Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We currently have our Cisco equipment synced to our NTP server using MD5 authentication, which works well. We have a directive from our cybersecurity team to upgrade to one of the SHA authentication mechanisms and facing a problem with that.Now, both...
We are in the process of designing a medium sized MPLS network using NCS540 routers. A requirement was not to have a full-mesh of BGP neighbourships or use RR or to change the next-hop at every hop.So we decided to use BGP confed. Maybe our design as...
We have some routers running Hub and Spoke DMVPN. Currently, we use the below ACL inbound on the Internet facing interface to secure the interface and allow only DMVPN.
We have a mandate to migrate from IKEv1 to IKEv2. Will the ACL still be valid? If...
Hi. I deployed a simple DMVPN setup with 1 Hub and 2 Spokes. I am running OSPF. Looks like, unlike EIGRP, OSPF doesn't use split-horizon to prevent Spoke routes from being advertised to other spokes.
What is the most straight-forward way to prevent ...
We use Rsyslog and LogAnalyzer as our Syslog collector. All our routers/switches/firewalls send Syslogs to Rsyslog. We would like timestamps in the log payload and this works fine for routers and switches, but Rsyslog cannot recognise the timestamp o...
Thanks for highlighting the differences. This means that both per-CE and per-VRF work fine, but per-Prefix has issues. We ran our litany of tests with per-CE for static routes and didn't find any issues, so the TAC case is only to get an official ans...
Thanks, I did see this, but it doesn't match our issue exactly1. There's no issue with the BVI subnet's prefix being advertised across the network. All BVI-BVI routing works without issues with "redistribute connected". The problem is only with "redi...
Thanks, it is unlikely to be a scale issue, because we have less than 50 prefixes in our lab network where we are testing this. Either ways, we have a case with TAC to work on this further,
