[c-nsp] Need Oppinion for windows base Radius Server

Brian Mahachi brian_mahachi at yahoo.com
Wed Jun 30 01:45:52 EDT 2010






________________________________
From: "cisco-nsp-request at puck.nether.net" <cisco-nsp-request at puck.nether.net>
To: cisco-nsp at puck.nether.net
Sent: Tue, 29 June, 2010 23:15:20
Subject: cisco-nsp Digest, Vol 91, Issue 107

Send cisco-nsp mailing list submissions to
    cisco-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
    https://puck.nether.net/mailman/listinfo/cisco-nsp
or, via email, send a message with subject or body 'help' to
    cisco-nsp-request at puck.nether.net

You can reach the person managing the list at
    cisco-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-nsp digest..."


Today's Topics:

   1. Need Oppinion for windows base Radius Server (suryantofang)
   2. Re: 6500/Sup720 losing "startup-config" (Asbjorn Hojmark - Lists)
   3. Re: ASR1002 (Kenny Sallee)
   4. Re: 6500/Sup720 losing "startup-config" (Mack McBride)
   5. Re: IP issues with 3560 (Sophan Pheng)
   6. SNMP MIB for Receiving Prefix Counts for Individual Peers
      (Gary T. Giesen)
   7. Re: IP issues with 3560 (Sophan Pheng)


----------------------------------------------------------------------

Message: 1
Date: Tue, 29 Jun 2010 23:13:22 +0800 (SGT)
From: suryantofang <mumetahh at yahoo.co.id>
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Need Oppinion for windows base Radius Server
Message-ID: <972485.11542.qm at web76309.mail.sg1.yahoo.com>
Content-Type: text/plain; charset=utf-8

Dear All,

currently i prepare my home lab for Cisco Cert. need your guys opinion what easier small application for radius server for my home lab.


Regards,

-Suryantofang-
" Fly Higher - Run Faster "

You can use freeradius-server, I used acs running on windows 2003 server VMware. Simple and easy to configure and it works for all AAA.



------------------------------

Message: 2
Date: Tue, 29 Jun 2010 18:24:52 +0200
From: Asbjorn Hojmark - Lists <lists at hojmark.org>
To: Peter Rathlev <peter at rathlev.dk>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 6500/Sup720 losing "startup-config"
Message-ID: <ud7k26tkp6rhts4fttv0b4ad7m0u5hbik4 at hojmark.net>
Content-Type: text/plain; charset=us-ascii

On Tue, 29 Jun 2010 17:53:48 +0200, you wrote:

> It smells like a battery of some kind run dry, combined with the
> NVRAM not being flash based. Anybody have a clue about what I
> could do? Other than have it replaced? :-)

The solution *is* to have it RMA'ed. I just had a similar case on a
7600. The SR software is polite enough to actually write that the
battery is low, logging "C7600_PLATFORM-3-LOW_BATT".

-A



------------------------------

Message: 3
Date: Tue, 29 Jun 2010 09:35:54 -0700
From: Kenny Sallee <kenny.sallee at gmail.com>
To: Rens <rens at autempspourmoi.be>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASR1002
Message-ID:
    <AANLkTimuX2mronPHS3X6WOfiGgwUt-v3kqrrW-kCvn2h at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Jun 24, 2010 at 3:36 AM, Rens <rens at autempspourmoi.be> wrote:

> Did anyone actually give any recommendations?
> I'm looking for the same advice to run BGP, OSPF & maybe L2TPv3 later
>
>
Hi Rens - sorry for late reply as I was on vacation.

I'm running asr1000rp1-adventerprisek9.02.05.00.122-33.XNE.bin on 2 ASR
1002's in production.  I'm using VRF's, DS3's, BGP (not full feeds), and ACL
filtering without any issues for about 3 months now.  I did see a thread
last month about memory issues - I think it was this one:
http://www.merit.edu/mail.archives/nanog/msg09386.html

Good luck,

Kenny


------------------------------

Message: 4
Date: Tue, 29 Jun 2010 09:20:32 -0700
From: Mack McBride <mack.mcbride at viawest.com>
To: Peter Rathlev <peter at rathlev.dk>, "cisco-nsp at puck.nether.net"
    <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] 6500/Sup720 losing "startup-config"
Message-ID:
    <CCD664821F7A144CBE712A1DD4E6D9472813C60264 at EXVMBX017-1.exch017.msoutlookonline.net>
    
Content-Type: text/plain; charset="us-ascii"

There are ROMMON upgrades for the Sup720.
However it sounds like you have a problem with the NVRAM.
It sounds like the older NVRAM was not flash based and
the battery has died.  It may be possible to replace the 
battery if it isn't part of the NVRAM unit and isn't 
soldered to the Sup720.

LR Mack McBride
Network Architect
Viawest, Inc.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Rathlev
Sent: Tuesday, June 29, 2010 9:54 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 6500/Sup720 losing "startup-config"

I have an old (~7 years) Sup720 PFC3BXL that has been running fine for
all it's life and is now to act as a secondary node in a new place.

I've loaded it with the new config and new IOS and (soft) reloaded a
couple of times; no problems there. But when I "hard" reload it (i.e.
take away power) the startup-config and ROMMON parameters disappear.
It's completely reproducible, every time I take away power it has no
startup-config and the ROMMON settings are the default settings.

When booting up it writes the following message on the console:

- RELIABILITY DRIVER: wrong signature on NVFLASH

It smells like a battery of some kind run dry, combined with the NVRAM
not being flash based. Anybody have a clue about what I could do? Other
than have it replaced? :-)

I was thinking about a ROMMON upgrade (it's using 12.2(14r)S1 now, newer
boxes we have run 12.2(17r)SX5) but have only found documentation that
suggests that you can't ROMMON upgrade a Sup720. I'm not sure why it
would help though.

-- 
Peter




_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



------------------------------

Message: 5
Date: Tue, 29 Jun 2010 13:17:46 -0500
From: Sophan Pheng <sophan.p at altatechnologies.com>
To: Andy Koch <gawul00 at gmail.com>
Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] IP issues with 3560
Message-ID:
    <76B69DC7CE5E6F4AB8ECC22313FFDD2853F722DAEE at EXMBX01.vcollaborate.com>
Content-Type: text/plain; charset="us-ascii"

Still having issues, although I tried to follow your suggestions. Here is my config, can you tell me if im heading in the right direction? I think im confused on the SVI portion, each time I try to set an IP to the port interface, it tells me it overlaps with the vlan IP.

Current configuration : 1342 bytes
!
! Last configuration change at 11:39:08 UTC Tue Jun 29 2010
! NVRAM config last updated at 10:16:01 UTC Tue Jun 29 2010
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$1it3$ZLsZBGgPum27PkZz7KXV9/
!
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
ip access-group 1 in
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface GigabitEthernet0/1
!
interface Vlan1
ip address 10.0.0.2 255.255.255.0
!
interface Vlan2
ip address 10.125.25.4 255.255.255.0
!
interface Vlan3
ip address 10.125.19.5 255.255.255.0
!
ip default-gateway 10.0.0.1
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password xxxxxx
login
line vty 5 15
password xxxxxxx
login
!
end

Switch#
Switch#
Switch#

Thanks again for the help guys!!

-----Original Message-----
From: Andy Koch [mailto:gawul00 at gmail.com] 
Sent: Monday, June 28, 2010 8:40 PM
To: Sophan Pheng
Subject: Re: [c-nsp] IP issues with 3560

On Mon, Jun 28, 2010 at 11:36, Sophan Pheng
<sophan.p at altatechnologies.com> wrote:
> Hello All,
>
> I have not dealt with this before so any help/comments would be great and much appreciated...
>
> We have the following IP's that need to be able to ping each other through this box. I have a server sitting at 10.125.25.5/255.255.0.0 that connects to the rest of the network via a microwave link. It connects to the 10.125.19.x segment to upload data to an archiving server. I need to be able to ping 25.2 from 19.x and vice versa.


Please double check your subnet mask.  255.255.0.0 would place both
10.125.25.5 and 10.125.19.x in the same subnet.  If you separated the
hosts on different VLANs, then the switch, even if configured for
routing, would not route such packets.



> Can you please give some assistance as to how I can accomplish this? So far I have only been able to get the 25.5 to ping the Vlan it is connected to, but not anything on the other side (19.x) even with IP Routing enabled. Currently, I have reset it to factory to start from scratch.
>
> Can anybody suggest what the problem could be?

Also check your SVI interfaces on the switch.  Each VLAN should have
its own SVI interface with an IP in the corresponding segment. From
there, ensure IP routing is enabled and the switch should then route
packets from one VLAN to the other.

> Thanks in advance!!
>
> Sophan

Good Luck.

Andy
gawul00 at gmail.com




------------------------------

Message: 6
Date: Tue, 29 Jun 2010 17:11:06 -0400
From: "Gary T. Giesen" <giesen at snickers.org>
To: "Cisco NSP ((E-mail))'" <cisco-nsp at puck.nether.net>
Subject: [c-nsp] SNMP MIB for Receiving Prefix Counts for Individual
    Peers
Message-ID:
    <AANLkTikZI2lZoIvaJ63rvwkhmk2bQabCJ21-slsJYDTg at mail.gmail.com>
Content-Type: text/plain; charset=windows-1252

Is anyone aware of a MIB that supports querying the number of prefixes
(not the individual prefixes) received from a BGP peer?

CISCO-BGP4-MIB has this:

cbgpPeerTable Support

The cbgpPeerTable has been modified to support the enhancements
described in this document. The following new table objects are
supported in the CISCO-BGP-MIB.my:

?cbgpPeerLastErrorTxt

?cbgpPeerPrevState

The following table objects are not supported. The status of theses
objects is listed as deprecated, and these objects are not
operational:

?cbgpPeerPrefixAccepted

?cbgpPeerPrefixDenied

?cbgpPeerPrefixLimit

?cbgpPeerPrefixAdvertised

?cbgpPeerPrefixSuppressed

?cbgpPeerPrefixWithdrawn


But as you can see, the really interesting OIDs are not supported. The
standard BGP4-MIB doesn't seem to have an equivalent (unless I'm
misreading)

Any thoughts?

GG



------------------------------

Message: 7
Date: Tue, 29 Jun 2010 16:13:57 -0500
From: Sophan Pheng <sophan.p at altatechnologies.com>
To: Charles Klement <cjk at klement.org>
Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] IP issues with 3560
Message-ID:
    <76B69DC7CE5E6F4AB8ECC22313FFDD2853F722DFE3 at EXMBX01.vcollaborate.com>
Content-Type: text/plain; charset="us-ascii"

I finally got it figured out, that last email was a huge help, thank you! I set the ports to their specified vlans, then set each vlan to an IP on the specific segments, and turned on ip routing. My config is below:

User Access Verification

Password:
Switch>en
Password:
Switch#show running-config
Building configuration...

Current configuration : 1424 bytes
!
! Last configuration change at 15:31:03 UTC Tue Jun 29 2010
! NVRAM config last updated at 15:06:01 UTC Tue Jun 29 2010
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$..CG$YmuMsiC/CHmZssdOlyUcA1
!
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 3
!
interface FastEthernet0/5
switchport access vlan 3
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface GigabitEthernet0/1
!
interface Vlan1
ip address 10.0.0.2 255.255.255.0
!
interface Vlan2
ip address 10.125.25.2 255.255.255.0
!
interface Vlan3
ip address 10.125.19.6 255.255.255.0
!
ip default-gateway 10.0.0.1
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password xxxxx
login
line vty 5 15
password xxxxx
login
!
End

We should be all set now, thank you all so much!!

-----Original Message-----
From: Charles Klement [mailto:cjk at klement.org] 
Sent: Tuesday, June 29, 2010 2:27 PM
To: Sophan Pheng
Subject: Re: [c-nsp] IP issues with 3560

I see in your config that you have defined layer3 vlan interfaces. You
need to make sure that the layer 2 vlans are also defined. You can
typically do this by typing in 'vlan 2' and then 'vlan 3' etc when in
global config mode. Note, that there is no 'int' infront of those
previous 2 commands. If you have already defined the vlan instances
you can skip this step.

Next you need to decide which vlan you want your ports in.

Right now all your ports are in vlan 1. You need to go into each port
and use the command 'switchport access vlan 3' if you want that port
in vlan 3. If you want to, you can also define a range of ports by
typing in 'int range fa0/1-10' and then use 'switchport access vlan 2'
if you wanted those 10 ports associated with vlan 2

Good luck.

On 6/29/10, Sophan Pheng <sophan.p at altatechnologies.com> wrote:
> Still having issues, although I tried to follow your suggestions. Here is my
> config, can you tell me if im heading in the right direction? I think im
> confused on the SVI portion, each time I try to set an IP to the port
> interface, it tells me it overlaps with the vlan IP.
>
> Current configuration : 1342 bytes
> !
> ! Last configuration change at 11:39:08 UTC Tue Jun 29 2010
> ! NVRAM config last updated at 10:16:01 UTC Tue Jun 29 2010
> !
> version 12.2
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Switch
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 $1$1it3$ZLsZBGgPum27PkZz7KXV9/
> !
> no aaa new-model
> clock timezone UTC -6
> clock summer-time UTC recurring
> system mtu routing 1500
> ip subnet-zero
> ip routing
> !
> !
> !
> !
> !
> !
> !
> !
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> vlan internal allocation policy ascending
> !
> !
> !
> interface FastEthernet0/1
> !
> interface FastEthernet0/2
>  ip access-group 1 in
> !
> interface FastEthernet0/3
> !
> interface FastEthernet0/4
> !
> interface FastEthernet0/5
> !
> interface FastEthernet0/6
> !
> interface FastEthernet0/7
> !
> interface FastEthernet0/8
> !
> interface FastEthernet0/9
> !
> interface FastEthernet0/10
> !
> interface FastEthernet0/11
> !
> interface FastEthernet0/12
> !
> interface GigabitEthernet0/1
> !
> interface Vlan1
>  ip address 10.0.0.2 255.255.255.0
> !
> interface Vlan2
>  ip address 10.125.25.4 255.255.255.0
> !
> interface Vlan3
>  ip address 10.125.19.5 255.255.255.0
> !
> ip default-gateway 10.0.0.1
> ip classless
> ip http server
> !
> !
> control-plane
> !
> !
> line con 0
> line vty 0 4
>  password xxxxxx
>  login
> line vty 5 15
>  password xxxxxxx
>  login
> !
> end
>
> Switch#
> Switch#
> Switch#
>
> Thanks again for the help guys!!
>
> -----Original Message-----
> From: Andy Koch [mailto:gawul00 at gmail.com]
> Sent: Monday, June 28, 2010 8:40 PM
> To: Sophan Pheng
> Subject: Re: [c-nsp] IP issues with 3560
>
> On Mon, Jun 28, 2010 at 11:36, Sophan Pheng
> <sophan.p at altatechnologies.com> wrote:
>> Hello All,
>>
>> I have not dealt with this before so any help/comments would be great and
>> much appreciated...
>>
>> We have the following IP's that need to be able to ping each other through
>> this box. I have a server sitting at 10.125.25.5/255.255.0.0 that connects
>> to the rest of the network via a microwave link. It connects to the
>> 10.125.19.x segment to upload data to an archiving server. I need to be
>> able to ping 25.2 from 19.x and vice versa.
>
>
> Please double check your subnet mask.  255.255.0.0 would place both
> 10.125.25.5 and 10.125.19.x in the same subnet.  If you separated the
> hosts on different VLANs, then the switch, even if configured for
> routing, would not route such packets.
>
>
>
>> Can you please give some assistance as to how I can accomplish this? So
>> far I have only been able to get the 25.5 to ping the Vlan it is connected
>> to, but not anything on the other side (19.x) even with IP Routing
>> enabled. Currently, I have reset it to factory to start from scratch.
>>
>> Can anybody suggest what the problem could be?
>
> Also check your SVI interfaces on the switch.  Each VLAN should have
> its own SVI interface with an IP in the corresponding segment. From
> there, ensure IP routing is enabled and the switch should then route
> packets from one VLAN to the other.
>
>> Thanks in advance!!
>>
>> Sophan
>
> Good Luck.
>
> Andy
> gawul00 at gmail.com
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>




------------------------------

_______________________________________________
cisco-nsp mailing list
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp

End of cisco-nsp Digest, Vol 91, Issue 107
******************************************



      


More information about the cisco-nsp mailing list