If you don't mind me asking , what do they (isp) have upstream for the
DSU type ( kentrox,adtran,cisco ) and could you post all of your side
L2 configuration settings?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
I'm curious what are you testing specifically, tcp traffic, icmp etc...?
And what's not working ? ( details )
To confirm your path MTU using the -M options ( look at do ) and
toggle the bit to 1 for DF from the linux host. Then ping the end site
to determine the minimal MTU size
That depends on your provider. You will have to contact your provider
to see how they can deliver and what they can deliver. But basically you
get a demarc and you are required to extend or have them extend it to
the network interface.
I personally would not look at a legacy T3 or OC12 as
Not hearing you to good or understanding the question.
But vyatta upon save , writes the config down to the config directory
and the file named config.boot. You can also save it to any mounted
device with the save command followed by that full path as long as that
user has write
Hi ken, no a change in the firewall rules on one firewall is not going
to populate over to the next firewall. You will have to add that rule
to the failover firewall
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
Have you looked at cacti ? Also most NMS platforms perform some
graphing
i.e jffnms ( free open nms )
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Same here, when I first started my vyatta compatibility testing I had
numerous cfgs name config.bgp ,config.ospf ,config.1,
config.2,config.ipsec-cisco,etc.. I just scp the files up to the
vyatta host and load the config I wanted to test for that day.
Very simple and effective ;)
We need traceroutes and other info, but like state above what's the host
configuration look like? I was thinking it could have been an ip_forward
issues but you claim one network block able to connect outbound, so
ip_forwarding doesn't seem to be any issue.
I know this seem obvious but make
You will need at least 2 vlans created ( vlan 20 30 ). Not sure on
how a d-link work but a cisco would be something like this;
config t
!
!
vlan 20
name net20
!
vlan 30
name net30
!
!
interface fas 0/1
switchport trunk allowed vlan 1,20,30
switchport mode trunk
!
write mem
I'm
Adjust the metric for the static routes
i.e
set protocols static route10.10.33.0/24 metric 10 next-hop
eth2-address
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Couldn't you get the same thing with the VPN dead peer-detect set to
HOLD?
Under strongswan for example, their's a setting that would allow you to
auto=start or auto=ignore, if you could add this, you should be okay.
Here's how my vyatta ipsec.conf looks;
conn peer-1.1.1.1-tunnel-1
Yes, that's the purpose of vlans. All traffic in vlan ID XXX is tagged
so the switch knows to send it to all members of Vlan XXX. You have to
have matching tags on both ends.
If you did not, most switch and host-nic will just discard any
unrecognized vlan tag(s).
I posted a thread a month ago about getting the equivalent jdocs
for vyatta, have anybody from the Vyatta team approached Oreiley in
just getting a book produced? A paper back edition crafted by them,
would do wonders in promoting vyatta to the networking community.
next , does
Got around to doing some more testing and all is looking much better.
The md5 auth is now working following the advice given earlier.
00:11:22.589724 IP (tos 0xc0, ttl 1, id 6646, offset 0, flags [none],
length: 80) 172.16.10.111 224.0.0.5: OSPFv2, Hello (1), length: 44
Here's what i did, but I don't know why you want to log everything
being drop . Your log could get full in no time, if you have heavy
traffic or a mis-configured host/server etc.
[edit]
[EMAIL PROTECTED] show firewall name securityguard rule 1024
action: drop
log: enable
[edit]
Can you up date us on this mini-itx system, does it support multiple
NICs?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Do you recall if grub was installed and setup during the install?
Sound like it wasn't. Since this was a fresh install, you could go
back in and re-install or use the grub-update/install tools and that
might get you going.
e.g
unix command update-grub or grub-install
So boot the
I'm going to retry the md5 auth this afternoon when I get some more
vyatta console time ;) Other then these immediate issues, it's been
holding stable. I have to recheck, BGP4 and ipsec, and then know for
sure are is good.
I'm assuming at some later date , a new vyatta user guide will be
So what's the rest of your question ? What do you have behind your
router/firewall that need access ?
You have one rule inserted and I'm assuming you have or need more rules.
Only suggest would be to research what rules you need and
protocols/src to allow.
i.e ( for example )
I'm doing the same with scp and set keys for a automated backup in a
script ran by cron.
What's nice with vyatta vrs my current quagga/keepalived setup, is
that vyatta allows for one single config file to be used to restore
it's configuration.
I had one of our junior administrator play
I've used D-ITG also, great for simulation of VOIP/SIP traffic.
One other tools that has a longer history Mgen/Drec. Just like ITG you
will need sync clocks between sender ( mgen ) and receiver ( drec ).
Both pkgs allows for creation by
src/dst/port/ttl/pps/kbps/etc...
Mgen
In our setup, we typically will not have a user logining into a unix
shell, so how can we get router uptime
Via the cli ?
Show version doesn't do it, nor does a show tech from what I can
tell.
___
Vyatta-users mailing list
Will each subnet be it's own interface? You should easily be able to
perform this with binding the second subnet to another interface.
i.e
interface Ethernet eth0
description 1st subnet ( existing )
ip address aaa.bbb.ccc.ddd/24
interface Ethernet eth1
description
Do we have any future support for something similar in vyatta? Cli
online help.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Have anybody attempted clustering with vyatta and seen any problems with
vpn-ipsec not allowing the cluster ip_addres to be applied?
[EMAIL PROTECTED] set vpn ipsec site-to-site peer 1.1.1.40 local-ip 1.1.1.36
[edit]
[EMAIL PROTECTED] commit
[edit]
Commit Failed
VPN
Thanks guys, that fixed the problem. I now will be conducting a hash of
clustering tests over the next 4-5 days.
-Original Message-
From: Marat Nepomnyashy [mailto:[EMAIL PROTECTED]
Sent: Mon 12/31/2007 4:59 PM
To: Justin Fletcher; Ken Felix (C)
Cc: [EMAIL PROTECTED]
Subject: Re
So have anybody else tried vyatta with ospf md5 authenication with
another NON-vyatta router and gotten this to work? If so, could you
post how you did it ?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
Keep in mind it's probably nothing todo with crappy upstream but that cisco
uses a default of 4 hours for arp caching. Without their arp-table being
deleted, they have no way to flush your old cisco mac_addr out and to install
the vyatta mac_addr.
You could call in to your provider and
When trying to configure an second area running on a vyatta host.
This will router will become an ABR with two interfaces area 0 ( eth0 )
and area 1 ( eth1 ).
When ever I try to create the second area commit the changes ,
vyatta complains with the following
. [edit
29 matches
Mail list logo