|
Martytoof posted:Thanks, sounds like I'll be wiping these down then. For some reason I thought those modules were not supported on the 2600 series... I could be wrong ( And Kind of Hope I am ) ... I can test a known working 1E2W I have from a 3640 on my 2620, but I'm sure they aren't supported edit - This link is saying those modules will not work ( except the 2691 ) But the 2600's will support the NM-2W if you can get away without the extra Ethernet port. http://www.cisco.com/en/US/products/hw/routers/ps274/products_tech_note09186a00800f9d37.shtml Magwai fucked around with this message at 01:04 on Apr 8, 2009 |
#
?
Apr 8, 2009 00:59
|
|
|
|
| # ? May 14, 2024 13:47 |
|
|
That's the best news I could have hoped for. I actually don't intend to put any NMs in the 2600 but since I have a 90 day warranty on the router I wanted to make sure it (the slot) worked. I'll see if I can't borrow a NM-1FE-TX or something to test it with instead. Thanks!
|
|
#
?
Apr 8, 2009 01:18
|
|
|
Powercrazy posted:Hmm. I don't think the 7941's support Wideband. 7941G's do as well as 7942's and higher but the normal 7941, doesn't. The setting is there. The are 7941G. I have not ever seen a 7941 nonG except for the 7941GE. Either way, these phones are supposed to support the handset and the codec. Keep in mind that the G722 codec is independent of Wideband. According to Cisco's own documentation, G722 is supposed to be the default codec for any phone that supports it even if the wideband handset is not present. The ATT guy who originally did the configuration for our call manager set the default for the local region to be G711 instead of 722. I changed it back and it still is not using it. I am going to reboot the call manager in just a few minutes and if that doesn't fix it, then I am calling TAC.
|
|
#
?
Apr 8, 2009 02:14
|
|
|
I scored two 1841s, each with a VWIC-2MFT-T1, for $400. Glory be to the Craigslist. Now to get around to building this 12.4 lab.
|
|
#
?
Apr 8, 2009 03:28
|
|
|
Lowen SoDium posted:The setting is there. The are 7941G. I have not ever seen a 7941 nonG except for the 7941GE. Either way, these phones are supposed to support the handset and the codec. Ah I understand then. I'm not super familiar with UC 6.0 so I can't help you anymore than that, good luck 
|
|
#
?
Apr 8, 2009 04:43
|
|
|
If you're in Chicago, I just wanted to throw out that my firm is hosting a Chicago Cisco User Group meeting April 14th at 6:30pm in the Loop. Details in the link. http://www.meetup.com/The-Chicago-Cisco-Systems-Meetup-Group/
|
|
#
?
Apr 8, 2009 08:02
|
|
|
I've been looking for a CUG in the Southeast Ontario / Toronto area but apparently I'm the only one. It would be pretty cool to start one but I don't feel at all qualified or connected enough to pull that off 
|
|
#
?
Apr 8, 2009 12:49
|
|
|
Chesapeake NetCraftsmen runs the Cisco Mid-Atlantic User's Group (Maryland & Virginia). http://www.netcraftsmen.net/cmug/index.html I've never been to one of their meetings, nor do I work for Chesapeake. However I've been to a couple of their talks at the Cisco Herndon office and I've worked with some ex-Chesapeake people; and I can authoritatively state there is no source of expertise better than Chesapeake.
|
|
#
?
Apr 8, 2009 14:04
|
|
|
I need a tool to simulate a handful of G.711 calls and report back a simulated MOS score, along with jitter and loss. In the past, one of our telephony vendors has used NetViola's NetAlly tool, but apparently they've been acquired by Fluke, and I can't figure out where the product went. Anybody have any suggestions?
|
|
#
?
Apr 8, 2009 16:42
|
|
|
Lowen SoDium posted:The setting is there. The are 7941G. I have not ever seen a 7941 nonG except for the 7941GE. Either way, these phones are supposed to support the handset and the codec. As far as I know and as far as Cisco's site says the 7941 does NOT support wideband. That's for the 79x2 and 79x5 models as well as the Polycom IP7000 (er..I mean Cisco 7937G  ) only.
|
|
#
?
Apr 8, 2009 21:56
|
|
|
wolrah posted:As far as I know and as far as Cisco's site says the 7941 does NOT support wideband. That's for the 79x2 and 79x5 models as well as the Polycom IP7000 (er..I mean Cisco 7937G This page, as well as several others, say that the 7941G is supposed to use G722 by default on newer version of call manager and that the 7941G can do wideband if you buy the wideband handset. Either way, Cisco is working on the problem for me.
|
|
#
?
Apr 8, 2009 22:34
|
|
|
Just passed CCNA on friday. Took a two week course four years ago, been tinkering on gear and self-studying since, finally did a boot camp all week to just focus on the exam. That's definitely the way to go if you can con an employer into paying for it. You won't learn how to use the gear effectively in a boot camp, but you will learn all the ins and outs of the CCNA. Specifically, how they like to trick you with verbiage and their hard-ons for frame relay and turning off auto-summarize in RIP and EIGRP. Just don't take a boot camp without taking a full length CCNA course or studying your balls off on your own or you'll make a fool out of yourself in a technical interview. I'll be happy to field questions for the "taking CCNA soon" goons until my memory of the incident bleeds out my ears. Also, PM me if you want goodies that I used to great effect in the lead up to the exam. I'll also send a set of current-as-of-its-printing-on-Monday boot camp books to the first person to pay shipping; include your ZIP for a quote. On to CCVP via CCNA Voice first. It seems that on June 29 Cisco is going to stop accepting vanilla CCNA as a prereq for CCVP, which sucks.
|
|
#
?
Apr 12, 2009 08:57
|
|
|
Lowen SoDium posted:This page, as well as several others, say that the 7941G is supposed to use G722 by default on newer version of call manager and that the 7941G can do wideband if you buy the wideband handset. Interesting. I've given up on trying to use any Cisco phones from the current hardware generation on a non-CCM SIP environment (normal Cisco/Microsoft style "standards-based" SIP stack, so many quirks that only Asterisk can handle it by emulating a CM system), so I have a total of one 7941 and it hasn't been removed from storage in months, I was just going by Cisco's main page for each of the various phone models. The 7941 page does not at all mention HD, the 7942 and 7945 pages do. If the 7941 does support wideband though, what's the point of the 7942?
|
|
#
?
Apr 12, 2009 23:46
|
|
|
Let me preface by saying I have very limited experience with Cisco stuff, so feel free to talk down to me. Ok, so, we have two warehouses. Here is what we have at each site. ASA 5505 Cisco 1841 For internet access, each warehouse has a cable modem connected to the ASA with a DSL for backup. The ASAs drop over the DSL when the cable modem goes down. The two warehouse are connected via a point to point T1 via the Cisco 1841 routers as of last night. This replaced a VPN we had between the two plants that was setup over the cable modems. Right now it is setup so that if the T1 goes down, local traffic will be rerouted back to the VPN on the cable modems. That is all tested and seems to work fine, except that its really funky with the Mitel phone system. We have to power off all the phones at one location to get it to go back to the T1. That is more of a secondary issue though, Here is my big question. Can we eliminate the DSL backups which work for poo poo (it fails over, but the DSL is slower than dogshit since the warehouses are in the sticks)? What I would like to have happen is if a cable modem dies then the traffic is rerouted through the T1 and out the cable modem at the other location? The tech we have working on it says the only way it can happen is if we manually do some commands to load some new config. He seems like he isn't quite the expert he made himself out to be (as he has done a lot of head scratching), so I figure I would do some extra checking to find out.
|
|
#
?
Apr 14, 2009 20:10
|
|
|
You could drop the ASA's entirely, and simply connect the broadband (be it cable or DSL) to the unused FastEthernet interface on the 1841(s). Although if you have detailed firewalling / content inspection stuff going on, you may prefer to keep the ASAs. But short answer, yes, you should be able to come up with a dynamic routing scenario whereby you can communicate with the other location over both the primary T1, and over a site-to-site VPN when the T1 is down. That's a very common scenario. I think the ASA5505's will talk OSPF, so start there. This might help you: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml
|
|
#
?
Apr 14, 2009 20:24
|
|
|
I'm just a beginner at this stuff myself so take this with a grain of salt but unless I'm misunderstanding your setup I don't think you need the ASA actually doing any WAN routing. Just connect both WAN uplinks (T1 and Cable) to your 1800, get a routing protocol advertising routes between offices. I think you might need to still set up a VPN over the 1800s' cable WAN interface. But the routing protocol should essentially take care of all that failover for you.
|
|
#
?
Apr 14, 2009 20:26
|
|
|
Do the cable modem connections have static IP's? Or does at least one of them have a static IP?
|
|
#
?
Apr 14, 2009 20:52
|
|
|
I don't know if I am being entirely clear. We have a site to site T1. When it goes down we then have a site to site VPN working on the cable modems, this is working great for all site to site traffic and the failover has been tested. The problem though is the internet. If I load up somethingawful.com at warehouse 1 and the I turn off the cable modem, the site doesn't load (site to site still works fine over the T1 though). What needs to happen is when the cable modem at warehouse 1 dies, the request needs to go over the T1 and out the cable modem at warehouse 2. According to the tech this scenario is not possible without manually loading a new config. We do have static IPs at both locations on the cable modems. We also have static IPs on the DSL lines. We do use the ASAs for stuff. We have some firewall rules setup for our server at rackspace, and we are also using the AnyConnect VPN stuff for roaming users.
|
|
#
?
Apr 14, 2009 21:33
|
|
|
Begby posted:I don't know if I am being entirely clear. https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml Setting it up as a backup interface might be what you're looking to do.
|
|
#
?
Apr 14, 2009 21:41
|
|
|
Begby posted:I don't know if I am being entirely clear. Have two default routes, both pointing out specific interfaces and weighted accordingly. When a physical interface goes down, all routes corresponding to it dissapear as well...leaving only your DSL/T1/whatever as a valid default route.
|
|
#
?
Apr 14, 2009 21:41
|
|
|
Ok, thank you much, I will look at the config this guy has setup and do some reading and see if I can figure this all out. I appreciate all the help.
|
|
#
?
Apr 14, 2009 21:45
|
|
|
The backup interface should be ok, as long as you set some static routes on said interface. It is my understanding that when the cable goes down, you still have connectivity to the other location, but no internet, so you want to route your internet traffic through their connection on the other side. You just need to set the backup interface, and give it a default route, and possibly a static route as well, and set the metric higher than your regular route. Also, with those ASA's you will most likely have to make some access rules, depending on the security levels of all the involved interfaces.
|
|
#
?
Apr 14, 2009 21:48
|
|
|
cptInsane0 posted:The backup interface should be ok, as long as you set some static routes on said interface. It is my understanding that when the cable goes down, you still have connectivity to the other location, but no internet, so you want to route your internet traffic through their connection on the other side. Yes, this is exactly it, when the modem goes down we still have site to site but no internet. I'll look into the backup interface. Thanks!
|
|
#
?
Apr 14, 2009 21:50
|
|
|
Your backup route won't actually kick in unless the ethernet interface facing that direction actually goes down. You can use IP SLA to track some service (ping 4.2.2.2 for example). If the response fails (cable modem down), it will change your route. This was the first hit that google turned up for it and has a decent example: http://www.inacom-sby.net/Shawn/post/2007/11/Cisco-IP-SLA-for-failover.aspx
|
|
#
?
Apr 14, 2009 23:34
|
|
|
I assumed you were already aware of tracking, since you have failover set up going the other direction, but if not, yes, do what he said. Depending on how much overhead you are willing to have, you can set it to check pretty often. I set mine around 10 seconds or less.
|
|
#
?
Apr 14, 2009 23:37
|
|
|
Ahh, this is what the tech mentioned. Something about how if the cable modem went down, the cisco would not actually see it go down since the connection would still be there to the router. I took a look at the config last night and it appears it is setup for backup, but it just doesn't work, so apparently the solution is almost there. I might try just unplugging the cable modem and see if it fails over right, if so I'll try to implement this. Thanks all.
|
|
#
?
Apr 15, 2009 13:52
|
|
|
Begby posted:Ahh, this is what the tech mentioned. Something about how if the cable modem went down, the cisco would not actually see it go down since the connection would still be there to the router. So track on the cable modem's default gateway. Once that IP stops responding to probes the ASA will flip routes. It doesn't have to be a directly connected host iirc.
|
|
#
?
Apr 15, 2009 17:41
|
|
|
You do recall correctly.
|
|
#
?
Apr 15, 2009 17:51
|
|
|
Help me troubleshoot a NAT problem in my Cisco 2600 series router. I run a dedicated game server on a windows box behind a router but for some reason it stopped accepting connections. Internally I can connect to it, so I know the server is working properly. I haven't made any changes to the configuration in ages, but I powered off the router during a colo rack move, so I suppose I neglected to save a runing config. meh I've been running around in circles on this one and I need another set of eyes to look at my config to see what I've missed.  code:One thing I see that I don't understand is that when I do a sho ip nat translations among other things I have this: code:The 12.228.189.162 address is me trying to connect through the game and the other IP addresses are heartbeats to master servers (which are failing because my server isn't listed anymore).
|
|
#
?
Apr 16, 2009 00:36
|
|
|
Spanning tree putting a port into blocking mode also changes the port's status light to amber, correct? Just want to make sure that my port isn't dying or something. So far blocking mode is my working hypothesis but I can't find confirmation on Cisco's site. As an aside, hot drat I love working with my new home lab 
some kinda jackal fucked around with this message at 02:20 on Apr 16, 2009 |
|
#
?
Apr 16, 2009 02:17
|
|
|
Agrikk posted:Help me troubleshoot a NAT problem in my Cisco 2600 series router. Try getting rid of the "extendable" keyword at the end of the NAT statements. I don't think you need it. Of course any change you make probably won't take effect until you do a "clear ip nat translations *" on the router. Sometimes you'll have to temporarily remove the "ip nat inside" statement before the clear command will take. Also, I think you may be hitting this bug. Do you have a more recent IOS image to try? CSCsb07649 Bug Details NAT failure cause of incorrect port allocation with inside-static UDP Symptoms: When UDP packets enter from the outside of a network to the inside of a network, new extended entries are created with an incorrect inside global port number in the translation entry. (Note that inside local port numbers are allocated correctly.) For each transferred NATted packet, one new entry is created with an incremented inside global port number. After the port pool has become exhausted, new extendable entries can no longer be created, preventing packets form being translated via NAT. Conditions: This symptom is observed on a Cisco router that has the ip nat inside source static udp local-ip local-port global-ip global-port extendable command enabled. The symptom may occur for all UDP ports that are assigned as system ports. The symptom does not occur for packets that pass from the inside of the network to the outside of the network, nor for TCP packets. Temporary Workaround: Reload the router to release the incorrectly allocated ports. This is a temporary workaround because the port pool will become exhausted again. Status Fixed Severity 2 - severe Last Modified In Last month Product Cisco IOS software Technology 1st Found-In 12.3(18)M 12.3M Known Affected Versions This link will launch a new window. Fixed-In 12.4(2.7)M 12.4(2.9)T 12.4(22.3.4)PIC1 12.4(24.5.2)PIC1 Related Bug Information
|
|
#
?
Apr 16, 2009 04:07
|
|
|
Martytoof posted:Spanning tree putting a port into blocking mode also changes the port's status light to amber, correct? Depending on the platform (and if it's a trunk, iirc if it's a trunk with at least 1 unblocked it goes green) it will turn amber. If the port is receiving errors it will alternate amber/green intermittently.
|
|
#
?
Apr 16, 2009 04:08
|
|
|
Yeah, I'm working with two 2950s and one 2900. I just threw both 2950s into primary and secondary root roles and the 2900's redundant trunk went amber as expected. Thanks!
|
|
#
?
Apr 16, 2009 05:06
|
|
|
Agrikk posted:Help me troubleshoot a NAT problem in my Cisco 2600 series router. The other thing is to make sure that you are forwarding tcp connections if you need them. Otherwise make srue you've got the correct ports forwarded, get rid of extendable, and save the config, then reload the router. I know you shouldn't have to reload it with Cisco gear, but you aren't exactly a service provider, so just do it anyway. Oh also instead of using an external IP Address you might try just using an interface. For mine I use sometihng like this: code:ate shit on live tv fucked around with this message at 08:20 on Apr 16, 2009 |
|
#
?
Apr 16, 2009 08:15
|
|
|
cronjob posted:Try getting rid of the "extendable" keyword at the end of the NAT statements. I don't think you need it. Of course any change you make probably won't take effect until you do a "clear ip nat translations *" on the router. Sometimes you'll have to temporarily remove the "ip nat inside" statement before the clear command will take. "Extendable" is added automatically to the end of the statement. I tried removing a line and then readding it without the extendable at the end, but the line appeared in my running config with it added. Also, I tried the workaround suggestion of reloading the router, but it didn't help. I don't have support for this router anymore so I don't have access to newer flavors of the IOS.
|
|
#
?
Apr 17, 2009 01:41
|
|
|
Agrikk posted:"Extendable" is added automatically to the end of the statement. I tried removing a line and then readding it without the extendable at the end, but the line appeared in my running config with it added. Hrm this just doesn't seem to add up. If you can, remove all the nat configuration and start over with this. I wonder if as soon as one static nat statement is extendable, all have to be as well. access-list 110 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 110 deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255 access-list 110 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255 access-list 110 permit ip 10.1.0.0 0.0.0.255 any access-list 110 permit ip 10.2.0.0 0.0.0.255 any ip nat inside source list 110 interface Ethernet0/0 overload ip nat inside source static tcp 10.1.0.10 22 Interface Ethernet 0/0 22 ip nat inside source static udp 10.1.0.10 27900 Interface Ethernet0/0 27900 ip nat inside source static udp 10.1.0.10 27910 Interface Ethernet0/0 27910 ip nat inside source static udp 10.1.0.10 27901 Interface Ethernet0/0 27901 ip nat inside source static udp 10.1.0.10 27902 Interface Ethernet0/0 27902 ip nat inside source static udp 10.1.0.10 27903 Interface Ethernet0/0 27903 ip nat inside source static udp 10.1.0.10 27904 Interface Ethernet0/0 27904 ip nat inside source static udp 10.1.0.10 27905 Interface Ethernet0/0 27905 ip nat inside source static udp 10.1.0.10 27906 Interface Ethernet0/0 27906 ip nat inside source static udp 10.1.0.10 27907 Interface Ethernet0/0 27907 ip nat inside source static udp 10.1.0.10 27908 Interface Ethernet0/0 27908 ip nat inside source static udp 10.1.0.10 27909 Interface Ethernet0/0 27909 Unless you have to have outbound ip's come from the 33 just leave it if it works. The one thing that doesn't look good to me is the inside global and local ports aren't matching up. The first two columns. Although badly named they should show the mapping of ports on the outside interface to the inside host. Your outside port is wack. Here's some of my active translations, UDP and TCP. Mine are symmetrical, what's on the outside is on the inside. Thank goodness for find and replace. code:Herv fucked around with this message at 05:35 on Apr 17, 2009 |
|
#
?
Apr 17, 2009 04:39
|
|
|
Not new to networking, and not quite out of my depth (yet), but certainly undergoing a sink or swim trial at a new job. I've done some simple networking - set up LANs, configure vlans, vpn, ACLs, etc. and I can muddle may way through an IOS and configuring Cisco stuff (Google and reference books are my friends). Here is the current situation: We are a "service provider" organization and will be conducting B2B transactions with a customer. They need access to our internal mainframe via a public IP address. Easy enough I assign a public IP and NAT it. I am running into problems thinking of a topology to support the rest of the requirements. We have 1 main site in Nebraska and a remote site in Oklahoma. Our NE office has a fiber connection to our ISP, and we have a 10 Mb E-WAN (metropolitan ethernet) connection to OK. There is an ASA 5520 in NE with the outside interface connected to the ISP, an inside for the internal, a DMZ which is unused (guest wireless but they want to get rid of it) and the fourth interface is connected to a switch in our OK office via the E-WAN. current  The customer will be installing a dedicated circuit and routers from their main site in Illinois to our NE office, and another set from their secondary Delaware site to our OK office. All transactions will run from Illinois to Nebraska. If the IL->NE link goes down, traffic will reroute from DE->NE. If our primary site in NE dies for some reason, traffic will go DE->OK. Our customer wanted to use either BGP or EIGRP to handle the routing and I figured I could learn EIGRP quicker than BGP, plus I'm less likely to break something (at least that is what I am thinking). Here are two topology diagrams showing the options I am considering. option 1  Click here for the full 644x441 image. With the switches I thought about setting up VLANs and ACLs to limit connections. The ISP and outside interface would be on the same public VLAN, and the C1 Router and the DMZ interface on another private VLAN in NE. I would connect the two switches in NE and OK via stacking over the E-WAN and configure the same VLANs in OK. I should set up an encrypted tunnel between the two ASAs, but if I setup the ACLs correctly it should prevent any "public" connections from seeing the "private" VLAN, right? I am thinking of using Catalyst 3560s with the IP Services image. option 2  Click here for the full 644x333 image. Here I am using the ASAs to handle all traffic and routing. Our current ASA is not using much of its CPU currently and I do not see it changing drastically (right now averaging 2% load). Am I on the right track?
|
|
#
?
Apr 17, 2009 16:41
|
|
|
Herv posted:
Thanks Herv! I remote into the site to do edits, and removing all of the NAT statements will kick me off, so I'm going to have to go to my colo to make the changes.
|
|
#
?
Apr 17, 2009 19:01
|
|
|
Man Yam posted:Am I on the right track? There are lot of ways to do things, so that's a difficult question to answer. Be very careful with a layer-2 topology where that layer-2 topology leaves your building. You may instead be better off with routed interfaces. But as for the routing protocol discussion, are you participating in routing with your customer / business partner? If so, save yourself the heartache right now and use BGP. That's what BGP was designed to do. I would not recommend allowing your business partner to participate in your EIGRP (or any IGP). And for what it's worth, I don't think EIGRP is an "easier" protocol than BGP. BGP is simple, but it has a lot of optional knobs and levers you can manipulate. EIGRP on the other hand appears simple, because it does a lot of things automatically, but it's a terrible beast of an idea when you look under the hood. At least, that's my opinion. Personally, I like your first diagram, but I think you should consider using separate, dedicated vlans and subnets at each site's "outside" switch, and making the metro-E connection a routed interface. I think you're asking a lot of good questions though, and that's a good sign.
|
|
#
?
Apr 17, 2009 21:54
|
|
|
|
| # ? May 14, 2024 13:47 |
|
|
Thanks for the feedback jwh. I will look further into BGP and am working on getting the configs setup for the topology.
|
|
#
?
Apr 20, 2009 16:07
|
|