[c-nsp] ASR9K limitations

chip chip.gwyn at gmail.com
Thu Jun 28 14:03:23 EDT 2012 

>> Using ACLs to restrict telnet/ssh access  gets strange if you use
>> layer-4 port definitions in your acl, just stick to source prefix.
>
> you can use prefix sets for this, no?

No, prefix sets are part of RPL, routing policy.  They cannot be used
for limiting access or deny traffic, it's all about the prefixes.



On Thu, Jun 28, 2012 at 1:39 PM, Nick Hilliard <nick at foobar.org> wrote:
> On 27/06/2012 23:29, chip wrote:
>> Not being able to insert rpl policy without having to re-do the whole
>> policy.  Yes, I know you can edit it with the built-in nano, emacs, or
>> vi editors, but that's kinda difficult to script, eh?  Also, you must
>> have your TERM evironment var set to vt100, if it's set to xterm it
>> won't work.  And yes I know you can upload it from a file, but again,
>> it's the whole thing.
>
> This is annoying in minor sort of way.  But rpl is so full of win all
> around that I'm happy to overlook this.
>
>> Console port (for at least the RSP440's) requires 8n2 setting, again,
>> no big deal, but a bit annoying having to change stuff around.
>
> Bizarre decision. I cannot understand how or why anyone would use 8N2.  Or
> indeed implement rs232 as a console mechanism these days.  We live in an
> ethernet world, even for oob (please see previous rants about CMP support).
>
>> GLC-T SFP's aren't supported, SFP-GE-T's are, this seemed to change
>> from 4.2.0 to 4.2.1, not the support, but the enforcement of it.
>
> Use programmable third party transceivers instead.
>
> There is no justification for cisco not supporting newer GLC-*
> transceivers, and there is no justification for Cisco to charge their
> outrageous prices for commodity third party hardware.
>
> And just in case someone starts going on about compatibility, GLC-* refers
> to a family of SFP transceivers which has encompassed many manufacturers
> and even more hardware revisions since they were introduced 15 years ago.
>
>> No RIP-NG support
>
> That is a feature, imho.
>
>> I really wish there was a "commit and quit"
>
> meh.  not a biggie.
>
>> Using ACLs to restrict telnet/ssh access  gets strange if you use
>> layer-4 port definitions in your acl, just stick to source prefix.
>
> you can use prefix sets for this, no?
>
> Nick



-- 
Just my $.02, your mileage may vary,  batteries not included, etc....

More information about the cisco-nsp mailing list