[c-nsp] Cisco Pagent IOS
sandreas
sandreas at cisco.com
Wed Dec 9 15:21:36 EST 2009
Hi Ulrich
This is from the Cisco Internal FAQ on Pagent
Customer Use of Pagent :
> Pagent has been made available to a very limited number of customers. The
> Pagent group does not have the bandwidth to support customers so all support
> has to be provided by a local support rep; a SE or equivalent Cisco employee.
> Before getting access to the Pagent images, the customer is required to sign a
> pre-release software license agreement.
>
> Pagent documentation has been written for use by Cisco employees only and was
> not intended for outside use. Pagent documentation is not to be given to
> customers. All Pagent training, answering customer questions, obtaining images
> and license keys is the responsibility of the local support rep.
>
> If you need to support Pagent for a customer, start by emailing pagent-support
> to get a copy of the pre-release software license agreement that needs to be
> signed by the customer.
>From your name you sound Danish, if so send me an email and we can discuss
if pagent is the right tool for you.
If you are not Danish let me know and I will find a SE in you local country
that can assist (well, I will try to)
Best regards
Soren
> From: <cisco-nsp-request at puck.nether.net>
> Reply-To: <cisco-nsp at puck.nether.net>
> Date: Wed, 09 Dec 2009 07:50:45 -0500
> To: <cisco-nsp at puck.nether.net>
> Subject: cisco-nsp Digest, Vol 85, Issue 25
>
> Send cisco-nsp mailing list submissions to
> cisco-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> or, via email, send a message with subject or body 'help' to
> cisco-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
> cisco-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisco-nsp digest..."
>
>
> Today's Topics:
>
> 1. ASA - Easy VPN server - # of SAs (Clay Hoy)
> 2. Re: bpduguard and trunks? (Renelson Panosky)
> 3. Need some help on figuring out bandwidth management
> (Steven Pfister)
> 4. Looking for GPON experience (Jared Mauch)
> 5. Re: Cisco logging commands (Justin Shore)
> 6. Checking GBIC vendor name, part no. and serial no. on Cisco
> 2950 (Alen)
> 7. QoS on Metro Ethernet! (Asad Ul-Islam)
> 8. Cisco Pagent IOS (Hansen, Ulrich Vestergaard B. (E R WP EN 342))
> 9. Re: Cisco Pagent IOS (Dobbins, Roland)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 8 Dec 2009 11:59:20 -0600
> From: Clay Hoy <frogmanclay at gmail.com>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ASA - Easy VPN server - # of SAs
> Message-ID:
> <d7206fc80912080959h1c9db5cfub03c6d605c57f28b at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I am looking at an asa5580-20 and it shows the SSL limit at 10k and the VPN
> peer limit at 10k. However, when using both you can not go over a combined
> total of 10k connections. That is per the datasheet:
> http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/produc
> t_data_sheet0900aecd80402e3f.html
>
> Now, I am going to be using it as an Easy VPN server. Knowing the ASA only
> supports legacy Easy VPN and each routed subnet on the remote side uses an
> SA, is the real limit 10k SAs? That is how I read it, but I can't seem to
> get a straight answer from anyone at Cisco. If I have 2000 remote sites,
> with 5 routed subnets each, am I at the limit of the box? I know I can
> cluster these boxes, but I need to know that I am going to have to up front
> in order to request the proper budget and do all the right testing in the
> lab.
>
> Also, does anyone know of any series problems using the ASA55xx series as an
> Easy VPN server?
>
> Thank you everyone for your time,
> Clay
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 8 Dec 2009 14:02:43 -0500
> From: Renelson Panosky <panocisco77 at gmail.com>
> To: Howard Jones <howie at thingy.com>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] bpduguard and trunks?
> Message-ID:
> <16e2ac180912081102w1920289fra734e322568cd89 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I had a similar problem and yes BPDUGUARD effects trunk port, i think you
> have to disable bpduguard on both side and make sure you're running rpst
> mode.
>
> On Thu, Dec 3, 2009 at 9:29 AM, Howard Jones <howie at thingy.com> wrote:
>
>> I've just run into an odd problem, and was wondering if anyone else
>> could clarify this for me.
>>
>> [c1]---[Sw1]----------[Sw2]---[c2]
>>
>> c1 and c2 are client devices. Sw1 and Sw2 are 3750Gs with a trunk
>> between them. c1 has a trunk to Sw1. One of the vlans in that trunk as
>> passed along the sw1-sw2 trunk to c2.
>>
>> The port facing c1 has bpduguard enabled. Halfway through adding vlans,
>> Sw2 complains about inconsistent BPDUs, and the root bridge mac address
>> is that of c1. It shuts down the trunk port, which is kind of annoying.
>>
>> Does bpduguard only affect access ports and not trunks? That's the only
>> explanation I can see for what is going on. The manual doesn't exactly
>> say either way: "At the interface level, you enable BPDU guard on any
>> interface by using the spanning-tree bpduguard enable interface
>> configuration command without also enabling the Port Fast feature.". Sw1
>> also has '|no spanning-tree vlan 1-4090|' - will that help or hinder, here?
>>
>> I think the real answer is to stop using switches to ship stuff between
>> sites like this, but that is a battle for another day.
>>
>> Thanks in advance for any illumination...
>>
>> Howie
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 08 Dec 2009 15:11:54 -0500
> From: "Steven Pfister" <SPfister at dps.k12.oh.us>
> To: <cisco-nsp at puck.nether.net>
> Subject: [c-nsp] Need some help on figuring out bandwidth management
> Message-ID: <4B1E6CB9.9E6F.00B8.0 at dps.k12.oh.us>
> Content-Type: text/plain; charset=US-ASCII
>
> I've got a remote site connected to the central site for Internet access via 2
> T1s to an ATM network. Voice has been allocated 800k of this bandwidth, and
> the rest is data. Network usage at this particular site has been growing
> within the past couple of months and at times bandwidth has been maxed out. I
> need some way to make sure bandwidth is allocated fairly. I'd like to be able
> to add more capacity, but that's not going to be possible right now.
>
> One of the first things I thought of was unicast storm-control. If I went this
> route, I'm not sure what parameters to use. Right now, some ports are set to
> an upper limit of 5%, and some are set to 5k pps (the default value, I
> believe). This was all set up before I started here, and I've never really
> given it much though until this project came along. It looks like the upstream
> connection for that site rarely gets over 450 pps to the central site.
>
> Questions:
> - Is unicast storm-control a good option here, or should I look at others?
> - If I do use it, can someone point me to where I can find some help on the
> best settings to use in this particular environment?
>
>
> Steve Pfister
> Technical Coordinator,
> The Office of Information Technology
> Dayton Public Schools
> 115 S. Ludlow St.
> Dayton, OH 45402
>
> Office (937) 542-3149
> Cell (937) 673-6779
> Direct Connect: 137*131747*8
> Email spfister at dps.k12.oh.us
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 8 Dec 2009 15:47:15 -0500
> From: Jared Mauch <jared at puck.nether.net>
> To: "cisco-nsp at puck.nether.net List" <cisco-nsp at puck.nether.net>
> Subject: [c-nsp] Looking for GPON experience
> Message-ID: <152C3AB4-BE71-4FA2-BB10-8E9606760E54 at puck.nether.net>
> Content-Type: text/plain; charset=us-ascii
>
> I'm looking at building a small GPON network and am looking for feedback for
> those that have built similar solutions.
>
> Vendors, ease of use both for ONT and related information is of use to me.
>
> Here's hoping someone here has experience with it they are willing to share.
>
> Please direct follow-ups to me and I can summarize if there is interest.
>
> - Jared
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 08 Dec 2009 17:20:22 -0600
> From: Justin Shore <justin at justinshore.com>
> To: Henry-Nicolas Tourneur <hntourneur at autempspourmoi.be>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Cisco logging commands
> Message-ID: <4B1EDF36.5050507 at justinshore.com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Henry-Nicolas Tourneur wrote:
>> I'm not willing to use Tacacs+ because I'm setting-up a new server
>> environment and I don't want
>> to need to manually compile tac-plus and get broken dependencies after
>> an upgrade.
>
> I've been using OSS tacacs+ daemons for nearly a decade and have yet to
> run into a situation where it suddenly broke due to a dependency issue
> created when I upgraded something else. This is coming from a person
> that compiles nearly everything on his servers from source including
> core libraries glibc, OpenSSL, etc. Static linking is the simple answer
> if that's your concern anyway just like with any other OSS tool.
>
>> Using tac-plus from the APT would be far more easier, unfortunately,
>> it's not available any more.
>> And, we are not interested in purchasing a Cisco ACS product just for
>> doing what tac-plus does.
>
> I vote for the Shrubbery.net version. Worked perfectly for me for many
> years.
>
> Also, here's some AAA config you'll need for tacacs to log ANYTHING that
> gets typed on the CLI in ANY privilege level, including typos:
>
> aaa accounting delay-start
> aaa accounting exec NETACC
> action-type start-stop
> group tacacs+
> !
> aaa accounting commands 0 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 1 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 2 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 3 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 4 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 5 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 6 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 7 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 8 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 9 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 10 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 11 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 12 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 13 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 14 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting commands 15 NETACC
> action-type stop-only
> group tacacs+
> !
> aaa accounting connection NETACC
> action-type stop-only
> group tacacs+
> !
> line vty 0 15
> accounting connection NETACC
> accounting commands 0 NETACC
> accounting commands 1 NETACC
> accounting commands 2 NETACC
> accounting commands 3 NETACC
> accounting commands 4 NETACC
> accounting commands 5 NETACC
> accounting commands 6 NETACC
> accounting commands 7 NETACC
> accounting commands 8 NETACC
> accounting commands 9 NETACC
> accounting commands 10 NETACC
> accounting commands 11 NETACC
> accounting commands 12 NETACC
> accounting commands 13 NETACC
> accounting commands 14 NETACC
> accounting commands 15 NETACC
> accounting exec NETACC
>
>
> The syntax is new beginning with 12.4(24)T or thereabouts but the gist
> of it is the same. Just rewrite the 'aaa accounting commands' lines if
> you're using an older IOS rev. Couple that with your normal tacacs
> config and you'll log every single thing typed on the VTYs. Don't
> forget your other lines though.
>
> Justin
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 9 Dec 2009 12:22:31 +0800
> From: Alen <alenwong+cisconsp at gmail.com>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Checking GBIC vendor name, part no. and serial no. on
> Cisco 2950
> Message-ID:
> <763cba560912082022na904177ye9a7df552939242d at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> We are currently checking on the vendor name, part no and serial no. of the
> GBICs being used in production switches, For switches like 4948 and 4503, we
> can use "show idprom int g1/1" to display the above wanted information. But
> such command seems does not exist in catalyst 2950.
>
> Any thoughts on this?
>
> Thanks.
>
> Alen
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 09 Dec 2009 11:08:21 +0500
> From: Asad Ul-Islam <asad747 at cyber.net.pk>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] QoS on Metro Ethernet!
> Message-ID: <001501ca7896$027cc7c0$07765740$@net.pk>
> Content-Type: text/plain; charset=US-ASCII
>
> Dear friends,
>
>
>
> I am running Metro Ethernet based network (Multi Vendor) providing various
> services including ELANE & ELINE. I would like to monitor QoS on network
> per customer EVC. Can someone tell me how can I achieve that?? Which
> parameters should be monitored?
>
>
>
> Please list down some products (Commercial/Free) which monitor QoS at this
> level (Specially for ELINE/ELANE) and can also provide SLA reports.
>
>
>
> Best Regards,
>
>
>
> Asad.
>
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 9 Dec 2009 13:33:47 +0100
> From: "Hansen, Ulrich Vestergaard B. (E R WP EN 342)"
> <uvh at siemens.com>
> To: <cisco-nsp at puck.nether.net>
> Subject: [c-nsp] Cisco Pagent IOS
> Message-ID:
> <5FD7A7EC774B114092B1603D69E42C9B02F5778F at BDKB1EEA.ww007.siemens.net>
> Content-Type: text/plain; charset="us-ascii"
>
> Dear Friends
>
> Does anybody know whether Cisco Pagent TG IOS is available to the public
> through your account manager - has anyone worked with it or can
> recommend another alternative Colasoft TG..?
>
>
> Med venlig hilsen / Best Regards
>
> Ulrich Vestergaard B. Hansen
> Network Engineer
>
> Please consider the environment before printing this e-mail
>
>
>
>
>
> ------------------------------
>
> Message: 9
> Date: Wed, 9 Dec 2009 12:48:31 +0000
> From: "Dobbins, Roland" <rdobbins at arbor.net>
> To: Cisco-nsp <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Cisco Pagent IOS
> Message-ID: <8426DA48-B179-4865-A88E-4E460BD29555 at arbor.net>
> Content-Type: text/plain; charset="us-ascii"
>
>
> On Dec 9, 2009, at 7:33 PM, Hansen, Ulrich Vestergaard B. (E R WP EN 342)
> wrote:
>
>> Does anybody know whether Cisco Pagent TG IOS is available to the public
>> through your account manager
>
> No, it isn't.
>
>> - has anyone worked with it or can recommend another alternative
>
>
> There are lots of commercial and open-source packet-generation tools
> available, which can be found by making use of Your Search Engine of Choice.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Injustice is relatively easy to bear; what stings is justice.
>
> -- H.L. Mencken
>
>
>
>
>
> ------------------------------
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
> End of cisco-nsp Digest, Vol 85, Issue 25
> *****************************************
More information about the cisco-nsp
mailing list