bilous andriy.bil...@gmail.comwrote:
iirc 3825 has an USB socket which is accessible from rommon and if I am not
mistaken you could boot from it.
On Tue, Jun 15, 2010
It is supported with 12.3 for sure ..
On Tue, Feb 23, 2010 at 3:01 PM, Steven Pfister spfis...@dps.k12.oh.uswrote:
Is that supported by 3640? We may have old versions of IOS... it doesn't
seem to be recognized by any of the ones I've tried.
Steve Pfister
Technical Coordinator,
The
Tim,
I got the following of from Cisco pertaining to your error message;
ExplanationAnother router on the link has sent router advertisements
with parameters that conflict with this router.
Recommended ActionVerify that all IPv6 routers on the link have the same
parameters in the
The cisco ASA proxy authentication would authenticate you prior to being
NAT'd, if that fails you are prevented from gaining external access. Thsi
can be accomplished for any application you wish. I am sure most if not all
enterprise class firewalls have this feature.
Mike
On Wed, Dec 16,
Is anyone out there utilizing a collapsed P/PE in thier MPLS networks?
Do you regret deploying the architecture and what are the problem areas if
any?
I assume it's a dollar issue and as long as you have minimal PE to CE
aggregation
this is the way to go. However, if you need to scale this
Or, the devices on the inside network have an incorrect mask
mike
On Wed, Sep 30, 2009 at 11:00 PM, David White, Jr. (dwhitejr)
dwhit...@cisco.com wrote:
Hi Brad,
The below static would not cause the behavior you describe.
Are you sure you don't have another static (outside,inside)...
Is anyone out there using 6500 modular code? Is it stable? I have a 6509
with 720-3B, I would like
to use the modualr code but also do not want instability, any
thoughts/experiences would be appreciated.
mike
___
cisco-nsp mailing list
They are still there, 12.0(32)SY9 is the latest. There is a S as well but it
is not as well deployed.
I was looking today, go figure.
mike
On Thu, Aug 20, 2009 at 4:49 PM, Michael K. Smith - Adhost
mksm...@adhost.com wrote:
Hello:
Does anyone know what happened to the 12.0S GRP images? The
I would not use VLAN for disabled ports either, create a PARK vlan and
reassign all
unused diabled ports to the PARK vlan. That wy vlan 1 has no chance to be
mistakenly
activated.
mike
On Wed, Aug 19, 2009 at 3:02 AM, Seth Mattinen se...@rollernet.us wrote:
shadow floating wrote:
Hi All,
I
When adding ports to a spanning-tree instance, spanning-tree discovers and
eliminates
loops in the topology. What your are experiencing is an as designed
feature of spanning tree.
You can segment your layer2 domain via PVST/PVST+ or you can segment your
layer 2 domain
using MST via customer
in the per-VRF BGP configuration.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: harbor235 [mailto:harbor...@gmail.com]
Sent: Tuesday, July 14, 2009 6:51 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] CE routes
I was just reading best
I was just reading best practices for MPLS implementations regarding CE to
CE connectivity issues,
specifically, CE to CE pings. The document stated that redistributing
connected PE routes into BGP was
the preferred method to ensure CE to CE ping success as well as other
connectivity issues. This
| Purchase, NY 10577
http://www.ox.com | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of harbor235
Sent: Tuesday, June 16, 2009 3:46 PM
To: cisco
I wanted to ping everyone on tools they were using to understand the
performace of their
network, specifically, measuring packet loss, latency, and jitter.
mike
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Greg,
I looked up the message and it appears to be a cosmetic bug.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprofforum=Network%20Infrastructuretopic=WAN%2C%20Routing%20and%20SwitchingtopicID=.ee71a06CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40
I am looking to gather information on what metrics NOCs collect for a tier 2
, tier 3 personnel for WAN status and performance monitoring.
I feel the following are useful, any additional info on beneficial metrics
will be helpful.
Interface/Node availability
latency/jitter on major network paths
Most likely the 5 routes are not reachable. If you just added the routes via
a supernet advertisement
and they do not exist elsewhere, either locally connected or learned via an
IGP this behavior will happen.
This is normal and the correct way for BGP to operate.
mike
On Fri, Feb 6, 2009 at
I am looking to deploy a Ethernet Ring topology in a campus. The ring is to
connect
multiple buildings via a high speed 10G backbone. Does Cisco offer any
products in this
area? The ONS is too expensive, looking for something smaller that is
Ethernet based.
mike
:21 PM, harbor235 harbor...@gmail.com wrote:
I am looking to deploy a Ethernet Ring topology in a campus. The ring is
to
connect
multiple buildings via a high speed 10G backbone. Does Cisco offer any
products in this
area? The ONS is too expensive, looking for something smaller
86 matches
Mail list logo