Interface vlan777 ipv6 enable     Otherwise, the config looks spot on   Our config looks like:   interface Vlan110 standby version 2 standby 110 ipv6 FE80::1 standby 110 timers 1 3 standby 110 priority 110 standby 110 preempt delay minimum 180 standby 110 authentication xxxx ipv6 address dead:beef:1::FFFE/64 ipv6 enable ipv6 nd other-config-flag ipv6 …

Continue reading IPv6 HSRP Config

Ended up with the following for DSL customers using DS-Lite:   block size 512 max blocks per user 16 block timeout 120 address-sharing-ratio 8:1   avg usage is 34 ports per block and 1,3 blocks per address, but the top 1% are at least x10.   Some years ago we had started with more relaxed …

Continue reading NAT DS-Lite

vrf export route-policy doesn’t seem to directly deny prefixes from advertisement… but according to this one site you can indirectly deny prefixes… it seems that vrf export route-policy is mainly used to more granularly assign rt’s and add rt’s to rt’s (additive). http://www.akbintel.com/mediawiki/index.php/VRF/Config#export_map http://nagendrakumar-nagendra.blogspot.com/2011/09/mpls-vpn-vrf-export-map.html Thought it was pretty clever to not put a route-target export …

Continue reading IOS XR vrf export route-policy

For some reason especially on3.7 code we have also seen this message on ports which are left no shut, and they have an SFP in it. That’s because they introduced DOM support for some transceivers: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/ol-37xe-4500x.html#pgfId-2796909

Continue reading TX low alarm warning

http://www.cisco.com/c/en/us/products/collateral/security/pix-500-series-security-appliances/pix_eos.html   As of July 28, 2008, Cisco PIX Security Appliance platforms/bundles are no longer being sold. Customers can still purchase accessories and licenses until January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013.

Continue reading CVE-2016-1287 and old pix units

Based on understanding, the CPU on 1001-X is more powerful and can handle more concurrent session establishments. It also has 2 10G interfaces which can come in handy. However, the queue-count is considerably lower in the 1001s which makes QoS difficult, depending on your policies. I would recommend a 1002-X if you are looking at …

Continue reading ASR1001 vs 1001-X PPP

This is a live working 897 using QinQ over VDSL:     interface Ethernet0 no ip address ! interface Ethernet0.400 encapsulation dot1Q 101 second-dot1q 400  ip vrf forwarding test  ip address 1.1.1.2 255.255.255.252 ! interface Ethernet0.401 encapsulation dot1Q 101 second-dot1q 401  ip vrf forwarding test-2  ip address 2.2.2.2 255.255.255.252     #show ver | i …

Continue reading Trunked VLANs over FTTC VDSL2

Here are some pictures of the ASR920 Console kit A920-CONS-KIT-S     The Adapter Plugs in the Top Left USB Console Port and we have it wired up to a Perle IOLAN SCS48C console server using a rollover cable.   Here are some pictures of  it, since I can only find a brief mention of …

Continue reading ASR920 “console” port

service instance 940 ethernet description description TEST_OUTER_940_Inner_942 encapsulation dot1q 940 second-dot1q 942 rewrite ingress tag pop 2 symmetric bridge-domain 942   interface Vlan942 description TEST_OUTER_INNER_TAGs mtu 9100 ip address 10.97.97.1 255.255.255.252 no ip proxy-arp end     #ping 10.97.97.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.97.97.2, timeout is 2 seconds: …

Continue reading QinQ