I staged a Cisco 1111 router for IPSec encrypted DMVPN deployment at a spoke site at one location. I pulled the certificate and didn't associate it with the IP address of the device nor the serial number of the device. When I sent it to the remote site it wouldn't come up at all. Is there anything I might have to do at the hub routers to make them forget that this spoke router once spoke to them from IP address A to turn up on IP address B? Or is it the case that if it turned up on IP address A it should come up no problem when it's new public IP address is address B? Thank you. ... View more

Both of my fabric interconnects are complaining about too little disk space. But I'm not sure where to go to see what junk I can delete from there. In UCS Manager there's no place in FI to show the contents of bootflash. I went to the CLI and tried connect nxos thinking maybe I could show bootflash: there. But no go. And the main CLI had no show boot. ??   Affected object:sys/switch-A/stor-part-bootflash Description:Disk usage for partition bootflash on fabric interconnect A exceeded 70% ... View more

I ran into ping responsiveness problems on my Nexus 6ks last week. I think I know the cause - waiting for a change window to address that. But in the meantime I'd like to know - what's the least impactful means of finding out what the sources addresses are of those ICMP Copp policy violations? IP accounting? Access lists with permits and logs? Some command for Copp that would output say 500 samplings of the violation traffic? Thank you.  ... View more

I have one DMVPN spoke site that stopped working a few days ago with no changes on the network at the spoke nor the hub. It's encrypted with a certificate so I pulled a new certificate no problem. That shows port 80 to the hub is fine. But I'm not seeing logged attempts from the spoke at the hub so I'm suspecting perhaps the ISP put in place some kind of protection that blocking the crypto conversation and preventing the tunnel from coming up.   What other commands could I run to verify whether the tunnel setup traffic is permitted from spoke to hub? Ping verifies the routing is good. Certificate pull and telnet port 80 to the hub verifies port 80 is all good. Is there some kind of command that would let me send the ports and protocols of IPSec as a test to vet that these are in fact permitted to the DMVPN hub router?    I could run debug dmvpn at the spoke. I tried running debug dmvpn at the hub but that debug surprisingly was not showing me the source address of the connection attempts (there are dozens of sites connecting to the hub). Any tips on verifying the connection path appreciated. ... View more

On my Cisco 3945 router which is serving as a DMVPN main hub - I am seeing these frag table overflow messages a few times a day. Can they seriously impact performance for the people at the spoke sites? If I increased the frag table what would be a good value? I see up to 1024 is permitted.   354919: .Feb 26 16:28:25.299 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354920: .Feb 26 16:37:32.309 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354926: .Feb 26 16:59:34.310 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354927: .Feb 26 17:18:39.311 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354928: .Feb 26 17:38:47.316 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354934: .Feb 26 20:15:17.248 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354969: .Feb 27 11:44:44.559 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354970: .Feb 27 11:51:43.563 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354971: .Feb 27 11:53:09.563 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354972: .Feb 27 12:07:17.568 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354973: .Feb 27 12:19:22.572 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354975: .Feb 27 12:26:25.569 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354976: .Feb 27 12:58:50.575 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354982: .Feb 27 15:15:34.616 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354984: .Feb 27 15:30:20.618 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 354985: .Feb 27 15:37:34.622 PST: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Tunnel1: the fragment table has reached its maximum threshold 16 ... View more