|
When using etherchannel I've always had only the etherchannel config on the physical ports and left the trunking only on the port channel virtual interface.
|
# ? Aug 30, 2008 02:25 |
|
|
# ? May 22, 2024 07:52 |
|
jbusbysack posted:As a matter of habit I never let DTP have a crack at anything, as there's no need to negotiate ever between what I would assume is the core switch and a top-of-rack distribution switch. What happens when you change it to 'channel-group 5 mode on' ? DTP != aggregation protocols used for Etherchannel. H110Hawk, I suggest you try "show etherchannel 5 summary" as you bring up the interfaces so you can monitor the port-states for the ports in Po5 from an etherchannel perspective. I'd also suggest running "debug etherchannel events" on the 6500 and the relevant equivalent command on the 4948. Everyone likes to freak out about debug commands, but certain ones aren't as bad as others and are completely invaluable troubleshooting tools.
|
# ? Aug 30, 2008 02:30 |
|
Can someone fill me in on some basic terminology? Google isn't helping. Aggregate switch - What do people mean when referring to this? Core switch - assuming main switch(s) at NOC Edge switch - assuming last switch before handing off to DMARC Thanks
|
# ? Aug 30, 2008 14:46 |
|
inignot posted:When using etherchannel I've always had only the etherchannel config on the physical ports and left the trunking only on the port channel virtual interface. This is the only way I have ever done it.
|
# ? Aug 30, 2008 16:07 |
|
ObamaisaTerrist posted:Can someone fill me in on some basic terminology? Google isn't helping. Edge switches are smaller less powerful switches that the users actually plug directly into (2900's, etc). Aggregation are better switches that can do MPLS and usually have fiber uplinks to the core (3560, 3750, 3400 Metro, 4948's). Core are the big switches like 6500s and GSRs (sometimes a 4948). They usually hand off to the main routers 7600, and CRSs. Aggregation isn't always needed on an individual business level. On the Service Provider level the Core is typically made up of routers and the aggregation is 6500's full of 6748 SFPs, with some ES20's thrown in for full line rate handoff to the core. But like everything else in networking this is just a guideline, and there is no hard and fast definition for separating core from edge from aggregation.
|
# ? Aug 30, 2008 17:12 |
|
http://en.wikipedia.org/wiki/Hierarchical_internetworking_model Feel free to use the terms "access" and "edge" interchangeably, although lately I've seen "edge" be the more popular term.
|
# ? Aug 30, 2008 21:28 |
|
atticus posted:DTP != aggregation protocols used for Etherchannel. Wow, I dunno why I called that DTP, but my question remains. Why allow it to negotiate instead of forcing the port bundling?
|
# ? Aug 31, 2008 04:36 |
|
jbusbysack posted:Wow, I dunno why I called that DTP, but my question remains. Why allow it to negotiate instead of forcing the port bundling? Because when someone makes a mistake while patching and patches a users laptop into the channel it will effectively blackhole 50% of the traffic going through it. Happy times were had troubleshooting why someone could access website x but not y while someone else could access y but not x.
|
# ? Aug 31, 2008 10:30 |
|
Thanks for the info. In continuing my questions, how do you all utilize the sh mac-address-table command? I understand what it does, I just haven't (yet) run into a day to day scenario when I would need to use it. Can you show me how it helps you? Thanks
|
# ? Aug 31, 2008 16:37 |
|
ObamaisaTerrist posted:Thanks for the info. Tracking down which access (edge) switch a user and their associated IP address is plugged into from the core. Basically comparing arp / mac-add table and hopping around out various uplinks until you find the access switch/port that the user is in. This obviously doesn't work from a routed perspective but on local segments it is very helpful.
|
# ? Aug 31, 2008 18:28 |
|
I've also used it when I have a server that was provisioned wrong. With 'sh mac-address-table' and '(config)# arp' you can force the MAC into the ARP tables to recover the box.
|
# ? Aug 31, 2008 20:30 |
|
If there is a duplicate IP on the network and you can't track down what device it is, you can use 'sh mac-address-table' plus 'show arp' and figure out the physical port the duplicate IP is on. Then you can manually trace the wire to the device. I had to do this a few times when I was a Lab COOP. 4 dynamic Class C networks, with about 160 devices each made the likely hood of duplicate addresses common.
|
# ? Sep 1, 2008 02:59 |
|
ObamaisaTerrist posted:In continuing my questions, how do you all utilize the sh mac-address-table command? I understand what it does, I just haven't (yet) run into a day to day scenario when I would need to use it. I do this probably a half dozen times a week. I suppose we could circumvent the entire process by requiring the server teams to keep track of what they plug into where, but you know how it goes. Did anyone ever come upon a CDP agent for windows machines that isn't some weird RBN malware deathtrap?
|
# ? Sep 1, 2008 06:05 |
|
jwh posted:Did anyone ever come upon a CDP agent for windows machines that isn't some weird RBN malware deathtrap? Haven't used this, but it seems to have a bunch of good shareware reviews, and it has a Windows service as well as a client to view CDP info (so the server admins can just pull that up to see where they're plugged in at) : http://www.tallsoft.com/cdpciscoclient.htm
|
# ? Sep 1, 2008 13:46 |
|
atticus posted:I suggest you try "show etherchannel 5 summary" as you bring up the interfaces so you can monitor the port-states for the ports in Po5 from an etherchannel perspective. I'll try this out with a cold 4948 and the bum port next week sometime. We use desirable for the other quoted reasons. We used to use `on`, but it's just too annoying having some douchebag with a laptop getting 500mbit of traffic destined for somewhere else. And we use the exact setup mentioned for core/dist(aggregation)/edge. 6509 with etherchanneled 4948's hooked up to it, and single-gig 2960's which have the servers themselves plugged in to them. Yes, 100mbit to the servers. We tend to use 3560G's for the filer edge, though.
|
# ? Sep 1, 2008 17:16 |
|
You can also use a L2 traceroute (there are some caveats) http://www.cciecandidate.com/?p=513
|
# ? Sep 1, 2008 18:49 |
|
I have a rj-45 -> db9 management cable. If I use a db9->usb adaptor (example : link) can I use this on a computer without a serial port? I'm asking because it looks like these are "dumb" adapters and not truly emulating a serial port. If the answer is no, any suggestions on how to search eBay for this in a way that's going to filter all of those out?
|
# ? Sep 1, 2008 20:47 |
|
Chuu posted:I have a rj-45 -> db9 management cable. If I use a db9->usb adaptor (example : link) can I use this on a computer without a serial port? I've had some coworkers who have had to do this because their serial port died, and yes it will work.
|
# ? Sep 1, 2008 20:53 |
|
Chuu posted:I have a rj-45 -> db9 management cable. If I use a db9->usb adaptor (example : link) can I use this on a computer without a serial port? You can't really have a "dumb" adapter. A USB and a RS-232 chip are both pennies per unit. You are looking at the finest in slave labor assembled/stolen/both USB adapter. I would suggest getting a keyspan.
|
# ? Sep 1, 2008 21:59 |
|
I have an 1841 router that shipped with version 12.3(8)T IOS software and 12.3(8r)T8 ROM (this is what Cisco calls "ROMMON" right?) If I want to update my software to the latest 12.4(20)T, should I also update the ROMMON? Looking through my support portal, version 12.4(13r)T5 is available for download. Is this even possible via software flash? I can't seem to find any sort of instructions about how to do it. Should I care?
|
# ? Sep 3, 2008 02:53 |
|
You shouldn't need to update your ROMMON to boot a new IOS on the 1841.
|
# ? Sep 3, 2008 03:02 |
|
No, you're right, I tested it and 12.4 boots fine. Was just wondering if there was any need for or benefit from also updating the ROMMON. Edit: also thanks for your earlier help about my XO routing questions... I wound up taking the 802.1Q approach and so far so good.
|
# ? Sep 3, 2008 03:22 |
|
Alowishus posted:No, you're right, I tested it and 12.4 boots fine. Was just wondering if there was any need for or benefit from also updating the ROMMON. I've seen weird stuff on newer 871s where they won't boot an older IOS, and I suspect it has to do with the ROMMON version, but I never figured it out completely. I can tell you that I've never had to update a ROMMON ever, except maybe once, and my memory of that isn't very good. quote:Edit: also thanks for your earlier help about my XO routing questions... I wound up taking the 802.1Q approach and so far so good.
|
# ? Sep 3, 2008 05:31 |
|
Two part question here. First part is about some basic config stuff. I bought some 2500 series routers to study for the CCNA. I have two 2501's and a 2503. The 2501's have 2 serial ports and an AUI. The 2503 has the same, plus an ISDN BRI port. The 2503 does something the 2501's don't, which I guess is related to the BRI port. On bootup, it displays: code:
Part 2 One of the 2501's had some really ancient IOS version that didn't like many commands in the Odom book, so I flashed it to the newest version supported. Everything went fine. Then I try to flash this 2503. It's just not working though. The tftpd log shows me that it connects fine, and I can upload fine. When I try to download though, I get this: code:
|
# ? Sep 3, 2008 06:46 |
|
Chuu posted:I have the same problem when trying to connect to the tftp server directly from the bootstrap loader. Is there some way around this to get a newer IOS image on this router? You kids and your trivial file transfer protocol witchcraft. Have you tried Xmodem, or similar?
|
# ? Sep 3, 2008 07:08 |
|
H110Hawk posted:You kids and your trivial file transfer protocol witchcraft. Have you tried Xmodem, or similar? Nope, will try it.
|
# ? Sep 3, 2008 07:33 |
|
jwh posted:I've seen weird stuff on newer 871s where they won't boot an older IOS, and I suspect it has to do with the ROMMON version, but I never figured it out completely. I can tell you that I've never had to update a ROMMON ever, except maybe once, and my memory of that isn't very good. There are occasions on older 2600 series routers and even some newer stuff that ROMMON/Bootstrap has to be upgraded in order to support larger memory modules. I remember having to do this specifically on a 2620XM.
|
# ? Sep 3, 2008 12:14 |
|
Chuu posted:Nope, will try it. xmodem is horribly slow, if you have a network connection available, and a unix box, try using Shrubbery networks RCPd, it's intended as a drop-in replacement for tftp since tftp sucks: http://www.shrubbery.net/rcpd/
|
# ? Sep 3, 2008 12:39 |
|
Of course if you are reduced to xmodeming code onto a router, remember to turn the serial port speed on the router & your workstation up to the maximum supported value. It's still going to be horrible though.
|
# ? Sep 3, 2008 16:09 |
|
H110Hawk posted:You kids and your trivial file transfer protocol witchcraft. Have you tried Xmodem, or similar? wtf
|
# ? Sep 3, 2008 16:22 |
|
Girdle Wax posted:xmodem is horribly slow, if you have a network connection available, and a unix box, try using Shrubbery networks RCPd, it's intended as a drop-in replacement for tftp since tftp sucks: http://www.shrubbery.net/rcpd/ RCP didn't come into IOS until 12.3. These routers are loaded with 12.2 and 12.1, I thought tftp or direct serial was the only option, didn't realize you could use xmodem from the bootstrap loader.
|
# ? Sep 3, 2008 21:57 |
|
Chuu posted:RCP didn't come into IOS until 12.3. These routers are loaded with 12.2 and 12.1, I thought tftp or direct serial was the only option, didn't realize you could use xmodem from the bootstrap loader. Oh, shoot. I meant to say the slowest option. Use serial set to lowest baud rate.
|
# ? Sep 4, 2008 02:33 |
|
Chuu posted:RCP didn't come into IOS until 12.3. These routers are loaded with 12.2 and 12.1, I thought tftp or direct serial was the only option, didn't realize you could use xmodem from the bootstrap loader. code:
-edit- 12.0 ios fundamentals mentions rcp: http://www.cisco.com/en/US/docs/ios/12_0/configfun/configuration/guide/fccfgfil.html -/edit- ragzilla fucked around with this message at 02:42 on Sep 4, 2008 |
# ? Sep 4, 2008 02:40 |
|
Not exactly Cisco related per se, but I finally got my hands on a Lantronix SLC eval unit- it's a console server that runs a Linux kernel, and has some pretty fancy bells and whistles. For what it's worth, it's much nicer than the Avocent console servers we've used here in the past. What I need, however, is a bunch of 568B to rollover couplers- has anybody found anything like this? I'd rather spend money than cut cable ends.
|
# ? Sep 4, 2008 18:20 |
|
Cisco n00b here, trying to fix our VPN at work. It's a 1811W, and I'm dealing with it through SDM. It just needs to be a simple Easy VPN Server. I want the clients to be able to access the entire internal network (10.0.0.0/24), but right now, they can only ping the internal address of the Cisco itself (10.0.0.5). Where should I be looking to allow it to see the entire subnet? Eyecannon fucked around with this message at 19:11 on Sep 4, 2008 |
# ? Sep 4, 2008 19:08 |
|
Eyecannon posted:Where should I be looking to allow it to see the entire subnet? Are the other machines on your network routing back to the 1811 correctly? Is there more than one gateway on this network?
|
# ? Sep 4, 2008 19:35 |
|
jwh posted:Are the other machines on your network routing back to the 1811 correctly? Is there more than one gateway on this network? Yes, from any machine internally I can access it. Yes I guess we do have two gateways. The Cisco's external network is x.x.x.217 (this is FE0), but there is also a gateway/firewall at 10.0.0.1 that our internal traffic goes out, and it talks to an external x.x.x.218 address. So all the internal workstations here have 10.0.0.1 as their gateway. I don't want the Cisco to be the gateway for our internal stuff, just that if someone VPN's in on x.x.x.217, they can access the entire 10.0.0.0/24 subnet.
|
# ? Sep 4, 2008 20:04 |
|
When someone VPNs into the Cisco, what IP addresses are they being assigned?
|
# ? Sep 4, 2008 22:13 |
|
jwh posted:When someone VPNs into the Cisco, what IP addresses are they being assigned? They get something in 192.168.1.0/24.
|
# ? Sep 4, 2008 22:17 |
|
|
# ? May 22, 2024 07:52 |
|
Okay, so you'll need to add a route to your "real" gateway to route 192.168.1.0/24 towards the 10.0.0.5 IP address of your 1800.
|
# ? Sep 4, 2008 22:37 |