BGP attribute-download and VPNv4

Using “bgp attribute-download” to get source AS number  into netflow, and use that for traffic analysis. According to cisco this command “bgp attribute-download” is only available for IPv4 unicast address family.

IPv6 HSRP Config

Interface vlan777 ipv6 enable     Otherwise, the config looks spot on   Our config looks like:   interface Vlan110 standby version 2 standby 110 ipv6 FE80::1 standby 110 timers 1 3 standby 110 priority 110 standby 110 preempt delay minimum 180 standby 110 authentication xxxx ipv6 address dead:beef:1::FFFE/64 ipv6 enable ipv6 nd other-config-flag ipv6… Lees verder IPv6 HSRP Config


Ended up with the following for DSL customers using DS-Lite:   block size 512 max blocks per user 16 block timeout 120 address-sharing-ratio 8:1   avg usage is 34 ports per block and 1,3 blocks per address, but the top 1% are at least x10.   Some years ago we had started with more relaxed… Lees verder NAT DS-Lite

IOS XR vrf export route-policy

vrf export route-policy doesn’t seem to directly deny prefixes from advertisement… but according to this one site you can indirectly deny prefixes… it seems that vrf export route-policy is mainly used to more granularly assign rt’s and add rt’s to rt’s (additive). Thought it was pretty clever to not put a route-target export… Lees verder IOS XR vrf export route-policy

TX low alarm warning

For some reason especially on3.7 code we have also seen this message on ports which are left no shut, and they have an SFP in it. That’s because they introduced DOM support for some transceivers:

CVE-2016-1287 and old pix units   As of July 28, 2008, Cisco PIX Security Appliance platforms/bundles are no longer being sold. Customers can still purchase accessories and licenses until January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013.

ASR1001 vs 1001-X PPP

Based on understanding, the CPU on 1001-X is more powerful and can handle more concurrent session establishments. It also has 2 10G interfaces which can come in handy. However, the queue-count is considerably lower in the 1001s which makes QoS difficult, depending on your policies. I would recommend a 1002-X if you are looking at… Lees verder ASR1001 vs 1001-X PPP

Trunked VLANs over FTTC VDSL2

This is a live working 897 using QinQ over VDSL:     interface Ethernet0 no ip address ! interface Ethernet0.400 encapsulation dot1Q 101 second-dot1q 400  ip vrf forwarding test  ip address ! interface Ethernet0.401 encapsulation dot1Q 101 second-dot1q 401  ip vrf forwarding test-2  ip address     #show ver | i… Lees verder Trunked VLANs over FTTC VDSL2

ASR920 “console” port

Here are some pictures of the ASR920 Console kit A920-CONS-KIT-S     The Adapter Plugs in the Top Left USB Console Port and we have it wired up to a Perle IOLAN SCS48C console server using a rollover cable.   Here are some pictures of  it, since I can only find a brief mention of… Lees verder ASR920 “console” port


service instance 940 ethernet description description TEST_OUTER_940_Inner_942 encapsulation dot1q 940 second-dot1q 942 rewrite ingress tag pop 2 symmetric bridge-domain 942   interface Vlan942 description TEST_OUTER_INNER_TAGs mtu 9100 ip address no ip proxy-arp end     #ping Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:… Lees verder QinQ