[c-nsp] cisco-nsp Digest, Vol 131, Issue 6
Nam Nguyen
nhnam81 at gmail.com
Thu Oct 3 05:30:47 EDT 2013
Hi !
Thank you so much for your support Oliver Boehmer & Tony.
I have tried to convert using ACL permit (not deny) and it's okay.
Thanks and Best Regards.
Nam
On Thu, Oct 3, 2013 at 3:54 PM, <cisco-nsp-request at puck.nether.net> wrote:
> Send cisco-nsp mailing list submissions to
> cisco-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> or, via email, send a message with subject or body 'help' to
> cisco-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
> cisco-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisco-nsp digest..."
>
>
> Today's Topics:
>
> 1. Re: Question configure QoS on ES20 Card, Cisco 7609 (Nam Nguyen)
> 2. Re: Question configure QoS on ES20 Card, Cisco 7609
> (Oliver Boehmer (oboehmer))
> 3. Re: VPLS ASR1k - ME3800 - no L2 tunnelling ? (Adam Vitkovsky)
> 4. Re: VPLS ASR1k - ME3800 - no L2 tunnelling ? (Pshem Kowalczyk)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 3 Oct 2013 10:13:04 +0700
> From: Nam Nguyen <nhnam81 at gmail.com>
> To: Tony <td_miles at yahoo.com>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Question configure QoS on ES20 Card, Cisco 7609
> Message-ID:
> <CAAs=
> DCLnMXsfQ1cudXAAbv09ZWQh11ZKqH1A4bgmov-42bKWZQ at mail.gmail.com>
> Content-Type: text/plain; charset=windows-1252
>
> Dear all !
>
> At the end of ACL 161, I have defined permit ip any any:
> access-list 161 deny ip any 1.53.0.0 0.0.255.255
> access-list 161 deny ip any 1.52.0.0 0.0.255.255
> access-list 161 deny ip any 1.54.0.0 0.0.255.255
> access-list 161 deny ip any 1.55.0.0 0.0.255.255
> access-list 161 permit ip any any
>
> I think it's ok but I couldn't see the counter.
>
> Please help me
>
> Thanks
> Nam
>
>
>
> On Thu, Sep 26, 2013 at 7:28 PM, Nam Nguyen <nhnam81 at gmail.com> wrote:
>
> > Hi !
> >
> > at the end of acl i have defined permit ip any any:
> > - i need to block some traffic and permit the rest
> >
> > Nam Nguyen
> >
> > > On 26-09-2013, at 19:02, Tony <td_miles at yahoo.com> wrote:
> > >
> > > Hi,
> > >
> > > The error message seems to be fairly clear, you can't have DENY
> > statements in ACL.
> > >
> > > As to why you are not seeing anything in your counters, you only have
> > DENY statements and the end of every ACL is an implicit "deny ip any any"
> > this means that your ACL's will not match anything at all, so nothing
> will
> > go into your class.
> > >
> > > What are you trying to achieve ?
> > >
> > >
> > > regards,
> > > Tony.
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: Nam Nguyen <nhnam81 at gmail.com>
> > > To: cisco-nsp at puck.nether.net
> > > Cc:
> > > Sent: Thursday, 26 September 2013 8:21 PM
> > > Subject: [c-nsp] Question configure QoS on ES20 Card, Cisco 7609
> > >
> > > Hi all !
> > >
> > > I have some problem when configure QoS on Cisco ES20 card:
> > >
> > > - When I applied policy-map on sub-interface (egress), I see error
> > > message: "%G_QOS_CLASSIFY-DFC2-3-QOS_CONFIG:
> > > error detected: Can not support deny ace in ACL (161)"
> > >
> > > - When I applied policy-map on sub-interface (ingress), It's okay but I
> > > cann't see the counter. Below is example:
> > >
> > > class-map match-all UP
> > > match access-group 161
> > > class-map match-all DOWN
> > > match access-group 160
> > > class-map match-any MATCH_ALL
> > > match access-group 100
> > >
> > > policy-map 3M (This policy-map: I can see counter when issue show
> > > policy-map interface)
> > > class MATCH_ALL
> > > police cir 3000000 bc 300000 be 300000
> > > conform-action transmit
> > > exceed-action drop
> > > violate-action drop
> > >
> > > policy-map ABC (This policy-map apply to ingress ok but I cannot see
> > > counter when issue show policy-map interface )
> > > class UP
> > > police cir 1000000 bc 100000 be 100000
> > > conform-action transmit
> > > exceed-action drop
> > > violate-action drop
> > > class MATCH_ALL
> > > police cir 20000000 bc 2000000 be 2000000
> > > conform-action transmit
> > > exceed-action drop
> > > violate-action drop
> > >
> > > Extended IP access list 100 (class MATCH_ALL)
> > > 10 permit ip any any
> > >
> > > Extended IP access list 160 (class DOWN)
> > > 10 deny ip 1.53.0.0 0.0.255.255 any
> > > 20 deny ip 1.52.0.0 0.0.255.255 any
> > > 30 deny ip 1.54.0.0 0.0.255.255 any
> > > 40 deny ip 1.55.0.0 0.0.255.255 any
> > > ...
> > >
> > > Extended IP access list 161 (class UP)
> > > 10 deny ip any 1.53.0.0 0.0.255.255
> > > 20 deny ip any 1.52.0.0 0.0.255.255
> > > 30 deny ip any 1.54.0.0 0.0.255.255
> > > 40 deny ip any 1.55.0.0 0.0.255.255
> > > 50 deny ip any 101.53.0.0 0.0.63.255
> > > ...
> > >
> > > Result show policy-map interface
> > >
> > > 7609#sh policy-map int Po1.XYZ
> > > Port-channel1.2304332
> > >
> > > Service-policy input: ABC
> > >
> > > Class-map: UP (match-all)
> > > 0 packets, 0 bytes
> > > 5 minute offered rate 0000 bps, drop rate 0000 bps
> > > Match: access-group 161
> > > police:
> > > cir 10000000 bps, bc 1000000 bytes, be 1000000 bytes
> > > conformed 0 packets, 0 bytes; actions:
> > > transmit
> > > exceeded 0 packets, 0 bytes; actions:
> > > drop
> > > violated 0 packets, 0 bytes; actions:
> > > drop
> > > conformed 0000 bps, exceed 0000 bps, violate 0000 bps
> > >
> > > Class-map: MATCH_ALL (match-any)
> > > 0 packets, 0 bytes
> > > 5 minute offered rate 0000 bps, drop rate 0000 bps
> > > Match: access-group 100
> > > police:
> > > cir 100000000 bps, bc 10000000 bytes, be 10000000 bytes
> > > conformed 0 packets, 0 bytes; actions:
> > > transmit
> > > exceeded 0 packets, 0 bytes; actions:
> > > drop
> > > violated 0 packets, 0 bytes; actions:
> > > drop
> > > conformed 0000 bps, exceed 0000 bps, violate 0000 bps
> > >
> > > Class-map: class-default (match-any)
> > > 0 packets, 0 bytes
> > > 5 minute offered rate 0000 bps, drop rate 0000 bps
> > > Match: any
> > >
> > > My 7609 use version: Cisco IOS Software, c7600s72033_rp Software
> > > (c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRE5
> > >
> > > I have searched ES20 configure guide (
> > >
> >
> http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldcfg_external_docbase_0900e4b18075015d_4container_external_docbase_0900e4b180aab0c7.html
> > > ) and see something:
> > > Restrictions and Usage Guidelines
> > >
> > > When configuring the Layer 3 and Layer 4 ACLs on a Cisco 7600 Series
> ES20
> > > line cards, follow these restrictions and usage guidelines:
> > >
> > > ? L3 and L4 ACLs are supported only in ingress.
> > >
> > > ?You cannot simultaneously apply L2 ACL or L3/L4 ACLs on an EVC. You
> can
> > > either apply a L2 ACL, or a L3/L4 ACL within an EVC.
> > >
> > > ?L3 and L4 ACLs are not supported on EVCs in port-channels.
> > >
> > > ?IPv6 ACLs are not supported.
> > >
> > > ?Per ACE counters are not supported.
> > >
> > > ?You can apply a maximum of 4000 unique ACLs.
> > >
> > > ?You can configure a maximum of 8000 ACEs in a ES20 line card.
> > >
> > > ?In a L3 or L4 ACLs, if you apply the ACL name or number without
> actually
> > > creating the ACL, all the packets are permitted. However, in L2 ACLs,
> if
> > > you apply the ACL name,the packets are dropped.
> > >
> > > ?For eq and neq L4 operators, a maximum of 10 ports are used to relay
> the
> > > parameters. However, you can apply the ACLs only on the first port.
> > >
> > > ?Though the ACEs contain many rules based on which network traffic is
> > > filtered, only the criterion listed in Table
> > > 2-24<
> >
> http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldcfg_external_docbase_0900e4b18075015d_4container_external_docbase_0900e4b180aab0c7.html#wp1584674
> > >
> > > are
> > > supported.
> > >
> > >
> > > I see that L3/L4 ACLs are supported on in ingress and Per ACE counters
> > are
> > > not supported.
> > >
> > >
> > > Please help me !
> > >
> > >
> > > Nam
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
>
> --
> Nam Nguyen
> 0983810783
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 3 Oct 2013 06:58:47 +0000
> From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> To: Nam Nguyen <nhnam81 at gmail.com>, Tony <td_miles at yahoo.com>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Question configure QoS on ES20 Card, Cisco 7609
> Message-ID:
> <BB4FFD2794CF464FAA3A5C899EC94B542B0A3EA7 at xmb-rcd-x08.cisco.com>
> Content-Type: text/plain; charset="Windows-1252"
>
> Nam,
>
> as Tony already said, "deny" clauses are not supported in QoS
> classification ACLs on this linecard. So you need to change your qos
> semantic.
>
> Assuming deny was supported, your current qos policy semantic looks like
> if( destination is not in (1.52.x.x, etc.) ) then
> police to 1 mbps
> else
> police to 2 mbps
>
> if that is the case, you can change the config to
>
> access-list foo permit ip any 1.53.0.0 0.0.255.255
> access-list foo permit ip any 1.52.0.0 0.0.255.255
> access-list foo permit ip any 1.54.0.0 0.0.255.255
> access-list foo permit ip any 1.55.0.0 0.0.255.255
> !
> class-map FOO
> match access-group foo
> !
> policy-map BAR
> class FOO
>
> police cir 2000000 bc 100000 be 100000
> conform-action transmit
> exceed-action drop
> violate-action drop
> class class-default
> police cir 1000000 bc 100000 be 100000
> conform-action transmit
> exceed-action drop
> violate-action drop
>
> If the policy is more complex, it could get trickier..
>
>
> oli
>
>
>
> On 03/10/2013 05:13, "Nam Nguyen" <nhnam81 at gmail.com> wrote:
>
> >Dear all !
> >
> >At the end of ACL 161, I have defined permit ip any any:
> >access-list 161 deny ip any 1.53.0.0 0.0.255.255
> >access-list 161 deny ip any 1.52.0.0 0.0.255.255
> >access-list 161 deny ip any 1.54.0.0 0.0.255.255
> >access-list 161 deny ip any 1.55.0.0 0.0.255.255
> >access-list 161 permit ip any any
> >
> >I think it's ok but I couldn't see the counter.
> >
> >Please help me
> >
> >Thanks
> >Nam
> >
> >
> >
> >On Thu, Sep 26, 2013 at 7:28 PM, Nam Nguyen <nhnam81 at gmail.com> wrote:
> >
> >> Hi !
> >>
> >> at the end of acl i have defined permit ip any any:
> >> - i need to block some traffic and permit the rest
> >>
> >> Nam Nguyen
> >>
> >> > On 26-09-2013, at 19:02, Tony <td_miles at yahoo.com> wrote:
> >> >
> >> > Hi,
> >> >
> >> > The error message seems to be fairly clear, you can't have DENY
> >> statements in ACL.
> >> >
> >> > As to why you are not seeing anything in your counters, you only have
> >> DENY statements and the end of every ACL is an implicit "deny ip any
> >>any"
> >> this means that your ACL's will not match anything at all, so nothing
> >>will
> >> go into your class.
> >> >
> >> > What are you trying to achieve ?
> >> >
> >> >
> >> > regards,
> >> > Tony.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > ----- Original Message -----
> >> > From: Nam Nguyen <nhnam81 at gmail.com>
> >> > To: cisco-nsp at puck.nether.net
> >> > Cc:
> >> > Sent: Thursday, 26 September 2013 8:21 PM
> >> > Subject: [c-nsp] Question configure QoS on ES20 Card, Cisco 7609
> >> >
> >> > Hi all !
> >> >
> >> > I have some problem when configure QoS on Cisco ES20 card:
> >> >
> >> > - When I applied policy-map on sub-interface (egress), I see error
> >> > message: "%G_QOS_CLASSIFY-DFC2-3-QOS_CONFIG:
> >> > error detected: Can not support deny ace in ACL (161)"
> >> >
> >> > - When I applied policy-map on sub-interface (ingress), It's okay but
> >>I
> >> > cann't see the counter. Below is example:
> >> >
> >> > class-map match-all UP
> >> > match access-group 161
> >> > class-map match-all DOWN
> >> > match access-group 160
> >> > class-map match-any MATCH_ALL
> >> > match access-group 100
> >> >
> >> > policy-map 3M (This policy-map: I can see counter when issue show
> >> > policy-map interface)
> >> > class MATCH_ALL
> >> > police cir 3000000 bc 300000 be 300000
> >> > conform-action transmit
> >> > exceed-action drop
> >> > violate-action drop
> >> >
> >> > policy-map ABC (This policy-map apply to ingress ok but I cannot see
> >> > counter when issue show policy-map interface )
> >> > class UP
> >> > police cir 1000000 bc 100000 be 100000
> >> > conform-action transmit
> >> > exceed-action drop
> >> > violate-action drop
> >> > class MATCH_ALL
> >> > police cir 20000000 bc 2000000 be 2000000
> >> > conform-action transmit
> >> > exceed-action drop
> >> > violate-action drop
> >> >
> >> > Extended IP access list 100 (class MATCH_ALL)
> >> > 10 permit ip any any
> >> >
> >> > Extended IP access list 160 (class DOWN)
> >> > 10 deny ip 1.53.0.0 0.0.255.255 any
> >> > 20 deny ip 1.52.0.0 0.0.255.255 any
> >> > 30 deny ip 1.54.0.0 0.0.255.255 any
> >> > 40 deny ip 1.55.0.0 0.0.255.255 any
> >> > ...
> >> >
> >> > Extended IP access list 161 (class UP)
> >> > 10 deny ip any 1.53.0.0 0.0.255.255
> >> > 20 deny ip any 1.52.0.0 0.0.255.255
> >> > 30 deny ip any 1.54.0.0 0.0.255.255
> >> > 40 deny ip any 1.55.0.0 0.0.255.255
> >> > 50 deny ip any 101.53.0.0 0.0.63.255
> >> > ...
> >> >
> >> > Result show policy-map interface
> >> >
> >> > 7609#sh policy-map int Po1.XYZ
> >> > Port-channel1.2304332
> >> >
> >> > Service-policy input: ABC
> >> >
> >> > Class-map: UP (match-all)
> >> > 0 packets, 0 bytes
> >> > 5 minute offered rate 0000 bps, drop rate 0000 bps
> >> > Match: access-group 161
> >> > police:
> >> > cir 10000000 bps, bc 1000000 bytes, be 1000000 bytes
> >> > conformed 0 packets, 0 bytes; actions:
> >> > transmit
> >> > exceeded 0 packets, 0 bytes; actions:
> >> > drop
> >> > violated 0 packets, 0 bytes; actions:
> >> > drop
> >> > conformed 0000 bps, exceed 0000 bps, violate 0000 bps
> >> >
> >> > Class-map: MATCH_ALL (match-any)
> >> > 0 packets, 0 bytes
> >> > 5 minute offered rate 0000 bps, drop rate 0000 bps
> >> > Match: access-group 100
> >> > police:
> >> > cir 100000000 bps, bc 10000000 bytes, be 10000000 bytes
> >> > conformed 0 packets, 0 bytes; actions:
> >> > transmit
> >> > exceeded 0 packets, 0 bytes; actions:
> >> > drop
> >> > violated 0 packets, 0 bytes; actions:
> >> > drop
> >> > conformed 0000 bps, exceed 0000 bps, violate 0000 bps
> >> >
> >> > Class-map: class-default (match-any)
> >> > 0 packets, 0 bytes
> >> > 5 minute offered rate 0000 bps, drop rate 0000 bps
> >> > Match: any
> >> >
> >> > My 7609 use version: Cisco IOS Software, c7600s72033_rp Software
> >> > (c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRE5
> >> >
> >> > I have searched ES20 configure guide (
> >> >
> >>
> >>
> http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_g
> >>uide/baldcfg_external_docbase_0900e4b18075015d_4container_external_docbas
> >>e_0900e4b180aab0c7.html
> >> > ) and see something:
> >> > Restrictions and Usage Guidelines
> >> >
> >> > When configuring the Layer 3 and Layer 4 ACLs on a Cisco 7600 Series
> >>ES20
> >> > line cards, follow these restrictions and usage guidelines:
> >> >
> >> > ? L3 and L4 ACLs are supported only in ingress.
> >> >
> >> > ?You cannot simultaneously apply L2 ACL or L3/L4 ACLs on an EVC. You
> >>can
> >> > either apply a L2 ACL, or a L3/L4 ACL within an EVC.
> >> >
> >> > ?L3 and L4 ACLs are not supported on EVCs in port-channels.
> >> >
> >> > ?IPv6 ACLs are not supported.
> >> >
> >> > ?Per ACE counters are not supported.
> >> >
> >> > ?You can apply a maximum of 4000 unique ACLs.
> >> >
> >> > ?You can configure a maximum of 8000 ACEs in a ES20 line card.
> >> >
> >> > ?In a L3 or L4 ACLs, if you apply the ACL name or number without
> >>actually
> >> > creating the ACL, all the packets are permitted. However, in L2 ACLs,
> >>if
> >> > you apply the ACL name,the packets are dropped.
> >> >
> >> > ?For eq and neq L4 operators, a maximum of 10 ports are used to relay
> >>the
> >> > parameters. However, you can apply the ACLs only on the first port.
> >> >
> >> > ?Though the ACEs contain many rules based on which network traffic is
> >> > filtered, only the criterion listed in Table
> >> > 2-24<
> >>
> >>
> http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_g
> >>uide/baldcfg_external_docbase_0900e4b18075015d_4container_external_docbas
> >>e_0900e4b180aab0c7.html#wp1584674
> >> >
> >> > are
> >> > supported.
> >> >
> >> >
> >> > I see that L3/L4 ACLs are supported on in ingress and Per ACE
> >>counters
> >> are
> >> > not supported.
> >> >
> >> >
> >> > Please help me !
> >> >
> >> >
> >> > Nam
> >> > _______________________________________________
> >> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> >> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> >
> >
> >--
> >Nam Nguyen
> >0983810783
> >_______________________________________________
> >cisco-nsp mailing list cisco-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 3 Oct 2013 10:23:51 +0200
> From: Adam Vitkovsky <adam.vitkovsky at swan.sk>
> To: "'Waris Sagheer (waris)'" <waris at cisco.com>, "'Chris Russell'"
> <chris at nifry.com>, <cisco-nsp at puck.nether.net>
> Cc: "'Mostafa Mansour \(mosmanso\)'" <mosmanso at cisco.com>
> Subject: Re: [c-nsp] VPLS ASR1k - ME3800 - no L2 tunnelling ?
> Message-ID: <05ae01cec011$e42cc780$ac865680$@swan.sk>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi Waris,
> So on ME3800 I read the l2pt tunnel is not supported on EFPs with
> PW/xconnect configured on them, though IOS will let you enter the command
> with no complains.
> So to work around this I should be using l2pt forward instead right?
>
> Is there actually a difference in function of these two commands please?
>
>
> adam
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Waris Sagheer (waris)
> Sent: Wednesday, October 02, 2013 6:29 PM
> To: Chris Russell; cisco-nsp at puck.nether.net
> Cc: Mostafa Mansour (mosmanso)
> Subject: Re: [c-nsp] VPLS ASR1k - ME3800 - no L2 tunnelling ?
>
> Hi Mostafa,
> Can you help with ASR1K L2PT behavior? What is supported on ASR1K?
>
> Hi Chris,
> I am copying Mostafa (ASR 1K expert) to confirm the L2PT behavior on ASR1K.
> Just a side note from ME perspective, I would recommend using L2PT forward
> command rather than L2PT tunnel.
>
> Best Regards,
>
> [http://www.cisco.com/web/europe/images/email/signature/horizontal06.jpg]
>
> Waris Sagheer
> Technical Marketing Manager
> Service Provider Access Group
> waris at cisco.com<mailto:waris at cisco.com>
> Phone: +1 408 853 6682
> Mobile: +1 408 835 1389
>
> CCIE - 19901
>
>
> <http://www.cisco.com/>
>
>
>
> [Think before you print.] Think before you print.
>
> This email may contain confidential and privileged material for the sole
> use
> of the intended recipient. Any review, use, distribution or disclosure by
> others is strictly prohibited. If you are not the intended recipient (or
> authorized to receive for the recipient), please contact the sender by
> reply
> email and delete all copies of this message.
>
> For corporate legal information go to:
> http://www.cisco.com/web/about/doing_business/legal/cri/index.html
>
>
>
> From: Chris Russell <chris at nifry.com<mailto:chris at nifry.com>>
> Organization: ntech
> Date: Saturday, August 31, 2013 6:18 AM
> To: "cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>"
> <cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>>
> Subject: Re: [c-nsp] VPLS ASR1k - ME3800 - no L2 tunnelling ?
>
> On 21/08/2013 10:00, Chris Russell wrote:
> On 21/08/2013 09:54, Adam Vitkovsky wrote:
> And I assume no BPDUs are passed either.
> Is it possible to issue cmd: "l2protocol peer" or all the l2protocol
> commands are rejected altogether?
> Just to see if the L2protocol status changes somehow.
>
>
> As a final thread closing to this one, with thanks to various people,
> especially Adam, who responded -
>
> L2 tunnelling of control packets (BPDUs) is NOT supported on the ASR1K.
>
>
>
> Thanks
>
> Chris
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 3 Oct 2013 21:47:50 +1300
> From: Pshem Kowalczyk <pshem.k at gmail.com>
> To: Adam Vitkovsky <adam.vitkovsky at swan.sk>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] VPLS ASR1k - ME3800 - no L2 tunnelling ?
> Message-ID:
> <CAEaZiRWP1RS2pqhKLim5pTd3pRyQ7W3LzZkzfcxyt95j=CKE=
> g at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hi Adam,
>
> With 'forward' the ethernet packets are forwarded 'as-is' through the
> MPLS topology. With 'tunnel' the destination MAC address gets
> rewritten to a 'special' multicast MAC addresses, the remote end of
> the 'tunnel' restores the original MAC address.
>
> Forward can be used if both customer devices are connected directly to
> PEs, if one side connects to a L2 only devices you have to use tunnel.
>
> kind regards
> Pshem
>
>
> On 3 October 2013 21:23, Adam Vitkovsky <adam.vitkovsky at swan.sk> wrote:
> > Hi Waris,
> > So on ME3800 I read the l2pt tunnel is not supported on EFPs with
> > PW/xconnect configured on them, though IOS will let you enter the command
> > with no complains.
> > So to work around this I should be using l2pt forward instead right?
> >
> > Is there actually a difference in function of these two commands please?
> >
> >
> > adam
> > -----Original Message-----
> > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> > Waris Sagheer (waris)
> > Sent: Wednesday, October 02, 2013 6:29 PM
> > To: Chris Russell; cisco-nsp at puck.nether.net
> > Cc: Mostafa Mansour (mosmanso)
> > Subject: Re: [c-nsp] VPLS ASR1k - ME3800 - no L2 tunnelling ?
> >
> > Hi Mostafa,
> > Can you help with ASR1K L2PT behavior? What is supported on ASR1K?
> >
> > Hi Chris,
> > I am copying Mostafa (ASR 1K expert) to confirm the L2PT behavior on
> ASR1K.
> > Just a side note from ME perspective, I would recommend using L2PT
> forward
> > command rather than L2PT tunnel.
> >
> > Best Regards,
> >
> > [http://www.cisco.com/web/europe/images/email/signature/horizontal06.jpg
> ]
> >
> > Waris Sagheer
> > Technical Marketing Manager
> > Service Provider Access Group
> > waris at cisco.com<mailto:waris at cisco.com>
> > Phone: +1 408 853 6682
> > Mobile: +1 408 835 1389
> >
> > CCIE - 19901
> >
> >
> > <http://www.cisco.com/>
> >
> >
> >
> > [Think before you print.] Think before you print.
> >
> > This email may contain confidential and privileged material for the sole
> use
> > of the intended recipient. Any review, use, distribution or disclosure by
> > others is strictly prohibited. If you are not the intended recipient (or
> > authorized to receive for the recipient), please contact the sender by
> reply
> > email and delete all copies of this message.
> >
> > For corporate legal information go to:
> > http://www.cisco.com/web/about/doing_business/legal/cri/index.html
> >
> >
> >
> > From: Chris Russell <chris at nifry.com<mailto:chris at nifry.com>>
> > Organization: ntech
> > Date: Saturday, August 31, 2013 6:18 AM
> > To: "cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>"
> > <cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>>
> > Subject: Re: [c-nsp] VPLS ASR1k - ME3800 - no L2 tunnelling ?
> >
> > On 21/08/2013 10:00, Chris Russell wrote:
> > On 21/08/2013 09:54, Adam Vitkovsky wrote:
> > And I assume no BPDUs are passed either.
> > Is it possible to issue cmd: "l2protocol peer" or all the l2protocol
> > commands are rejected altogether?
> > Just to see if the L2protocol status changes somehow.
> >
> >
> > As a final thread closing to this one, with thanks to various people,
> > especially Adam, who responded -
> >
> > L2 tunnelling of control packets (BPDUs) is NOT supported on the ASR1K.
> >
> >
> >
> > Thanks
> >
> > Chris
> >
> > _______________________________________________
> > cisco-nsp mailing list
> > cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
> ------------------------------
>
> End of cisco-nsp Digest, Vol 131, Issue 6
> *****************************************
>
--
Nam Nguyen
0983810783
More information about the cisco-nsp
mailing list