Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

We upgraded the 920 to 16.12.06 this morning. No change. Still not learning MAC addresses on port te0/0/4. So, back to the drawing board. On Mon, Jul 11, 2022 at 1:31 PM Gert Doering wrote: > Hi, > > On Mon, Jul 11, 2022 at 04:47:57PM +, Brian Turnbow wrote: > > > On Mon, Jul 11, 2022 at

Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

Hi, On Mon, Jul 11, 2022 at 04:47:57PM +, Brian Turnbow wrote: > > On Mon, Jul 11, 2022 at 03:59:02PM +, Brian Turnbow wrote: > > > Yep, sounds like the infamous uptime over 2 years "feature" from 3.16 > > (something).. > > > Reboot and upgrade was the only way we fixed it > > > > Uh.

Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

Hello, On Mon, 11 Jul 2022 at 18:20, Adrian Minta wrote: > Yes, this is one of the bugs in 3.x trains. The solution is to upgrade > to something like 16.12.x. Well, we don't really know what the solution is, unless someone is actually running a significant number of boxes of previously affected

Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

I don't believe that my issue is uptime related. A cold-boot of the router didn't fix anything. I am going to work on upgrading the IOS and see what happens. On Mon, Jul 11, 2022 at 12:50 PM Adrian Minta wrote: > > On 7/11/22 19:31, Shawn L wrote: > > A-ha. I was still on 3.18.06. I'll try

Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

On 7/11/22 19:31, Shawn L wrote: A-ha.  I was still on 3.18.06.  I'll try that Shawn On Mon, Jul 11, 2022 at 12:26 PM Adrian Minta wrote: Yes, this is one of the bugs in 3.x trains. The solution is to upgrade to something like 16.12.x. -- Best regards, Adrian Mi

Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

Hi, On Mon, Jul 11, 2022 at 03:59:02PM +, Brian Turnbow wrote: > Yep, sounds like the infamous uptime over 2 years "feature" from 3.16 > (something).. > Reboot and upgrade was the only way we fixed it Uh. Could you elaborate on what that "feature" is, exactly? We recently had an ASR920

Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

A-ha. I was still on 3.18.06. I'll try that Shawn On Mon, Jul 11, 2022 at 12:26 PM Adrian Minta wrote: > > On 7/11/22 16:22, Shawn L wrote: > > I have a strange one. I have a ASR-920-4SZ ( 2 copper ports, 4 10-gig > sfp > > ports all licensed). > > > > > > A day or 2 ago, the connection drop

Re: [c-nsp] ASR920 randomly loosing layer-2 on a port

On 7/11/22 16:22, Shawn L wrote: I have a strange one. I have a ASR-920-4SZ ( 2 copper ports, 4 10-gig sfp ports all licensed). A day or 2 ago, the connection dropped and we're back to the same situation again. Link is up, but not learning mac addresses from te0/0/4. Nothing has changed (w

[c-nsp] ASR920 randomly loosing layer-2 on a port

I have a strange one. I have a ASR-920-4SZ ( 2 copper ports, 4 10-gig sfp ports all licensed). In one of the 10gig sfp ports I have a cisco copper SFP. The interface configuration is really basic interface TenGigabitEthernet0/0/4 description P2P Connection to no ip address no negotiatio

Re: [c-nsp] ASR920 - new lines in config after reboot

Thanks -- someone else suggested that as well, and it does seem to make sense. >From the logs it appears to have always been 0x2102, but that doesn't mean that something strange didn't happen or that it's actually telling the truth about what it's set to. I may have to add this to the list of str

Re: [c-nsp] ASR920 - new lines in config after reboot

That to me smells like a change in your config-register. Not saying I know how it changed or why, but that is one of the bits. (0x0400, if I recall correctly.) On 5/16/21 3:27 PM, Shawn L wrote: As strange as the ASR920 routers can behave at times, I've never seen this one before. Wondering

[c-nsp] ASR920 - new lines in config after reboot

As strange as the ASR920 routers can behave at times, I've never seen this one before. Wondering if anyone else has. We have a remote site with a ASR920-12CZ router running 3.16 (03.16.05.S.155-3.S5) which has been fine for quite a while now (years). Yesterday there was a power outage at the site

Re: [c-nsp] ASR920 lock up

On 3/1/21 6:54 PM, Jerry Bacon wrote: I have an ASR-920-24SZ-M running XE 16.11.01a. The other night it completely locked up with this error message: %IOSXE-3-PLATFORM: R0/0: kernel: mmc0: Card stuck in programming state! mmcblk0 card_busy_detect It required a complete power down to restore.

[c-nsp] ASR920 lock up

I have an ASR-920-24SZ-M running XE 16.11.01a. The other night it completely locked up with this error message: %IOSXE-3-PLATFORM: R0/0: kernel: mmc0: Card stuck in programming state! mmcblk0 card_busy_detect It required a complete power down to restore. The only other thing we noticed was a

Re: [c-nsp] ASR920 Port Licensing

Nicolas, Is this already ordered? If so, license generation takes minutes and something is wrong. Do you have TAC case with GLO (Global Licensing Team)? Please provide me with the box information and TAC/GLO case if you have it, I’ll check what’s going on (to lbromirs-at-cisco.com

Re: [c-nsp] ASR920 Port Licensing

Hello, It's been a while (more than 1 month) since we are waiting for the licence to enable the 6 others 1Gb ports on an ASR920. That's crazy !!! Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-n

Re: [c-nsp] ASR920 Port Licensing

Wed, Feb 24, 2021 at 05:47:48PM +0100, Gert Doering wrote: > If only Arista had something comparable to the ASR920 line (port/footprint/ > pricing)... I also have been badgering them about this for a while and keep getting told there might be something in the pipeline, but too early to count chi

Re: [c-nsp] ASR920 Port Licensing

Don't get me started on ASR920 serial management ... On 2/24/21 7:48 PM, joe mcguckin wrote: I refuse to buy in to ’Smart Licensing’ and ‘Port Licensing’. So far, we have been able to avoid buying from vendors who practice such anti-customer policies. I refuse to buy products with licensing s

Re: [c-nsp] ASR920 Port Licensing

I refuse to buy in to ’Smart Licensing’ and ‘Port Licensing’. So far, we have been able to avoid buying from vendors who practice such anti-customer policies. I refuse to buy products with licensing schemes that require the equipment to ‘phone home’ or where a vendor through an error could rem

Re: [c-nsp] ASR920 Port Licensing

I have to say, we're not really happy with them at this point Just had a call with Cisco. Showed them the router that only has 6 functional ports, and 3 more with the exact same IOS and licensing that have all of the ports functional. They can't explain what the difference is. Their only res

Re: [c-nsp] ASR920 Port Licensing

On Wednesday, 24 February, 2021 16:47, "Gert Doering" said: > Yep. Welcome to the world of "we truly understand what our customers > are really expecting from a network vendor". I do wonder if someone - Enterprise customers? - is actually asking for this kind of time-bomb phone-home licensing

Re: [c-nsp] ASR920 Port Licensing

On 2/24/21 6:47 PM, Gert Doering wrote: Hi, Yep. Welcome to the world of "we truly understand what our customers are really expecting from a network vendor". If only Arista had something comparable to the ASR920 line (port/footprint/ pricing)... gert Arista 7020SR-32C2 is the closest mat

Re: [c-nsp] ASR920 Port Licensing

Hi, On Wed, Feb 24, 2021 at 11:36:48AM -0500, Shawn L wrote: > Interesting. It is full of surprises. So that brings up the next > question. what happens when someone upgrades the IOS and the licensing > model changes? > > I can definitely see a situation where that happens and ports that us

Re: [c-nsp] ASR920 Port Licensing

Interesting. It is full of surprises. So that brings up the next question. what happens when someone upgrades the IOS and the licensing model changes? I can definitely see a situation where that happens and ports that used to be in service are now unlicensed. That'll be a fun one to trouble

Re: [c-nsp] ASR920 Port Licensing

Hi, On Wed, Feb 24, 2021 at 06:42:41AM -0500, Shawn L wrote: > On the new router that was sent, only 6 ports are operational. The other 6 > are disabled, and won't enable, giving me license error when I try. > Cisco's telling me that the licenses on both the new and old routers match, > so their

[c-nsp] ASR920 Port Licensing

Another member just sent a question about smart licensing, and it got me thinking that I should post my current issue here and see if anyone has seen this before, or if I'm crazy (or Cisco is). Last summer I purchased 6 ASR920-12SZ-D routers/switches. These are the ones with 12 10-gig ports. Des

Re: [c-nsp] ASR920 as an iperf host?

Thanks -- that was exactly what I was looking for. I'm attempting to prove a circuit. I'm pretty sure that it's operating correctly, but I wanted the peace of mind that what I believed was happening was correct. On Fri, Jan 15, 2021 at 10:33 AM Thomas Scott wrote: > I've seen ASR920s do a Y.1

Re: [c-nsp] ASR920 as an iperf host?

I've seen ASR920s do a Y.1564 test over L2, but never an L3 iPerf test. Are you attempting to prove (or disprove) a circuit? Some digging shows this document Y.1564 Capabilities of ASR920 (cisco.com)

[c-nsp] ASR920 as an iperf host?

Does anyone know if there's a way to do basic speed testing to / from an ASR920? I know you used to be able to use ttcp on some cisco routers to do basic testing, but it doesn't seem to be available on the 920. Or, if there's a way to do any sort of link speed testing between 2 ASR920s? I have a

Re: [c-nsp] ASR920 Break Into ROMMON

Ya, gotta open it up. Take the top off and can't miss it. On Fri, Dec 4, 2020, 8:10 PM Shawn L wrote: > Where is the SD card? I’m guessing you need to open the chassis to get at > it? > > On Fri, Dec 4, 2020 at 7:06 PM Scott Miller wrote: > > > This worked! I pulled the SD card, slotted into

Re: [c-nsp] ASR920 Break Into ROMMON

Where is the SD card? I’m guessing you need to open the chassis to get at it? On Fri, Dec 4, 2020 at 7:06 PM Scott Miller wrote: > This worked! I pulled the SD card, slotted into a linux laptop, renamed > the "good" ios file to the "bad" name, slotted the SD card back into the > 920 and booted

Re: [c-nsp] ASR920 Break Into ROMMON

great news. On Friday, December 4, 2020, Scott Miller wrote: > This worked! I pulled the SD card, slotted into a linux laptop, renamed > the "good" ios file to the "bad" name, slotted the SD card back into the > 920 and booted it up. Came up like a champ. Then, corrected my mistake > and of c

Re: [c-nsp] ASR920 Break Into ROMMON

This worked! I pulled the SD card, slotted into a linux laptop, renamed the "good" ios file to the "bad" name, slotted the SD card back into the 920 and booted it up. Came up like a champ. Then, corrected my mistake and of course ... removed "no service password-recovery" so that doesn't bite me

Re: [c-nsp] ASR920 Break Into ROMMON

tt > Miller > Sent: Friday, December 4, 2020 4:32 PM > To: c...@infowest.com > Cc: cisco-nsp > Subject: Re: [c-nsp] ASR920 Break Into ROMMON > > That's definitely worth a look, thanks. > > On Fri, Dec 4, 2020 at 5:18 AM Cassidy B. Larson > wrote: > > > I be

Re: [c-nsp] ASR920 Break Into ROMMON

That's definitely worth a look, thanks. On Fri, Dec 4, 2020 at 5:18 AM Cassidy B. Larson wrote: > I believe the bootflash is an SD card inside, you could pop it out and see > if you can modify it on another asr920 or device, renaming the new filename > to the one it's looking for. Long shot, bu

Re: [c-nsp] ASR920 Break Into ROMMON

I believe the bootflash is an SD card inside, you could pop it out and see if you can modify it on another asr920 or device, renaming the new filename to the one it's looking for. Long shot, but who knows, might work? On Thu, Dec 3, 2020 at 5:24 PM Scott Miller wrote: > Ya I tried that too, it

Re: [c-nsp] ASR920 Break Into ROMMON

Ya I tried that too, it still tries to find the wrong ios file and start's its loop again. This one might be a brick. On Thu, Dec 3, 2020 at 5:15 PM Aaron wrote: > Try this > > > https://packetlife.net/blog/2010/oct/11/recovering-no-service-password-recovery-service/ > > > On Thursday, December

Re: [c-nsp] ASR920 Break Into ROMMON

Try this https://packetlife.net/blog/2010/oct/11/recovering-no-service-password-recovery-service/ On Thursday, December 3, 2020, Aaron wrote: > Looks like you need to talk to TAC. The password recovery being disabled > is not your friend. > > https://community.cisco.com/t5/routing/asr-920-boot

Re: [c-nsp] ASR920 Break Into ROMMON

Looks like you need to talk to TAC. The password recovery being disabled is not your friend. https://community.cisco.com/t5/routing/asr-920-boot-fail/td-p/3834996 On Thursday, December 3, 2020, Scott Miller wrote: > The output didn't seem to format well, let's try it again: > > System Bootstra

Re: [c-nsp] ASR920 Break Into ROMMON

The output didn't seem to format well, let's try it again: System Bootstrap, Version 15.5(3r)S2, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2015 by cisco Systems, Inc. Compiled Wed 01-Jul-15 03:53 by sdcunha Starting Initialization of FMAN0 Loading uco

[c-nsp] ASR920 Break Into ROMMON

I have a ASR-920-12SZ-IM, which I inadvertently entered the wrong boot command in the config, saved the config and rebooted. Now it's stuck in a boot loop. I've tried breaking the boot, it asks if I want to reset to factory default, and I enter "y", it reboots but still tries to find that same ba

Re: [c-nsp] asr920 - pppoe - Filter-Id is fail

--- Begin Message --- > > Hello Everyone, > > I thought the pppoe server was not supported on the asr 920 platform ? AFAIK it is not officially supported and is not handled in hardware, but does "work". So it would be all cpu , will not scale and throughput would be limited. It does support In

Re: [c-nsp] asr920 - pppoe - Filter-Id is fail

Hello Everyone, I thought the pppoe server was not supported on the asr 920 platform ? Did you manage to get it working ? Thank you. Nick Le ven. 18 sept. 2020 à 21:26, Mike a écrit : > Hi, > > I got another one - > > Playing with my asr920 I have it working as a pppoe server. I noti

Re: [c-nsp] asr920 - pppoe - Filter-Id is fail

On Fri, 18 Sep 2020 at 20:29, Mike wrote: > > Hi, > > I got another one - > > Playing with my asr920 I have it working as a pppoe server. I notice > that if I have a radius attribute returned "Filter-Id" with the name of > a filter already on the box, the pppoe session doesn't come up and

Re: [c-nsp] asr920 - pppoe - Filter-Id is fail

On 9/19/20 4:16 AM, Chris Jones wrote: > Does it work any better if you use > > Cisco-AVPairs = “ip:inacl=MY_ACL” > Unfortunately, no it does not. I have verified I have a matching acl name, it just doesn't seem to want to fly. The only sss message I see just says: "Subscriber service profile has

Re: [c-nsp] asr920 - pppoe - Filter-Id is fail

Does it work any better if you use Cisco-AVPairs = “ip:inacl=MY_ACL” Regards, Chris Jones > On 19 Sep 2020, at 05:29, Mike wrote: > > Hi, > > I got another one - > > Playing with my asr920 I have it working as a pppoe server. I notice > that if I have a radius attribute returned "Filter-

[c-nsp] asr920 - pppoe - Filter-Id is fail

Hi,     I got another one -     Playing with my asr920 I have it working as a pppoe server. I notice that if I have a radius attribute returned "Filter-Id" with the name of a filter already on the box, the pppoe session doesn't come up and throws an error: Sep 18 12:11:13.636 PDT: RADIUS: Receiv

Re: [c-nsp] ASR920 LACP and xconnect

gt;; cisco-nsp@puck.nether.net <mailto:cisco-nsp@puck.nether.net> Betreff: Re: [c-nsp] ASR920 LACP and xconnect On Thu, 20 Aug 2020 at 19:16, Eric Van Tol <mailto:e...@atlantech.net> > wrote: Interface configs: interface GigabitEthernet0/0/0 mtu 1600 no ip address load-interv

Re: [c-nsp] ASR920 LACP and xconnect

Yes, you can use xconnect or bridge-domain (and then xconnect) under the dot1q evcs. -- Tassos Eric Van Tol wrote on 21/8/20 19:29: > But is this in an EoMPLS xconnect? That is the issue - the entire circuit is > in an xconnect and the neighboring device needs to 'peer' with ours through > LAC

Re: [c-nsp] ASR920 LACP and xconnect

Problem is essentially resolved. I got one direct response telling me to try configuring a pseudowire interface and using l2vpn context, then add the Po1 and PW interfaces as members. While I believe that would have worked, I discovered the customer wasn't even using their untagged VLAN2 for any

Re: [c-nsp] ASR920 LACP and xconnect

Hi, On Fri, Aug 21, 2020 at 08:34:14AM +0300, h...@interall.co.il wrote: > We have seen that as well. We had that recently with a new > international carrier. > Turns out when they set up the circuit on their optical switching > equipment (whether it be Ciena, ECI, Infinera, Cisco or whoever)

[c-nsp] ASR920 LACP and xconnect

p@puck.nether.net> > Betreff: Re: [c-nsp] ASR920 LACP and xconnect > > On Thu, 20 Aug 2020 at 19:16, Eric Van Tol mailto:e...@atlantech.net> > wrote: > > Interface configs: > > > > interface GigabitEthernet0/0/0 > > mtu 1600 > > no ip addres

Re: [c-nsp] ASR920 LACP and xconnect

But is this in an EoMPLS xconnect? That is the issue - the entire circuit is in an xconnect and the neighboring device needs to 'peer' with ours through LACP. I, too, have no issues with plain LAG setups using LACP. -evt On 8/21/20, 12:21 PM, "cisco-nsp on behalf of Tassos Chatzithomaoglou"

Re: [c-nsp] ASR920 LACP and xconnect

We haven't faced any issues with the following (ASR920 with 15.6(2)SP6): interface Port-channel1  service instance 100 ethernet   encapsulation untagged   l2protocol peer cdp lacp udld  !  service instance 501 ethernet   encapsulation dot1q x  !  service instance 502 ethernet   encapsulation dot1q

Re: [c-nsp] ASR920 LACP and xconnect

James, The same behavior, but there is no 'on' option for the ASR (in this XE version, anyway). Only options are 'active' and 'passive'. I think 'channel-group 1' is a valid config, but I have not tried it. Given some of the responses I've received already, I'm going to assume this is just not

Re: [c-nsp] ASR920 LACP and xconnect

On Thu, 20 Aug 2020 at 19:16, Eric Van Tol wrote: > Interface configs: > > interface GigabitEthernet0/0/0 > mtu 1600 > no ip address > load-interval 30 > negotiation auto > channel-group 1 mode active > ! > > interface GigabitEthernet0/0/1 > mtu 1600 > no ip address > load-interval 30 > negotiatio

Re: [c-nsp] ASR920 LACP and xconnect

We have seen that as well. We had that recently with a new international carrier. Turns out when they set up the circuit on their optical switching equipment (whether it be Ciena, ECI, Infinera, Cisco or whoever), there are some knobs that need to be adjusted to allow through all types of

Re: [c-nsp] ASR920 LACP and xconnect

Hi, On Thu, Aug 20, 2020 at 06:12:29PM +, Eric Van Tol wrote: > I???m trying to verify something here that is working, but also not working. > At some point, we built an LACP bundle to a customer device (2x1G ports) and > put it into an EoMPLS setup using xconnect to send it over to another

[c-nsp] ASR920 LACP and xconnect

Hi all, I’m trying to verify something here that is working, but also not working. At some point, we built an LACP bundle to a customer device (2x1G ports) and put it into an EoMPLS setup using xconnect to send it over to another site where they have a 10G single circuit. While the LAG is ‘up’ a

Re: [c-nsp] ASR920 Interface won't come up

setup ... -Original Message- From: cisco-nsp On Behalf Of Shawn L Sent: Monday, 1 June 2020 1:57 AM To: James Bensley Cc: Cisco Network Service Providers Subject: Re: [c-nsp] ASR920 Interface won't come up James I have spoken to TAC, but no resolution as of yet. After getting a

Re: [c-nsp] ASR920 Interface won't come up

James I have spoken to TAC, but no resolution as of yet. After getting all of the pertinent information, my TAC engineer dropped off the face of the earth for several weeks, then e-mailed me for times to discuss, then went dark again. I have to say, I'm not impressed. We've done some debugging o

Re: [c-nsp] ASR920 Interface won't come up

On Tue, 19 May 2020 at 00:22, Shawn L wrote: > > Had another weird interface issue on a pair of Cisco ASR920 routers. > Wondering if anyone has seen something similar before. > > Both are setup with basic routing, no layer-2 functionality over the link, > and pretty basic. > > interface TenGigabit

[c-nsp] ASR920 Interface won't come up

Had another weird interface issue on a pair of Cisco ASR920 routers. Wondering if anyone has seen something similar before. Both are setup with basic routing, no layer-2 functionality over the link, and pretty basic. interface TenGigabitEthernet0/0/4 description Feed mtu 9189 ip address 10.10.

Re: [c-nsp] asr920 tag translation 1-to-2 unsupported?

Yep - that absolutely works, thank you! On 4/20/20 6:29 PM, Tan Shao Yi wrote: > Hi Mike, > > Would this work for you? > > bridge-domain X > > interface A > service instance 1 ethernet > encapsulation dot1q 131 > rewrite ingress tag pop 1 symmetric > bridge-domain X > > interface B > service ins

Re: [c-nsp] asr920 tag translation 1-to-2 unsupported?

Hi Mike, Would this work for you? bridge-domain X interface A service instance 1 ethernet encapsulation dot1q 131 rewrite ingress tag pop 1 symmetric bridge-domain X interface B service instance 1 ethernet encapsulation dot1q 313 second-dot1q 10 rewrite ingress tag pop 2 symmetric bridge-domain

[c-nsp] asr920 tag translation 1-to-2 unsupported?

Hello,     I have an ASR920 and   I am trying to translate input dog1q tag '131' to dual-tagged '313,10'. My intention is to the bridge this over to another port that expects these frames on 313,10. But when I try configuring the translation, I get the following: Router(config)#interface gi0/0/0

Re: [c-nsp] asr920 pppoe on bdi

On 17/Apr/20 09:04, Mike wrote: > > What Im really trying to do is to setup direct EoMPLS between the router > and remote sites and offer a PPPoE service. I am presently doing this by > using a switch and having an eompls tunnel from the remote site to the > switch, which then decapsulates and d

[c-nsp] asr920 pppoe on bdi

Hi, Im trying to serve pppoe on a BDI interface and it ain't workin'... First, I can do this with an actual ethernet interface and works fine: Interface TenGigabitEthernet0/1/0.400  encapsulation dot1Q 400 second-dot1q 11  ip address x.x.x.1 255.255.255.0  pppoe enable group global  pppoe max-

Re: [c-nsp] ASR920: egress ACL on BDIs

--- Begin Message --- On Tue, 28 Jan 2020 at 17:28, Nathan Lannine wrote: > FWIW we are actually using object ACLs. What's the behavior then? Copy-swap? > Is there a real name for that which I'm not remembering? Object should be indeed copy-swap (atomic). -- ++ytti --- End Message --- ___

Re: [c-nsp] ASR920: egress ACL on BDIs

> > Somewhat related, IOS (all flavours) do in-place ACL unless you do > object ACLs. In-place ACL update behaviour essentially doubles your > FWIW we are actually using object ACLs. What's the behavior then? Copy-swap? Is there a real name for that which I'm not remembering? ___

Re: [c-nsp] ASR920: egress ACL on BDIs

> > Do you happen to have a bug reference for this? We’ve been seeing this > behaviour intermittently on some csr 1ks and haven’t had the time/energy to > debate it with TAC yet. Sorry, just saw this. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw19907 . That's for the Catalyst 4500x, which

Re: [c-nsp] ASR920: egress ACL on BDIs

On Mon, 27 Jan 2020 at 23:30, Chris Jones wrote: > > Aside from this behavior, XE in the enterprise access layer is full of bugs > > related to ACLs. We've recently begun a practice of maintaining two > > distinct versions of every ACL so we can swap them on interfaces after > > modifying the un

Re: [c-nsp] ASR920: egress ACL on BDIs

> On 20 Jan 2020, at 00:15, Nathan Lannine wrote: > >  >> >> >> >> This bug not only affects ACLs but other commands as well. Unsure if it is >> fixed in newest XE versions. Could this also affect you? >> >> > Aside from this behavior, XE in the enterprise access layer is full of bugs > r

Re: [c-nsp] ASR920: egress ACL on BDIs

> > > This bug not only affects ACLs but other commands as well. Unsure if it is > fixed in newest XE versions. Could this also affect you? > > Aside from this behavior, XE in the enterprise access layer is full of bugs related to ACLs. We've recently begun a practice of maintaining two distinct v

Re: [c-nsp] ASR920: egress ACL on BDIs

Hi, On Sun, Jan 19, 2020 at 12:39:18PM +0100, Christian Meutes wrote: > if you use ???copy src dst??? then a ???no $something??? line right in the > beginning of a new block of configuration lines (eg. for being used to > first deconfigure the whole ACL block and then to reapply it again) might >

Re: [c-nsp] ASR920: egress ACL on BDIs

Hi, On Mon, Jan 20, 2020 at 12:28:25AM +1300, Nathan Ward wrote: > > On 20/01/2020, at 12:22 AM, Gert Doering wrote: > > > > Now, IPv6 ACLs are not working right either, but they fail in different > > ways - short ACLs seem to be working right, long ACLs fail-open, as in > > "the platform claims

Re: [c-nsp] ASR920: egress ACL on BDIs

Hi, On Sun 19. Jan 2020 at 12:23, Gert Doering wrote: > replying to myself with a few... interesting... discoveries we've made > in the meantime... > > On Mon, Dec 30, 2019 at 11:57:54AM +0100, Gert Doering wrote: > > quick question to the group - ACLs on BDIs on ASR920s, is this something > > k

Re: [c-nsp] ASR920: egress ACL on BDIs

> On 20/01/2020, at 12:22 AM, Gert Doering wrote: > > > Now, IPv6 ACLs are not working right either, but they fail in different > ways - short ACLs seem to be working right, long ACLs fail-open, as in > "the platform claims it has been programmed, but all packets pass". Yay. This is what hap

Re: [c-nsp] ASR920: egress ACL on BDIs

Hi, replying to myself with a few... interesting... discoveries we've made in the meantime... On Mon, Dec 30, 2019 at 11:57:54AM +0100, Gert Doering wrote: > quick question to the group - ACLs on BDIs on ASR920s, is this something > known as something you want to stay away from? TAC was not exac

Re: [c-nsp] ASR920: egress ACL on BDIs

Hi, On Tue, Dec 31, 2019 at 12:00:00AM +0200, Tassos Chatzithomaoglou wrote: > We have been using small (<300 ACEs) egress ACLs under BDIs without any > apparent issues until now. Which version of IOS XE? How many BDIs? > Maybe have a look at the following outputs: > > show platform hardware

Re: [c-nsp] ASR920: egress ACL on BDIs

Hi, We have been using small (<300 ACEs) egress ACLs under BDIs without any apparent issues until now. Maybe have a look at the following outputs: show platform hardware pp active tcam utilization acl detail 0 show platform hardware pp active tcam utilization egress-acl detail 0 Also check the

[c-nsp] ASR920: egress ACL on BDIs

Hi, quick question to the group - ACLs on BDIs on ASR920s, is this something known as something you want to stay away from? I'm trying to get rid of one of our remaining 6500/Sup720s - most VLANs got moved to Aristas, but a few of them have egress ACLs on the SVI/BDI (which does not really work w

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Hi, On Tue, Aug 27, 2019 at 04:29:14PM +0200, Brian Turnbow wrote: > And to see the script > show event manager policy available detailed > Mandatory.dualrate_eem_policy.tcl Interesting. In my version (16.06.05) it's called slightly different, but your command to see it works... #show event man

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Hi, > > I'm not sure I wanted to know in the first place, and now I do not > > know if > I'm > > scared or morbidly fascinated. > > > Isn't it possible to disable/delete all these EEM scripts? > It is a registered policy even on ASR-920-24SZ-M with no dual rate ports ASR920_JN1#sh event man

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

> -Original Message- > Gert Doering > Sent: Monday, August 26, 2019 9:25 PM > Hi, > > On Mon, Aug 26, 2019 at 02:46:19PM +0200, Gert Doering wrote: > > does anyone know what "EEM:Mandatory.dualrate_eem.tcl" is? > > So, now I know - thanks to all who answered. > > I'm not sure I wanted

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

On Mon, Aug 26, 2019, at 22:25, Gert Doering wrote: > So, if I need EoMPLS/VPLS capability (12-24 1G ports, 2-4 10G ports, > plain point-to-point pseudowires, or pseudowires with a local switching > instance - VPLS or EVPN), what other vendors build such a box and do > not hide madness inside? Conc

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

At $old_job we had issues with the 920 failing to switch between the 1G and 10G shaping internally after the SFP swap. It would report that everything went well and negotiate to 10G to only shape the actual line rate at 1G. Fun times. On Mon, Aug 26, 2019, 4:25 PM Gert Doering wrote: > Hi, > >

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Hi, On Mon, Aug 26, 2019 at 02:46:19PM +0200, Gert Doering wrote: > does anyone know what "EEM:Mandatory.dualrate_eem.tcl" is? So, now I know - thanks to all who answered. I'm not sure I wanted to know in the first place, and now I do not know if I'm scared or morbidly fascinated. The hacker in

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Bug CSCvm57265 has happened to me.  The ASR920 in question had its OSPF/MPLS Router-ID on Lo0 (only loopback configured) and the TCL script changed it into the MGMT VRF (from the GRT) when inserting a 10G optic for the first time after enabling the license.  Needless to say it took the site dow

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Lukas Tribus wrote on 26/08/2019 17:28: You better put that Loopback40 in your templates ;) But wait! It's only Severity: 4 Minor. No need to be alarmed that this might accidentally kill your entire network. Nick ___ cisco-nsp mailing list cisc

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Hello Gert, On Mon, 26 Aug 2019 at 14:47, Gert Doering wrote: > > Hi, > > does anyone know what "EEM:Mandatory.dualrate_eem.tcl" is? > > We have an ASR920 that grew an unexpected config change upon insertion > of a DAC cable into port ten0/0/12, and "unexpected config change" always > triggers an

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

-port.html Brian -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: lunedì 26 agosto 2019 15:10 To: Aaron Cc: Gert Doering; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl I’ll say this in public

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

..@puck.nether.net] On Behalf Of > > Jared Mauch > > Sent: lunedì 26 agosto 2019 15:10 > > To: Aaron > > Cc: Gert Doering; cisco-nsp@puck.nether.net > > Subject: Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl > > > > I’ll say this in public (now) - C

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

-port.html Brian > -Original Message- > From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of > Jared Mauch > Sent: lunedì 26 agosto 2019 15:10 > To: Aaron > Cc: Gert Doering; cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] ASR920 and EEM:Manda

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

I’ll say this in public (now) - Changing the security posture on the VTYs is a great reason to not use this product at the moment. I’ve seen many people not monitor their devices for these types of changes, and this is a great case to study. Time for some retraining of people. - Jared > On A

Re: [c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Any unexpected config change should be an automatic tac case. Totally unexpected. Reminds me of the days when swapping a flash card on a gsr could crash it. This is a new one . On Monday, August 26, 2019, Gert Doering wrote: > Hi, > > does anyone know what "EEM:Mandatory.dualrate_eem.tcl" is? >

[c-nsp] ASR920 and EEM:Mandatory.dualrate_eem.tcl

Hi, does anyone know what "EEM:Mandatory.dualrate_eem.tcl" is? We have an ASR920 that grew an unexpected config change upon insertion of a DAC cable into port ten0/0/12, and "unexpected config change" always triggers an investigation here (who, why, what). One part of it was somewhat related i

Re: [c-nsp] ASR920 output drops on TenG interfaces

Are you sure you are measuring L1 rate? This is common problem in tooling that only L2 is reported. 64.0/(8+64+12) == 76.2% L2 rate, when L1 rate is 100% 90.0/(8+90+12) == 81.8% L2 rate, when L1 rate is 100% Also if you are sending wirerate on ingress and putting it on pseudowire, you're increasi

Re: [c-nsp] ASR920 output drops on TenG interfaces

Hey, Are you testing with a small packet size ? If so, according to the the documentation : Traffic is dropped when packets of size 64–100 bytes are sent on 1G and 10G ports. For 64-byte packets, traffic drop is seen at 70% and beyond of the line rate. For 9

[c-nsp] ASR920 output drops on TenG interfaces

Hello, I'm testing 2 ASR-920-24SZ-M with XE 16.09.03 version. The devices are connected back-to-back using Teng 0/0/25 interfaces with MPLS enabled. The TenG0/0/27 of both devices are connected to traffic generator instruments. Here's the setup: +--+ |TRAFFIC GEN| +--

  1   2   3   4   5   >