If you don't mind me asking , what do they (isp) have upstream for the
DSU type ( kentrox,adtran,cisco ) and could you post all of your side
L2 configuration & settings?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.v
I'm curious, Does this card even support fractional line rates? It was
my understanding that it didn't.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
a few quick steps to look at;
1> query the /proc/sys/net/ipv4/ip_forward and make sure it has a 1.
i.e
cat /proc/sys/net/ipv4/ip_forward
2> check your firewall rules if any
3> query your arp table make sure a entry exist for the appropiate
hosts
4> does your machines have the router for it'
connected routes are any routes direct and not learned or entered in
manually.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
I'm curious what are you testing specifically, tcp traffic, icmp etc...?
And what's not working ? ( details )
To confirm your path MTU using the -M options ( look at "do" ) and
toggle the bit to 1 for DF from the linux host. Then ping the end site
to determine the minimal MTU size bet
Not hearing you to good or understanding the question.
But vyatta upon "save" , writes the config down to the config directory
and the file named config.boot. You can also save it to any mounted
device with the save command followed by that full path as long as that
user has write access/per
That depends on your provider. You will have to contact your provider
to see how they can deliver and what they can deliver. But basically you
get a demarc and you are required to extend or have them extend it to
the network interface.
I personally would not look at a legacy T3 or OC12 as
Hi ken, no a change in the firewall rules on one firewall is not going
to populate over to the next firewall. You will have to add that rule
to the failover firewall
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatt
Any plans on vyatta in using jfs as the standard filesystem? or
can it be overridden due the install-system?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Have you looked at cacti ? Also most NMS platforms perform some
graphing
i.e jffnms ( free open nms )
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Yes, the mug is very nicely done. It also fits my cup holder nicely
in my vehicle, actually better than my cisco cup ;)
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
I received my Vyatta Cup & Hat a few days back, it looks sharp. I also
wanted to say thanks for the whole vyatta team and it's members.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta
Same here, when I first started my vyatta compatibility testing I had
numerous cfgs name config.bgp ,config.ospf ,config.1,
config.2,config.ipsec-cisco,etc.. I just scp the files up to the
vyatta host and load the config I wanted to test for that day.
Very simple and effective ;)
__
Have you taken a look at the "ping" with the -M option? You could
perform this and set or don't set the DF bit and use the -s option to
size the packet. Increasing the packet size until your pings fail and
with the DF bit set, would provide you the max MTU between end to end
devices.
i.e
Hi, yongsan
You need to look at a IBGP mesh between the 2 routers on the different
floor. You will configure each one as an Bgp-neighbor but the
remote-asn would be that of your assigned ASN.
I would search on cisco website if the vyatta documentation doesn't
shows this example. You can
I found out with USB thumb drives for example, you have to specify the
dos file system. Retry and use vfat for fs type.
i.e mount -t vfat /dev/sda1 /mnt
Also, I'm curious are changes made to the fstab file saved on reboot?
You could have this mount upon bootup everytime if that's w
The last message ;
--
Begin: running scripts/local-top .
Done.
Begin:Waiting for root file system ... ...
( NOTE: long pause 3-5mins )
Done.
ALERT! /dev/hdd1 does not exist. dropping to a shell!
My take, the remote peer is not recognized. Do you have an appropiate
PSK key in the ipsec.secrets file ?
fwiw: I would create a default setting and apply all of your setting
for things like this in the default profile
conn %default
left=aaa.bbb.ccc.dd
leftnexthop=aaa.bb
I'm doing the same but with a 2gb and 4gb "fast" Compact Flash. It runs
great but I just notice a problem the last 2 days in my test lab and it
( host ) hangs at boot time. Could be y hardware or CF card or adpater.
fwiw, Logic supply has shipped their servers to me but so far I've
haven't rec
We need traceroutes and other info, but like state above what's the host
configuration look like? I was thinking it could have been an ip_forward
issues but you claim one network block able to connect outbound, so
ip_forwarding doesn't seem to be any issue.
I know this seem obvious but make s
Question does that configuration comes with 2 onboard LAN interfaces?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Adjust the metric for the static routes
i.e
set protocols static route10.10.33.0/24 metric 10 next-hop
eth2-address
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
I have to check, but I think in my previous experience with strongswan
and linux, the auto=ignore is what I've used in the past to make the
ipsec client sit as receiver.
Aggressive mode iirc is not what it seems like, but a way that the P1
is established and how many steps are taken in doin
You will need at least 2 vlans created ( vlan 20 & 30 ). Not sure on
how a d-link work but a cisco would be something like this;
config t
!
!
vlan 20
name net20
!
vlan 30
name net30
!
!
interface fas 0/1
switchport trunk allowed vlan 1,20,30
switchport mode trunk
!
write mem
I'm ass
Yes, that's the purpose of vlans. All traffic in vlan ID XXX is tagged
so the switch knows to send it to all members of Vlan XXX. You have to
have matching tags on both ends.
If you did not, most switch and host-nic will just discard any
unrecognized vlan tag(s).
__
If you look at the services on vyatta website then it would be clear
that they offer more than just OpenSources.
http://www.vyatta.com/products/index.php
They have support, appliance,services,etc A lot of business have no
problems paying their fees. In reality a vyatta solution is much m
Couldn't you get the same thing with the VPN dead peer-detect set to
HOLD?
Under strongswan for example, their's a setting that would allow you to
auto=start or auto=ignore, if you could add this, you should be okay.
Here's how my vyatta ipsec.conf looks;
conn peer-1.1.1.1-tunnel-1
l
I posted a thread a month ago about getting the equivalent jdocs
for vyatta, have anybody from the Vyatta team approached Oreiley in
just getting a book produced? A paper back edition crafted by them,
would do wonders in promoting vyatta to the networking community.
next , does vyatt
Got around to doing some more testing and all is looking much better.
The md5 auth is now working following the advice given earlier.
00:11:22.589724 IP (tos 0xc0, ttl 1, id 6646, offset 0, flags [none],
length: 80) 172.16.10.111 > 224.0.0.5: OSPFv2, Hello (1), length: 44
Router-ID
Here's what i did, but I don't know why you want to log everything
being drop . Your log could get full in no time, if you have heavy
traffic or a mis-configured host/server etc.
[edit]
[EMAIL PROTECTED] show firewall name securityguard rule 1024
action: "drop"
log: "enable"
[edit]
Can you up date us on this mini-itx system, does it support multiple
NICs?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
I'm going to retry the md5 auth this afternoon when I get some more
vyatta console time ;) Other then these immediate issues, it's been
holding stable. I have to recheck, BGP4 and ipsec, and then know for
sure are is good.
I'm assuming at some later date , a new vyatta user guide will be po
Do you recall if grub was installed and setup during the install?
Sound like it wasn't. Since this was a fresh install, you could go
back in and re-install or use the grub-update/install tools and that
might get you going.
e.g
unix command "update-grub" or "grub-install"
So boot the
1. Still todate, OSPF md authenication is not enable or even configurable
2. System uptime is now show via "show version" & "show system uptime"
3. system help now requires a tab vrs the previous question mark on the CLI, I
thought this was confusing at first
4. system configuration like for
I've had good look with cisco ipsec-client for windows and macosx with
cisco pix and juniper-netscreens appliance. If you want an ipsec based
client look at the cisco or securitas client.
For linux openswan or strongswan would be the best solutions.
__
I just wanted to post this tonight, since the developers of vyatta has came
out with a alpha rls, and they have new features to go along with this. I
decided to throw some new idea across my desk. One of my main goal has always
been to get rid of the bulky, noisey, energy draining hard disk
So what's the rest of your question ? What do you have behind your
router/firewall that need access ?
You have one rule inserted and I'm assuming you have or need more rules.
Only suggest would be to research what rules you need and
protocols/src to allow.
i.e ( for example )
[EMA
I'm doing the same with scp and set keys for a automated backup in a
script ran by cron.
What's nice with vyatta vrs my current quagga/keepalived setup, is
that vyatta allows for one "single config" file to be used to restore
it's configuration.
I had one of our junior administrator play
I bet it has nothing todo with STP. Since your imaging with mcast, was
igmp-snooping enable or not?
Suprisely cisco switches works very good with mcast traffic when configured
correctly.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
h
I've used D-ITG also, great for simulation of VOIP/SIP traffic.
One other tools that has a longer history Mgen/Drec. Just like ITG you
will need sync clocks between sender ( mgen ) and receiver ( drec ).
Both pkgs allows for creation by
src/dst/port/ttl/pps/kbps/etc...
Mgen w
Have you tried to removed the statics or upload a save config.boot and
make 100% sure these are the culprit?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
In our setup, we typically will not have a user logining into a unix
shell, so how can we get "router uptime"
Via the cli ?
Show version doesn't do it, nor does a show tech from what I can
tell.
___
Vyatta-users mailing list
Vyatta-users@ma
1st question why do you have a static route pointing to your local
ip_address as the next hop? Vyatta should learn this as a connected
route, no other static entry would be needed.
2nd you do realize if this config is right, that your /30 BGP speaker
addresses are "within" the /27 network
We need more information than what's present, but if this a internet
BGP peering , make sure you have neighborship with your upstream and
your prefix is being sent.
Also review various route-servers to check that your announcement is
being seen by the internet. I personally like att's, but
Will each subnet be it's own interface? You should easily be able to
perform this with binding the second subnet to another interface.
i.e
interface Ethernet eth0
description 1st subnet ( existing )
ip address aaa.bbb.ccc.ddd/24
interface Ethernet eth1
description secon
Do we have any future support for something similar in vyatta? Cli
online help.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
> I'm using tc to do bandwidth rate-limiting
> and that works well on the vifs. In short, you should be good.
Sorry for butting in, but are exactly "tc" that your mentioning for
throttling of bandwidth? Since vyatta today doesn't allow for any QoS
service policy maps, I also looking at
Thanks guys, that fixed the problem. I now will be conducting a hash of
clustering tests over the next 4-5 days.
-Original Message-
From: Marat Nepomnyashy [mailto:[EMAIL PROTECTED]
Sent: Mon 12/31/2007 4:59 PM
To: Justin Fletcher; Ken Felix (C)
Cc: [EMAIL PROTECTED]
Subject: Re
Have anybody attempted clustering with vyatta and seen any problems with
vpn-ipsec not allowing the cluster ip_addres to be applied?
[EMAIL PROTECTED] set vpn ipsec site-to-site peer 1.1.1.40 local-ip 1.1.1.36
[edit]
[EMAIL PROTECTED] commit
[edit]
Commit Failed
VPN configura
So have anybody else tried vyatta with ospf md5 authenication with
another NON-vyatta router and gotten this to work? If so, could you
post how you did it ?
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com
Keep in mind it's probably nothing todo with crappy upstream but that cisco
uses a default of 4 hours for arp caching. Without their arp-table being
deleted, they have no way to flush your old cisco mac_addr out and to install
the vyatta mac_addr.
You could call in to your provider and
When trying to configure an second area running on a vyatta host.
This will router will become an ABR with two interfaces area 0 ( eth0 )
and area 1 ( eth1 ).
When ever I try to create the second area & commit the changes ,
vyatta complains with the following
. [edit protocols/o
Hello I've recently started to deploy vyatta into our network in hopes of
replacing our quagga routers. Right now in our area 0 we have cisco + quagga
using md5 hash for authenication, and working just great.
My 1st 2 vyatta routers aren't working out as planned, but as far as I can
tell
53 matches
Mail list logo