ostinato - Packet/Traffic Generator and Analyzer Greyhole - Redundant Storage Pooling using Samba Route Views Project Page AAA and VTYs in IOS-XR : Bingo Continuing on the IOS-XR saga, this is the newest bunch of things that don't "work as expected" (© Cisco). Well, as expected by me, not by Cisco. Everything started while trying to configure a primary and backup aaa login method on an ASR9k, when i realized that... 1) having a backup aaa login method with the same tacacs servers as the ones in the primary aaa login method (which is using the management vrf) doesn't work Imagine the following aaa configuration: ! This is supposed to work in the following way: As long as at least one mgmt interface is up (i'm using a virtual-ip for the mgmt interfaces), tacacs communication should happen through the out-of-band mgmt interfaces. Guess what! In order to overcome the above problem, i thought of using different vty templates, each one with a different access method. ! Since the "rotary" command is not supported in IOS-XR, this is what you can do: ! And this is the point you realize that you can't choose a vty, because... So i tried the following: !
GNS3 | Graphical Network Simulator ASR9000/XR: The concept of a SMU and managing them Introduction A SMU is a software maintenance update, or simply put a patch, that can be loaded on the XR device you are running. The concept of a SMU applies to all XR devices, although this article focuses on the ASR9000 primarily. When the system is running into a SW deficiency (a.k.a. a bug) Cisco can provide a patch for that particular problem in order for you to keep running your base release, but get free of the problem at hand. How do SMU’s work? A SMU is a patch that is provided on a per release and per component basis and is specific to the platform. SMU’s are “PIE” files (package installation envelope) similar as the functionality of feature PIE’s such as MGBL, MPLS and multicast and they are installed in a similar fashion. The 3 operation steps to apply a smu are: Addition of the smu to the filesystemActivation of the smu onto the systemCommitting the smu change so it is persistent across reloads Example smu installation and application Couple of notes to that: Info: ser 'root' •1.
Understanding ELAM With the increasing complexity of networking devices and protocols, it can be extremely difficult to pinpoint the source of a networking problem. Often we need to determine if a frame was received and forwarded correctly on a particular device. There are several capturing tools, debugs, and tricks available to help answer this question. However, not all are feasible or available to run on a production network. ELAM (Embedded Logic Analyzer Module) is an engineering tool that gives us the ability to look inside Cisco ASICs and understand how a packet is being forwarded. ELAM is “embedded” within the forwarding pipeline and can capture a packet in real time without affecting performance or control plane resources. Did the packet reach the forwarding engine? And much more… ELAM is extremely powerful, granular, and non-intrusive. ELAM was designed as a diagnostic tool for internal use. So, with such a firm disclaimer and challenges, why are we discussing ELAM now? ELAM Workflow Centralized vs.
Innovative Troubleshooting Tools in Cisco Switches At Cisco TAC, when the phones ring for P1/P2 outages, a typical problem we hear from customers is about connectivity issues between end-hosts and/or end-users' application performance issues. In an enterprise core/distribution and datacenter network, where virtual switching solutions (like, VSS or vPC) are highly deployed with large number of port-channels / redundant links, it is challenging and critical to trace the path of the packet to identify the device, link and port causing the above-mentioned problems. How does a TAC engineer really find the device / link / port in issue ? (1) NetDR / EthAnalyzer Net Driver (NetDR) tool is used in Catalyst 6500 and Cisco 7600 platforms to capture the traffic sent to (and received from) the CPU. When poor performance is experienced with specific application, using these tools (in the devices along the traffic path) helps us to confirm that specific traffic is getting hardware-switched and NOT processed by the CPU. (a) Was the packet received ?
OSPF - Setting IP MTU values for Cisco and Juniper - The Network Sherpa MTU mismatches are the primary reason an OSPF adjacency becomes stuck in the EXSTART state. After hellos are exchanged and the routers become neighbors, each OSPF speaker advertises the IP MTU of it’s local interface in a Data Base Description (DBD) LSA. If there is a mismatch you’ll probably just adjust the configuration to be identical on both ends of the link and be done. However, when you try to peer two OSPF routers with different network operating systems, things start to fall apart fairly quickly. One of the biggest issues I have seen with MTU is that it means different things to different vendors and engineers. If you’re familiar with Cisco IOS on routers, you’ll know that there are two interface level commands available: ‘mtu’ and ‘ip mtu‘. The aim of the ‘hardware mtu‘ is to ensure that physical interace can handle the full datagram when layer-2 framing overhead is added to the maximum IP packet size. So for NXOS there is only a single command ‘mtu’.
Cisco IOS Shell Configuration Guide, Cisco IOS Release 15.1M - Cisco IOS Shell [Support] Cisco IOS Shell First Published: March 25, 2011 Last Updated: March 30, 2011 The Cisco IOS Shell (IOS.sh) feature provides shell scripting capability to the Cisco IOS command-line-interface (CLI) environment. Finding Feature Information Your software release may not support all the features documented in this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. Contents Prerequisites for Cisco IOS.sh Restrictions for Cisco IOS.sh Information About Cisco IOS.sh How to Enable Cisco IOS.sh Using Cisco IOS.sh Additional References Feature Information for Cisco IOS.sh Prerequisites for Cisco IOS.sh Cisco IOS Release 15.1(4)M, 15.1(2)S, and later releases. Cisco IOS.sh must be configured and enabled to use the Cisco IOS.sh features and functions on your router. Restrictions for Cisco IOS.sh If Cisco IOS.sh is not enabled, the Cisco IOS.sh features and functions are not available on your router. Information About Cisco IOS.sh Terminal Option Note Path if
Welcome | acm sigcomm Egress QOS | LAN, Switching and Routing | Cisco Support Community | 6016 | 31581 C3750 Switch Family Egress QOS Explained Understanding the Egress QOS Logic on the C3750/C3560/C3750E/C3560E platforms. (Alternate Title: Egress QOS for dummies) Table of Contents C3750 Switch Family Egress QOS Explained. 1 1 Optimizing Egress Traffic. 3 1.1 Why have this paper 3 1.2 Intended Audience. 3 1.3 Disclaiminer 3 1.4 Not covered. 3 2 How the Egress Logic Works. 5 2.1 Basics on the Egress Logic of the Switch. 5 2.1.1 QOS Defaults. 8 2.2 The Queue-set is Your Friend. 9 2.2.1 Elements of the Queue-set Explained. 9 2.2.2 Example of Queue-set configuration. 11 2.2.3 Queue-set configuration Guidelines. 12 2.2.4 More Queue-set Information. 13 2.3 How the transmit Queue is determined. 13 2.4 Will the packet be dropped by WTD?. 2.4.1 Threshold Modification Strategy. 16 2.5 Where are the packets going. 16 2.6 Order of Egress: Shaped, Shared or Both. 18 2.6.1 What does the Shaping value really do. 19 2.6.2 Shared Weights Explained. 20 2.6.3 Shaped and Shared Combination. 21 3 Solutions and Strategies. 24 1. 2.
Sourcefire File Policies (aka Advanced Malware Protection) | popravak With Sourcefire ASA software modules we are able to control what file types are allowed and what are not to be downloaded or uploaded. What can be tracked depends on protocols supported by the Sourcefire and the direction of file transfer can be upload, download or both, again depending on the supported protocols. Before we go any further, in order to utilize file detection and/or blocking, we have to have a valid license. This license is named AMP and more about this can be found here. Now, with a valid license, we can’t do whatever we want. And we can only check for files within regular, non-encrypted versions of these protocols. For some of these protocols we can watch for files in both directions, upload and download, for example for FTP, but for some, it makes sense only for uploads, for example with the SMTP. What we can detect is also limited, but in time the number of supported file types should increase. So, why would we do such thing as detecting and blocking files? This is ok.
Technology Tutorials - Waris Tech Resource Session Video Recording Session Slide Deck Session Objective Cisco end to end validated Service Provider solution “Evolved Programmable Network (EPN)”To learn about Network Transport Architecture evolution for Carrier Ethernet, Mobile Backhaul “LTE to 5G” & IoTAudience: Network Architect, Solution Architect who design and deploy SP network Agenda IntroductionEPN 4.0 - Unified MPLS Reference ArchitectureEPN 5.0 - From Unified MPLS to Agile Carrier Ethernet (ACE)Operational SimplicityEvolving Mobile Backhaul Network Architecture Towards 5GProduct UpdateConclusion Bonus Material Linkedin Post Date: December 3rd, 2015 Slides & Downloading Recording in MP4 / ARF Format What is Cisco Evolved Programmable Network (EPN)? Cisco Carrier Ethernet and Mobile Backhaul Self Paced Bootcamp Youtube Video Playlist Link: Topics: What is Remote Loop Free Alternate? What is Segment Routing? Segment Routing: Update and Future Evolution- Clarence Filsfils Spring Forward(ing) - Evolving IP/MPLS Networks with Segment Routing