Background: One Cisco Catalyst 2980 and one 2980G trunked together witõÅ;
customers with one port in the VLAN connecteõÅ; a
subnet of IPs with this Fast EtheõÅ; i
secondary IP for each subnet.
This solution has been working fine until recently when some õÅ;om
staRted doing multicast. This, combined with a lot of noisy Windows
servers sending SMB/NMB announcements and other gõÅ;ge
lot of unnecessary traffic across the VLAN.
I would expect a solution for this would be to put each customõÅ;n
own
can be configured to be in multiple VLANs. ThõÅ;ar
interfaces on the router to make each VLAN have its own independant
uplink port.
Is this type of configuratioõÅ;ss
segmenting customers off from one another?
From swmike@swm.pp.sõÅ;hu
Received: from someone claiming to be
uplift.swm.pp.se (root@swm.pp.se [195.54.133.5])
by puck.neõÅ;.n
for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 11:12:15 -0400
(envelope-õÅ; s
Received-Date: Thu, 19 Jul 2001 11:12:15 -0400
Received: from localhost (swmike@localhost)
by uplift.swmõÅ;se
for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 17:12:08 +0200
Date: Thu, 19õÅ; 2
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: <cisco-nsp@puck.nether.net>
Subject: Re: [nsp] UõÅ;k
In-Reply-To: <20010719094540.A31420@rt.fm>
Message-ID: <Pine.LNX.4.33.0107191709480.2352-100000@upõÅ;.s
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 1õÅ;l
> I would expect a solution for this would be to put each customer in his
> own VLAN, but I havõÅ; f
> can be configured to be in multiple VLANs. There aren't enough
> interfaõÅ;on
> uplink port.
>
> Is this type of configuration possible? If it'sõÅ;,
> segmenting customers off from one another?
A lot of cisco router equipment supports dot1q tagging on FE/õÅ;nt
this, but it's doable. I've done this with 7200 anõÅ;00
int ge0/0.10
encapsulation dot1q 10
etc
This makes a subinterface that talks dot1q tagged traffic with the
10.
-- Mikael Abrahamsson email: swmike@swm.pp.seFrom Damon.Pegg@carrõÅ;.cReceived: from someone claiming to be lon-nsmx-01.carrier1.net (lon-nsmx-01.carrier1.net [2õÅ;.1 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6JGApA18513 for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 1õÅ;:5 (envelope-from Damon.Pegg@carrier1.com) Received-Date: Thu, 19 Jul 2001 12:10:52 -0400 Received: from exchange.caõÅ;r1 by lon-nsmx-01.carrier1.net with esmtp (Exim 3.22 #3) id 15NGOQ-00040B-00õÅ;u,Received: by GBLON1S07 with Internet Mail Service (5.5.2653.19) id <3V47BBSN>; Thu, 19 Jul 20õÅ;7:Message-ID: <83189BAB0F57D411A1C400508B6AADBD04738884@GBLON1S07> From: Pegg Damon <Damon.Pegg@carrier1.com> ToõÅ;opCc: Bree Eric <Eric.Bree@carrier1.com>, "'cisco-nsp@puck.nether.net'" <cisco-nsp@puck.netõÅ;neDate Thu, 19 Jul 2001 17:10:48 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: texõÅ;ai chaRset="iso-8859-1" Subject: [nsp] Cisco Feature Request - anyone want to help?
Hello all.
I'm mailing our LINX comõÅ;esanyone in Europe and beyond who has weight with Cisco to help out. Sorry for õÅ; o
I've submitted a feature request to Cisco but if anyone else would benefit greatly then please have a word withõÅ;r
In short, I have asked for an internal-fast-fallover option for iBGP. This allows me theõÅ;iobetween core route-reflectors and edge route-reflector-clients; õÅ;haseSsions die on failure of that link. Typically these (edge) boxes are connected physically and iBGP meshed logicallÓëÅ; tsessions to be torn doõÅ;ns(or rather, the box suffering from spurious problems which cause failure.õÅ;iscustomers but it also provides huge benefits in terms of õÅ;enfrom being blackholed to x amount of routes when a box goes down; when there are perfectly valid alternative õÅ;rocustomers.
As an example, if your LINX router dies a death then that forms the epicenõÅ;ofnumber of routes being technically unavailable via that rõÅ;. will doubtless have several alternative paths, the bgp session stays up for a default of three minutes, withõÅ; esupernets, so next-hop-invalidation does not occur; hence any other router using a õÅ;rountil the session is closed. With instaneaous withdrawal by õÅ;lorouters, the only wait is for bgp reconvergence through your core mesh in order than optimal paths (often selecteõÅ; irecalculated in various corners of your network.
Naturally, alternatives exist for minimising õÅ;bldevice failure but these are really hacks: 1. reducing bgp timers between edge and core; 2. drawiõÅ;oublocks carried internally only as their /32 routes and with no supernet. NeõÅ;r the second relying on the bgp scanner for invalidationõÅ;rocannot be reconfigured to a frequency of <60 seconds on S train code. Admittedly, the option I have requested õÅ;n'and does decrease redundancy within a pop since single link failure will shut a session wherõÅ;adwhere an alternative path exists. Its not perfect, for sure. However, I õÅ;onand has no current ideal solution. This will give õÅ;hrconsidering how best to minimise the impact of edge device failure in blackholing traffic.
Of course, I'dõÅ;o tightened and other measures in the event of interface flaps etc bõÅ;en
Anyways, just thought I'd
Damon Pegg IP BackboneõÅ;in"If you can look into the seeds of time, and say which grain will grow and which will not
From hank@att.net.ilõÅ;u Received: from someone claiming to be biff.att.net.il (biff.att.net.il [192.115.72.164]) by puck.nõÅ;r. for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 12:14:17 -0400 (envelopeõÅ;m Received-Date: Thu, 19 Jul 2001 12:14:17 -0400 Received: from docking.att.net.il (dial8.tlv.att.net.il [1õÅ;15 by biff.att.net.il (Postfix) with ESMTP id CD8EA1052 for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 18:41:15õÅ;00Message-Id: <4.3.2.7.2.20010719185249.00adc220@max.att.net.il> X-Sender: hank@max.att.net.il X-Mailer: QUALCOMM WinõÅ; EDate: Thu, 19 Jul 2001 19:03:29 +0200 To: cisco-nsp@puck.nether.net From: Hank Nussbacher <hank@att.neõÅ;> Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [nsp] Flash compatibility among RSPõÅ;8 http://www.cisco.com/warp/public/63/pcmciamatrix.html but still don't quite understand why Cisco lists õÅ;e different part number:
RSP2:MEM-RSP-FLC20M RSP4: MEM-RSP4-FLC20M RSP8: MEM-RSP8-FLC20M
Any particular reasoõÅ;d
Thanks, Hank
From hank@att.net.ilõÅ;u Received: from someone claiming to be biff.att.net.il (biff.att.net.il [192.115.72.164]) by puck.nõÅ;r. for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 12:44:16 -0400 (envelopeõÅ;m Received-Date: Thu, 19 Jul 2001 12:44:16 -0400 Received: from docking.att.net.il (dial8.tlv.att.net.il [1õÅ;15 by biff.att.net.il (Postfix) with ESMTP id BD406101E for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 19:11:15õÅ;00Message-Id: <4.3.2.7.2.20010719192716.00ac6220@max.att.net.il> X-Sender: hank@max.att.net.il X-Mailer: QUALCOMM WinõÅ; EDate: Thu, 19 Jul 2001 19:32:14 +0200 To: cisco-nsp@puck.nether.net From: Hank Nussbacher <hank@att.neõÅ;> Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: [nsp] RSP vs VIP
Can anyone point õÅ;o are handled at the RSP level and what functions are handled at the VIP Hank
From kf@reign.sk ThõÅ;l Received: from someone claiming to be reign.sk (w31nb048.via.at [194.96.201.48]) by puck.nether.net (8õÅ;4/ for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 13:05:38 -0400 (envelope-from kf@reigõÅ;) X-Server: Advanced Direct Remailer (www.elcomsoft.com) ReplTo: <cisco-nsp@puck.nether.net> Date: Thu, 19 Jul 2001 Message-ID: <001101c11075$041õÅ;0$MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-PriõÅ;y:X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MiõÅ;E:Subject: [nsp] Link Errors...
See some new posting...so this is another onõÅ;
is older IO 7206 FE with RJ and MII onboard. BõÅ;10Shielded,Screened 1m long Patch cable.... Soo...The bunch means 5000-6000 input errors, just on tõÅ;idTransmit of the 7206 seems to be the problem....
any experiences?
Alex
From cparker@starnetõÅ;neReceived: from someone claiming to be email1.starnetinc.com (email1.starnetinc.com [216.126.õÅ;21 by Puck.nether.net (8.11.4/8.9.3) with ESMTP id f6JHJkA25870 for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 13:19:õÅ;04 (enVelope-from cparker@starnetusa.net) Received-Date: Thu, 19 Jul 2001 13:19:46 -0400 Received: from osmium.starnetusaõÅ; ( by email1.starnetinc.com (Postfix) with ESMTP id D4F7CB123 for <cisco-nsp@puck.õÅ;erMessage-Id: <5.1.0.14.2.20010719121822.044d1330@mailc.starnetinc.com> X-SendeõÅ;paX-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 19 Jul 2001 12:19:42 -0500 To: <cisco-nõÅ;ucFrom: Chris Parker <cparker@starnetusa.net> Subject: Re: [nsp] Link Errors... In-Reply-To: <001101c11075$041õÅ;0$Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed
At 07:05 PM 7/19/2001 +0õÅ; K>See some new posting...so this is another one... > >Experiencing sometimes an bunch of input errors on my XL swiõÅ; T>is older IO 7206 FE with RJ and MII onboard. Both 100/FD manual. Cable Cat 5 >Shielded,Screened 1m long Patch cõÅ;..>Soo..The bunch means 5000-6000 input errors, just on the side of the XL..so >Transmit of the 7206 seems to be the proõÅ;..> >aNy experiences?
Cable is only as good as the crimps on either end. Have you tried a different cable and observed õÅ;sa
Failing that, have you tried another port in the switch?
-Chris -- \\\|||/// \ Chris Parker: ManõÅ;, \ ~ ~ / \ cparker@starnetusa.net \ cparker@megapop.net | @ @ | \ www.staÓëÅ;us
From kf@reign.sk ThõÅ;l Received: from someone claiming to be reign.sk (w31nb048.via.at [194.96.201.48]) by puck.nether.net (8õÅ;4/ for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 15:57:45 -0400 (envelope-from kf@reigõÅ;) X-Server: Advanced Direct Remailer (www.elcomsoft.com) ReplTo: "'Adrian Mardlin'" <Adrian@nildram.net>, <cisco-nspSubject: RE: [nsp] Link ErõÅ;..Message-ID: <001201c1108c$f8b82c90$01010101@reign.sk> MIME-Version: 1.0 Content-TyõÅ;te charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer:õÅ;roIn-Reply-To: <41D348CD8E13D411973100A0CC58AA9090DD35@exchange2.nildram.co.ukõÅ;poX-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
I'm running ISL, but that is input errors, so "liõÅ;rrto try different port...but I'm full ;-)
What a strange for me is, that just bunch of the data makesõÅ;sesaw counter arising one-by-one... so... there is brand new cable.... builded by my own hands...
----Original Message----- From: Adrian Mardlin [mailto:Adrian@nildram.TõÅ;kfSubject: RE: [nsp] Link Errors...
Are you running 802.1q, and are these errors rõÅ;? ignore them.
> -----Original Message----- > From: KF [mailto:kf@reign.sk] > Sent: 19 July 2001 18:0õÅ;To> Subject: [nsp] Link Errors... > > > See some new posting...so this is another one... > > ExpõÅ;nc> switch. The oposit > is older IO 7206 FE with RJ and MII onboard. Both 1ÓëÅ;D > Soo...The bunch means 5000-6000 input errors, just on õÅ;> > Transmit of the 7206 seems to be the problem.... > > any experiences? > > Alex > >
From ip_plumber@yahoõÅ;m Received: from someone claiming to be web14912.mail.yahoo.com (web14912.mail.y By puck.nether.net (8.11.4/8.9.3) with SMTP id f6JKTLA32172 for <cisco (Envelope-from ip_plumber@yahoo.com) Received-Date: Thu, 19 Jul 2001 16:29:21 -0400 Message-ID: <20010719202920.3892õÅ;ilReceived: from [64.101.135.186] by web14912.mail.yahoo.com via HTTP; Thu, 19 Jul 2001 13:29:20 PÓëÅ;atSubject: Re: [nsp] RSP vs VIP To: HanõÅ;ssIn-Reply-To: <4.3.2.7.2.20010719192716.00ac6220@max.atMIME-VCOntent-Type: text/plain; charset=us-ascii
That's just a bit general...doesn't switch packets, the RSP will have to do it.
The RSP builds the CEFõÅ;lethe VIP. The VIP uses said table to switch packets.
If you are looking for something more sõÅ;fiplease make your question more specific.
Hope this helps...
--- Hank Nussbacher <hank@att.net.il> wrote: > Can aõÅ;e > which router functions > are handled at the RSP level and what functions are > hõÅ;ed> > Thanks, > Hank >
__________________________________________________ Do You Yahoo!? Get personalõÅ; ehttp://personal.mail.yahoo.com/
From ip_plumber@yahoõÅ;m Received: from someone claiming to be web14910.mail.yahoo.com (web14910.mail.yahoo.com [216.13õÅ;5. bY puck.nether.net (8.11.4/8.9.3) with SMTP id f6JKitA01374 for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 16:44õÅ;-0 (eNvelope-from ip_plumber@yahoo.com) Received-Date: Thu, 19 Jul 2001 16:44:55 -0400 Message-ID: <20010719204454.91808õÅ;ilReceived: from [64.101.135.186] by web14910.mail.yahoo.com via HTTP; Thu, 19 Jul 2001 13:44:54 PåëÅ;atSubject: Re: [nsp] Flash compatibilitõÅ;onTo: Hank Nussbacher <hank@att.net.il>, cisco-nsp@puck.nether.net In-Reply-To: <4.3.2.7.2.20010719185249.00adc22õÅ;x.MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii
Yes.
http://www.cisco.com/warp/public/63/pcmcia\24õÅ;ix
Hope this helps....
--- Hank Nussbacher <hank@att.net.il> wrote: > I have read over: > http://www.cisco.com/warp/p\24õÅ;c/> but still don't quite understand why Cisco lists > these each with a > different part number: > >õÅ;2:> RSP4: MEM-RSP4-FLC20M > RSP8: MEM-RSP8-FLC20M > > Any particular reason and can I safely assume they > aõÅ;ll> > Thanks, > Hank >
__________________________________________________ Do You Yahoo!? Get personaliõÅ;emhttp://personal.mail.yahoo.com/
From ip_plumber@yahoõÅ;m Received: from someone claiming to be web14912.mail.yahoo.com (web14912.mail.y By puck.nether.net (8.11.4/8.9.3) with SMTP id f6JKpHA02368 for <cisco (Envelope-from ip_plumber@yahoo.com) Received-Date: Thu, 19 Jul 2001 16:51:17 -0400 Message-ID: <20010719205116.7798õÅ;ilReceived: from [64.101.135.186] by web14912.mail.yahoo.com via HTTP; Thu, 19 Jul 2001 13:51:16 PåëÅ;atSubject: Re: [nsp] 7500 Questions To:õÅ;rt "Ciscp NSP List \(E-mail\)" <cisco-nsp@puck.nether.net> In-Reply-To: <2FB821õÅ;8AMIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii
Inline..õÅ;op
--- "Wortendyke, Ken" <KWortendyke@Timebridge.com> wrote: > Good afternoon all, > > I need some 7500 spåëÅ;ic> QoS techniques like > LLQ, FRF.12 and FRTS? > åëÅ; m> > 2. Can t> PA's without upgrading > their RSP1?
Yes...but I wouldRSP1...õÅ; > have a DS3 serving a couple > of LAN connections for >
That should be sufficient...especially due to the fact that you only haand lõÅ; bthe 7507 and 7513. If you see the CPU on the router running high, then replacõÅ;. > 4 Any key features that are lacking without going > to a newer RSP or VIP on > the WAN side in this scenario?
LowõÅ;wihave very few interfaces on the box and if your traffic rates are relatively loõÅ;haproblem.
> > Thanks for the thoughts and comments, > Ken Wortendyke >
______________________________õÅ;__Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
From eosborne@cisco.õÅ; TReceived: from someone claiming to be che-cse-104.cisco.com (che-cse-104.cisco.com [161.44.140.3õÅ; b for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 17:39:54 -0õÅ; (Received-Date: Thu, 19 Jul 2001 17:39:54 -0400 Received: (from eosborne@localhost) by chõÅ;e-Date: Thu, 19 Jul 2001 17:38:5õÅ;40To: Pegg Damon <Damon.Pegg@carrier1.com> Cc: "'ops@linx.net'" <ops@linx.net>, BrõÅ;ri "'cisco-nsp@puck.nether.net'" <cisco-nsp@puck.nether.net> Subject: Re: [nsp] Cisco Feature õÅ;esMessage-ID: <20010719173858.A17135@che-cse-104.cisco.com> References: <83189BAB0F57D411A1C400508BåëÅ;BDContent-Disposition: inliIN-Reply-To: <83189BAB0F57D411A1C400508B6AADBD04738884@GBLON1S07>; from X-GPG-Fingerprint: 6412 0836 E440 B3EA 980C 4951 611E 1819 2E71 8562
On Thu, Jul 19, 2001 at 05:10:48PM +õÅ;, > Hello all. > > I'm mailing our LINX compadres and NSP since that encompasses pretty much > anyone in õÅ;pe> for spam otherwise. > > I've submitted a feature request to CõÅ; b> greatly then please have a word with your SE. It goes a little like this: > > In short,õÅ;av> allows me the option of optimising fallover by peering on cõÅ;ct> between core route-reflectors and edge route-reflector-clients; and having > sessions die on failure of thatõÅ;k.
I sEe what you're asking for, but I think it would only be useful if there's no redundancy between RR and RR-client. õÅ;if(or all links) between RR and RR-client go down, you're kinda screwed anyways, as far as I can see. And ifõÅ;'rthe same network should have the same next-hop no matter which RR you are taking failed link should take care of things. Truebetween RRC and the RR thõÅ;s that's only inconsistent until the link comes back.
Another way to do this, I õÅ;osaddress* of the RR, rather than the RID.
But maybe I'm missing something. Do yõÅ;av
- fast ibgp failover makes sense, and - it's not sensible to peer with the interface address to achiev
eric
From grr@shandakor.tõÅ;isReceived: from someone claiming to be shandakor.tharsis.com (IDENT:root@shandakor.tharsisõÅ; [ by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6JMGpA07287 for <cisco-nsp@puck.nether.net>; Thu, 19 JulõÅ;1 (envelope-from grr@shandakor.tharsis.com) Received-Date: Thu, 19 Jul 2001 18:16:51 -0400 Received: (from gõÅ;ocDate: Thu, 19 Jul 2001 1õÅ;:4From: George Robbins <grr@shandakor.tharsis.com> Message-Id: <200107192216.SAA22454@shandakoTSubject: Re: [ns
It's õÅ; tordering process or approved vendor lists.
It should be inteõÅ;nginterchangability between routers, the real problem is accumlation of useõÅ; s
George
Date: Thu, 19 Jul 2001 13:44:54 -0700 (PDT) From: Routing Junkie <ip_plumberõÅ;ooSUbject: Re: [nsp] Flash compatibility among RSP2/4/8 To: Hank Nussbacher <hank@att.net.il>, cisco-nsp@puck.nether.nõÅ;n-Resent-From: cisco-nsp@puck.nether.net X-Mailing-List: <ciscoõÅ;@pX-Loop: cisco-nsp@puck.nether.net Precedence: list Resent-Sender: cisco-
Yes.
http://www.cisco.com/warp/public/63/pcmciamatrix.html
Hope this I hAve read over: > http://www.cisco.com/warp/public/63/pcmciamatrix.html but still don't quite understand why Cisco lõÅ; tdifferent part number:
RSP2:MEM-RSP-FLC20M RSP4: MEM-RSP4-FLC20M RSP8: MEM-RSP8-FLC20M
Any particular õÅ;onare all interchangeable?
Thanks, Hank
__________________________________________________õÅ;YoGet personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
From dsinn@microsoftõÅ; Received: from someone claiming to be mail3.microsoft.com (mail3.microsoft.com [131.107.3.123])õÅ; p for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 18:25:32 -0400 õÅ;veReceived-Date: Thu, 19 Jul 2001 18:25:32 -0400 Received: from 157.54.1.52 by mail3.microsofõÅ;m Received: from RED-MSG-11.redmondõÅ;p. Thu, 19 õÅ;20X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-VeõÅ;n:CoNtent-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nsp] Flash coõÅ;ibDate: Thu, 19 Jul 2001 11:30:24 -0700 Message-ID: <AF9E69C4CBFA3C4AA40068F03A28614502EB812D@RED-MSG-1õÅ;dmX-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nsp] Flash compatibility among RSP2/4/8 ThõÅ;-IFrom: "David Sinn" <dsinn@microsoft.com> To: "Hank Nussbacher" <hank@att.net.ilõÅ;ciX-OriginalArrivalTime: 19 Jul 2001 18:30:24.0704 (UTC) FILETIME=[E03D0C00:01C11080]
The physicalõÅ;sh
They just do this to help them characterize what model of RSP has what flash.
Just like with GBICåëÅ;hedetermineõÅ; mon your 3 port GE card on the GSR are "actually" in use.
David=20õÅ;--From: Hank Nussbacher [mailto:hank@att.net.il]=20 Sent: Thursday, July 19, 2001 10:03 AM To: ciscoõÅ;@pSubject: [nsp] Flash compatibility among RSP2/4/8
I have read over: http://www.cisco.com/warp/public/63/p\25õÅ;ambut still don't quite understand why Cisco lists these each with a=20 different part number:
RSP2:MEM-RSP-FLC2õÅ;SPRSP8: MEM-RSP8-FLC20M
Any particular reason and can I safely assume they are all interchangeable?
ThaõÅ; H
From afort@staff.webõÅ;raReceived: from someone claiming to be bnc.powerup.com.au (bnc.webcentral.com.au [202.õÅ;23 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6K1o6A13444 for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 2õÅ;:0 (envelope-from afort@staff.webcentral.com.au) Received-Date: Thu, 19 Jul 2001 21:50:06 -0400 Received: by bnc.webõÅ;ra id <3SNCCMJA>; Fri, 20 Jul 2001 11:50:03 +1000 Message-ID: <415DD4BF903õÅ;1AFrom: Andrew Fort <afort@staff.webcentral.com.au> To: cisco-nsp@puck.netherõÅ; DMIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plõÅ; Subject: [nsp] an ill cat 6500, any ideas?
Welp, we have a somewhat broken Cat6500 chassis that willõÅ;lo(either Native IOS or CatOS).
After the "ROMMON part S (Gold)" usual message at the MSFC boot, we get:
%MSFC2-õÅ;_G
Every 10-15 seconds. The MSFC2 doesn't complete booting.
BefõÅ;th(occasionally with "Spurious memory access" errors in syslog) evõÅ;5 expected rogue packet source from the network, õÅ;etmore only to get further unexpected reloads where the "isolated" source was not involved.
IOS verõÅ; wtried a flash card with 12.1(5a)E1 with the same error (no boõÅ; chassis we have is running the same version (12.1(8a)E), and also has reloaded upon occasion with the same "sh võÅ;re
System returned to ROM by power-on (SP by bus error at PC 0x602CD000, address 0xA7EE8455)"
The program counter, aõÅ;, that crashed, but only one will no longer boot. Does this indicate we're õÅ;ngI have a feeling the software bug is related to spaõÅ;g-(after all, the SP is crashing, not the RP), as brining up VLANs in downstream switches (with no VTP involvõÅ;hathan a couple of occasions.
I've tried the software recovery methods (using my spare chasõÅ;. naTive IOS image loads (we dont need the c6msfc-boot* in the RP bootflash because we're using MSFC2), but loops on thõÅ;O_
Attempting to boot CatOS gives "bad lot" or similar short error, then the chassis requires a resetõÅ;bvgive, though..), but was wondering if anyone has run õÅ;ss:). When you "copy run start" and the chassis reloads during the operation, smoking your config, it ruinsõÅ;r
-afort
From neil@COLT.NET õÅ;JuReceived: from someone claiming to be equinox.DOMINO.ORG (equinox.DOMINO.ORG [194.70.50.70]) by puckõÅ;he for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 03:44:52 -0400 (enveloõÅ;roReceived-Date: Fri, 20 Jul 2001 03:44:52 -0400 Received: from DOOM (gateway1.colt-telecom.com [195.110.70õÅ;) id 0567EED54; Fri, 20 Jul 2001 08:50:07 +0100 (BST) Reply-To: To: "Pegg Damon" <Damon.Pegg@Carrier1.com> Cc:Subject: RE: Cisco Feature Request - anyone want to help? Date: Fri, 20 Jul 2001 08:45:24 +0100 Message-IõÅ;MNMIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-TransfõÅ;ncX-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) õÅ;epX-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 ImporõÅ;e:
What IGP are you using? When a box dies an interface/neighbour down is usually triggered which causes the nexthoõÅ; bare recalculated. I can understand why you might want to have this featuover the top.
Regards, N> From: MõÅ;do> Sent: 19 July 2001 17:11 > To: 'ops@linx.net'> Subject: Cisco Feature Request - anyone want to help> > I'm mailing our LINX õÅ;ad> anyone in Europe and beyond who has weight with Cisco to help out. SorryõÅ;or> > I've submitted a feature request to Cisco but if anyone else would benefit > greatly then please haveõÅ;or> > In short, I have asked for an internal-fast-fallover option for > iBGP. TõÅ;> > connected networks > between core route-reflectors and edge roõÅ;re> sessions die on failure of that link. Typically these (edge) boxes are > connected physicalõÅ;nd> pop, these being in the same cluster. This option mimics eBGP, > alloõÅ; B> seSsions to be torn down instantly upon connection to an edge > device failing > (or rather, the box suffering from sõÅ;ou> This basically allows for transparent redundancy for multi-homed bgp > customers but itõÅ;o > preventing traffic > from being blackholed to x amount of routes when a box goes downõÅ;wh> are perfectly valid alternative bgp routes through other peers, transits, > customers. > > As an example, if yoõÅ;IN> epicentre of the blackholing(due to igp metric based decisions), > with a hugeõÅ;um> Although you > will doubtless have several alternative pathsõÅ;e > stays up for > a default of three minutes, with the edge loopbacks typically > carried within > supernets, sõÅ;xt> using a BGP route to exit the network at that point will continõÅ;o >> local core > routers, the only wait is for bgp õÅ;nv> order than optimal paths (often selected on igp next-hop metric) can be > recalculatedõÅ;va> > Naturally, alternatives exist for minimising the blackholing > impact of edge > device õÅ;ur> edge and core; 2. drawing your edge device loopback addressõÅ; f> blocks carried internally only as their /32 routes and with no supernet. > Neither of these is optimal, theõÅ;st> issues and > the second relying on the bgp scanner for invalidation of routes, which > cannotõÅ;re> Admittedly, the option I have requested doesn't suit many iBGPõÅ;es> and does decrease redundancy within a pop since single link failure will > shut a session where traditional coõÅ;ur> where an alternative path exists. Its not perfect, for sure. However, I > for one woulõÅ;ke> effects all of us > and has no current ideal solution. This will give us threeõÅ;io> considering how best to minimise the impact of edge device failure in > blackholing traffic. > > Of course, I'd õÅ; w> procedures being > tightened and other measures in the event of interface flaps etõÅ;t > > Anyways, just thought I'd > > > Damon Pegg õÅ;ac> "If you can look into the seeds of time, and say which grain will grow and >õÅ;ch> >
From Damon.Pegg@carrõÅ;.cReceived: from someone claiming to be lon-nsmx-01.carrier1.net (lon-nsmx-01.carrier1.net [2õÅ;.1 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6K9DYA21355 for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 0õÅ;:3 (envelope-from Damon.Pegg@carrier1.com) Received-Date: Fri, 20 Jul 2001 05:13:35 -0400 Received: from exchange.caõÅ;r1 by lon-nsmx-01.carrier1.net with esmtp (Exim 3.22 #3) id 15NWM5-0007nW-00õÅ;i,Received: by GBLON1S07 with Internet Mail Service (5.5.2653.19) id <3V47BGMC>; Fri, 20 Jul 20âëÅ;0:MeFrom: Pegg Damon <Damon.Pegg@carrier1.com> ToõÅ;ErCc: "'ops@linx.net'" <ops@linx.net>, Bree Eric <Eric.Bree@carrier1.com>, "'cisco-nsp@õÅ;.nSubject: RE: [nsp] Cisco Feature Request - anyone want to help? Date: Fri, 20 Jul õÅ; 1MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859õÅ; H
Firstly, I apologise if not clear in my first mail but I was assuming next-hop-self set on all of my edge devicesõÅ; eas de facto standard.
My whole point is that this feature is for peering over connected interfõÅ;. iBGP, there isn't the same interaction between IGP/link-sõÅ;s you peer over connected interface addresses then the session still stays up when the link goes down because BGõÅ;ilend of the link (normally there is one in a supernet anyway.) Also, while the sessionõÅ;ysaddress, which is typically carried in a supernet. Of course, a way aõÅ;d edge (as I alluded to last night) where they õÅ;beaddresses, not also as the supernet. This has the inherent problem that invalidation by next-hop õÅ;eltight on your filters to ensure that there is no supernet available - remembeõÅ;atmatch for an address.
Another quick point was that I do haõÅ;esRoute Reflectors) which is why I can afford to have one backbone router shut the session õÅ; icarry the traffic to the edge device. There is clearly a trade-oõÅ;ecroUting-stability suffers a little but the benefit is that in the event of EDGE DEVICE FAILURE both sessions from bacõÅ;e-straight away and optimal bgp paths to affected networks will be recalculated across the core iBGP mõÅ; dampening is performed then flapping interfaces shouldn't cause a problem as routes will be reõÅ;d
Even if you don't all agree with me or this isn't relevant to you with your designs then I just õÅ; iovercome inherent bgp fallover times. Naturally, this must be done without coõÅ;miproblems with edge devices, it seems necessary to me to ensurõÅ;atutMost is done to provide transparent redundancy. This is not the case at present and you can only come close to it õÅ;edaggressively between edge and core/distric. or by performing the loopback gymnastics that I described aboõÅ;nd
Damon.
> -----Original Message----- > From: Eric Osborne [mailto:eosborne@cisco.com To: Pegg Damon > Cc: 'ops@linx.net'; Bree Eric; 'cisco-nsp@puck.nethe> > > On Thu, Jul 19, 2001 at 05:10:48PM +0100, Pegg Damon wrote: > > Hello all. > > > > I'm maiõÅ; o> encompasses pretty much > > anyone in Europe and beyond who has weight with Cisco õÅ;> > > for spam otherwise. > > > > I've submitted a feature request to Cisco but if anyone > else would beõÅ;t > little like this: > > > > In short, I have asked for an inõÅ;al> for iBGP. This > > allows me the option of optimising fallover by peering on > connected networõÅ; >> route-reflector-clients; and having > > sessions die on failure of that link. õÅ;> > there's no redundancy between RR and RR-client. AnõÅ; t> (or all links) between RR and RR-client go down, you're kinda screwed > anyways, as far as I can see. And õÅ;ou> the same network should have the same next-hop no matter which RR you > are taking the route õÅ;, > failed link should take care of things. True, the ibgp session > between RRC andõÅ; R> stays up, but > that's only inconsistent until the link comes back. > > AnotherõÅ; t> *interface > address* of the RR, rather than the RID. > > But maybe õÅ;mi> > - fast ibgp failover makes sense, and > - it's not sensible to peer wiõÅ;he> same thing? > > > > > > > > eric >
From Damon.Pegg@carrõÅ;.cReceived: from someone claiming to be lon-nsmx-01.carrier1.net (lon-nsmx-01.carrier1.net [2õÅ;.1 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6K9NAA22757 for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 0õÅ;:1 (envelope-from Damon.Pegg@carrier1.com) Received-Date: Fri, 20 Jul 2001 05:23:10 -0400 Received: from exchange.caõÅ;r1 by lon-nsmx-01.carrier1.net with esmtp (Exim 3.22 #3) id 15NWVQ-00005Y-00õÅ;i,Received: by GBLON1S07 with Internet Mail Service (5.5.2653.19) id <3V47BGPT>; Fri, 20 Jul 20õÅ;0:Message-ID: <83189BAB0F57D411A1C400508B6AADBD04738887@GBLON1S07> From: Pegg Damon <Damon.Pegg@carrier1.com> ToõÅ;neCc: "'ops@linx.net'" <ops@linx.net>, "'cisco-nsp@puck.nether.net'" <cisco-nsp@puck.nethõÅ;etDate: Fri, 20 Jul 2001 10:23:07 +0100 MIME-Version: 1.0 X-MailõÅ;InContent-Type: text/plain; charset="iso-8859-1"
Hi Neil. I'll try and keep this relatiõÅ; bfollowup :) but I think your making the same assumption that i originally did...
BasicallõÅ; hmuch discussion with Cisco dev and my SEs. My problem is thatõÅ;P have that IGP-relation that eBGP does - this is what I want. If an edge router dies and you peer on loopbacks theõÅ;e (bgp timers) three minutes - since you run next-hop-self and I presume that your loopbacks arõÅ;rryour route-reflectors or other peers of that edge device will blackhole õÅ;tr
Likewise, when you peer on connected interfaces, interface failure DOES NOT tõÅ;ersupernet, traffic is blackholed as before. The problem is õÅ;aredge device failure (not all that common admittedly) and my feature request is for the action that you dscribed! õÅ;nk
DamOn.
> -----Original Message----- > From: Neil J. McRae [mailto:neil@COLT.NET] > Sent: 20 July 2001 08:45 > To: PegõÅ;mo> Subject: RE: Cisco Feature Request - anyone want to help? > > > What IGP õÅ;yo> usually > triggered which causes the nexthop to be unavailable õÅ; >> are recalculated. I can understand why you might want to have > this feature > but using this within iõÅ;P > problem seems > over the top. > > Regards, > Neil. > > > -----Original Message----- > > õÅ;: > Of Pegg Damon > > Sent: 19 July 2001 17:11 > > To: >> > Subject: Cisco Feature Request - a> > > > > > Hello all. >õÅ; >> encompasses pretty much > > anyone in Europe and beyond who has weigõÅ;it> help out. Sorry > > for spam otherwise. > > > > I've submitted a feature request to Cisco but if anyone > õÅ; w> > greatly then please have a word with your SE. It goes a > little like this: > > > > In short, I have askõÅ;or> > iBGP. This > > allows me the option of optimising fallover by peering on > > coõÅ;te> > between core route-reflectors and edge > route-reflector-clients; and having > > sessions die on failure oõÅ;at> (edge) boxes are > > connected physically and iBGP meshed logically to two > reflectors withinõÅ; >> > allowing BGP > > sessions to be torn down instantly uõÅ;co> > device failing > > (or rather, the box suffering from spurious problems which > cause failure.) >õÅ;hi> > customers but it also provides huge benefits in termõÅ; >> > from being blackholed to x amount of routes when a box goes down; > > when there > > are perfectõÅ;al> peers, transits, > > customers. > > > > As an example, if your LINX router diesõÅ;ea> > epicentre of the blackholing(due to igp metric based decisions), > > with a huge > > number of õÅ;es> > Although you > > will doubtless have several alternative paths, the bgpõÅ;si> > Stays up for > > a default of three minutes, with the edge loopbacks typically > > carried within > > supernets, soõÅ;t-> any other router > > using a BGP route to exit the network at that point will >õÅ;ti> > until the session is closed. With instaneaous withdrawal by the > > local core > > routers, the only waiõÅ; f> your core mesh in > > order than optimal paths (often selected on igp next-hop > metric) õÅ;be> > > > Naturally, alternatives exist for minimising the blackholingõÅ; i> > device failure but these are really hacks: 1. reducing bgp > timers between > > edge and core; 2. drawiõÅ;ou> > from separate > > blocks carried internally only as their /32 routes and with > no sõÅ;ne> > Neither of these is optimal, the first having inherent stability > > issues and > > the second relying on the bgp sõÅ;er> routes, which > > cannot be reconfigured to a frequency of <60 seconds on S > train code. > > AdmõÅ;dl> > mesh designs > > and does decrease redundancy within a pop sinceõÅ;gl> failure will > > shut a session where traditional configurations will allow > it to stay up > > where an alternõÅ;e > sure. However, I > > for one would like the choice since this is a problem that > >õÅ;ec> > and has no current ideal solution. This will give us three > options when > > considering how best to mõÅ;is> failure in > > blackholing traffic. > > > > Of course, I'd also welcome discussion on interõÅ;da>> > tightened and other measures in the event of interface flaps etc but > > generally the probõÅ; o> > > > Anyways, just thought I'd > > > > > > Damon Pegg IP Backbone EngiõÅ; > > "If you can look into the seeds of time, and say which > grain will grow and > > which wiõÅ;ot> > > > >
From drajnovi@cisco.õÅ; FReceived: from someone claiming to be uk-cse-011.cisco.com (uk-cse-011.cisco.com [144.254.106.16õÅ;by for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 05:38:30 -04õÅ;(eReceived-Date: Fri, 20 Jul 2001 05:38:30 -0400 Received: (from drajnovi@localhost) by uk-õÅ;01Date: Fri, 20 JuMEssage-Id: <200107200938.f6K9c7B22758@uk-cse-011.cisco.com> To: cisco-nFrom: Cisco Systems ProduæëÅ;ecErrors-To: nobody@cisco.com Reply-To: Cisco SystemõÅ;odCc: psirt@cisco.com X-Mailer: GNU Emacs 19.34.1, VM 5.72 (beta) SubjõÅ; [
-----BEGIN PGP SIGNED MESSAGE-----
Cisco SecuõÅ; A Revision 1.0 For public r _________________________________________________________________ targeted at systems running the Microsoft Internet Information Server (IIS). SevõÅ; C systems. Additionally, the behavior of the worm can cause problems õÅ;
The following Cisco products are vulnerable because they run affected versions of MicrosoftõÅ;: * Cisco Unity Server * Cisco uOne * Cisco ICS7750 Other Cisco productsõÅ; a worm. Please see the Affected Products section for further details.
TheõÅ;m patch to affected servers, http://www.microsoft.com/techne\26õÅ;ee security/bulletin/MS01-033.asp.
This advisory is available at http://www.cisco.co\26õÅ;rp Affected Products
The following Cisco products are directly vulnerableõÅ;au affected versions of Microsoft IIS:
* Cisco CallManager * Cisco Unity Server * Cisco Building Broadband Service Manager Other Vulnerability (this is not an exhaustive list):
* Cisco 600 series of DSL routers that have not been patched õÅ;th http://www.cisco.com/warp/public/707/CBOS-multiple.shtml , will stop forwaõÅ;g "Code Red" worm. The power must be cycled to restore normal õÅ;vi might be installed on a Microsoft platfoõÅ;un version of IIS. Details
The "Code Red" worm exploits a known vulnerability in MicrosoõÅ;IS Passing a specially crafted URI to the default HTTP service, port 80, on a susceptible system. The URI consists õÅ;in cause the infected host to either begin scanning other random IP addresses and pass the infecõÅ; o finds, or launch a denial of service attack targeted at the IP address 198.137.õÅ;91 www.whitehouse.gov. In both cases the worm replaces the web server's defaõÅ;we
The worm does not check for pre-existing
As a side-effect, the URI used by the worm to infect other hosts causes Cisco 600 series DSL routers toõÅ;p triggering a previously-published vulnerability. Any 600 series routers scanned by the "Code RõÅ;wo until the power to the router has been cycled.
The nature of the "Code Red" worm'õÅ;an the resulting sharp increase in network traffic can noticeably affect Cisco Content ServõÅ;Sw depending on the device and its configuration. Unusually high CPU utilization çëÅ;me Internet aõÅ;s infected, the management of a Cisco CallManager product is disabõÅ;or original management web page is restored. SoftwaõÅ;er
Microsoft has made a patch available for affected systems at http://www.microsoft.com/technet/treev\26õÅ;de security/bulletin/MS01-033.asp .
Cisco is providing the same patch at http://www.cisco.c\26õÅ;gi isco/voice/callmgr/win-IIS-SecurityUpdate-2.exe&swtype=FCS&code=&size= 2çëÅ;6 isco/voice/callmgr/win-õÅ;Se =&size=4541 Cisco Building Broadband Service Manager is documented sepõÅ;el gent.htm . Obtaining Fixed Software
õÅ;co vulnerability for all affected Cisco customers.
FõÅ;os Center on Cisco's Worldwide Web site at http://www.cisco\26õÅ;/. Microsoft or by contacting the Cisco Technical AssiõÅ;ce (TAC). TAC contacts are as follows:
* (800) 553 2447 (toll-free from within North America) * +1 408 õÅ;72 * E-mail: tac@cisco.com See http://www.cisco.com/warp/public/687\26õÅ;ec for additional TAC contact information, including instructions and e-mail addresses for use in varõÅ; l
Give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contõÅ; c requested through the TAC or directly from Microsoft. Please do not contact either "psirt@cisco.comõÅ; " software upgrades. Workarounds
We recommend following the instructions in the MicõÅ;ft bulletin for addressing the actual vulnerability. Exploitation and Public Announcements
This issue isõÅ;ng numerous public announcements and messages. References include:
* hõÅ;// * http://www.eeye.com/html/Research/Advisories/AD20010618.html StatuõÅ; T
This is a final notice. Although Cisco cannot guarantee the accuracy of all statements in this noõÅ;, checked to the best of our ability. Should there be a significant change in the factõÅ;is Distribution
This notice will be posted on Cisco's Worldwide Web site at http://www.\26õÅ;o. In addition to Worldwide Web posting, a text version of this notice õÅ; c following e-mail and Usenet news recipients:
* custõÅ;ur * bugtraq@securityfocus.com * firewalls@lists.gnac.com * first-teams@first.org (inclõÅ; C * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * nanog@nanog.org * incidents@securityfoõÅ;co comp.dcom.sys.cisco * Various internal Cisco mailing lists Future updates of this notice, if any,õÅ;l Security Advisories page at http://www.cisco.com/go/psirt/, but may or may not be actively anõÅ;ce Users concerned about this problem are encouraged to check the URL given above forõÅ; u Revision History
Revision 1.0 2001-Jul-20 Initial public release Cisco Product Security Incident ProceõÅ;s products, obtaining assistance httpõÅ;ww This includes instructions for press inquiries regarding CiscoõÅ;se _________________________________________________________________ This notice is Copyright 200õÅ; C be redistributed freely after the release date given at the top of the text, provõÅ; t including all date and version information. ________________õÅ;__
-----BEGIN PGP SIGNATURE----- Version: 2.6.2
iQEVAwUBO1f3m2iN3BRdFxkbAQHFrQõÅ;JJAOQRWvyV+XZwLo4VWAcS47A6p2e/hOEcqOBSgYYX8L+dbsF/8geHURhCTQB628kQ uvtc+A2q9rxIjLqrZcjda7rwZB9IõÅ;RZMf02XKv4IUF1N6adKh23aJ0DILoFmge4b26V7NtHEDJ70fJyqSzk1z+soHlyeZ+z wGwUCMGfSlQr5uXhD5bJF8b5unõÅ;Ny0l+LgwM7Q4Y0n7poXOw7Pw52r3bcL2XuxTY4BJSl97Fbt3daUxPiVw== =7r1T -----END PGP SIGNATURE----çëÅFrom kf@reign.sk FrõÅ;l Received: from someone claiming to be reign.sk (w31nb048.via.at [194.96.201.48]) by puck.nether.net (8õÅ;4/ for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 05:48:10 -0400 (envelope-from kf@reigõÅ;) X-Server: Advanced Direct Remailer (www.elcomsoft.com) ReplTo: <cisco-nsp@puck.nether.net> Subject: Serial Clock-rMIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" CoõÅ;t-X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (õÅ;29IMportance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Correct me if I'm wrong...
If there isõÅ;iaspeaking about rate of the 2Mbit should be clocking like in my exampõÅ; 2
Greetz
Alex
From df@nextra.com õÅ;JuReceived: from someone claiming to be smarthost1.s.oke.nextra.no (smarthost1.s.oke.nextra.no [148.122õÅ;.5 by Puck.nether.net (8.11.4/8.9.3) with SMTP id f6KDmEA29897 for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 09:48:1õÅ;40Received-Date: Fri, 20 Jul 2001 09:48:14 -0400 Received: (qmail 24318 invoked from networõÅ;20Received: from opus.nextel.no (HELO a.online.no) (148.122.207.131) by smarthost1.oke.nextra.no õÅ; SReceived: from localhost (df@localhost) by a.online.no (8.9.3/8.9.1) with ESMTP id PAA213õÅ; FDate: Fri, 20 Jul 2001 15:48:10 +0200 (MET DST) From: David Ferguson <df@nextra.cõÅ;X-To: Dmitri Kalintsev <dek@hades.uz> cc: cisco-nsp@puck.nether.net Subject: Re: [nsp] 5400's as põÅ;ISIn-Reply-To: <025501c10a9c$a4ab7300$4d0508d2@cca.off.connect.com.au> Message-ID: <Pine.GSO.4.õÅ;01MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII
A little late, butõÅ;On
> Hi good people, > > Does anybody have real-world experince running 5400's aõÅ;re> concentrator? Of real interest are the following areas: > > 1. BGP support: features and stability, compared õÅ;to> 2. How many PRI cards will box take, provided *no* digital modems are > installed?
IOS 12.1(5)XM3 supõÅ;s
> 3. How good is multilink PPP support and stability, especially of larger > multilink bundles,
Have only experience from 1 and 2 B-channels (with and without multichenvironment).
> 4. What is the recommended IOS version to use? 12.2 would be nice (probably > 12.2XA?), becauõÅ;e
Sorry I can't answer your other questions.
-David. -- David Ferguson (CCIE 1263) <õÅ;ex Nextra AS, Postboks 393 Skoyen, 0212 Oslo, Norway. Tlf. (+47) 2277 1900 Fax. (+47) 2277 1910
From jared@puck.nethõÅ;etReceived: (from jared@localhost) by puck.nether.net (8.11.4/8.9.3) id f6KEaZZ32142; Fri, 20 JõÅ;00 (envelope-from jared) Received-Date: Fri, 20 Jul 2001 10:36:35 -0400 Date: Fri, 20 Jul 2001 10:36:35 -04õÅ;roTo: Andrew Fort <afort@staff.webcentral.com.au> Cc: cisco-nsp@puck.nether.net SubjeõÅ;ReMessage-ID: <20010720103635.B31694@puck.nether.net> References: <415DD4BF903BD311A3D90õÅ;99Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inlõÅ;UsIn-Reply-To: <415DD4BF903BD311A3D900A0C99F9022096070FF@bnc.webcentral.com.au>; from afort@staff.webcõÅ;al
I've run into a number of issues with 12.1(8a)E but have not seen this.õÅ;wobased on what you are saying.
I would avoid running 12.1(8a)E. My experience is that iõÅ;s believe there is now a bug filed against that issue.
I suspect thõÅ;withese issues.
On Fri, Jul 20, 2001 at 11:49:49AM +1000, Andrew Fort wrote: > WelõÅ;e > (either Native IOS or CatOS). > > After the "ROMMON parõÅ;(G> > %MSFC2-3-NO_GIG_SYNC: Inband Gig interface not syncronized, status 0x58õÅ;> > > Before this error was occuring, we were seeing this chassisõÅ;oa> minutes or so, starting about 1:30am this mornõÅ; > expected rogue packet source from the network, to get uptime of an hour or > more only to get furõÅ; u> not involved.
if you are running BGP on this device, you may be enõÅ;teCSCdu68599
> IOS version was 12.1(8a)E, platform is c6sup12 (sup1a, msfc2/pfc1). I've > tried a flash card with 12.õÅ;)E> chassis we have is running the same version (12.1(8a)E), and also has > reloõÅ; u
- jared
-- Jared Mauch | pgp key available via finger from jared@puck.netõÅ;ne
From jared@puck.nethõÅ;etReceived: (from jared@localhost) by puck.nether.net (8.11.4/8.9.3) id f6KFV8S02511 for cisco-õÅ;pu (envelope-from jared) Resent-Message-Id: <200107201531.f6KFV8S02511@puck.nõÅ;r.ReCeived: (from slist@localhost) by puck.nether.net (8.11.4/8.9.3) id f6KCjB229033 for jared; Fri, 20 Jul 2001 08:4õÅ; - (Envelope-from cisco-nsp-request@puck.nether.net) Date: Fri, 20 Jul 2001 08:45:11 -0400 X-From_: elizlinav@yahoo.comõÅ;i Received: from someone claiming to be web12308.mail.yahoo.com (web12308.mail.yahoo.com [216.136.173õÅ;]) for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 08:45:10 õÅ;0 Received-Date: Fri, 20 Jul 2001 08:45:10 -0400 Message-ID: <20010720124509.26584.qmaiõÅ;b1Received: from [61.1.224.48] by web12308.mail.yahoo.com via HTTP; Fri, 20 Jul 2001 05:45:09 PDT Old-DõÅ; FFrom: eliz linav <elizlinav@yahoo.com> To: cisco-nsp@puck.nether.net MIME-Version: 1.õÅ;ntX-Diagnostic: Not on the accept list X-Envelope-To: cisco-nsp Resent-From: jared@puõÅ;etResent-Date: Fri, 20 Jul 2001 11:31:08 -0400 Resent-To: cisco-nsp@puck.nether.net Subject: [nsp] Reg Route-map.. mõÅ; l
HI, Could u pls help me in understanding what the cmd "match length..." in route-map means?
Regards, Vinod
_____õÅ;__Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.m
From ryan@complicityõÅ;ukReceived: from someone claiming to be look-to-windward.complicity.co.uk (look-to-windward.comõÅ;it by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6KHXfA08346 for <cisco-nsp@puck.nether.net>;õÅ;, (envelope-from ryan@complicity.co.uk) Received-Date: Fri, 20 Jul 2001 13:33:41 -0400 Received:õÅ;m id 15Ne8u-0007oU-00; Fri, 20 Jul 2001 18:32:48 +0100 õÅ;: From: "Ryan O'Connell" <ryan@complicity.co.uk> To: eliz linav <elizlinav@yahoo.com> Cc: ciõÅ;nsSubject: Re: [nsp] Reg Route-map.. match len ? Message-ID: <20010720183248.A30016@look-tReferences: <20010720124509.26584.qmail@web12308.mail.yahoo.com> Mime-VCoNtent-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20010720124509.26584.qmail@web12308.mail.yahoo.com>; õÅ; e
On Fri, Jul 20, 2001 at 08:45:11AM -0400, eliz linav wrote: >õÅ;ul> "match length..." in route-map means?
This matches the length of packetsõÅ;ngpolicy-routing route-maps, not when talking about BGP or redistribution.
For example:
õÅ;rf ip policy route-map policy-route-small-packets
route-map policy-route-small-packets permit 10 matõÅ;en set interface Serial0/0
route-map policy-route-small-packets permit 20 set interface Serial1/0
This routesõÅ; ppackets via S1/0. This can be useful to push bulk transfersõÅ;P,onto one line while allowing interactive traffic to use another path, perhaps with lower bandwidth but also loweõÅ;te
- Ryan O'Connell - <ryan@complicity.co.uk> - http://www.complicity.co.uk
I'm not losing my mind, no I'm not changõÅ;myI'm just learning new things with the passage of time
From gert@greenie.muõÅ; Received: from someone claiming to be greenie.muc.de (root@greenie.muc.de [193.149.48.161]) byõÅ;k. for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 17:10:37 -0400 (enõÅ;peReceived-Date: Fri, 20 Jul 2001 17:10:37 -0400 Received: by greenie.muc.de via rmail with stdiõÅ;d for cisco-nsp@puck.nether.net; Fri, 20 Jul 2001 23:10:58 +0200 (MEST) (Smail-3.2 1996-JõÅ; #Received: (from gert@localhost) by mobile.greenie.muc.de (8.11.0/8.11.0) id f6KJ0o215908; Fri, 20 Jul 2õÅ;21Date: Fri, 20 Jul 2001 21:00:50 +0200 From: Gert Doering <gert@greenie.muc.de> To: Pegg Damon <Damon.Pegg@carõÅ;1.Cc "'Eric Osborne'" <eosborne@cisco.com>, "'ops@linx.net'" <ops@linx.net>, Bree Eric <Eric.Bree@c Subject: Re: [nsp] Cisco MessaõÅ;D:References: <83189BAB0F57D411A1C400508B6AADBD04738886@GBLON1S07> Mime-Version: 1.0õÅ;teContent-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <83189BAB0F57D411A1õÅ;50X-mgetty-docs: http://a\26õÅ;.g
Hi,
On Fri, Jul 20, 2001 at 10:13:28AM +0100, Pegg Damon wrote: > Firstly, I apologise if not clear iõÅ; f> next-hop-self set on all of my edge devices for eBGP peerings as I see this > as de facto sõÅ;ar
Au Contraire. About half the networks I know use next-hop-self on iBGP peerings, and the other half carriers the "extõÅ;l (like "the LINX network") in their IGP and does NOT modify next-hop.
Both has advantages. I personally õÅ; lit has (the external neighbour) as this means IGP can take care of a number of network õÅ;gsnext-hop-self (like "picking the right path in the case of unequal bandwidth õÅ;s
gert -- Gert Doering Mobile communications ... right now writing from *Alcudia, Mallorca* ... moõÅ; p
From elizlinav@yahooõÅ; Received: from someone claiming to be web12306.mail.yahoo.com (web12306.mail.yahoo.com [216.136õÅ;.1 bY puck.nether.net (8.11.4/8.9.3) with SMTP id f6L3YaA18952 for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 23:34õÅ;-0 (eNvelope-from elizlinav@yahoo.com) Received-Date: Fri, 20 Jul 2001 23:34:36 -0400 Message-ID: <20010721033435.94833.õÅ;l@yahoo.com2001 23:34õHReceived: from [61.1.224.50] by web12306.mail.yahoo.com via HTTP; Fri, 20 Jul 2001 20:34:35 PDT DõÅ; FFrom: eliz linav <elizlinav@yahoo.com> To: cisco-nsp@puck.nether.net MIME-Version: 1.õÅ;ntSubject: [nsp] tos, precedence & qos-group.. route-map ??
Hi, I was trying to do çëÅ; pdifferent type mentioned: tos qos-group precedence KõÅ;y also cite some small examples where each one of these could be used
2. I wanõÅ; m with a certain type of service and from y.y.y.y/26 with other type of service
õÅ; tdiffrentiate the packets based on type of srvice and do a policy based routing. õÅ;thWith Regards, Vinod
__________________________________________________ Do You Yahoo!? Make inõÅ;athttp://phonecard.yahoo.com/
From elizlinav@yahooõÅ; Received: from someone claiming to be web12305.mail.yahoo.com (web12305.mail.yahoo.com [216.136õÅ;.1 bY puck.nether.net (8.11.4/8.9.3) with SMTP id f6L3ZFA19280 for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 23:35õÅ;-0 (eNvelope-from elizlinav@yahoo.com) Received-Date: Fri, 20 Jul 2001 23:35:16 -0400 Message-ID: <20010721033514.88244.õÅ;l@~h\7Bo.com2001 23:35õHReceived: from [61.1.224.50] by web12305.mail.yahoo.com via HTTP; Fri, 20 Jul 2001 20:35:14 PDT DõÅ; FFrom: eliz linav <elizlinav@yahoo.com> To: cisco-nsp@puck.nether.net Cc: vinodabm@yahõÅ;omContent-Type: text/plain; charset=us-ascii Subject: [nsp] tos, precedence & qos-group.. route-map ??
HõÅ;I But while defining the set option there are 3 different type mentioned: tos qosõÅ;up Kindly explain the differences between the same and also cite some small examples where each one of these õÅ;d
2. I want to map traffic from a network say x.x.x.x/26 with a certain type of service and from y.y.y.y/26 with õÅ;r
3. I then intend to set the next hop router to diffrentiate the packets based on type of srvice and do a õÅ;cy Is this possible and if so how? With Regards, Vinod
__________________________________________________õÅ;YoMake international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
From elizlinav@yahooõÅ; Received: from someone claiming to be web12303.mail.yahoo.com (web12303.mail.yahoo.com [216.136õÅ;.1 bY puck.nether.net (8.11.4/8.9.3) with SMTP id f6L3ibA22319 for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 23:44õÅ;-0 (eNvelope-from elizlinav@yahoo.com) Received-Date: Fri, 20 Jul 2001 23:44:37 -0400 Message-ID: <20010721034436.22126.õÅ;l@yahoo.com2001 23:44õHReceived: from [61.1.224.50] by web12303.mail.yahoo.com via HTTP; Fri, 20 Jul 2001 20:44:36 PDT DõÅ; FFrom: eliz linav <elizlinav@yahoo.com> To: cisco-nsp@puck.nether.net MIME-Version: 1.õÅ;ntSubject: [nsp] route-reflector hierachial.. config
Hi, We have the following netwõÅ; ( acting as RR Server) A2 x 4 nodes (acting as RR Server and RR client) B õÅ;no The A1, A2 and B type nodes run iBGP. There is peering betwn all nodes of same type. TheõÅ;l was thru the A1 nodes. We have recently decided to have a Internatinal gateway õÅ;ec 1.I would like to know if RR config any changes to be made? 2.Would the A2 node learned route be õÅ;edcorresponding A1 node (as it is only RR server mode)? Regards, Vinod
____________________________________________õÅ;__Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
From zaziz@sj-core.cõÅ;.cReceived: from someone claiming to be sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171õÅ;16 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6L818A26437 for <cisco-nsp@puck.nether.net>; Sat, 21 Jul 2001 04õÅ;08 (envelope-from zaziz@sj-core.cisco.com) Received-Date: Sat, 21 Jul 2001 04:01:08 -0400 Received: from sj-msg-av-1.õÅ;o. by sj-msg-core-1.cisco.com (8.11.3/8.9.1) with ESMTP id f6L811g09883; Sat, 2èëÅ;l by sj-msg-av-1.cisco.com (8.10.1/8.10.õÅ;it Sat, 21 Jul 2001 01:01:09 -0700 (PDT) Received: from ZAZIZ-W2K.cisco.com (zaziz-dsl1.cisco.com [õÅ;25MeõÅ;e-X-Sender: zaziz@ce-nfs-1.cisco.com X-Mailer: QUALCOMM Windows EõÅ;a Date: Sat, 21 Jul 2001 00:58:29 -0700 To: eliz linav <elizlinav@yahoo.com> From: Zaheer Aziz <zaziz@cisco.coõÅ;ubCc: cisco-nsp@puck.nether.net In-Reply-To: <20010721034436.22126.qmailõÅ;12Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed
At 08:44 PM 7/20/2001 -õÅ;, >Hi, > We have the following network > A1 X 3 nodes with Intl Gateway > ( acting as RR Server) >õÅ;2 > (acting as RR Server and RR client) > B x 8 nodes > (acting as RR client) > The A1, A2 and B tyõÅ;od>peering betwn all nodes of same type. > The Intl Gateway connectivity to a single provider >was thõÅ;he> We have recently decided to have a Internatinal >gateway connectivity from a A2 node. > 1.I would like to kõÅ;if>made?
No
> 2.Would the A2 node learned route be passed to the >corresponding A1 node (as õÅ;s yes. :-)
However I do have questions about your design.
1)why is there is an IBGP "pering betwn açëÅ;odbenefit are you getting by this?õÅ;Si
Zaheer
>Regards, >Vinod > >__________________________________________________ >Do You Yahoo!õÅ;ak>http://phonecard.yahoo.com/
From zaziz@sj-core.cõÅ;.cReceived: from someone claiming to be sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171õÅ;16 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6L88sA27491 for <cisco-nsp@puck.nether.net>; Sat, 21 Jul 2001 04õÅ;54 (envelope-from zaziz@sj-core.cisco.com) Received-Date: Sat, 21 Jul 2001 04:08:54 -0400 Received: from sj-msg-av-2.õÅ;o. by sj-msg-core-4.cisco.com (8.11.3/8.9.1) with ESMTP id f6L88v329360; Sat, 21õÅ; 2Received: from mailman.cisco.com (localhost [127.0.0.1]) by sj-msg-av-2.cisco.com (8.10.1/8.10.1õÅ;th Sat, 21 Jul 2001 01:08:48 -0700 (PDT) Received: from ZAZIZ-W2K.cisco.com (zaziz-dsl1.cisco.com [1õÅ;54MesõÅ;-IX-Sender: zaziz@ce-nfs-1.cisco.com X-Mailer: QUALCOMM Windows EuõÅ; VDate: Sat, 21 Jul 2001 01:09:40 -0700 To: eliz linav <elizlinav@yahoo.com> From: Zaheer Aziz <zaziz@cisco.comõÅ;bjCc: cisco-nsp@puck.nether.net, vinodabm@yahoo.com In-Reply-To: <õÅ;07Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=floweõÅ;t >Hi, > I was trying to do some policy routing. >But while defining the set opõÅ; t>different type mentioned: > tos > qos-group > precedence > Kindly explain the differences between the sõÅ;an>could be used
I have only used the set precedence option to chaõÅ;thTOS field of IP header. set tos probably change the whole 8 bits.
>2. I want to map traffic from aõÅ;wo> with a certain type of service > and from y.y.y.y/26 with other type of service > apply this route-mõÅ;o
route-map test permit 10 match ip address 101(access-list 101permits x.x.x.x/2õÅ;et
route-map test permit 20 match ip address 102 (access-list permits y.y.y.y/26) set ip precedeõÅ;y
>3 I then intend to set the next hop router to >diffrentiate the packets based on type of srvice and Is this possible and if so how?
On the next-hop router where policapply thi
route-map DIFFERENTIATE permit 10 match ip address 130 set blah
routematch ip addresõÅ;1
access-list 130 permit ip any any prec x access-list 131permit ip any any prec y
Just double check the syntax aõÅ;fo
Hope this helps Zaheer
>With Regards, >Vinod > > >________________________________________õÅ;__>DO You Yahoo!? >Make international calls for as low as $.04/minute with Yahoo! Messenger >http://phonecard.yahoo.comçëÅFrom jared@puck.nethõÅ;etReceived: (from jared@localhost) by puck.nether.net (8.11.4/8.9.3) id f6LM9Qw07973 for cisco-õÅ;pu (envelope-from jared) Resent-Message-Id: <200107212209.f6LM9Qw07973@puck.nõÅ;r.ReCeived: (from slist@localhost) by puck.nether.net (8.11.4/8.9.3) id f6JHQUS26804 for jared; Thu, 19 Jul 2001 13:2õÅ; - (Envelope-from cisco-nsp-request@puck.nether.net) Date: Thu, 19 Jul 2001 13:26:30 -0400 X-From_: Adrian@nildram.net àëÅ; J vnet.trinite.co.uk (vnet.trinite.co.uk [195.38.64.2]) by puckõÅ;he for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 13:26:24 -0400 (enveloõÅ;roReceived-Date: Thu, 19 Jul 2001 13:26:24 -0400 Received: from vmailntwks45b ([195.38.85.234]) by vnõÅ;ri for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 17:46:39 +0100 ReõÅ;ed by vmailntwks45b with MERCUR-SMTP/POP3/IMAP4-Server (v3.2õÅ; A for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 18:25:55 +0100 Received: FROM exchange.nildram.co.õÅ;Y Received: by exchange.nildram.co.uk with Internet Mail SeõÅ;e id <3K0BBY15>; Thu, 19 Jul 2001 18:28:21 +0100 Message-ID: <41D348CD8E13D411973100A0CC58AA9090DD35@exchangeàëÅ;ldFro "'cisco-nsp@puck.nether.net'" õÅ;scSubject: RE: [nsp] Link Errors... Old-Date: Thu, 19 Jul 2001 18:28:19 +0100 MIME-Version: 1.0 X-MaiõÅ; IContent-Type: text/plain; charset="iso-8859-1" X-Diagnostic: Not on the accept list X-õÅ;loResent-From: jared@puck.nether.net Resent-Date: Sat, 21 Jul 2001 18:09:26 -0400 Resent-To
Are you running 802.1q, and are these errors runts? If so, you can safe
> -----Original Message----õÅ;Fr> Sent: 19 July 2001 18:05 > To: cisco-nsp@puck.nether.net > Subject: [nsp] Link Errors... > õÅ; S> > Experiencing sometimes an bunch of input errors on my XL > switch. TõÅ;po> iS older IO 7206 FE with RJ and MII onboard. Both 100/FD > manual. Cable Cat 5 > Shielded,Screened 1m long Patch caõÅ;..> side of the XL..so > Transmit of the 7206 seems to be theõÅ;bl > any experiences? > > Alex > >
From jared@puck.nethõÅ;etReceived: (from jared@localhost) by puck.nether.net (8.11.4/8.9.3) id f6LM9Xw08011 for cisco-õÅ;pu (envelope-from jared) Resent-Message-Id: <200107212209.f6LM9Xw08011@puck.nõÅ;r.ReCeived: (from slist@localhost) by puck.nether.net (8.11.4/8.9.3) id f6K0hXU12459 for jared; Thu, 19 Jul 2001 20:4õÅ; - (Envelope-from cisco-nsp-request@puck.nether.net) Date: Thu, 19 Jul 2001 20:43:33 -0400 X-From_: adrian@nildram.net õÅ; JReceived: from someone claiming to be vnet.trinite.co.uk (vnet.trinite.co.uk [195.38.64.2]) by puckõÅ;he for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 2001 20:43:32 -0400 (enveloõÅ;roReceived-Date: Thu, 19 Jul 2001 20:43:32 -0400 Received: from vmailntwks45b ([195.38.85.234]) by vnõÅ;ri for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 01:03:48 +0100 ReõÅ;ed by vmailntwks45b with MERCUR-SMTP/POP3/IMAP4-Server (v3.2õÅ; A for <cisco-nsp@puck.nether.net>; Fri, 20 Jul 2001 01:43:37 +0100 Received: FROM ip32 BY vmailntwks45õÅ;inSender: "Adrian Mardlin" <adrian@nildram.net> To: <kf@reign.sk>, <cisco-nspõÅ;k.Subject: RE: [nsp] Link Errors... Old-Date: Fri, 20 Jul 2001 01:43:09 +0100 Message-ID: <41D348CD8E13D41197310àëÅ;C5 charset="iso-8859-1" Content-Transfer-EnàëÅ;ngX-PriorImportance: NorõÅ;X-In-Reply-To: <41D348CD8E13D411973100A0CC58AA9096002E@exchange2.nildõÅ;coFrOm: adrian@nildram.net X-Diagnostic: Not on the accept list X-Envelope-To: cisco-nsp Resent-From: jared@puck.netherõÅ; RResent-To: cisco-nsp@puck.nether.net
Input errors is what you can see. There'õÅ;haseries which causes the switch to count small packets as runts. It still transmits them, but õÅ;stlike this!
lon1-sw4>sh int f0/5 FastEthernet0/5 is up, line protocol is upõÅ;ar Description: lon1-8 Trunk MTU 1500 bytes, BW 10õÅ; K reliability 240/255, txload 9/255, rxload 22/255 Encapsulation ARPA, loopback no Keepaliv FUll-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:0 Last clearing of "show interface" counters 3w3d Queueing strategy: fifo Output queue 0/40, 0 drops; input õÅ;e 5 minute input rate 8930000 bits/sec, 1329 packets/sec 5 minute output rate 3795000 bits/sec, 1669 packeõÅ;ec Received 2803018 broadcasts, 492829641 runts, 0 giants, 0 throttles õÅ; 4 0 watchdog, 2800704 multicast 0 input packets with dõÅ;le 4067971027 packets output, 821220209 bytes, 0 underruns 0 output errors, 0 collisions, 0 intõÅ;ce 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 ouõÅ; b
> -----Original Message----- > From: KF [mailto:kf@reign.sk] > Sent: 19 July 2001 20:57 > To: Adrian õÅ;li> Subject: RE: [nsp] Link Errors... > > > I'm running ISL, but that is input errors, so "lineõÅ;rr> to try different port...but I'm full ;-) > > What a strange for me is, that just bunch of the data õÅ;s > saw counter arising one-by-one... so... there is brand new > cable.... builded > by my own hands...so õÅ;us> > Alex > > -----Original Message----- > From: Adrian Mardlin [mailto:Adrian@nildram.net] > Sent: Thursday, õÅ; 1> To: 'kf@reign.sk'; 'cisco-nsp@puck.nether.net' > Subject: RE: [nsp] Link Errors... > > > Are you runningõÅ;.1> you can safely > ignore them. > > > -----Original Message----- > > From: KF [mailtõÅ;@r> > Sent: 19 July 2001 18:05 > > To: cisco-nsp@puck.nether.net > > Subject: [nsp] Link Errors... > > > > > > See õÅ; n> > > > Experiencing sometimes an bunch of input errors on my XL > > switch. The opõÅ; >> > manual. Cable Cat 5 > > Shielded,Screened 1m long Patch caõÅ;..> > side of the XL..so > > Transmit of the 7206 seems to bõÅ;e > > > > any experiences? > > > > Alex > > > > >
From hank@att.net.ilõÅ;n Received: from someone claiming to be biff.att.net.il (biff.att.net.il [192.115.72.164]) by puck.nõÅ;r. for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 08:53:15 -0400 (envelopeõÅ;m Received-Date: Sun, 22 Jul 2001 08:53:15 -0400 Received: from docking.att.net.il (docking.interall.co.il õÅ;.1 by biff.att.net.il (Postfix) with ESMTP id D96EA101A for <cisco-nsp@puck.nether.net>; Sun, 2Message-Id: <4.3.2.7.2.20010722153610.00adbc40@max.att.net.il> X-SenX-Mailer: QUALCOMM õÅ;owDate: Sun, 22 Jul 2001 15:52:31 +0200 To: cisco-nsp@puck.nether.net From: Hank Nussbacher <hank@attõÅ;.iSubjEct: Simple NAT question - I hope Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed
I õÅ; sover the docs and can't see the light . Customer is mõÅ;ho
interface Ethernet0/0 ip address 10.1.1.2 255.255.255.0 ip nat inside ! interface Serial0/1 ! ExternalõÅ; # ip nat outside ! interface ATM3/0.1 point-to-point ! External ISP #2 ip addrõÅ;12 ip nat outside
I want when a packet leaves via ISP #1 that the packet be assigned an IP addreõÅ;ro#2, it be assigned an IP address from the range 192.117.81õÅ;27routing table has decided which interface the packet will leave on, but I want the source IP changed *after* the õÅ;inpacket on the intended outgoing interface.
Thanks, Hank
From jlarsen@richwebõÅ; Received: from someone claiming to be stengel.richweb.com (ems@stengel.richweb.com [63.90.9.5])õÅ; p for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 09:10:18 -0400õÅ;nvReceived-Date: Sun, 22 Jul 2001 09:10:18 -0400 Received: from ford2 (ems@ford2 [63.90.9.3]õÅ;y Sun, 22 Jul 2001 09:10:04 -0400 Date: Sun, 22 Jul 2001 09õÅ;03From: "C. Jon Larsen" <jlarsen@richweb.com> To: Hank Nussbacher <hank@att.net.il> cc: <cisco-nsp@puck.nether.õÅ; SIn-Reply-To: <4.3.2.7.2.20010722153610.00adbc40@max.att.net.il> Message-ID: <PineõÅ;.4MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII
I think yoõÅ; ncatches the packets you want to be bound to each nat instance.
õÅ;atip nat inside source list 101 pool serial01 overload
ip nat pool atm301 [ipõÅ;ipip nat inside source list 102 pool atm301 overload
ip1 is an ip address that the ISP that provides õÅ;alto you across this pipe.
ip2 is an ip address that the ISP that provides the atm pipe will route back õÅ;yo
You can be creative with extended acls 101 and 102 to match different source and destination combõÅ;io
Newer IOSs also allow you to overload the NAT onthe ip of the wan interface if you don't havõÅ;yt
On Sun, 22 Jul 2001, Hank Nussbacher wrote:
> I hope someone can help me with this simpleõÅ; q> over the docs and can't see the light . Customer is multihomed to 2 ISPs: > > interface EtherõÅ;/0> ip nat inside > ! > interface Serial0/1 > ! External ISP #1 > ip address 212.õÅ;62> ip nat outside > ! > interface ATM3/0.1 point-to-point > ! External ISP #2 > ip address 128.1.1.25 õÅ;25> ip nat outside > > I want when a packet leaves via ISP #1 that the packet be assigned an IP > address from tÙëÅ;an>> want the source IP changed *after* the routinõÅ;ci> packet on the intended outgoing interface. > > Thanks, > Hank >
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-õÅ;=-
Richweb.com Building Safe, Secure, Reliable Cisco Powered Networks since 1995 DesigninõÅ;enhttp://richweb.com
my $info = {
'handle' => 'c jon larsen', 'emaiõÅ; 'wireless' => '+804.307.6939',
};
PGP Key fingerprint: 8A 62 4C 6E 1E 3C CD 63 B3 õÅ;A PGP Public key available at: http://richweb.com/cjl_pgp_pub_key.txt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
From chris@obelix.heõÅ;smReceived: from someone claiming to be e3serv0.hedonism.cx (e3serv0.hedonism.cx [213.69.21.õÅ;) for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 09:19:54 õÅ;0 Received-Date: Sun, 22 Jul 2001 09:19:54 -0400 Received: (from uucp@localhost) õÅ;3s Sun, 22 Jul 2001 15:19:41 +0200 (MET DST) Received: (from chrõÅ;oc by obelix.frop.org (8.11.0/8.11.0) id f6MDJR906427; Sun, 22 Jul 2001 15:19:27 +0200 From: Christian Vogel <chrisõÅ;liDate: Sun, 22 Jul 2001 15:19:27 +0200 To: Hank Nussbacher <hank@att.net.il> Cc: cisco-nsp@puck.nether.net SõÅ;ctMessage-ID: <20010722151927.A6410@obelix.frop.org> References: <4.3.2.7.2.2001072215361õÅ;adMime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inlIN-Reply-To: <4.3.2.7.2.20010722153610.00adbc40@max.att.net.il>; from ha
HI Hank,
> I want when a packet leaves via ISP #1 that the packet be as
try something like: ip nat inside source route-map nat_int_a pool... ip nat inõÅ; s
route-map nat_int_a permit 10 match interface InterfaceA
route-map nat_int_b permõÅ;0
I use something simmilar on a 1003 used for Dial-Up from home but with dynamic interface adõÅ;se
Chris
From phil@kr4d.com õÅ;JuReceived: from someone claiming to be shofixti.ikami.com (IDENT:postfix@shofixti.kr4d.com [204.29.203õÅ;) for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 09:26:49 õÅ;0 Received-Date: Sun, 22 Jul 2001 09:26:49 -0400 Received: by shofixti.ikami.com (Postfix, frõÅ;se id 66555AB886; Sun, 22 Jul 2001 08:27:44 -0500 (CDT) Date: Sun, 22 Jul 2001 08:27:44 -0500 From: Phil Bedard <phõÅ;cyTo: Hank Nussbacher <hank@att.net.il> Cc: cisco-nsp@puck.nether.net Subject: Re: Simple NAT question - I hopeõÅ;saReferences: <4.3.2.7.2.20010722153610.00adbc40@max.att.net.il> Mime-VersiõÅ;1.Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.2õÅ;72
Here are a couple of õÅ; t
http://www.cisco.com/warp/public/556/5.html - NAT order of operation http://ww\18õÅ;scmultiple pools.
It also appears with route-maps you can match on aõÅ;tpis a config I found on the Net which is pretty much exactly what you are looking for, although I don'õÅ;owassume the "1" ACL matches everything, it wasn't included.
ip nat pool provider1õÅ;ceip nat pool provider2-space 131.108.43.1 131.108.43.254 prefix-length 24 ip õÅ;inip nat inside source route-map provider2-map pool provider2-spaceõÅ;nt ip nat outside ! interface Serial0/1 ip nat outside ! interface Fddi1/0 ip nat inside ! route-map provõÅ;1- match ip address 1 match interface Serial0/0 ! route-map provider2-map permit 10 match ip address 1 matcõÅ;te
Phil
On Sun, 22 Jul 2001, Hank Nussbacher wrote:
> I hope someone can help me with this simple NAT qõÅ;io> over the docs and can't see the light . Customer is multihomed to 2 ISPs: > > interface Ethernet0õÅ; > ip nat inside > ! > interface Serial0/1 > ! External ISP #1 > ip address 212.1.1.õÅ;55> ip nat outside > ! > interface ATM3/0.1 point-to-point > ! External ISP #2 > ip address 128.1.1.25 255.õÅ;25>> > I want when a packet leaves via ISP #1 that the packet be assigned an IP > address from theõÅ;ge> #2, it be assigned an IP address from the range 192.117.81.32/27. õÅ; >> want the source IP changed *after* the routiõÅ;ec> packet on the intended outgoing interface. > > Thanks, > Hank >
From hank@att.net.ilõÅ;n Received: from someone claiming to be biff.att.net.il (biff.att.net.il [192.115.72.164]) by puck.nõÅ;r. for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 09:46:20 -0400 (envelopeõÅ;m Received-Date: Sun, 22 Jul 2001 09:46:20 -0400 Received: from docking.att.net.il (docking.interall.co.il õÅ;.1 by biff.att.net.il (Postfix) with ESMTP id 1F935101B; Sun, 22 Jul 2001 16:12:22 +0300 (IDT) Message-Id: <4.3õÅ;.2X-Sender: hank@max.att.net.il X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 DatõÅ;unTo: Phil Bedard <philb@cyberlynk.net> From: Hank Nussbacher <hank@att.net.il> Subject: Re: SiõÅ; NCc: cisco-nsp@puck.nether.net In-Reply-To: <20010722082744.K31352@shofixti.kr4d.com> References: <4.3õÅ;.2 <4.3.2.7.2.20010722153610.00adbc40@max.att.net.il> Mime-Version: 1.0 Content-TypõÅ;ex
At 08:27 22/07/01 -0500, Phil Bedard wrote: > Here are a couple of URLs toõÅ;co> >http://www.cisco.com/warp/public/556/5.html - NAT order of operation >http://www.cisc\20õÅ;m/>multiple pools.
I had read those over with no sign of light. Both you and õÅ;stthe nail with the "match interface" which I was somehow missing for nat+route-maps.
Thanks, Hank
> It alsoÝëÅ;ea>is a config I found on the Net which is pretty much exaõÅ; w>looking for, although I don't know which IOS this was for. I'm going to >assume the "1" ACL matches everythiÝëÅ;it>ip nat pool provider2-spaceõÅ;.1>ip nat inside source route-map provider1-map pool provider1-space >ip nat inside õÅ;ce>! >interface Serial0/0 > ip nat outside >! >interface Serial0/1 > ip nat õÅ;id>iNterface Fddi1/0 > ip nat inside >! >route-map provider1-map permit 10 > match ip address 1 > match interface SeõÅ;0/>rOute-map provider2-map permit 10 > match ip address 1 > match interface Serial0/1 > > >Phil > > >On Sun, 22 Jul 2õÅ; H> > > I hope someone can help me with this simple NAT question since I have gone > > over the docs aõÅ;an> > > > interface Ethernet0/0 > > ip address 10.1.1.2 255.255.255.õÅ;> > > ! > > interface Serial0/1 > > ! External ISP #1 > > ip address 212.1.1.62 255.255.255.252 > > ip nõÅ;ut> ! > > interface ATM3/0.1 point-to-point > > ! External ISP #2 > > ip address 128.1.1.25 255.255.255.252 > > iõÅ;t > > > > I want when a packet leaves via ISP #1 that the packet be assigned an IP > > address from the range 212.15õÅ;.0> > #2, it be assigned an IP address from the range 192.117.81.32/27. The > > routõÅ;ta> > want the source IP changed *after* the routing decisioõÅ;s > > packet on the intended outgoing interface. > > > > Thanks, > > Hank > >
From elizlinav@yahooõÅ; Received: from someone claiming to be web12306.mail.yahoo.com (web12306.mail.yahoo.com [216.136õÅ;.1 bY puck.nether.net (8.11.4/8.9.3) with SMTP id f6MDkuA26818 for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 09:46õÅ;-0 (eNvelope-from elizlinav@yahoo.com) Received-Date: Sun, 22 Jul 2001 09:46:56 -0400 Message-ID: <20010722134646.60487.õÅ;l@yahoo.com2001 09:46õHReceived: from [61.1.224.48] by web12306.mail.yahoo.com via HTTP; Sun, 22 Jul 2001 06:46:46 PDT DõÅ; SFrom: eliz linav <elizlinav@yahoo.com> Subject: Re: [nsp] route-reflector hierachial.õÅ;nfTo: Zaheer Aziz <zaziz@cisco.com> Cc: cisco-nsp@puck.nether.net In-Reply-To: <4.3.2.7.2.20010721005319.032739b0@ce-nfs-õÅ;scMIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii
Hi Zaheer, Let me apologize i have misrepresented thõÅ;errelAtions: 1. All A1 routers peer with each other 2. One A2 router peers with 2 A1 router (viz RR Server for them) õÅ;ne
My doubt is \ \ eBGP session \ \ |A1|----|A1| PõÅ;ng \ / *there are 3 nos of A1 \ / \ / |A2 | õÅ;ee client for A1 and RR server B node)
Now a eBGP session by way of InternatiõÅ; cis nor RR server for the 3rd A1 node (for that matter any of the A1 noõÅ;. thru A2 node be passed to the other A1 node and other parts of the network. As u have said ÿeõÅ;s clear how it would do. Regards, Vinod
--- Zaheer Aziz <zaziz@cisco.com> wrote: > At 08:44 PM 7/20/2001 -0700, elõÅ;in> >Hi, > > We have the following network > > A1 X 3 nodes with Intl Gateway > > ( acting as RR Server) >õÅ; A> > (acting as RR Server and RR client) > > B x 8 nodes > > (acting as RR client) > > The A1, AõÅ;d > >peering betwn all nodes of same type. > > The Intl Gateway connectivity to a single > õÅ;id> >wAs thru the A1 nodes. > > We have recently decided to have a Internatinal > >gateway connectivity from a A2 node. õÅ; 1> to be > >made? > > No > > > 2.Would the A2 node learned route be passeõÅ; >> corresponding A1 node (as it is only RR server > mode)? > yes. > :-) > > > However I do have questions about youõÅ;si> 1)why is there is an IBGP "pering betwn all nodes of > same type" > > Are you saying that all A2's has IBGP põÅ;ng> benefit are you getting by this? > Similarly for B's. > > > > > > > > > > > ZaheeõÅ; >> Regards, > >Vinod > > > >__________________________________________________ > >Do You Yahoo!? > >Make internationaõÅ;ll> with Yahoo! Messenger > >http://phonecard.yahoo.com/ >
__________________________________õÅ;__Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
From jared@puck.nethõÅ;etReceived: (from jared@localhost) by puck.nether.net (8.11.4/8.9.3) id f6MMDRJ02831 for cisco-õÅ;pu (envelope-from jared) Resent-Message-Id: <200107222213.f6MMDRJ02831@puck.nõÅ;r.ReCeived: (from slist@localhost) by puck.nether.net (8.11.4/8.9.3) id f6JEldf14349 for jared; Thu, 19 Jul 2001 10:4õÅ; - (Envelope-from cisco-nsp-request@puck.nether.net) Date: Thu, 19 Jul 2001 10:47:39 -0400 X-From_: rodneyr@embratel.coõÅ; Received: from someone claiming to be gatekeeper2.embratel.com.br (gatekeeper2.embratel.com.br õÅ;.2 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6JElcA14335 for <cisco-nsp@puck.nether.net>; Thu, 19 Jul 200õÅ;:4 (envelope-from rodneyr@embratel.com.br) Received-Date: Thu, 19 Jul 2001 10:47:38 -0400 Received: by gatekeeperõÅ;brFrom: <rodneyr@embratel.com.br> ReceivõÅ;fr id LAA0000007367; Thu, 19 JulõÅ;1 Received: by ntrjo008a.nt.embratel.com.br(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id 83256A8E.004õÅ;1 X-Lotus-FromDomain: EMBRATEL To: cisco-nsp@puck.nether.net Message-ID: <83256A8E.004BB14õÅ;@nOld-Date: Thu, 19 Jul 2001 11:44:19 -0300 Mime-Version: 1.0 Content-type: text/plain; charsetõÅ;asConTent-Disposition: inline X-Diagnostic: Not on the accept list X-Envelope-To: cisco-nsp Resent-From: jared@puck.nethõÅ;etResent-To: cisco-nsp@puck.nether.net Subject: [nsp] Last configuration date õÅ;oe
I'm making a script to backup the configuration õÅ; oHowever, I'd like to backup just the router that had its running configuration modified.
Thanks i
BOdney.
From afort@staff.webõÅ;raReceived: from someone claiming to be bnc.powerup.com.au (bnc.webcentral.com.au [202.õÅ;23 by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6MMVIA05174 for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 1õÅ;:1 (envelope-from afort@staff.webcentral.com.au) Received-Date: Sun, 22 Jul 2001 18:31:18 -0400 Received: by bnc.webõÅ;ra id <3SNCCXD3>; Mon, 23 Jul 2001 08:31:08 +1000 Message-ID: <415DD4BF903õÅ;1AFrom: Andrew Fort <afort@staff.webcentral.com.au> To: "'rodneyr@embratel.coõÅ;'" cisco-nsp@puck.nether.net Subject: RE: [nsp] Last configuration date Date: Mon, 23 Jul 2001õÅ;31MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" õÅ;us
Rodney, try RANCID: http://www.shrubbery.net/rancid/
It grabs configs from your ciscos (and foundrõÅ;alstores them in a CVS repository.
It keeps the last date the config was diffed (well, CVS does), buõÅ;esprEsently parse the "Last configured by" lines at the beginning of a "show run" output.
RANCID talks to every deviceõÅ;a device) to see if the configurations have changed. If so, it checks in the changes õÅ;VSview your network config repository should you have browser frõÅ;lyI think it's more or less what you're looking for (some way to do config change management, if no
>FRom: rodneyr@embratel.com.br [mailto:rodneyr@embratel.com.br] >Sent: Mo>To: cisco-nsp@puÞëÅ;et>configurationõÅ;e?>I'm>several cisco router. >However, I'd like to backup just the õÅ;er>running configuration >modified. > >Thanks in advance, >Rodney.
-afort
From subodh@shell9.bõÅ;stReceived: from someone claiming to be shell9.ba.best.com (root@shell9.ba. By puck.nether.net (8.11.4/8.9.3) with ESMTP id f6MMmsA06857 for <cisc envelope-from subodh@shell9.ba.best.com) Received-Date: Sun, 22 Jul 2001 18:48:54 -0400 Received: (from subodh@locõÅ;st for cisco-nsp@puck.nether.net; Sun, 22 Jul 2001 15:48:31 -0700õÅ;T)Message-Id: <200107222248.PAA13345@shell9.ba.best.com> To: cisco-nsp@puck.nether.nõÅ;atX-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plaõÅ;chContent-Transfer-Encoding: 7bit Subject: [nsp] [Off-topic] How many people use real time clocks on routers?õÅ; Iit directly to me, not to the list. ]
I am in thõÅ;ddare saying there is no reason for battery backed clock on this boõÅ;asrouter, thus we don't need battery backed clock.õÅ;y
/Subodh Nijsure
From dek@hades.uz SõÅ;ulReceived: from someone claiming to be hades.uz (mrtg.netactive.net [196.22.160.34]) by puck.nether.neõÅ;.1 for <cisco-nsp@puck.nether.net>; Sun, 22 Jul 2001 19:56:54 -0400 (envelope-from deõÅ;deREceived-Date: Sun, 22 Jul 2001 19:56:54 -0400 Received: by hades.uz (Postfix on SuSE Linux 7.0 (i386), from userid õÅ; Date: Mon, 23 Jul 2001 01:56:49 +0200 From: Dmitri Kalintsev <dek@haõÅ;uzSubject: Re: [nsp] Last configuration date Message-ID: <20010723015649.D22577@hades.uz> MaæëÅ;olReferences: <83256A8E.004BB149.00@ntrjo008a.nt.embraæëÅ;coMIme-VerContent-Disposition: inline User-Agent: Mutt/1.2.5i In-õÅ;y-XReturn-Receipt-To: dek@hades.uz Precedence: special-delivery
Sketch up a UDP listener for port 162 and confiõÅ; y"config changed" trap. Or buy "Cisco IOS Essentials" :)
On Thu, Jul 19, 2001 at 10:47:39AM -0400,õÅ;ne> > > Does anyone know if cisco routers keep the last running configuration date? > > I'm makõÅ;a > However, I'd like to backup just the router that had itõÅ;nn> modified. > > Thanks in advance, > > Rodney. > ---end quoted text---
SY, -- CCNP, CCDP (R&S) æëÅ; dek @ connect.com.au õÅ;on http://-UNAVAIL- UIN:7150410 cell: +61 414 821 382
From jared@puck.nethõÅ;etReceived: (from jared@localhost) by puck.nether.net (8.11.4/8.9.3) id f6N50dk13139; Mon, 23 JõÅ;00 (envelope-from jared) Received-Date: Mon, 23 Jul 2001 01:00:39 -0400 Date: Mon, 23 Jul 2001 01:00:39 -04õÅ;roTo: Subodh Nijsure <subodh@best.com> Cc: cisco-nsp@puck.nether.net Subject: Re: [nsõÅ;OfMessage-ID: <20010723010039.B13101@puck.nether.net> References: õÅ;10Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inlõÅ;UsIn-Reply-To: <200107222248.PAA13345@shell9.ba.best.com>; from subodh@best.com on Sun, Jul 22, 2001 aõÅ;:4
It's nice to have so before anything else starts up it's not too far off.
- jared
On Sun, Jul 22, 2001 aõÅ;:4> > [ I know this is off-topic post , so if you are going to flame, just e-mail > it õÅ;ct> > I am in the middle of designing a new board for a router and some people > are saying thõÅ;is> 99.99% of people will be more than happy to configure NTP client oõÅ;e > > Any ideas on how true above is? > > /Subodh Nijsure
-- Jared MõÅ; clue++; | http://puck.nether.net/~jared/ My statements are
From mr_list@netzeroõÅ; Received: from someone claiming to be noc.netzero.net (www.nms.netzero.net [209.247.162.70]) bõÅ;ck for <cisco-nsp@puck.nether.net>; Mon, 23 Jul 2001 05:14:23 -0400 (eõÅ;opReceived-Date: Mon, 23 Jul 2001 05:14:23 -0400 Received: (qmail 8962 invoked from network); 23õÅ; 2Received: from scream.wlv.netzero.net (HELO schlep.netzero.net) (209.247.163.9) by www with SMTP; 23 õÅ;20Message-Id: <5.1.0.14.2.20010723021743.01fbba50@pop.netzero.net> X-Sender: mr_list@pop.netzero.net X-MaiõÅ; QDate: Mon, 23 Jul 2001 02:25:13 -0700 To: <rodneyr@embratel.com.br>, cisco-nsp@puck.netõÅ;neSubject: Re: [nsp] Last configuration date In-Reply-To: <83256A8E.004BB149.00@ntrjo0õÅ;ntMime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed
I did a fairly rõÅ;naconfigs, diffed them, saved ones that changed, and emailed me a summary. If õÅ;reyour question I pull them all every night and compare õÅ; aprevious day vs trying to do anything on the router. Seemed the most straightforward thing to do.
CõÅ; oaround to using it yet, but it's supposed to do at that and more. õÅ;in
>Does anyone know if cisco routers keep the last running conõÅ;ra> >I'm making a script to backup the configuration file of several cisco router. >However, I'd like to backup jõÅ;th>modified. > >Thanks in advance, > >Rodney.
From mivens@clara.neõÅ;onReceived: from someone claiming to be shaft.noc.clara.net (shaft.noc.clara.net [195.8.70.216]) byõÅ;k. for <cisco-nsp@puck.nether.net>; Mon, 23 Jul 2001 09:19:47 -0400 (eõÅ;opReceived-Date: Mon, 23 Jul 2001 09:19:47 -0400 Received: by shaft.noc.clara.net (Postfix, from usõÅ; 1 idDate: Mon, 23 Jul 2001 14:19:29 +0100 From: Mark Ivens <mivens@clõÅ;neTo: Cisco-nsp@puck.nether.net Message-ID: <20010723141929.C18492@clara.net> Mime-Version: 1.0 Content-Type: text/plain;õÅ;rsContent-Disposition: inline User-Agent: Mutt/1.2.5i X-NCC-RegID: uk.claranet Subject: [nsp] OS
I
We have an OSPF area that I want to connhas various fõÅ;urTotal Control chassis as well as Cisco AS5300's) which are injecting buckets õÅ;1
As each access server has an IP pool from which it allocates IP's, on the Cisco's weõÅ; sinjected every time a dial-up customer with a static IP connects.
The õÅ;leon the Lucent's either to summarize nor distribute or prefix õÅ;s contRol which external routes are injected.
So the only other option I can think of is to filter these E1 and E2 LSA'sõÅ; cbackbone area.
I can't think of a way to do this. The way I undõÅ;andistribute-list in on the ABR won't work as it will only stop these external LSA's entering the routing table and õÅ;frto neighbours. And distribute-list out only works on an ASBR i.e. the access servers themselves doing theõÅ;isdon't have.
Is there any other magic Cisco functionality I can take advantage of on the ABR's õÅ;il
-- ---------------------------------------------------------------------- Mark Ivens mivens@clara.netõÅ;I Systems Administrator How's that for being born under a ClaraNET LõÅ; ----------------------------------------------------------------------
From jlewis@lewis.orõÅ;onReceived: from someone claiming to be redhat1.mmaero.com (IDENT:root@[208.152.224.2]) by puck.netõÅ;ne for <cisco-nsp@puck.nether.net>; Mon, 23 Jul 2001 09:49:32 -0400 (envelope-fõÅ;jlReceived-Date: Mon, 23 Jul 2001 09:49:32 -0400 Received: from localhost (jlewis@localhost) by redhat1.mmaõÅ;co Mon, 23 Jul 2001 09:49:26 -0400 X-Authentication-Warning: redhat1.mmaero.com: jleõÅ;owDate: Mon, 23 Jul 2001 09:49:26 -0400 (EDT) From: <jlewis@lewis.org> X-Sender: <jlecc: <cisco-nsp@puck.nether.net> Subject: RIn-Reply-To: <õÅ;07Message-ID: <Pine.LNX.4.30.0107230944040.1854-100000@redhat1.mmaero.com> MIME-Version: 1.0 ContêëÅ;Ty
> The problem is that there does not seem to be õÅ;va> on the Lucent's either to summarize nor distribute or prefix lists to > control which external routesõÅ; i> > So the only other option I can think of is to filter these E1 and E2 > LSA's for certain /24's on the ABR's wõÅ;I > backbone area.
The lucents will do their own screwy sort of auto-summarization if you choose tõÅ;P I've configured one, and I don't remember the details, but you õÅ;ldablE to find info on this via google or the portmaster-users mailing list.
-- --------------------------------------õÅ;-- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are AtlaõÅ; N_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
From ryan@complicityõÅ;ukReceived: from someone claiming to be look-to-windward.complicity.co.uk (look-to-windward.comõÅ;it by puck.nether.net (8.11.4/8.9.3) with ESMTP id f6NDu2A23423 for <cisco-nsp@puck.nether.net>;õÅ;, (envelope-from ryan@complicity.co.uk) Received-Date: Mon, 23 Jul 2001 09:56:03 -0400 Received:õÅ;m id 15OgBb-0001Oq-00; Mon, 23 Jul 2001 14:55:51 +0100 õÅ;: From: "Ryan O'Connell" <ryan@complicity.co.uk> To: Mark Ivens <mivens@clara.net> Cc: ciscoõÅ;@pSubject: Re: [nsp] OSPF filter question Message-ID: <20010723145551.A5351@look-to-windward.complicity.co.ukõÅ;feMime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-DispositionëëÅ;liUser Agent:On Mo> We have an OSPF area that I want to connect to our õÅ;bo> has various flavours of access server on it (Lucent PM3's, 3Com > Total Control chassis as well as Cisco AõÅ;0'> injecting buckets of E1 and E2 routes as customers connect. > > As each access server has an IP pool fromõÅ;ch> the Cisco's we use summary-address rather than have lots of /32 routes > injected every time a diõÅ;p > > The problem is that there does not seem to be equivalent functionality > on the LõÅ;t'> control which external routes are injected. > > So the only othõÅ;pt> LSA's for certain /24's on the ABR's when I connect this area to the > bõÅ;on
The "area 1 range 10.0.0.0 255.0.0.0" command under "router ospf" should do what you're after. (With the right nuõÅ;s
-- Ryan O'Connell - <ryan@complicity.co.uk> - http://www.complicity.co.uk
I'm not losing my mind,õÅ;I'I'm just learning new things with the passage of time
From bergum@cisco.coõÅ;onReceived: from someone claiming to be cisco.com (cfcentral.cisco.com [171.69.177.32]) by puck.netõÅ;ne for <cisco-nsp@puck.nether.net>; Mon, 23 Jul 2001 11:25:55 -0400 (envelope-fõÅ;beReceived-Date: Mon, 23 Jul 2001 11:25:55 -0400 Received: from localhost.cisco.com.cisco.com (ssh-sj1.ciscoõÅ; [ by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) with ESMTP id KAA00325; Mon, 23 Jul 2001 10:25:46 -05õÅ;CDFrom David Bergum <bergum@cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii ContMEssage-ID: <15196.16888.989507.657205@localhost.cisco.com> Date: Mon, 2To: Mark Ivens <miõÅ;@cCc: cisco-nsp@puck.nether.net Subject: Re: [nsp] OSPF filter question In-Reply-To: <20010723141929.C18492@clara.õÅ; RX-Mailer: VM 6.94 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-FaceõÅ;AP Ouk?_og!weVY$)S)?@t@/BD,Uj8@Y%W4)OwY_YW4;Mp,Udd@[=MD^MS#õÅ;|1 :J2ONn+|S/F
Mark, if you canõÅ;fiarea on the Cisco Area Border Router (ABR), then you can use the OSPF suõÅ;y from the NSSA are redistributed as type-5 LSAs by the ABRõÅ;ordescRiption, see:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcpr
Since the flooding of external lsas is a resource consideration for OSmuch more control of aggregation and other routing policy.
Dave.
>>>>> On Mon, 23 Jul 2001 14ëëÅ;29 Mark> I have a newbie OSPF question.
Mark Mark> has various flavour Mark> injecting buckets of E1 and E2 routes as customers cõÅ;ct
MArk> As each access server has an IP pool from which it allocates IP's, on Mark> the Cisco's we use summary-addreõÅ;at Mark> injected every time a dial-up customer with a static IP connects.
Mark> The prõÅ;m Mark> on the Lucent's either to summarize nor distribute or põÅ;x Mark> control which external routes are injected.
Mark> So the only other option I can think of is to filterõÅ;se Mark> LSA's for certain /24's on the ABR's when I connect this area to the Mark> backbone area.
Mark> I õÅ;t Mark> distribute-list in on the ABR won't work as it will only stoõÅ;es Mark> to neighbours. And distribute-list õÅ;on Mark> access servers themselves doing the redistribution, functionality I Mark> don't havëëÅ; Mark> on the ABR's to filter these out?
MaõÅ;-- Mark> Mark Ivens mivens@clara.net õÅ;as Mark> Systems Administrator How's that for being born under a Mark> õÅ;Cl Mark> -----------------------------------------------------------
From mivens@clara.neõÅ;onReceived: from someone claiming to be shaft.noc.clara.net (shaft.noc.clara.net [195.8.70.216]) byõÅ;k. for <cisco-nsp@puck.nether.net>; Mon, 23 Jul 2001 11:50:27 -0400 (eõÅ;opReceived-Date: Mon, 23 Jul 2001 11:50:27 -0400 Received: by shaft.noc.clara.net (Postfix, from usõÅ; 1 idDate: Mon, 23 Jul 2001 16:50:25 +0100 From: Mark Ivens <mivens@clõÅ;neTo: Ryan O'Connell" <ryan@complicity.co.uk> Cc: cisco-nsp@puck.nether.net Subject: Re: [nsp] OSPF filter question MessõÅ;IDReferences: <20010723141929.C18492@clara.net> <20010723145551.A5351@look-to-windward.cëëÅ;icMimContent-Disposition: inline User-Agent: Mutt/1.2.5õÅ;-RX-NCC-RegID: uk.claranet
Thus spake Ryan O'Connell (ryan@complicity.co.uk):
> The "area 1 range 10.0.0.0 255.0.0.õÅ;om> what you're after. (With the right numbers in it, obviously. :-)
The Cisco OSPF DesiõÅ;uihttp//www.cisco.com/warp/public/104/3.html#12.0 says that the range command "does not apply to external routes injecteõÅ;toredistribution".
-- ---------------------------------------------------------------------- Mark Ivens miveõÅ;la Systems Administrator How's that for being born under a ClaõÅ;T ----------------------------------------------------------------------
From mivens@clara.neõÅ;onReceived: from someone claiming to be shaft.noc.clara.net (shaft.noc.clara.net [195.8.70.216]) byõÅ;k. for <cisco-nsp@puck.nether.net>; Mon, 23 Jul 2001 11:51:48 -0400 (eõÅ;opReceived-Date: Mon, 23 Jul 2001 11:51:48 -0400 Received: by shaft.noc.clara.net (Postfix, from usõÅ; 1 idDate: Mon, 23 Jul 2001 16:47:12 +0100 From: Mark Ivens <mivens@clõÅ;neTo: David Bergum <bergum@cisco.com> Subject: Re: [nsp] OSPF filter question Message-ID: <20010723164712.J18492@clara.neõÅ;efMime-Version: 1.0 Content-Type:õÅ;t/Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15196.16888.989507.657205@localhõÅ;ciX-NCC-RegID: uk.claranet Resent-From: mivens@clarõÅ;t Resent-To: cisco-nsp@puck.nether.net Resent-Message-Id: <20010723155147.4FDB3õÅ;@s
Thanks for all the responses.
I was of the impression that all routers in an area had to agree that õÅ;ar
As an NSSA is a Cisco-ism, I would have thought this not an option.
Is this not the case?
Thus spake DaõÅ;Be
> > Mark, if you can configure the area containing these devices as an NSSA > area on the CiscoõÅ;a > summary address configuration on that ABR to control how the type-7 LSAs õÅ;om> description, see: > > http://www.cisco.com/univercd/cc/\28õÅ;oc> > Since the flooding of external lsas is a resoõÅ; c> you might consider using iBGP to carry your externals, as this gives you > much more control of aõÅ;ga> > Dave.
From mivens@clara.neõÅ;onReceived: from someone claiming to be shaft.noc.clara.net (shaft.noc.clara.net [195.8.70.216]) byõÅ;k. for <cisco-nsp@puck.nether.net>; Mon, 23 Jul 2001 12:46:56 -0400 (eõÅ;opReceived-Date: Mon, 23 Jul 2001 12:46:56 -0400 Received: by shaft.noc.clara.net (Postfix, from usõÅ; 1 idDate: Mon, 23 Jul 2001 17:46:54 +0100 From: Mark Ivens <mivens@clõÅ;neTo: Andy Harding <aharding@verio.net> Cc: cisco-nsp@puck.nether.net Subject: Re: [nsp] OSPF filter question Message-ID:õÅ;01References: <20010723164712.J18492@clara.net> <MFEMLPEKEOMMIJLLECCBOEMKCCAA.aharding@verio.neëëÅ;imUser-Agent: Mutt/1.2.5i In-Reply-To:õÅ;EMX-NCC-RegIDëëÅ;.cThus > > yup - they do have to agree
Unfortunately, I think that won't be possible to set on a 3cõÅ;YoCertainly isn't in the documentation or in the command õÅ;lethe CLI.
Anyway, this is cisco-nsp not the usr-tc list :-).
> > As an NSSA is a Cisco-ism, I would have thoughëëÅ;isThat's me getting my level of stubbyness confused :-). õÅ;he> Juniper support that too.
The joys of reverse-engineering, IõÅ;ss
-- ---------------------------------------------------------------------- MaõÅ;ve Systems Administrator machine's job." - Agent õÅ; C---------------------------------------------------------------------êëÅFrom hank@att.net.ilõÅ;e Received: from someone claiming to be biff.att.net.il (biff.att.net.il [192.115.72.164]) by puck.nõÅ;r. for <cisco-nsp@puck.nether.net>; Tue, 24 Jul 2001 03:56:37 -0400 (envelopeõÅ;m Received-Date: Tue, 24 Jul 2001 03:56:37 -0400 Received: from docking.att.net.il (hank.tl by biff.att.net.il (Postfix) with ESMTP id 2DE071002; Tue, 24 Jul 200Message-Id: <4.3.2.7.õÅ;01X-Sender: hank@max.att.net.il X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: TuõÅ;4 To: Phil Bedard <philb@cyberlynk.net> From: Hank Nussbacher <hank@att.net.il> Subject: Re: Simple õÅ;quCc: cisco-nsp@puck.nether.net In-Reply-To: <20010722082744.K31352@shofixti.kr4d.com> References: <4.3.2.7.õÅ;01 <4.3.2.7.2.20010722153610.00adbc40@max.att.net.il> Mime-Version: 1.0 Content-Type: teõÅ;la
At 08:27 22/07/01 -0500, Phil Bedard wrote: > Here are a couple of URLs to CiscõÅ;cu> >http://www.cisco.com/warp/public/556/5.html - NAT order of operation >http://www.cisco.com\28õÅ;p/>multiple pools. > > It also appears with route-maps you can ma Below >is a config I found on the Net which is pretty much exactly wh>assume the "1" ACL matches everything, it wasn't included.
Close, but no cigar :-). õÅ;1 running BGP (remember the customer is multihomed), the other side will not find itsõÅ;peof your BGP side or set up a static NAT for
BUt, boy did this help!
-Hank
>ip nat pool provider1-space 171.69.232>ip nat põÅ;pr>ip nat inside source route-map provider1-map pool provider1-spõÅ;>i>! >interface Serial0/0 > ip nat outside >! >interface SõÅ;l0> iP nat outside >! >interface Fddi1/0 > ip nat inside >! >route-map provider1-map permit 10 > match ip address 1 > õÅ;ch>! >route-map provider2-map permit 10 > match ip address 1 > match interface Serial0/1 > > >Phil > õÅ;n > > > I hope someone can help me with this simple NAT question since I have gone õÅ;ov> > > > interface Ethernet0/0 > > ip address 10õÅ;.2> > ip nat inside > > ! > > interface Serial0/1 > > ! External ISP #1 > > ip address 212.1.1.62 255.255õÅ;.2> > > > ! > > interface ATM3/0.1 point-to-point > > ! External ISP #2 > > ip address 128.1.1.25 255.õÅ;25>> > > > I want when a packet leaves via ISP #1 that the packet be assigned an IP > > address frõÅ;he> > #2, it be assigned an IP address from the range 192.117.81.3õÅ;. > routing table has decided which interface the packet will leave on, but I > > want the source IP changed *after* ëëÅ;ro> > > > Thanks, > > Hank > >
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:45 EDT