|
ionn posted:What effect, if any, will GRE have on network performance (mainly in terms of latency)? You're going to be stuck with qos-preclassify, so make sure you understand what that will mean for you. If you influence any selective discard behavior within your provider's MPLS network currently, through dscp or ip precedence, or whatever, make sure you think about the effect of encapsulating everything in GRE. Here's an Avaya paper on voip and dmvpn: http://www.avaya.com/master-usa/en-us/resource/assets/applicationnotes/dmvpn_app.pdf ionn posted:What does "ip tcp adjust-mss 1400" do that "mtu 1400" doesn't? tcp adjust-mss modifies the, er, tcp mss of the packets traversing the GRE tunnel. It's a clever thing, because if TCP never tries to shove more than 1400 bytes into an IP packet, then you don't have to worry about the combined IP, TCP, ESP, and GRE headers exceeding the interface MTU, which would cause fragmentation. By contrast, lowered tunnel MTU will fragment data. The problem is that adjust-mss won't work for non-tcp traffic, so you'll still almost always see lowered tunnel MTU's as well. If you use both, just make sure your adjust-mss is lower than the MTU.
|
# ? Dec 10, 2007 17:54 |
|
|
# ? Jun 5, 2024 07:41 |
|
A tangentially related question about Cisco stuff - I'm looking to pick up a CCNA to sweeten my resume a bit while I search for a new job. I already have 3 years of networking experience, and I've been taking the practice exams on Cisco's site without too much difficulty. Is the CCNA the sort of exam where I can buy the self-study materials, study for a few weeks, and go in and pass it without having an IOS simulator, or am I stuck either shelling out for a simulator or some old Cisco hardware?
|
# ? Dec 10, 2007 18:10 |
|
chutwig posted:A tangentially related question about Cisco stuff - I'm looking to pick up a CCNA to sweeten my resume a bit while I search for a new job. I already have 3 years of networking experience, and I've been taking the practice exams on Cisco's site without too much difficulty. Is the CCNA the sort of exam where I can buy the self-study materials, study for a few weeks, and go in and pass it without having an IOS simulator, or am I stuck either shelling out for a simulator or some old Cisco hardware? Dynamips is free, and 2 pages back there's a link to a thread in SA where lots of good cheap gear was for sale.
|
# ? Dec 10, 2007 18:32 |
|
XakEp posted:Dynamips is free, and 2 pages back there's a link to a thread in SA where lots of good cheap gear was for sale. I'm looking at M@'s thread now. What sort of equipment in there should I be looking to purchase for the CCNA? It seems like the 2950 is what gets kicked around as being the "standard", and I freely admit I don't know enough about Cisco equipment to know what the differences are between all these model numbers, and whether the differences might disqualify something from being a good testbed for the CCNA.
|
# ? Dec 10, 2007 18:44 |
|
chutwig posted:I'm looking at M@'s thread now. What sort of equipment in there should I be looking to purchase for the CCNA? It seems like the 2950 is what gets kicked around as being the "standard", and I freely admit I don't know enough about Cisco equipment to know what the differences are between all these model numbers, and whether the differences might disqualify something from being a good testbed for the CCNA. 2 2924 switches, a 2620 router and maybe a 3640 and you'll be good through most CCNP stuff. Drop the 3640 and you'll have a perfect CCNA lab.
|
# ? Dec 10, 2007 19:01 |
|
Hmm, why would an entire building of 7960s not work? I've got 3 VOIPs in one small building, and all of them can place calls off campus, but if they dial a 4 digit extension, it's silence on both ends. The person receiving a call can see who the call is coming from, and once the call is connected, the timer starts timing, but it's dead silent. It's just strange that the phones would be able to dial 1-800-Awesome, but not be able to dial x2710. And what's also strange is that the phones are wired in the traditional wall->phone->computer way, and the computers can surf the net. Guh.
|
# ? Dec 10, 2007 20:37 |
|
chutwig posted:I'm looking at M@'s thread now. What sort of equipment in there should I be looking to purchase for the CCNA? It seems like the 2950 is what gets kicked around as being the "standard", and I freely admit I don't know enough about Cisco equipment to know what the differences are between all these model numbers, and whether the differences might disqualify something from being a good testbed for the CCNA. Also, if you don't see something listed, just ask me if I have it. If I don't, I can probably still go out and buy it cheap. MC Fruit Stripe posted:Hmm, why would an entire building of 7960s not work? I've got 3 VOIPs in one small building, and all of them can place calls off campus, but if they dial a 4 digit extension, it's silence on both ends. The person receiving a call can see who the call is coming from, and once the call is connected, the timer starts timing, but it's dead silent. It's just strange that the phones would be able to dial 1-800-Awesome, but not be able to dial x2710. And what's also strange is that the phones are wired in the traditional wall->phone->computer way, and the computers can surf the net. Guh. That's very strange. Normally IP to IP is the easy part. Can you post the config?
|
# ? Dec 10, 2007 20:46 |
|
Lemme see if I can get it. Call manager is handled at the district level, so I'm trying to troubleshoot what I can locally. Definitely a weird one.
|
# ? Dec 10, 2007 20:48 |
|
MC Fruit Stripe posted:Lemme see if I can get it. Call manager is handled at the district level, so I'm trying to troubleshoot what I can locally. Definitely a weird one. Place a call to an ext. Once the other phone is off hook tap the ? mark button twice. Look at the packet sent/received counts. I'd guess you are sending but not receiving media. Any firewalls/ACLS/etc?
|
# ? Dec 10, 2007 22:30 |
|
jwh posted:You're going to be stuck with qos-preclassify, so make sure you understand what that will mean for you. If you influence any selective discard behavior within your provider's MPLS network currently, through dscp or ip precedence, or whatever, make sure you think about the effect of encapsulating everything in GRE. I might have the option of using some routing protocol directly with the providers routers (not sure which ones they support), which would solve our issues rather nicely without having to do GRE. I would still prefer if what we got from them would look like a "normal" layer 2 link, which is sort of what GRE would do. Since we're probably adding 3-4 sites and will need to do some other strange stuff with that network, we'll have to see what they can do for us (including QoS stuff). The example setup in that Avaya paper actually fits pretty well into what we want to do. Question is just if I can get the stuff needed to do it (right now I'm sitting with IPBASE-equipped 2801's). jwh posted:tcp adjust-mss modifies the, er, tcp mss of the packets traversing the GRE tunnel. It's a clever thing, because if TCP never tries to shove more than 1400 bytes into an IP packet, then you don't have to worry about the combined IP, TCP, ESP, and GRE headers exceeding the interface MTU, which would cause fragmentation. By contrast, lowered tunnel MTU will fragment data. Ah, so it "hijacks" and changes the mss of the syn packets? Clever, indeed. Wasn't even aware that you could do that. I don't think there will be much non-tcp traffic that will approach the MTU/MSS sizes. If it can make sure most (if not all) of the TCP traffic doesn't need to be fragmented, that should be all good
|
# ? Dec 10, 2007 22:48 |
|
I've got an 1841 router and I'm trying to add a HWIC-1FE to it. For some reason the 1841's rejecting it saying it's disabled/not supported. What gives?quote:WIC/HWIC Slot 1:
|
# ? Dec 11, 2007 00:02 |
|
ionn posted:I would still prefer if what we got from them would look like a "normal" layer 2 link, which is sort of what GRE would do. ionn posted:Question is just if I can get the stuff needed to do it (right now I'm sitting with IPBASE-equipped 2801's). So that could be good.
|
# ? Dec 11, 2007 00:05 |
|
CrazyLittle posted:I've got an 1841 router and I'm trying to add a HWIC-1FE to it. For some reason the 1841's rejecting it saying it's disabled/not supported. What gives? Upgrade your IOS to 12.4(15)T.
|
# ? Dec 11, 2007 00:06 |
|
jwh posted:Upgrade your IOS to 12.4(15)T. motherf- yep that was it. Thanks! ... okay spoke too soon. Uploaded c1841-ipbase-mz.124-18.bin and that doesn't seem to be fixing it. \/ \/ yeah 12.4.(15)T1 did the trick. CrazyLittle fucked around with this message at 01:42 on Dec 11, 2007 |
# ? Dec 11, 2007 00:33 |
|
CrazyLittle posted:motherf- yep that was it. Thanks! 12.4(15)T have you tried 12.4.15T1? It's under ED code on the upgrade planner. T is the 'experimental' train I believe, for features to be included in mainline 12.5, the HWIC-1FE stuff might not be in mainline 12.4 yet.
|
# ? Dec 11, 2007 01:34 |
|
jwh posted:I don't know who your MPLS WAN vendor is, but if it's AT&T, ask about their 'AVPN' product. If it's anybody else, tell them you want VPLS maybe? I dunno. I've worked with Sprint's peerless IP MPLS service. You get a serial link to Sprint & talk BGP with them. All your sites run a separate AS and through the magic of MPLS you get one hop any to any connectivity. Overlaying point to point IPsec/GRE tunnels or DMVPN works fine if you have security concerns.
|
# ? Dec 11, 2007 02:33 |
|
inignot posted:I've worked with Sprint's peerless IP MPLS service. You get a serial link to Sprint & talk BGP with them. All your sites run a separate AS and through the magic of MPLS you get one hop any to any connectivity. Overlaying point to point IPsec/GRE tunnels or DMVPN works fine if you have security concerns. Yeah, that's more or less how AT&T's normal MPLS offering works. You can even run every site as the same ASN, by having AT&T (13979) pop your AS out of the path. Supposedly, AT&T has an 'AVPN' offering which is actually draft martini stuff. I've never seen it. It sounds kind of nice, though. One of the big reasons why we didn't overlay GRE onto our AT&T MPLS offering was because I don't believe there's a way to preserve your quality of service codepoints on GRE encapsulated packets. The outer header can't absorb the inner packet's dscp codepoint, and you lose your ability to influence the provider's selective discard. Which kind of sucks
|
# ? Dec 11, 2007 05:36 |
|
jwh posted:I don't know who your MPLS WAN vendor is, but if it's AT&T, ask about their 'AVPN' product. If it's anybody else, tell them you want VPLS maybe? I dunno. Well, I'm in Sweden and it's a relatively small regional provider (northern Europe only). I've got circuits over MPLS networks from two different (regional) providers. One of them was presented as a plain layer 2 link (though, I think, without broadcast), the other is as a layer 3 link. None of them have even suggested we do the MPLS LER ourselves, but I'll ask for it and see what they say. Surely, these guys should be able to come up with something better than the routing mess that will ensue if we continue on in the current direction. BGP is something I'll probably only look into if all else fails... Edit: Yep, they won't let us run MPLS LER ourselves, but they can just present the whole thing as a L2 network (which will be way easier to set up and administer, especially since we're adding a few nodes to it). ionn fucked around with this message at 17:32 on Dec 11, 2007 |
# ? Dec 11, 2007 08:04 |
|
Here is a handy trick that you may not know about yet:code:
Also, because the type 7 passwords are weakly encrypted, you can unencrypt them very easily. http://www.kazmier.com/computer/cisco-apps.html Using that website, try the encrypted password from my example code: 001E0B051241130519 zxcvzxcv EDIT:Here's the LOL version: http://www.kazmier.com/computer/cisco-cracker.html ITS A GLITCH IN THE MATRIX EDIT #2: Works with type 5 passwords also: code:
Filthy_McGreasy fucked around with this message at 01:30 on Dec 12, 2007 |
# ? Dec 11, 2007 22:45 |
|
I recently scheduled the CCNP 642-892 bsci/bcmsn composite exam for January 11th. Pearson-Vue posted:Exam: 642-892: Composite Price: $US 225.00 There is so much poo poo on this test,
|
# ? Dec 12, 2007 08:36 |
|
ionn posted:What I have at the moment are a pair of 2801's, not sure how much they can take though I can definitely try with encryption as well. mtu 1400 changes the mtu on the interface. ip tcp adjust-mss 1400 alters TCP SYN packets flowing through the router so that the mss option is always lower then your specified value. Edit: goddamnit, seems im hitting a caching proxy at my ISP, no replies to what I answer until I´ve written my answer, then BAM, a whole new page of replies.
|
# ? Dec 12, 2007 13:47 |
|
XakEp posted:2 2924 switches, a 2620 router and maybe a 3640 and you'll be good through most CCNP stuff. Drop the 3640 and you'll have a perfect CCNA lab. I'm looking to kinda do a dual purpose set-up for my house. I want something I can use for a decent ccna(p?) lab but as well replace my linksys home router. It's got wireless which I hardly ever use anyway so losing it wouldn't be a big deal, but with the 2 switches listed and the router, would I have a good lab as well as a functioning router for my home? Also, if I wanted to add wireless, what would be the cost/equipment for something like that? I'm pretty cisco-dumb at this point, I took a class on it in high school and don't remember a whole lot. If this is something that just totally won't work, let me know that too.
|
# ? Dec 12, 2007 18:41 |
|
Paul Boz_ posted:I recently scheduled the CCNP 642-892 bsci/bcmsn composite exam for January 11th. http://www.cisco.com/web/learning/le3/current_exams/642-892.html You sir, are a madman!
|
# ? Dec 12, 2007 19:16 |
|
Doug posted:I'm looking to kinda do a dual purpose set-up for my house. I want something I can use for a decent ccna(p?) lab but as well replace my linksys home router. It's got wireless which I hardly ever use anyway so losing it wouldn't be a big deal, but with the 2 switches listed and the router, would I have a good lab as well as a functioning router for my home? Also, if I wanted to add wireless, what would be the cost/equipment for something like that? Ballpark ebay costs: 2620 router with a couple of interfaces: $300-400 2924 switches: $70-100 apiece 1100 or 1200 series wireless access point: $100 or less Many consumer-grade Linksys routers have firewall capabilities, too. You want to consider that you're removing that functionality from your network before you go and do it. You can make a 2600 series act like a firewall, but it's a chore to maintain and you may need more NVRAM/RAM than most of them have, and it's not for the cisco-dumb.
|
# ? Dec 12, 2007 20:48 |
|
I'm trying to work through a VLAN/Trunking/InterVLAN routing lab and from what I can tell, my router doesn't support VLANs! According to Cisco's docs, I was under the impression that the 2620 did encapsulation. Apparently I was wrong. What IOS release do I need? code:
|
# ? Dec 12, 2007 21:23 |
|
We have a smartnet contract on our 4506 that I just got coupled to my cco login. I went through the IOS upgrade planner and got to the point where I can download c2600-is-mz.121-27b.bin. Unfortunately, after that, it throws me into a login loop. Is that because the contract is specifically on a 4506(not the 2600 I need an IOS upgrade for), or is there some different problem I'm experiencing?
|
# ? Dec 12, 2007 22:22 |
|
I think you need an IP Plus image.
|
# ? Dec 12, 2007 22:32 |
|
You're right on the image. Plus it just seems like the Cisco website is somewhat flaky, held together by hopes and dreams. Sometimes I get a 403 error, hit reload, and it works fine.
|
# ? Dec 13, 2007 02:30 |
|
http://www.gns3.net/ It's a complete dynamips package with visual topology editor. You still need IOS binaries, but for some fake labbing, it looks very promising. Not sure if it's poop sock worthy. I don't plan on finding out either.
|
# ? Dec 15, 2007 03:48 |
|
InferiorWang posted:http://www.gns3.net/ I've never figured out the appeal of dynamips, it can't emulate a switch.
|
# ? Dec 15, 2007 15:05 |
|
I'm starting to run into some limitations such as the switch limitations you mentioned. You can put a switch in and specify VLANs, but not a L3 switch apparently, nor can you telnet to it. Also, I can't seem to use a serial interface using a 2600 image.
|
# ? Dec 15, 2007 18:18 |
|
InferiorWang posted:I'm starting to run into some limitations such as the switch limitations you mentioned. You can put a switch in and specify VLANs, but not a L3 switch apparently, nor can you telnet to it. Also, I can't seem to use a serial interface using a 2600 image. I ended up using a 3745 with an NM-16ESW as a "L3" switch, it was as close as I could get.
|
# ? Dec 15, 2007 18:47 |
|
Filthy_McGreasy posted:Here is a handy trick that you may not know about yet: I use the password decrypter pretty much every day to get passwords out of old configs. I use the Boson utilities one. It's great for legacy crap where the original engineer is long gone and it wasn't in the password rotation. code:
|
# ? Dec 15, 2007 23:38 |
|
Dynamips is great in that you can map a virtual interface to a physical one in the PC/server running the program. You can then interconnect it into your physical lab and voila, up to five or six more 7206's. Dynamips can't simulate something that happens in hardware, like layer 2 frame switching. It only runs the operations that occur in software, like routing. It's not Dynamips fault that it can't do something that specific hardware is engineered to do.
|
# ? Dec 16, 2007 01:51 |
|
Does anyone have some suggestions for learning new IOS commands? I am going through the self-study CCNP program and I am constantly seeing new commands. I know I am going to have to memorize these for the test, and it is getting hard to juggle all of this new information. When I see the new configs, I write them down and then practice them a few times in a small lab. Does anyone have any suggestions on how to improve retention for these commmands?
|
# ? Dec 16, 2007 05:05 |
|
For my final project, I need to come up with firewall configuration rules for a Cisco PIX 500 system to make the network resources behind it secure. Three different networks, three PIX 500's, three different configs. My question is whether the tables he taught us in class are actually viable ways of displaying rule sets. Also, what commands would be used to enter these into the system,a s the manuals I found so far are a little to dense for me to understand.. I only ask because this is the same man that tried to compare a firewall to Mac and Cheese (sticky in some parts, holes in others). Here's the example from the text he wrote: It's not a server, but it's mine to host things on, so no gripes about linking.
|
# ? Dec 19, 2007 02:38 |
|
foghorn posted:My question is whether the tables he taught us in class are actually viable ways of displaying rule sets. I certainly wouldn't use that table format for documenting rules, but it can be interpreted. The source port & ACK restrictions I might have to look up. Actually, that ACK field is straight up retarded, the PIX tracks state, so the ACK bit shouldn't be a concern. inignot fucked around with this message at 02:59 on Dec 19, 2007 |
# ? Dec 19, 2007 02:55 |
|
Filthy_McGreasy posted:Does anyone have some suggestions for learning new IOS commands? I am going through the self-study CCNP program and I am constantly seeing new commands. I know I am going to have to memorize these for the test, and it is getting hard to juggle all of this new information. When I see the new configs, I write them down and then practice them a few times in a small lab. Does anyone have any suggestions on how to improve retention for these commmands? Open a DOS window and type them a million times. Get them into your hands.
|
# ? Dec 19, 2007 04:37 |
|
I'm just starting to get into networking and Cisco. I've bought a book and have some other resources at my disposal, and I'm planning on taking the CCENT as soon as I finish reading and practicing the material. My employer will be retiring a couple Cisco 2600 routers next week and has offered to give me one to help learn the IOS and setup a little lab at home. This is great, but while reading through the book there are several chapters coming up dealing with configuring and using switches. I do not believe the router has more than 2 or 3 ethernet ports, so I'm wondering if I should try to grab a switch on ebay? Can anyone give me advise on what type of hardware I might want to look at (I can get a pretty decent switch on ebay for ~$50-70 it seems) for a small home lab setup for the CCENT and CCNA? Thanks. fake edit: What I'm really looking at is if I should get a switch to learn with if I already have a router.
|
# ? Dec 20, 2007 00:37 |
|
|
# ? Jun 5, 2024 07:41 |
|
Two 2600 routers and 2 2954 switches are all you will need.
|
# ? Dec 20, 2007 01:35 |