Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are trying to upgrade the IOS of an ASR1009 to a 17.12.x version due to recent CVE announced by Cisco. Part of it is to upgrade the ROMMon as well. However, the linecard ASR1000-6TGE can only have ROMMon 16.3(2r) for 17.9.x, there's no applicable ...
Hello. Good day to everyone. Looking for some help here. We are trying to migrate a bunch of servers from an old data center that is running its own ACI fabric. Almost all of the BDs are in network centric mode but there's this one huge BD that is be...
We have multiple RAVPN firewalls worldwide, including ISE per region. Our admin node is in our EU data center, and we have policy nodes per region. All our RAVPN firewalls have the same configuration, but we’re having a weird issue. The dACLs we’re g...
Hello. I am trying to figure out route summary between Tenant or VRF. Let's say I have Tenant1:VRF1 and Tenant2:VRF2. VRF1, let's say have like 1000 10.x.x.x subnets. Then in VRF2, you have an external vendor that would need to monitor your entire ne...
Quick question guys. For exam and real world use purposes. What is the more acceptable way to enable SRTE for ISIS?There are two options I have been testing and both of them seem to enable SRTE. Thanks!Option 1:router isis SPaddress-family ipv4 unica...
Just for anyone who knows what the problem is. It was due to the fact that the ISE PSNs are behind a load-balancer. The load-balancer performed round-robin between the backend PSNs that's why the dACL download keeps on restarting from the beginning. ...
Hello @Rob Ingram, I think this has been lifted already and more lines can be applied. We have like 3 dozens of dACLs configured on the ISE depending on the group membership of the user, and almost all of them have more than 150 lines +/- 10% in term...
Hello. Sorry I didn't see this thread for a long time. Yes, the topology is something like that. I have reached out to someone who's doing ACI and I was told that there is no way to summarize the smaller subnets prior to leaking it out to the other t...
Thank you. I actually tested this months ago and if I remember it right, when I used OSPF as the IGP the SRTE policy went up right away and I didn't even define router-id. I also didn't try to configure the mpls te configurations under the routing pr...
I was actually doing some lab regarding this and you can actually make this work in IPv4 network as long as the source AS is the same as the receiving AS.Sample below:AS15---AS16---AS17If you advertise networks of AS15 to AS16 then you configure AS-O...
