|
Been there done that, but the story usually unfolds like this: "Yeah, the network guys said it's just the way the network is, and there's nothing they can do about it" Boss: "You(network team) have to look into this and figure out why the network is behaving the way it is so we can rule that out." Queue for hours of troubleshooting, basically doing the job for the server guys, to prove that it is NOT a network issue. ~fin~
|
# ? Jul 22, 2009 12:52 |
|
|
# ? May 14, 2024 06:04 |
|
nex posted:Been there done that, but the story usually unfolds like this: So network guys get paid more than server guys, right?
|
# ? Jul 22, 2009 13:21 |
|
Of course not.
|
# ? Jul 22, 2009 13:44 |
|
Goddamit
|
# ? Jul 22, 2009 14:01 |
|
A couple of years back when I had to go down server bozo lane I edited a popular cartoon thusly:
|
# ? Jul 22, 2009 18:03 |
|
inignot posted:A couple of years back when I had to go down server bozo lane I edited a popular cartoon thusly: Sounds like you need a hug.
|
# ? Jul 22, 2009 22:07 |
|
nex posted:Of course not. I think you are doing something wrong then.....
|
# ? Jul 22, 2009 23:32 |
|
Powercrazy posted:I think you are doing something wrong then..... Phew, thank gently caress for that. 'So, what happened to that server that shat itself the other day?' 'I restarted it, it came up fine' 'Ok.. did you work out what happened?' 'No, because I restarted it and it came up ok' 'But what happens if it happens again?' 'I'll restart it again' '..and if that doesn't 'fix' it?' 'I'll reformat it' 'So you're not even going to spend 5 minutes with Google and the event logs trying to diagnose what happened and actually fix it?' 'What do you think I am, some kind of geek?' This is where Tony Montana finally gave the finger to the whole server side of infrastructure and started reading up on Cisco and networking. I am talking about Microsoft guys though, which are notoriously the worst of the bunch because any fuckwit normally ends up taking care of an Exchange server or two. Hopefully UNIX server guys are smarter than that, but gently caress it anyway, networking4lyfe yo.
|
# ? Jul 23, 2009 08:08 |
|
Working on a cool issue that has appeared recently, wherein the VLAN configuration for switchports disappears at random. I don't know what is causing this, yet, nor how long it has really been an issue, because of several other factors people generally wouldn't notice what is going on. At least Cisco keeps you busy.
|
# ? Jul 24, 2009 16:07 |
|
Partycat posted:Working on a cool issue that has appeared recently, wherein the VLAN configuration for switchports disappears at random. I don't know what is causing this, yet, nor how long it has really been an issue, because of several other factors people generally wouldn't notice what is going on. Was the switch configured for VTP and someone else plugged in a new switch?
|
# ? Jul 24, 2009 16:46 |
|
Is this the best place for a Rancid/Cisco question? I just set up Rancid to keep tabs on a small network. I'm getting spammed every hour when it pulls configs from Cisco Catalyst switches though, because the version that gets pulled always seems to have different line termination in "show vlan" than the stored copy. Observe: Sorry for breaking tables, but this question doesn't make any sense if I don't. code:
Mierdaan fucked around with this message at 21:21 on Jul 27, 2009 |
# ? Jul 27, 2009 19:38 |
|
The switch is always going to use the same line termination. How is Rancid pulling this? SSH?
|
# ? Jul 27, 2009 20:23 |
|
Tremblay posted:The switch is always going to use the same line termination. How is Rancid pulling this? SSH? Via telnet.
|
# ? Jul 27, 2009 21:04 |
|
Mierdaan posted:Via telnet. Ok, one thing to look at would be a packet capture of two pulls. If they are identical but Rancid flips, then the issue is post processing.
|
# ? Jul 27, 2009 21:11 |
|
Yeah, I'm just assuming it is - I don't see how IOS would be picking a different line terminator each time. Guess I'll dig into how they get dumped into CVS and see if there's some bad perl changing it somewhere along the line.
|
# ? Jul 27, 2009 21:20 |
|
Mierdaan posted:Is this the best place for a Rancid/Cisco question? Rancid is pretty notorious about this, if you don't care about the show vlan output: http://www.shrubbery.net/pipermail/rancid-discuss/2007-November/002615.html
|
# ? Jul 27, 2009 22:27 |
|
ragzilla posted:Rancid is pretty notorious about this, if you don't care about the show vlan output: Thanks, it seems to have stopped being so spammy but in the end I don't care too much about show vlan, I'll follow that link if it acts up again.
|
# ? Jul 28, 2009 19:46 |
|
Richard Noggin posted:PIX VPN help needed! I have a site-to-site IPSEC VPN set up between 2 PIX 501s running 6.3(3). I wanted to add a remote access VPN so that a user could work from home. I got the remote access VPN working fine, but it broke the site-to-site . Hey, I just did this in reverse! Herv posted:One crypto map per interface, at least that's how it used to work. But Herv helped me figure out why I was an idiot. I love this place sometimes
|
# ? Jul 29, 2009 22:56 |
|
I have a vendor attempting to configure and send us an ASA 5510 . The idea was that we were going to have one interface on the device, publicly addressed (all our stuff is) . The device establishes a tunnel off to somewhere else, we route traffic to it internally for that range on the other end of the tunnel, it spits out the encrypted traffic towards the gateway, and it rolls over the internet. On the reverse the tunneled traffic would be heading towards the public IP of the appliance, where it would be able to decrypt and find the remote destination, and forward the traffic again towards the gateway which would send it off wherever it needed to go. At least, that is how I understood it to work, but now I'm being told it only functions if I have two interfaces with two addresses on two subnets, which seems like it isn't necessary. I figure someone here may have encountered this and could tell me why either that won't work or why it owuld be a bad idea.
|
# ? Jul 31, 2009 14:29 |
|
Mierdaan posted:Hey, I just did this in reverse! Heh, we are all 'idiots' as we trod along towards the goal of proficiency. Just like snowboarding, everyone has a first day, month, year, decade. No one is above it! I will never forget trying to teach myself PIX (4.x?) when the Cisco documentation ran off a CD and was displayed in a cheezy tomcat web server on my laptop. "Bitches walk out my crib with a limp, cause I'm the motherfuggin pimp." (Flow provided by the PIX) I limped to my car on many an occasion in the 90's. Cheers
|
# ? Jul 31, 2009 15:30 |
|
Partycat posted:I have a vendor attempting to configure and send us an ASA 5510 . The idea was that we were going to have one interface on the device, publicly addressed (all our stuff is) . The device establishes a tunnel off to somewhere else, we route traffic to it internally for that range on the other end of the tunnel, it spits out the encrypted traffic towards the gateway, and it rolls over the internet. With VPNs you cannot have your peer address in the same subnet as the subnet you're tunneling. How is your firewall (and theirs) supposed to know to transport encrypted traffic over "itself"? You always need an ip on a different subnet for your peer address. Usually it isn't a problem because the address space you're tunneling is usually an internal network but sometimes it isn't.
|
# ? Jul 31, 2009 17:30 |
|
Steve Slavery posted:With VPNs you cannot have your peer address in the same subnet as the subnet you're tunneling. How is your firewall (and theirs) supposed to know to transport encrypted traffic over "itself"? I'm not sure I understand this, as I really haven't ever done anything with VPN's. The VPN appliance is own its own subnet, we chopped off a piece of our network for it. The traffic that we want to go to some subnet at the far end would have a static route setup to forward towards the VPN router. It would send the encrypted traffic back towards a gateway, which I would assume would be the only sticky part, to make sure that doesn't just get routed back to itself, so that flows over the internet. The return traffic destined for that device would get decrypted and floated back towards our network to the peers. All of the clients would be elsewhere on other subnets, that part is for certain. e: this sonicwall document describes this. I am obviously not using this product but it seems to make sense to me. http://www.sonicwall.com/downloads/Firmware_6.x_Single_Arm_Mode_Concept_and_Configuration.pdf Partycat fucked around with this message at 18:29 on Jul 31, 2009 |
# ? Jul 31, 2009 18:24 |
|
Cisco short question:(wireless) I have a user (owner) in Boca Raton with lovely wireless (871w). A quick look at his radio interface shows input, output, and CRC errors. I do a 'dot11 dot11Radio 0 carrier busy' test and get this: code:
code:
Thanks
|
# ? Aug 3, 2009 15:55 |
|
I'm not familiar with that appliance, but for all the 1230's, 40's, and 50's we have here they seem to have 90 days on them for warranty. The way we operate is we wait 83 days to install them so by the time we put them up and they fail we are out of luck :/
|
# ? Aug 3, 2009 16:10 |
|
Well, 15 minutes on the initial call, 1 hour with the tech support, and they are sending me a new unit. While the carrier busy test @ 100 percent was a bug listed for other AP's, the unit would throw a ton of CRC errors with NO clients connected. I asked how long an 871w would be under warranty, and the initial support person really wasn't sure, but thought 1 year sounded good. The End (Hopefully). e: Here's the bug doco if anyone is interested. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl98287 Herv fucked around with this message at 18:59 on Aug 3, 2009 |
# ? Aug 3, 2009 18:30 |
|
Yeah 90days is the typical warranty without a contract on the device. But sometimes Cisco is nice like that. We have a bunch of routers that ran great for years, always under contract and then we let them lapse. Shortly thereafter we lost a routing board and they replaced it no questions asked because we never called in once on it. I guess it all depends on who you get in RMA.
|
# ? Aug 4, 2009 00:07 |
|
routenull0 posted:Yeah 90days is the typical warranty without a contract on the device. TAC engineers used to have a gently caress ton of discretion when it came to RMAs. Due to fraud and general belt tightening this is no longer the case. Glad you got taken care of Herv.
|
# ? Aug 4, 2009 06:27 |
|
Wonderfully comforting when Cisco.com goes down and the entire Cisco-owned /24 it's in disappears from BGP. I know they're hosted by Akamai, but it kinda feels like if I called AT&T and got "The number you have dialed has been disconnected."
|
# ? Aug 4, 2009 15:18 |
|
wolrah posted:Wonderfully comforting when Cisco.com goes down and the entire Cisco-owned /24 it's in disappears from BGP. I know they're hosted by Akamai, but it kinda feels like if I called AT&T and got "The number you have dialed has been disconnected."
|
# ? Aug 4, 2009 16:31 |
|
wolrah posted:it kinda feels like if I called AT&T and got "The number you have dialed has been disconnected."
|
# ? Aug 5, 2009 04:49 |
|
jwh posted:AT&T is nearly impossible to contact via telephone. Everything is a circular or dead-end maze of insanity and despair. The fact that real people even work at T anymore is probably more due to an accounting glitch than competent business acumen. Level3 works sort of the same way. I generally call our sales rep and let him find someone that can fix whatever issue I might have. edit: Telecom companies always seem to be the most comically woeful when it comes to anything involving technology. Need to turn a circuit down? That will be a month. Boner Buffet fucked around with this message at 14:29 on Aug 5, 2009 |
# ? Aug 5, 2009 14:19 |
|
InferiorWang posted:edit: Telecom companies always seem to be the most comically woeful when it comes to anything involving technology. Need to turn a circuit down? That will be a month. This or that they can't find your circuit sometimes without not only the ID but the location, order number, time of day you ordered it, who you talked to, what you were wearing when you ordered it , etc . They can, for sure, bill you for it, however.
|
# ? Aug 5, 2009 15:26 |
|
Partycat posted:They can, for sure, bill you for it, however. Sometimes they can forget for years and years as well.
|
# ? Aug 5, 2009 16:07 |
|
Here's a doozy of a problem that I've been dealing with since yesterday afternoon/today so far. We're replacing some dinosaur cisco switches with some new hp procurve. The new/old switch is fed with multimode fiber from a distribution switch. In the closet, I've got the HP running in the rack above the cisco, and I change over the fiber cable from a GBIC end to one with an end for an SFP, plug it into the HP and...nothing. The interface won't come up. It's not a hardware problem, I've tried 3 sfps, two different HP switches/multiple SFP slots and 2 fiber patch cables. I don't believe it is a config issue because even if my running configs were ASCII drawings the interface would still be up (unless they were shut down, which they are not). Any suggestions or trouble shooting steps I could take would be much appreciated.
|
# ? Aug 6, 2009 13:55 |
|
Sojourner posted:Here's a doozy of a problem that I've been dealing with since yesterday afternoon/today so far. So obvious it hardly ever gets asked: Have you tried flipping the fibers at the patch panel end? (Or have you looked at the end of the fiber as you insert it to make sure you're not connecting the transmits together- assuming it's multimode (orange) cable)
|
# ? Aug 6, 2009 15:13 |
|
Sojourner posted:Procurve migration stuff Do a sh int status and make sure the Cisco ports aren't err-disabled.
|
# ? Aug 6, 2009 16:41 |
|
Might want to ensure the sfp & patch cord are both for multimode as well.
|
# ? Aug 6, 2009 18:51 |
|
Thanks for chiming in to help guys, but after many prayers to the lord and attempts I got it. Turns out, The original cable I brought with me was bad, and the original SFP was good. I assumed the SFP was broken first, so I swapped that out for an (unbenknownst to me) dead SFP. Then it still didn't work, so I swapped the cable out. That didn't work on the first SFP so I went back to the original cable. Now the that I was using the dead cable with the three SFP's it wasn't working. This was all just before my post, somewheres around the time of my post I got a notification on my pc that the link came up, so I checked it out and it was just getting an insane amount errors. So I checked it out, swapped the cable again and tried the working cable with an SFP, didn't work, tried a different SFP, worked and almost had a heart attack. Two DOA parts in one day from different vendors. Shortly after I tried to hook up an SX link to another closet in the building and the link wasn't coming up, and I had a very dramatic "not again" moment, but fortunately no one was around. I walked over to the other closet the switch that this one was going to be feeding had died since the last time I had been in the room. One of those days.
|
# ? Aug 6, 2009 21:09 |
|
ragzilla posted:(Or have you looked at the end of the fiber as you insert it to make sure you're not connecting the transmits together- assuming it's multimode (orange) cable) Why would you do this ??? Multimode is not always orange, either.
|
# ? Aug 6, 2009 23:34 |
|
|
# ? May 14, 2024 06:04 |
|
Partycat posted:Why would you do this ??? Multimode is not always orange, either. Generally (62.5 micron) jumpers are unless it's laser optimized 50 micron which is Aqua. In any case if you look at the end of the fiber you'll see a tiny red dot on the TX. Bit harder to do with singlemode or multimode laser sources that are 1000nm or above though- but hopefully in those cases you'll have a light meter.
|
# ? Aug 7, 2009 03:22 |