|
Ok, this pisses me off. 5 Solaris boxes plugged into 3550, online, connected and pingable. Switchport shows up / up. But no god drat macs in the dynamic mac-address table, nor any static configurations. This is a fresh switchload. I have seen this on other switches as well. EDIT: Apparently sporadic traffic isn't enough to keep a MAC populated in the table....bullshit if you ask me. H.R. Paperstacks fucked around with this message at 17:30 on Feb 26, 2008 |
# ? Feb 26, 2008 15:27 |
|
|
# ? Jun 5, 2024 08:40 |
|
jbiel posted:EDIT: Apparently sporadic traffic isn't enough to keep a MAC populated in the table....bullshit if you ask me. Set your mac address aging timer higher?
|
# ? Feb 26, 2008 18:07 |
|
H110Hawk posted:Set your mac address aging timer higher? While that is a viable option, why not keep the loving MAC tied to the port as long as the port stays UP/UP? God drat Cisco.
|
# ? Feb 26, 2008 18:54 |
|
InferiorWang posted:On a similar topic of CrazyLittle's last issue, can I use a voice card in all of the slots of a 1760 router? I've got three fxo cards I need to install in a router. The last two slots are marked for voice only, but I wasn't quite sure if I could use the second slot for the remaining VIC. What're the requirements for using the voice features on a card? Could I just toss a VWIC-2MFT-T1 in an 1841 router and use one of the channels as a PRI? jbiel posted:While that is a viable option, why not keep the loving MAC tied to the port as long as the port stays UP/UP? God drat Cisco. well what happens if you have some device on the other end like a smartjack that just keeps the interface up? What about hubs on the port? I think that decision on cisco's side makes a lot of sense.
|
# ? Feb 26, 2008 20:26 |
|
CrazyLittle posted:well what happens if you have some device on the other end like a smartjack that just keeps the interface up? What about hubs on the port? I think that decision on cisco's side makes a lot of sense. A server keeps the interface up at all times unless it reboots or is service reset via OS, in which case, layer 1 usually drops during the reset, hence the switch would pickup the MAC again. I don't use hubs, so I refuse to talk about them, nor do I plug smartjacks into a switch. I would think that the smart thing to do would be to get a MAC as soon as layer 1/2 comes up, and keep that MAC until layer 1/2 is reset, at which point, the switchport picks up the same or new MAC depending on what happened. I am sure there is a reason why Cisco does it the way they do, no arguing that.
|
# ? Feb 26, 2008 20:58 |
|
jbiel posted:While that is a viable option, why not keep the loving MAC tied to the port as long as the port stays UP/UP? God drat Cisco. Why do you think this matters?
|
# ? Feb 26, 2008 21:35 |
|
inignot posted:Why do you think this matters? It's convenient from a sysadmin/management point-of-view because you can keep a hardware manifest using the MAC tables...
|
# ? Feb 26, 2008 22:30 |
|
inignot posted:Why do you think this matters? CrazyLittle posted:It's convenient from a sysadmin/management point-of-view because you can keep a hardware manifest using the MAC tables... The reason I ran into it was because another admin turned up a bunch of servers without configuring switchport security. Attempt to use sticky pulled no MAC, and MAC-Address table had no MACs for those ports. So at that point, I have to bug the sysadmin goofs to get me MACs off the servers, which can be another pain in the rear end in itself. So being able to see the MAC of the device plugged into the port at all times, regardless of traffic on the port would be nice. I guess it is just a personal gripe more than anything, it just makes it useful in my situation where we are required to use switchport security.
|
# ? Feb 26, 2008 22:44 |
|
jbiel posted:While that is a viable option, why not keep the loving MAC tied to the port as long as the port stays UP/UP? God drat Cisco. On large networks you can run in to mac table exhaustion if you do this. If the other side is a switch it could have god knows how many mac addresses tied to it. Why not inventory the MAC's as the servers come in to the network? Why not inventory them off your DHCP server? Why not run ARP against the known IP address and figure it out from there? Why not have a real network that pushes traffic constantly?
|
# ? Feb 27, 2008 00:04 |
|
nmap -sP subnet/mask Now your mac cache is populated.
|
# ? Feb 27, 2008 00:06 |
|
jbiel posted:The reason I ran into it was because another admin turned up a bunch of servers without configuring switchport security. Attempt to use sticky pulled no MAC, and MAC-Address table had no MACs for those ports. Ping the subnet that the servers are on? That should populate the table for you, and you do not have to bug anybody else! Its expected behavior that was designed around legacy deployments. To change the behavior today would cause more harm then good, as it causes very little harm today. If you have to keep a manifest of what is on the port, use switchport security and sticky to track things, or use eou (Extensible Authentication Protocol over UDP) clientless with a centralized server (typically a radius set to always send back an allow but keep a table of the macs in the eou messages).
|
# ? Feb 27, 2008 00:08 |
|
I'm picking up a GigE IP circuit from Internap and going to push about 500 Mbit of traffic through it. I'm aggregating 12 cabinets which all use different subnets. What sort of router should I look at? I'm not doing BGP. Would a 3750 do this?
|
# ? Feb 27, 2008 00:39 |
|
internap is smoke and mirrors.
|
# ? Feb 27, 2008 00:40 |
|
As I said, it is just a personal beef of mine. The guidelines I have to follow do not allow machines to respond to ICMP, nor are we allowed to use 'switchport port-security sticky", nothing dynamic is really allowed. Most of the documentation has all the mac-addresses of each system is on another network, in a another room with no remote access. I guess today I was just being lazy. Normally this doesn't happen when I turn up systems, but as I said, I was cleaning up a mess from another network admin.
|
# ? Feb 27, 2008 01:09 |
|
inignot posted:internap is smoke and mirrors.
|
# ? Feb 27, 2008 01:27 |
|
brent78 posted:I have them in Chicago, and have been really happy with the service. Now I'm looking to add them in San Francisco.. Can you be less broad? When I dealt with them in 2001 they were all about promoting their "route optimization" voodoo. For anyone that hasn't heard of this provider, they have no network of their own at all. They pull in internet circuits w/BGP from a half a dozen ISPs into a couple of unconnected island POPs; then claim black magic path quality testing that produces alterations to the routing table which is allegedly better routing then what the BGP natively provides. Anyway, if you accept the black magic routes are better then the unaltered BGP routes there's a couple of underlying issues to consider: 1. Since their black magic routes differ from native BGP they are by definition creating asymmetric routing. Granted, this may or may not happen on the internet anyway. 2. Since the "better" route is by definition going to produce asymmetry, it's only going to take the "better" path in the direction you transmit in. Multihoming with internap and another ISP would be an adventure as well. You would have to prepend the AS path with the non internap ISP since the internap connection has their clown AS between you and the ISPs they are connected to. I have my doubts about their "path optimization" black magic as well. They wouldn't explain how it worked. Short version : they are the ISP version of an infomercial hawking exercise gear while shrieking about "the power of dynamic isolation of the abs".
|
# ? Feb 27, 2008 01:57 |
|
inignot posted:1. Since their black magic routes differ from native BGP they are by definition creating asymmetric routing. Granted, this may or may not happen on the internet anyway. inignot posted:Multihoming with internap and another ISP would be an adventure as well. You would have to prepend the AS path with the non internap ISP since the internap connection has their clown AS between you and the ISPs they are connected to.
|
# ? Feb 27, 2008 02:02 |
|
CrazyLittle posted:What're the requirements for using the voice features on a card? Could I just toss a VWIC-2MFT-T1 in an 1841 router and use one of the channels as a PRI? Sorry, I'm not sure if you're asking your own question or making a suggestion! If it's the latter, we have a T1/PRI VWIC card in the first slot of the 1760. I have three FXO 2 port vics just sitting around from a previous build that whoever did it never used. My boss wants to add 6 analog lines for call manager to expand the amount of channels and avoid the possibility of a rapid busy.
|
# ? Feb 27, 2008 03:26 |
|
Girdle Wax posted:This is going to happen on the internet anyway, asymmetry is a fact of life and it will not be avoided. I'm aware of that and acknowledged it in what you quoted. My point is that, at best, Internap is selling a voodoo black box that creates asymmetry as their competitive advantage without acknowledging it only works unidirectionally. I also find their black box voodoo path optimization questionable. How do they judge a better path to a /16? A /16 could be disguising several hundred different path variations within one of their upstream ISPs. I don't believe for a second their path optimization is running at /32 granularity. How often to they poll these paths to determine which is optimal? Who knows. Just give me multihoming to a couple ISPs and I'll deal with the well established localpref or prepending or weight or whatever policies to influence inbound/outbound routing as required.
|
# ? Feb 27, 2008 03:40 |
|
inignot posted:I'm aware of that and acknowledged it in what you quoted. My point is that, at best, Internap is selling a voodoo black box that creates asymmetry as their competitive advantage without acknowledging it only works unidirectionally.
|
# ? Feb 27, 2008 05:32 |
|
inignot posted:Multihoming with internap and another ISP would be an adventure as well. You would have to prepend the AS path with the non internap ISP since the internap connection has their clown AS between you and the ISPs they are connected to. I'm not really up on how BGP works entirely. I see our really quite long configuration dealing with what prefixes go where, but we never had any problems I can think of homing them with L3 and GBLX. We're trying (hear me Internap?) to turn up a 10gig line with them we ordered over a month ago at this point. They keep dropping the ball at various points. I think part of it is our sales guy, who at this point has stopped returning my calls. Either way, we've had the least amount of technical problems from them than any other provider with which we've gone. It's great, our Internap network technician guy pretty openly hates the entire non-technical staff, but he knows his poo poo and gets the job done, so they seem to tolerate him. Global Crossing and Level3 technical support can suck it. Seriously.
|
# ? Feb 27, 2008 07:45 |
|
InferiorWang posted:Sorry, I'm not sure if you're asking your own question or making a suggestion! The initial statement was an answer to your question: "Can you use a VIC-2FXO in any slot" and from that page I found it seems the answer is "yes." The second half is a question. I'm really tempted to see if I can do some VOIP routing with cisco products. (I want to see if it's better/smoother/cheaper than VOIP over Adtran... which is pretty drat easy.) So I'm wondering what I would need in order to get started screwing around with Cisco voice features. Any VIC/VWIC and a router with a IP PLUS load...? Yes? No? is there more to it? Any good tutorial sites or white papers on people doing this? Oh, and as for the poster looking at OER earlier I might suggest a "pass" on it unless you've got plenty of CPU free on your router, as OER seems to work best if you're preforming NAT on the OER border routers because otherwise your return paths won't match the outbound interface. H110Hawk posted:We're trying (hear me Internap?) to turn up a 10gig line with them we ordered over a month ago at this point. They keep dropping the ball at various points. I think part of it is our sales guy, who at this point has stopped returning my calls. From what I can see, all the fiber vendors are dragging their feet with fiber installs because it tends to require significantly higher human investment in the install process. A lot of their older tech like coax DS3s are faster to roll out because half the work is already done. My company's fiber rollouts are at the mercy of SBC, and that can be like pulling teeth some times. CrazyLittle fucked around with this message at 07:58 on Feb 27, 2008 |
# ? Feb 27, 2008 07:55 |
|
CrazyLittle posted:From what I can see, all the fiber vendors are dragging their feet with fiber installs because it tends to require significantly higher human investment in the install process. Near as I can tell no one is pulling new fiber, or very little new fiber. I just need people to go connect jumpers. (At least, I seriously doubt they pulled new dark fiber between wilshire connection and our 1200 w 7th datacenter. And the termination point for that pre-pulled a shitton of fiber years ago between all of the internal datacenters. I'm friends with the manager in there and the fiber is there, just needs to be patched. I have been patched from my router to Internap's patch panel for over a month.)
|
# ? Feb 27, 2008 09:00 |
|
brent78 posted:It's well known it's unidirectional, you can only control traffic leaving your network. As for "voodoo black box", just read their white papers about the FCP, flow control products. No secrets there. They measure latency, packet loss and broken routes and choose the best path. Have you ever been to their website or talked to an engineer there, doesn't sound like it. I last dealt with them in 2001. I concede they may be more open about their route optimization techniques and their implications today. In retrospect, it's possible the sales guy at the time may have been covering ignorance with claims of propriety; it was during the tail end of the bozo overloaded internet boom.
|
# ? Feb 27, 2008 12:59 |
|
My impression of internap is quite positive. I cannot speak for their path selection, but diversity in paths between data centers in Chicago seems to be a strong suit of theirs. That and their knee-jerk reactions whenever they notice the line down, I was still in the process of configuring two routers and when I reloaded it we got a call asking if everything was alright. Impressed me.
|
# ? Feb 27, 2008 14:48 |
|
I am experiencing an issue where any RADIUS authentication calls that run through an ASA 5520 are coming back as false negatives. The device queries the RADIUS server, gets an affirmative response back (confirmed on the IAS server), yet states authentication denied. This is consistent across platforms and models. Is there something in the ASA itself that I am missing? This only is causing problems for devices that run through the firewall, anything that lives on the switches are fine. Static translations are being utilized to give the device access to the RADIUS server, so the return traffic isn't being NAT'd back to the device. Anyone run into this before? Edit, I should add that packet-tracers run clean as it talks to the IAS server just fine. &&&&&&&&&&&&&&&&&&&&&&& wanted to update this, I ran a capture outbound on those interfaces and the traffic was getting PAT'd to the interface even though an existing (inbound) flow was present. The device was rejecting the RADIUS call because it received a response from a device it did not try to contact, or in this case, the PAT'd address of a server it did not contact. I cleared out the static translations and put them back in and the RADIUS auths ran clean. Chalk that up to a crazy bug, this was on 7.2.3-18. jbusbysack fucked around with this message at 23:40 on Mar 3, 2008 |
# ? Feb 28, 2008 19:03 |
|
Have any of you guys used a Cisco multi-service router (like a 2800 series) to deliver a PRI to a PBX system? What kind of hardware are you using? What IOS? What does the configuration look like (you can PM if you don't want it publicly visible.)
|
# ? Mar 4, 2008 22:47 |
|
jbusbysack posted:I am experiencing an issue where any RADIUS authentication calls that run through an ASA 5520 are coming back as false negatives. The device queries the RADIUS server, gets an affirmative response back (confirmed on the IAS server), yet states authentication denied. This is consistent across platforms and models. Is there something in the ASA itself that I am missing? This only is causing problems for devices that run through the firewall, anything that lives on the switches are fine. It sounds like you have a static that overlaps with a dynamic PAT policy. If that is the case then all bets are off.
|
# ? Mar 4, 2008 23:40 |
|
CrazyLittle posted:Have any of you guys used a Cisco multi-service router (like a 2800 series) to deliver a PRI to a PBX system? Not quite an ISR/MSR, but we use 2431s for this purpose: code:
code:
|
# ? Mar 5, 2008 00:40 |
|
inignot posted:When I dealt with them in 2001 they were all about promoting their "route optimization" voodoo. I'm not allowed to back it up, but over half of what you say here is patently untrue, and just plain wrong.
|
# ? Mar 5, 2008 02:27 |
|
I would just like to thank this thread for the "packet-tracer" command. Holy poo poo is that useful. I was an ASA configuring fool today at work.
|
# ? Mar 5, 2008 04:00 |
|
godzirraRAWR posted:I'm not allowed to back it up, but over half of what you say here is patently untrue, and just plain wrong. To reiterate: inignot posted:I last dealt with them in 2001. I concede they may be more open about their route optimization techniques and their implications today. In retrospect, it's possible the sales guy at the time may have been covering ignorance with claims of propriety; it was during the tail end of the bozo overloaded internet boom.
|
# ? Mar 5, 2008 17:42 |
|
Tremblay posted:It sounds like you have a static that overlaps with a dynamic PAT policy. If that is the case then all bets are off. No dynamic PAT policies or route map craziness going on. It was just a bug that was fixed with re-entering the static translations.
|
# ? Mar 5, 2008 20:42 |
|
I have a couple of Aironet 1200's still running VxWorks. In the web interface it lists "Current Boot Server" and "Specified ".ini" File Server" but I don't see any way to change those settings. Neither listed server is running tftp, nor even has a config file for the Aironets (something else I should fix), but one of the machines is being obsoleted so I'd like to remove it from the config anyway. I apologize for not having config output... telnet on this thing is just a text rendering of the webpage and it blows. A lot. I'm using this page right here for documentation.
|
# ? Mar 5, 2008 22:06 |
|
We've got a Cisco AS5350XM with a couple of DS1 cards in it. I'm looking for the OIDs to get the number of incoming and outgoing calls via SNMP. You can see the total number via the console but I can't seem to find the right OID to pick up incoming calls (or outgoing, but that's less important to us because we fail over to another gateway if our PRIs are full). I need to be able to show to the higher-ups that we need to buy more PRIs because we're missing calls. I can find total usage per DS1 but because we fail over to other providers if the PRI is full I really need to find the inbound usage.
|
# ? Mar 11, 2008 23:37 |
|
Ahhhhh I just have to say this: Success!!! OER works! It's pretty cool having two DSL connections and a T1 all work in tandem, but there are some definite drawbacks. Some session based sites get confused by the multiple routes that OER can assign. The configuration is a real pain in the rear end. ahh gently caress it I'm tired.
|
# ? Mar 12, 2008 03:43 |
|
Do we have a CallManager M.D. in the house? Can anyone explain to me how partitions and calling search spaces relate to translation patterns?
|
# ? Mar 12, 2008 14:57 |
|
Do any of you guys have experience with the new VS-S720-10G-3Cs? We're putting together a test machine and the SUP is failing to boot. It's being installed (SLOT 5) into a 6509-E w/ dual 3000W AC and a 6748-GE-TX. I ran the config through Cisco and it validates. Any ideas what we're doing wrong?
|
# ? Mar 14, 2008 19:44 |
|
M@ posted:Do any of you guys have experience with the new VS-S720-10G-3Cs? We're putting together a test machine and the SUP is failing to boot. It's being installed (SLOT 5) into a 6509-E w/ dual 3000W AC and a 6748-GE-TX. Can you paste us some console output? I don't have any experience with those fancy pants new SUP's, but I have some with general Cisco junkola. Include the config register, ROMMON output, etc. Oh, hey M@. Send it on over to me, I'll get it booting for you.
|
# ? Mar 14, 2008 20:54 |
|
|
# ? Jun 5, 2024 08:40 |
|
H110Hawk posted:Can you paste us some console output? I don't have any experience with those fancy pants new SUP's, but I have some with general Cisco junkola. Include the config register, ROMMON output, etc. There is no output We threw a regular SUP720 in slot 6 and at first it didn't see anything in slot 5. Now it's seeing something in slot 5, but it's still showing Unknown. I may throw this chassis in the back of my car and come up for a visit if we can't get this thing going soon! Edit: After loading 12.2.18 (I think) onto our Regular SUP we now see a "Supervisor Engine" in slot 5, but it's still saying unknown for the MAC. Trying a new IOS now M@ fucked around with this message at 21:59 on Mar 14, 2008 |
# ? Mar 14, 2008 21:24 |