[c-nsp] Re: cisco-nsp Digest, Vol 36, Issue 37

Vikas Sharma vikassharmas at gmail.com
Wed Nov 9 08:53:48 EST 2005


Hi,
 In CDMA network, IP RAN implementation need cisco 1941 DC router for
aggaregation. Pls let me know, if anyone has idea, weather it support
diffserv or not?? or cisco has any othe product for IP RAN tjat support QoS.
 My topology is :
 Mobile set --> BTS ---> cisco MWR1941 --> core router --> AAA -->
 Thanks
Vikas

 On 11/9/05, cisco-nsp-request at puck.nether.net <
cisco-nsp-request at puck.nether.net> wrote:
>
> Send cisco-nsp mailing list submissions to
> cisco-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> or, via email, send a message with subject or body 'help' to
> cisco-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
> cisco-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisco-nsp digest..."
>
>
> Today's Topics:
>
> 1. PIX VPN changes from 6.3.4 to 7.0.x ? (Garry)
> 2. Switch recommendation (Vincent De Keyzer)
> 3. Re: Syslog BCP on Cisco routers (Kim Onnel)
> 4. RE: Cat5000 and BGP (Corneliu Tanasa)
> 5. Re: Syslog BCP on Cisco routers (Michael Lyngb?l)
> 6. Re: IOS 12.2(25)S6/S7 (Rodney Dunn)
> 7. Re: Re: Re: IOS 12.2(25)S6/S7 (Andrew Yourtchenko)
> 8. Re: Re: IOS 12.2(25)S6/S7 (Rodney Dunn)
> 9. Re: Re: IOS 12.2(25)S6/S7 (Dave Temkin)
> 10. Re: Re: IOS 12.2(25)S6/S7 (Gert Doering)
> 11. Re: PIX VPN changes from 6.3.4 to 7.0.x ? (Andrew Yourtchenko)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 09 Nov 2005 13:18:41 +0100
> From: Garry <gkg at gmx.de>
> Subject: [c-nsp] PIX VPN changes from 6.3.4 to 7.0.x ?
> To: Cisco-NSP Mailing List <cisco-nsp at puck.nether.net>
> Message-ID: <4371E921.7090305 at gmx.de>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi,
>
> we switched over a customer's PIX some time ago from 6.3.4. to 7.0.2.
> Worked mostly flawless, except that somebody now complained that before
> the change, they were able to set up a VPN to the PIX (using Cisco VPN
> Client on Windows) and still connect to arbitrary internet addresses in
> parallel. Now, all communication is sent through the tunnel when IPSEC
> is up ... I've tried fiddling with split tunneling etc., but couldn't
> get the connection to permit both types of connections at the same time
> ...
>
> Am I missing something? I tried looking through the PIX 7.0.x config
> docs, but couldn't find anything helpful there ...
>
> Any idea?
>
> Tnx, -garry
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 9 Nov 2005 13:19:21 +0100
> From: "Vincent De Keyzer" <vincent at dekeyzer.net>
> Subject: [c-nsp] Switch recommendation
> To: <cisco-nsp at puck.nether.net>
> Message-ID: <20051109121921.B8CE62C40F5 at BRUBLUmx12.mactelecom.net>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello,
>
>
>
> I have the following requirements for a switch :
>
> * ability to handle over 20,000 MAC addresses
> * a few GigE ports (1 now, maybe 4 later)
> * a few FE ports (6 now, maybe 12 or 16 later)
> * no layer 3 required
>
>
>
> I have the feeling that those requirements are somewhat unusual - a few
> ports vs. a large number of MAC addresses.
>
>
>
> Is the 4503 a good choice for those requirements? What cards should I
> stick
> in there?
>
>
>
> Is there anything cheaper that would do the job?
>
>
>
> Vincent
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 9 Nov 2005 14:20:47 +0200
> From: Kim Onnel <karim.adel at gmail.com>
> Subject: Re: [c-nsp] Syslog BCP on Cisco routers
> To: cisco-nsp at puck.nether.net
> Message-ID:
> <e05f39290511090420j12c8e337rccf81e374ca203d8 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> *logging buffered 16384 debugging < will this send me all logging from
> debugging and below or just debugging ?*
>
> On 11/9/05, Michael Lyngb?l <michael at lyngbol.dk> wrote:
> >
> > On 09.11.2005 13:12:08 +0200, Kim Onnel wrote:
> > > Hello,
> > >
> > > I want to configure logging on a large group of routers, switches,..
> to
> > a
> > > centralized linux server
> > >
> > > the below configurations i have collected, please sned your thoughts,
> > > additions or comments:
> >
> > Please remember to disable console logging also:
> >
> > no logging console
> >
> > /Michael
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 9 Nov 2005 14:27:26 +0200
> From: "Corneliu Tanasa" <ctanasa at i-net.ro>
> Subject: RE: [c-nsp] Cat5000 and BGP
> To: "'Lawrence Wong'" <lawrencewong72 at yahoo.com>,
> <cisco-nsp at puck.nether.net>
> Message-ID:
>
> <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAc1wzE+GkoES5hU1n1fhnaMKAAAAQAAAAewQbKm7jEkyuSdIWhUqKwQEAAAAA@
> i-net.ro <http://i-net.ro>>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Talking about cat5k, I don't think you would be able to run full BGP feeds
> with RSM, as the maximum memory is only 128M.
>
> Corneliu
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lawrence Wong
> Sent: Wednesday, November 09, 2005 8:27 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cat5000 and BGP
>
> --- Gert Doering <gert at greenie.muc.de> wrote:
>
> > Hi,
> >
> > On Wed, Nov 02, 2005 at 12:52:47AM -0800, Lawrence
> > Wong wrote:
> > > Has anyone tried before? Or for the matter tried
> > more
> > > exquisite configs like MPLS, IPv6, etc on such a
> > > combi?
> >
> > Well, we do IPv6 over a 7200/PA-FE-TX -(trunk)->
> > Cat5k, but without
> > MLS (not enough traffic to warrant any experiments).
>
> I understand that currently full feed BGP Cisco
> routers suffer from the "per minute BGP scanner CPU
> hog" symptom which translates to occasional high
> latency when pinging the router.
>
> If the router is to run in MLS mode with the Cat5k,
> would this high latency symtom be elevated?
>
> Thanks,
>
>
>
> __________________________________
> Yahoo! FareChase: Search multiple travel sites in one click.
> http://farechase.yahoo.com
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 9 Nov 2005 13:40:14 +0100
> From: Michael Lyngb?l <michael at lyngbol.dk>
> Subject: Re: [c-nsp] Syslog BCP on Cisco routers
> To: cisco-nsp at puck.nether.net
> Message-ID: <20051109124014.GR16168 at freesbee.wheel.dk>
> Content-Type: text/plain; charset=us-ascii
>
> On 09.11.2005 14:20:47 +0200, Kim Onnel wrote:
> > *logging buffered 16384 debugging < will this send me all logging from
> > debugging and below or just debugging ?*
>
> It'll give you all.
>
> /Michael
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 9 Nov 2005 07:55:45 -0500
> From: Rodney Dunn <rodunn at cisco.com>
> Subject: Re: [c-nsp] IOS 12.2(25)S6/S7
> To: Andrew Fort <afort at choqolat.org>
> Cc: cisco-nsp at puck.nether.net
> Message-ID: <20051109075545.B16606 at rtp-cse-489.cisco.com>
> Content-Type: text/plain; charset=us-ascii
>
> Yes. I wouldn't encourage anyone to take the cheap route
> on that box because support for code moving forward would
> be a problem. We recommend you use the 7301.
>
> Rodney
>
> On Wed, Nov 09, 2005 at 11:22:29AM +1100, Andrew Fort wrote:
> > Andrew Fort wrote:
> >
> > > Is the 7401 not included in SB plans as it is a niche BBA box?
> > >
> > > -andrew
> >
> > note to self: consider perhaps that the box is end-of-life...
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 9 Nov 2005 13:57:04 +0100
> From: Andrew Yourtchenko <ayourtch at gmail.com>
> Subject: Re: [c-nsp] Re: Re: IOS 12.2(25)S6/S7
> To: cisco-nsp at puck.nether.net
> Cc: dr at cluenet.de
> Message-ID:
> <530c5af60511090457n68c0afb6k66c4e3a1b8380939 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Moin,
>
> > Beware of 12.2(18)S' level 7 password scrambler bug. Expect some of
> > your passwords in your config to stop working (workaround: re-add them
> > as plain text to have IOS re-code it). Same fun again when you migrate
> > away from 12.2(18)S. It's beyond me why Cisco didn't fix it in a 18S
> > rebuild but kept on having it broken in all 18S* known to me. Perhaps
> > they fixed it meanwhile, can someone clarify?
>
> If it's CSCed88768 that you have in mind - it shows up as being
> integrated in 12.2(18)S06 - but indeed there's some "fun" involved
> when moving between the affected and fixed versions - see the
> release-note of the bug.
>
> cheers,
> andrew
>
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 9 Nov 2005 07:59:54 -0500
> From: Rodney Dunn <rodunn at cisco.com>
> Subject: Re: [c-nsp] Re: IOS 12.2(25)S6/S7
> To: Dave Temkin <dave at ordinaryworld.com>
> Cc: Gert Doering <gert at greenie.muc.de>, cisco-nsp at puck.nether.net
> Message-ID: <20051109075954.C16606 at rtp-cse-489.cisco.com>
> Content-Type: text/plain; charset=us-ascii
>
> If you are talking about a 75xx you can't do HA with
> MPLS in anything other than 12.0S or 12.2S.
>
> I've said it many times already. 12.0S for HA right
> now until SB comes out is the way to go on a 75xx.
>
> If you want some 12.3T features you should be running
> 12.4 mainline because the throttles on 12.3T rebuilds will
> stop soon as 12.4 is bugfix only now.
>
> Rodney
>
> On Wed, Nov 09, 2005 at 07:12:55AM -0500, Dave Temkin wrote:
> > My issue is that I need features that only 12.2S and 12.3T have (namely,
> > specific hardware support) - plus, regular 12.3 mainline doesn't have
> RPR
> > or SSO support.
> >
> > -Dave
> >
> > On Wed, 9 Nov 2005, Gert Doering wrote:
> >
> > > Hi,
> > >
> > > On Tue, Nov 08, 2005 at 08:23:19PM -0500, Dave Temkin wrote:
> > > > At this point would you guys roll out 12.2.18S10 or a recent 12.3T?
> > >
> > > Depends on the level of pain you want.
> > >
> > > 12.3 mainline has features that 12.2S does not have (VPDN, for
> example).
> > >
> > > 12.2S "provider" has features that 12.3 main does not have (IPv6 and
> MPLS,
> > > without having to pay $LOTS extra for 12.3 "enterprise" feature set).
> > >
> > > 12.3T has features that neither 12.2S nor 12.3 main has - but it has
> many
> > > more bugs, and needs more Flash and DRAM space.
> > >
> > > So... it very much depends on what you want to do
> > >
> > > - if you need 12.3T features, go with 12.3T
> > > - if you don't need MPLS, 12.3 main might be a good path for you
> > > - if you don't need IPv6, 12.0S might be a good path for you
> > >
> > > Our choice is 12.2(18)S10 for the core routers, and 12.3(x) mainline
> for
> > > the VPDN aggregation routers (and due to feature availability, also
> for
> > > a few other customer-facing boxes).
> > >
> > > gert
> > >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ------------------------------
>
> Message: 9
> Date: Wed, 9 Nov 2005 08:13:19 -0500 (EST)
> From: Dave Temkin <dave at ordinaryworld.com>
> Subject: Re: [c-nsp] Re: IOS 12.2(25)S6/S7
> To: Rodney Dunn <rodunn at cisco.com>
> Cc: Gert Doering <gert at greenie.muc.de>, cisco-nsp at puck.nether.net
> Message-ID: <Pine.LNX.4.58.0511090812230.7844 at ordinaryworld.com>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> I need support of the IMA PA, which is only in 12.3T and 12.2S, not in
> 12.0S...
>
> Also, SSO is only in 12.2S, not 12.3T. Is it in 12.4?
>
> -Dave
>
> On Wed, 9 Nov 2005, Rodney Dunn wrote:
>
> > If you are talking about a 75xx you can't do HA with
> > MPLS in anything other than 12.0S or 12.2S.
> >
> > I've said it many times already. 12.0S for HA right
> > now until SB comes out is the way to go on a 75xx.
> >
> > If you want some 12.3T features you should be running
> > 12.4 mainline because the throttles on 12.3T rebuilds will
> > stop soon as 12.4 is bugfix only now.
> >
> > Rodney
> >
> > On Wed, Nov 09, 2005 at 07:12:55AM -0500, Dave Temkin wrote:
> > > My issue is that I need features that only 12.2S and 12.3T have
> (namely,
> > > specific hardware support) - plus, regular 12.3 mainline doesn't have
> RPR
> > > or SSO support.
> > >
> > > -Dave
> > >
> > > On Wed, 9 Nov 2005, Gert Doering wrote:
> > >
> > > > Hi,
> > > >
> > > > On Tue, Nov 08, 2005 at 08:23:19PM -0500, Dave Temkin wrote:
> > > > > At this point would you guys roll out 12.2.18S10 or a recent 12.3T
> ?
> > > >
> > > > Depends on the level of pain you want.
> > > >
> > > > 12.3 mainline has features that 12.2S does not have (VPDN, for
> example).
> > > >
> > > > 12.2S "provider" has features that 12.3 main does not have (IPv6 and
> MPLS,
> > > > without having to pay $LOTS extra for 12.3 "enterprise" feature
> set).
> > > >
> > > > 12.3T has features that neither 12.2S nor 12.3 main has - but it has
> many
> > > > more bugs, and needs more Flash and DRAM space.
> > > >
> > > > So... it very much depends on what you want to do
> > > >
> > > > - if you need 12.3T features, go with 12.3T
> > > > - if you don't need MPLS, 12.3 main might be a good path for you
> > > > - if you don't need IPv6, 12.0S might be a good path for you
> > > >
> > > > Our choice is 12.2(18)S10 for the core routers, and 12.3(x) mainline
> for
> > > > the VPDN aggregation routers (and due to feature availability, also
> for
> > > > a few other customer-facing boxes).
> > > >
> > > > gert
> > > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> ------------------------------
>
> Message: 10
> Date: Wed, 9 Nov 2005 14:15:35 +0100
> From: Gert Doering <gert at greenie.muc.de>
> Subject: Re: [c-nsp] Re: IOS 12.2(25)S6/S7
> To: Dave Temkin <dave at ordinaryworld.com>
> Cc: Gert Doering <gert at greenie.muc.de>, cisco-nsp at puck.nether.net
> Message-ID: <20051109131535.GS1060 at greenie.muc.de>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
>
> On Wed, Nov 09, 2005 at 07:12:55AM -0500, Dave Temkin wrote:
> > My issue is that I need features that only 12.2S and 12.3T have (namely,
> > specific hardware support) - plus, regular 12.3 mainline doesn't have
> RPR
> > or SSO support.
>
> That's what I implied by "depending on the level of pain you want".
>
> If I had to choose between 12.3T and 12.2S, and "both trains have all that
> I need", I'd go for 12.2(18)S. Using T train in production scares me.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
>
>
> ------------------------------
>
> Message: 11
> Date: Wed, 9 Nov 2005 14:29:36 +0100
> From: Andrew Yourtchenko <ayourtch at gmail.com>
> Subject: Re: [c-nsp] PIX VPN changes from 6.3.4 to 7.0.x ?
> To: Garry <gkg at gmx.de>
> Cc: Cisco-NSP Mailing List <cisco-nsp at puck.nether.net>
> Message-ID:
> <530c5af60511090529x45bb527fm62378ff64ab2f7f8 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Garry,
>
> > parallel. Now, all communication is sent through the tunnel when IPSEC
> > is up ... I've tried fiddling with split tunneling etc., but couldn't
> > get the connection to permit both types of connections at the same time
> ...
>
> internally, there's been quite a few changes between 6.x and 7.x - and
> some of the configuration needed to be adjusted - the split-tunnel ACL
> config is different in 6.x and 7.x - in 7.x you need to use "standard"
> ACL to denote which traffic is to be encrypted. This is indeed just a
> speculation since I do not know how you were configuring it.
>
> Note, that from 7.x, you can actually make the VPN-originated traffic
> to U-turn - from the VPN client, and then to Internet (so you can
> enforce the policy on the PIX for all the traffic). To have that you'd
> need "same-security-traffic permit intra-interface" command in the PIX
> configuration & the corresponding translation rules (with both
> 'internal' and 'external' interfaces in their syntax being the VPN
> termination interface).
>
> thanks,
> andrew
>
>
>
> ------------------------------
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
>
> End of cisco-nsp Digest, Vol 36, Issue 37
> *****************************************
>


More information about the cisco-nsp mailing list