|
Have any of you guys ever worked with a vwic-2mft-t1? I've got one at a customer site where if the T1 in s0/0/0 drops, it also takes down the T1 in the adjacent port s0/0/1. Any ideas why that might happen?
|
# ? Aug 19, 2009 01:08 |
|
|
# ? May 15, 2024 19:27 |
|
CrazyLittle posted:Have any of you guys ever worked with a vwic-2mft-t1? I've got one at a customer site where if the T1 in s0/0/0 drops, it also takes down the T1 in the adjacent port s0/0/1. Any ideas why that might happen? Are you only clocking off the first T1? Configure your router to secondary clock the second T1 controller.
|
# ? Aug 19, 2009 05:37 |
|
I am going crazy with a complete newbie question I am sure. I had this config working on an ASA 5505, but we decided to build a completely seperate segment with our old pix, and the identical config does not seem to work. Here is the relevant section of code:code:
|
# ? Aug 20, 2009 02:57 |
|
jwh posted:Are you only clocking off the first T1? Configure your router to secondary clock the second T1 controller. Thanks I'll double check that.
|
# ? Aug 20, 2009 04:16 |
|
If these are PRIs another thing to check is where your D channel(s) are. If you only have a D on the first T1 the 2nd can't run without it up. This doesn't apply if you are using them for data.
|
# ? Aug 20, 2009 14:46 |
|
adorai posted:I am going crazy with a complete newbie question I am sure. I had this config working on an ASA 5505, but we decided to build a completely seperate segment with our old pix, and the identical config does not seem to work. Here is the relevant section of code: So what version of code on the pix? 6,7,8? Is the ip address aaa.bbb.ccc.ddd the same IP as the outside interface?
|
# ? Aug 20, 2009 20:45 |
|
FatCow posted:If these are PRIs another thing to check is where your D channel(s) are. If you only have a D on the first T1 the 2nd can't run without it up. Nah it's a MLPPP bundle of data T1s. (BTW, MLPPP over DSL is fun stuff) Turns out that the dead T1 was set to line clocking. The good T1 was set to internal. When the dead T1 would flap it would take down the good one. I set both T1s to line clocking and that solved the inter-dependency problems.
|
# ? Aug 21, 2009 01:32 |
|
Bumped into this little (forgotten) gem today. It hides in the telco closet passing VoIP traffic all day. 2950-4 uptime is 1 year, 20 weeks, 6 days, 11 hours, 3 minutes Quality was an issue so I wanted to check things end to end for the first time in forever. Not one error in just under 1.5 years, well poo poo. code:
|
# ? Aug 21, 2009 02:16 |
|
Herv posted:Bumped into this little (forgotten) gem today. It hides in the telco closet passing VoIP traffic all day. But yes, its nice when poo poo just runs .
|
# ? Aug 21, 2009 05:42 |
|
Tremblay posted:But yes, its nice when poo poo just runs . I saw that! Tellin yah.
|
# ? Aug 21, 2009 05:57 |
|
Tremblay posted:So what version of code on the pix? 6,7,8? Is the ip address aaa.bbb.ccc.ddd the same IP as the outside interface?
|
# ? Aug 21, 2009 14:24 |
|
adorai posted:7.2 and yes it is. You can't use the actual IP address of the interface in the NAT statement. Use the interface keyword instead. Herv posted:I saw that! Tellin yah.
|
# ? Aug 21, 2009 16:12 |
|
I can't claim credit for this, as I've only been at this place a year:code:
|
# ? Aug 21, 2009 16:22 |
|
inignot posted:I can't claim credit for this, as I've only been at this place a year: That right there is VXR levels of rock.
|
# ? Aug 21, 2009 16:31 |
|
Tremblay posted:You can't use the actual IP address of the interface in the NAT statement. Use the interface keyword instead.
|
# ? Aug 21, 2009 23:17 |
|
inignot posted:I can't claim credit for this, as I've only been at this place a year: Nice metrics there, sure its ancient, but I guess it's still slinging it as per spec at worst. There was an 'uptime' thread around here a few years back. I think some BSD box had the big score but poo poo 4+ years has to be a top 3 at least. Man, someone should bounce it just to be 'that guy'. Not me though.
|
# ? Aug 22, 2009 04:20 |
|
I'm trying to configure a 3825 that I bought refurb. I throw a console cable on it and boot, but after the following messages I don't get a prompt or anything (I hit return multiple times). Any ideas? System restarted -- Cisco IOS Software, 3800 Software (C3825-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 25-Feb-09 22:21 by prod_rel_team *Aug 22 00:03:56.967: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start *Aug 22 00:03:57.515: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF *Aug 22 00:03:57.515: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF *Aug 22 00:03:57.515: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF *Aug 22 00:03:57.515: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF *Aug 22 00:03:57.731: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down After these last lines I get no response from the console
|
# ? Aug 22, 2009 05:14 |
|
brent78 posted:I'm trying to configure a 3825 that I bought refurb. I throw a console cable on it and boot, but after the following messages I don't get a prompt or anything (I hit return multiple times). Any ideas? How long are you waiting? Have you tried ROMMON? If you pull the flash card is there a crashinfo file?
|
# ? Aug 22, 2009 06:50 |
|
brent78 posted:I'm trying to configure a 3825 that I bought refurb. I throw a console cable on it and boot, but after the following messages I don't get a prompt or anything (I hit return multiple times). Any ideas? Tried setting confreg 0x2142 in rommon to skip config if any? (as well as normalize the console speed etc in case it's doing a late speed change?)
|
# ? Aug 22, 2009 14:00 |
|
I have a rather odd question about finding devices plugged into your cisco switches. We have guys that are setting up Kronos time keeping equipment at a multitude of locations. These Kronos devices have a mac address that begins 0040. If you happen to be on the right switch, then you can issue a: sh mac-address-table | incl 0040 13 0040.5801.dd37 STATIC Fa0/20 13 0040.5801.dda7 STATIC Fa0/21 and of course if there's one on that switch, you'll the Fa port where it is attached. If I'm not on the correct switch, I'll see the trunked Gi interface where it is: sh mac-address-table | incl 0040 13 0040.5801.dd37 DYNAMIC Gi1/0/9 13 0040.5801.dda7 DYNAMIC Gi1/0/9 Here's where I'm stuck. I can issue a sh cdp neigh and it will tell me the hostname of gi1/0/9, but I have no means of really knowing what the ip of that switch is so I can connect to it. Is there any way to find these devices without ssh'ing into every switch to find that hostname?
|
# ? Aug 22, 2009 14:26 |
|
Weissbier posted:Is there any way to find these devices without ssh'ing into every switch to find that hostname? Use the 'detail' parameter to sh cdp nei. code:
|
# ? Aug 22, 2009 14:58 |
|
brent78 posted:
Make sure RTS/CTS is turned off on your serialport. This tends to make it 'read only'.
|
# ? Aug 22, 2009 14:59 |
|
inignot posted:I can't claim credit for this, as I've only been at this place a year: Actually I just upgraded a similar box, it has 9 years of uptime when i shut it down. A drat miracle all the linecards booted back up.
|
# ? Aug 22, 2009 15:01 |
|
ior posted:Use the 'detail' parameter to sh cdp nei. Awesome ior, thank you for that little tip!
|
# ? Aug 22, 2009 15:41 |
|
A customer of mine needs help building their DOCSIS 3.0/M-CMTS lab. Does anyone have experience in that realm and want to help out?
|
# ? Aug 25, 2009 21:44 |
|
Wow. Apparently Cisco snuck in support for Active Directory into the latest software release of the TrendMicro CSC SSM. This is like, huge, for me. Is there somewhere I can sign up to a mailing list or RSS feed or something similar to see when these releases come out?
|
# ? Aug 26, 2009 14:11 |
|
Syano posted:Wow. Apparently Cisco snuck in support for Active Directory into the latest software release of the TrendMicro CSC SSM. This is like, huge, for me. Is there somewhere I can sign up to a mailing list or RSS feed or something similar to see when these releases come out? Check under "My Cisco".
|
# ? Aug 26, 2009 17:18 |
|
I'm using a 3620 as a terminal server (async cards to IP). Is there anyway to see the status of the indicator lights on the back of the async cards through IOS? [edit] "sh line summary" I think gets me what I needed. FatCow fucked around with this message at 19:14 on Aug 27, 2009 |
# ? Aug 27, 2009 19:08 |
|
I'm looking for some help diagnosing a kind of frustrating issue with a Cisco ASA 5505: I have the router set up to allow VPN access from a restricted set of IPs. Clients who are allowed VPN access can VPN in just fine, but once they are in, the people who are connected through the VPN can only ping two IP addresses, the internal ASA address, and it's external address. Any other IP you try to ping times out. The strange thing is that (based on what syslog is saying) there is not an ACL denying access to the rest of the hosts. For example, this is what Syslog says when I ping from a VPN client to the inside interface: Built inbound ICMP connection for 10.10.8.240/13836 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 (craig) Teardown ICMP connection for faddr 10.10.8.240/32779 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 Built inbound ICMP connection for 10.10.8.240/23779 gaddr 1010.8.1/0 laddr 10.10.8.1/0 (craig) Teardown ICMP connection for faddr 10.10.8.240/32779 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 Built inbound ICMP connection for 10.10.5.1/23779 gaddr 1010.8.1/0 laddr 10.10.8.1/0 (craig) Teardown ICMP connection for faddr 10.10.5.1/32779 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 for 3 successful pings, but when I try to reach a different ip address (10.10.8.12) it says: Built inbound ICMP connection for faddr 10.10.8.240/4620 gaddr 10.10.8.12/0 laddr 10.10.8.12/0 (craig) Teardown UDP connection for 4824 for outside:10.10.8.240/49828 to NP Identity Ifc:255.255.255.25/2223 duration 0:02:01 bytes 72 (craig) Teardown UDB connection for 4821 for outisde: 10.10.8.240/57060 to inside:10.10.8.12/53 duration 0:02:15 bytes 118 (craig) Its the same thing when trying to ping any outside IP address. Based on the fact that an ACL isn't actively denying the request, am I correct in assuming the problem is not being caused by an ACL, or is there something else that can deny traffic like this?
|
# ? Aug 28, 2009 00:30 |
|
A couple (noob) things I need to vent/ask about.. Let's say provider A hands you the following IP information for a new circuit turn up (1xT1 IP voice/data circuit): IP LAN Block = 9.9.9.112/28 Usable IP Range = 9.9.9.113 to 9.9.9.127 and Circuit ID: blahblah. Wan Link IP Address: 11.11.11.24 AR Serial INT IP Address: 11.11.11.25 CR Serial INT IP Address: 11.11.11.26 WAN Link Subnet Mask: 255.255.255.252 The provider is installing their own managed router (A) to terminate the T1 and split voice/data on different interfaces. You will install your own router (B) on the data side to firewall/tunnel/route/whatever. Given only this information what IP's do you put on your 1 WAN and 1 LAN interfaces of your router (B)? The circuit is handed to you as ethernet from router A, not serial. Also you have a public server or two to throw into the mix. What IP's go where? Note: I now know the answer, just wondering if I could have asked this yesterday and saved myself many hours of frustration and two pissed off bosses today, or if there's room for debate given the info I received. e: Also, yes, I refused to email provider A for further instruction because I'm an idiot and made too many assumptions. J Crewl fucked around with this message at 06:02 on Aug 28, 2009 |
# ? Aug 28, 2009 05:57 |
|
Wicaeed posted:I'm looking for some help diagnosing a kind of frustrating issue with a Cisco ASA 5505: Have you read this: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml Sounds like you don't have the ACL set for allowed subnets. This will cover internal access. Do these VPN users need to access the internet through the ASA or are you allowing split tunneling?
|
# ? Aug 28, 2009 18:08 |
|
Tremblay posted:Have you read this: Awesome, that pointed me in the right direction I had to clear out all of the existing ACL's that were being used for tunneling, once that was done I could ping hosts on both sides of the network Now to just set it up how I want! Thanks!
|
# ? Aug 28, 2009 20:22 |
|
I'm helping out with network overhaul at work. They're looking to get a router/firewall that can handle an average load of 50 users. They also want something that can do dual WAN with load balancing. Does anyone have any recommendations? I've setup Cisco equipment before but I get lost looking through all their offerings.
|
# ? Aug 28, 2009 21:40 |
|
E1M6 posted:I'm helping out with network overhaul at work. They're looking to get a router/firewall that can handle an average load of 50 users. They also want something that can do dual WAN with load balancing. Does anyone have any recommendations? I've setup Cisco equipment before but I get lost looking through all their offerings. For Cisco you'll want to look at the ISR line of routers with Firewall feature set. ASA will do multiple ISP connections, but it will not load balance them.
|
# ? Aug 29, 2009 19:37 |
|
Has anyone done much of anything with Cisco's wan accelerators? Specifically I am interested in any improvements to RDP traffic streams. We are committed to a thin infrustructure from here on out and would really like to reduce, as much as possible, the latency the end user sometimes experiences, especially in graphic intensive processing, ie viewing a flash animation. I know the RDP protocol already significantly compresses the data for transport but any improvement in latency from some soft of cache, if that is even possible, would be looked at as good.
|
# ? Sep 2, 2009 17:03 |
|
It seems like Cisco WAAS is exactly what you are looking for. I don't have any direct experience with it, but for certain applications its perfect. If you are running ISRs at your sites, then all you need is a network module. Something to look into anyway. http://www.cisco.com/en/US/products/ps6870/index.html
|
# ? Sep 2, 2009 17:51 |
|
Powercrazy posted:It seems like Cisco WAAS is exactly what you are looking for. I don't have any direct experience with it, but for certain applications its perfect. Yeah according to all the documentation it is exactly what Im looking for. As a bonus, I already have the ISRs in place to support the add in module. However, my specific hope is reduction in latency and not neccessarily optimization of total bandwidth, although that would certainly be an added bonus. My local vendor has yet to deploy one so he felt it wasnt appropriate to tell me yes or no it would do what I want.
|
# ? Sep 2, 2009 18:03 |
|
Yeah, we're running WAAS for all our sites also. It's great; it does offer a great increase in SMB and printperformance. We dont use it for RDP though.. Setting it up is quite easy (both inline and wccp) and it's low maintenance. Cisco is very happy to loan you a couple of units for testing, so you may check if they can arrange it for you.
|
# ? Sep 2, 2009 21:40 |
|
we've got a cisco 48 port POE gbit switch, and the thing takes like 6 weeks to enable a port. it causes TFTP/DHCP timeout issues, and makes the switch really irritating to work with. Is there a way to not make it take 90 - 120 seconds to enable a port?
|
# ? Sep 2, 2009 23:27 |
|
|
# ? May 15, 2024 19:27 |
|
by enable a port, do you mean after you type no shutdown? or do you mean when it picks up whatever is attached to it? If you meant after you plug a computer into it, you can use portfast on those ports, but only do it for ports connected to a PC.
|
# ? Sep 3, 2009 00:08 |