|
Wireless access points that you want to fit interesting places with a 100 meter power cord are a great use of poe.
|
#
?
Jan 6, 2010 20:55
|
|
|
|
| # ? May 14, 2024 21:54 |
|
|
Thanks for the advice gang. I think I am going to go ahead and pull the trigger on 2 48 port POE models. You never know when the boss man is going to walk in and tell me he wants IP phones.
|
|
#
?
Jan 6, 2010 21:14
|
|
|
Syano posted:Thanks for the advice gang. I think I am going to go ahead and pull the trigger on 2 48 port POE models. You never know when the boss man is going to walk in and tell me he wants IP phones. I don't know if Cisco still makes any models only supporting prestandard, but make sure your switches of choice support 802.3af PoE if you don't want to be stuck to only Cisco gear. I have a few customers out there who can't upgrade from their old 7940s up to something supporting modern HD codecs since they cheaped out and bought older switches.
|
|
#
?
Jan 6, 2010 22:40
|
|
|
So my trusty field-laptop is starting to give up its ghost and I need a new one. I've been looking at getting a lightweight netbook with good battery life and it looks like the Asus UL30A is a good choice. Whats troubling me is the last of native serial ports on new laptops because USB dongles has been pretty hit and miss for me in the past. Having to fiddle with your USB-serial dongle is not something you want to focus on when a CR has poo poo the bed or you are on the other side of the country installing some new gear. So tell me, what are your favorite USB-serial kits? Or if USB is crap, favorite laptop with native serial interface? Cost is pretty much a non issue.
|
|
#
?
Jan 8, 2010 21:30
|
|
|
nex posted:So my trusty field-laptop is starting to give up its ghost and I need a new one. I've been looking at getting a lightweight netbook with good battery life and it looks like the Asus UL30A is a good choice. The Siig USB to serial adapter (http://www.cdw.com/shop/products/default.aspx?EDC=996002) i have was recognized by windows 7 out of the box with no driver install. Shows up as com9 and works with putty like it was a regular old serial port. Configured a 2960 with it this morning and a tripp lite SNMPWEBCARD this afternoon. Hasta lasagna dont get any on ya.
|
|
#
?
Jan 8, 2010 22:10
|
|
|
nex posted:So tell me, what are your favorite USB-serial kits? Or if USB is crap, favorite laptop with native serial interface? Cost is pretty much a non issue. I initially had nothing but trouble with the kit they sell on monoprice.com, so if you're using Windows I would recommend staying away form it. The driver disc they provided was a mess of divers with no obvious clue as to which one should be installed. That said, I did end up getting it working and it worked fine after some driver hunting. It also has great open source drivers for MacOS and I think it works out of the box on Linux. Since I use MacOS on my Dell 10v netbook it's a perfect solution. So I guess this was more of a "what not to get" post, sorry.
|
|
#
?
Jan 9, 2010 01:02
|
|
|
Ugh yea, I remember having to battle with some lovely drivers in XP. Something like that Siig looks nice if the drivers are already installed in Windows 7 and extra bonus for linux drivers.
|
|
#
?
Jan 9, 2010 10:57
|
|
|
I'm probably jumping ahead of myself a little, but I'm running through the CCNA Security sylabus and I have a quick question on port security. In every implementation I've seen so far, Mac Address security is designed to limit a port to [x] number of MAC addresses. Now, if my understanding is correct, if I set a port security to allow 2 mac addresses, once three devices have been plugged into that port it'll put it into err-disable. As far as I know, it never 'times out' the first address. So, secondly, it's my understanding that Mac Address security is key to preventing a poo poo load of attacks as without being able to emulate different Mac Addresses you can't do stuff like DHCP exhaustion, ARP spoofing and so on. Now, my final question, is there anyway to allow [x] Mac Addresses in [x] time. It seems simple enough, but I've never even seen any of my material mention it. I ask because in the places I support, it simply wouldn't be feasable to tie each port down to a Mac forever due to hotdesking and machine movement etc. Forgive me if I'm simply misunderstood some aspects of port security. Edit: Okay, my Google Fu was weak earlier, I've done another bit of digging and it looks like Port Security Aging would do what I want. So, let me see if I've got this right: -I set Port Security to have a max of 2 MAC addresses -I set aging to be 10 minutes -User plugs computer in, works fine -User plugs laptop in, works fine Now, if another user was to try and plug a 3rd device in, this would ONLY work if 10 minutes had elapsed since the first computer? hermand fucked around with this message at 13:26 on Jan 9, 2010 |
|
#
?
Jan 9, 2010 13:20
|
|
|
hermand posted:I'm probably jumping ahead of myself a little, but I'm running through the CCNA Security sylabus and I have a quick question on port security. In every implementation I've seen so far, Mac Address security is designed to limit a port to [x] number of MAC addresses. Correct, there are typically 2 modes you can run for aging too: Absolute: This expires the entry, no matter what, every 10 minutes it's then relearned as secure when the device sends a frame. The 3rd computer will be able to be plugged in on some multiple of 10 minutes from when the first computer sent a frame. Dynamic: This expires the entry after the first computer has not sent a frame for 10 minutes. I prefer dynamic because the timer makes more sense and is easier to explain "Has it been more than 10 minutes since you unplugged the old computer? No? Ok then well wait a few more minutes and try again." Depending on the switches in your environment you may need some code upgrades, it seems like fixed config 12.1 trains do not include aging, but most recent 12.2s do.
|
|
#
?
Jan 9, 2010 14:55
|
|
|
When using GNS3, why do I need to create bridged tap devices like this? http://www.sadikhov.com/forum/index.php?showtopic=147181 I'm creating a simple network to test multicast and PGM routing,  Two 2600's with advanced IP services, EIGRP routing and sparse mode PIM. Unicast works fine both directions. Multicast sends from tap1 can be seen with tcpdump or Wireshark on tap0 but I see nothing on a socket subscribing on that interface.
|
|
#
?
Jan 11, 2010 05:43
|
|
|
nex posted:So my trusty field-laptop is starting to give up its ghost and I need a new one. I've been looking at getting a lightweight netbook with good battery life and it looks like the Asus UL30A is a good choice. I'm running an IOGear GUC232A. Works flawlessly with Win 7 and XP (and presumably Vista as well), although you do need to install the drivers for it. Tested on a ASA 5505 and a 3560G.
|
|
#
?
Jan 11, 2010 14:49
|
|
|
MrMoo posted:When using GNS3, why do I need to create bridged tap devices like this? Found an explanation, if obtuse, https://lists.linux-foundation.org/pipermail/virtualization/2008-July/011289.html So ended up with the following, 
|
|
#
?
Jan 11, 2010 15:46
|
|
|
Richard Noggin posted:I'm running an IOGear GUC232A. Works flawlessly with Win 7 and XP (and presumably Vista as well), although you do need to install the drivers for it. Tested on a ASA 5505 and a 3560G. We've got several technicians here using those to connect to heavy machinery and they work flawlessly for our uses as well. There was also a rather lengthy discussion on USB to serial adapters on the geeks list a few months back. It was specifically geared towards adapters that work well for serial console use with network/server equipment.
|
|
#
?
Jan 11, 2010 16:34
|
|
|
Thanks for the tips guys, that mail-list discussion was informative. I think I'm going for the IOGear adapter.
|
|
#
?
Jan 11, 2010 16:52
|
|
|
Note to self, apparently nexus fabric extenders don't auto-negotiate to gig. That is all.
|
|
#
?
Jan 11, 2010 20:28
|
|
|
reborn posted:Note to self, apparently nexus fabric extenders don't auto-negotiate to gig. What? What do you mean?
|
|
#
?
Jan 11, 2010 22:09
|
|
|
reborn posted:Note to self, apparently nexus fabric extenders don't auto-negotiate to gig. The 2ks? They are ONLY gigE...
|
|
#
?
Jan 12, 2010 02:28
|
|
|
Tremblay posted:The 2ks? They are ONLY gigE... They should still go through the auto negotiate process so you don't have to hard code speed/duplex it on the device it's connected to.
|
|
#
?
Jan 12, 2010 04:40
|
|
|
Doesn't the gigabit standard dictate autonegotiation?
|
|
#
?
Jan 12, 2010 14:27
|
|
|
Richard Noggin posted:Doesn't the gigabit standard dictate autonegotiation? You can't set duplex, but hard setting speed is allowed IIRC. Sojourner posted:They should still go through the auto negotiate process so you don't have to hard code speed/duplex it on the device it's connected to. You guys don't hard code in server farms? User access ports sure. Tremblay fucked around with this message at 17:25 on Jan 12, 2010 |
|
#
?
Jan 12, 2010 17:21
|
|
|
Tremblay posted:You can't set duplex, but hard setting speed is allowed IIRC. I looked it up to be sure - I was definitely wrong when I thought that using autonegotiation was mandatory in GigE environments. The implementation of autonegotiation is a requirement of being standards-compliant, but I think you have it backwards. According to this (Wiki citation): quote:Duplex configuration during 1000BASE-X operation can be handled either through
|
|
#
?
Jan 12, 2010 18:04
|
|
|
Tremblay posted:You guys don't hard code in server farms? User access ports sure. We only hard code FastE ports. GigE ports autonegotiate.
|
|
#
?
Jan 12, 2010 18:29
|
|
|
jwh posted:We only hard code FastE ports. GigE ports should autonegotiate. Just saying...!
|
|
#
?
Jan 12, 2010 20:32
|
|
|
Isn't it a bit of a sad look at the world of Ethernet that in 2010, 15 years after the introduction of autonegotiation and 12 years after the ambiguities that allowed Cisco and a few others to be in spec but incompatible were closed up, somehow this is still even a topic worth discussing? How do vendors still get away with failing to properly implement an incredibly simple spec?
|
|
#
?
Jan 13, 2010 01:34
|
|
|
jwh posted:What? What do you mean? Not sure, all I know is implimenting some new SAN's connected to a fabric extender and I couldn't get them to come up. Hard coding worked and I was baffled. I couldn't believe that a nexus couldn't autonegotiate between 1gig and 10gig. I haven't had the time to look into it further.
|
|
#
?
Jan 13, 2010 01:39
|
|
|
wolrah posted:Isn't it a bit of a sad look at the world of Ethernet that in 2010, 15 years after the introduction of autonegotiation and 12 years after the ambiguities that allowed Cisco and a few others to be in spec but incompatible were closed up, somehow this is still even a topic worth discussing? I've seen driver issues cause auto to fail. On both the network gear side, but more commonly on the host adapter side. http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html The data sheet indicates the 2k supports auto. I did find a few bugs, so depending on what rev of SW you are running they could be relevant... Tremblay fucked around with this message at 03:08 on Jan 13, 2010 |
|
#
?
Jan 13, 2010 03:02
|
|
|
Richard Noggin posted:I looked it up to be sure - I was definitely wrong when I thought that using autonegotiation was mandatory in GigE environments. The implementation of autonegotiation is a requirement of being standards-compliant, but I think you have it backwards. According to this (Wiki citation): The last paragraph in your quote. Hard setting speed is allowed but auto still happens to setup M/S, flow control, etc. Interesting that they mention half duplex Gig. I always thought it was full only. :moreyouknow: EDIT: sorry for the double, meant to paste this in the above post.
|
|
#
?
Jan 13, 2010 03:12
|
|
|
What are you guys using to collect syslog messages? I have been poking around at a couple packages the last week trying to find one I like. Any suggestions? All Windows shop btw, though I could throw up a Ubuntu VM if I had to.
|
|
#
?
Jan 13, 2010 14:54
|
|
|
Usually we use Kiwi Syslog Daemon. It does everything you'd ever really need a syslog to do. Also, it's free unless you pay for a licensed version.
|
|
#
?
Jan 13, 2010 15:21
|
|
|
I looked at Kiwi and the free version doesnt appear to let me forward messages to a central collector. Which is ok I suppose. But then once I realized I was going to have to pay for it I decided to go ahead and give the other pay for products a fair look.
|
|
#
?
Jan 13, 2010 15:28
|
|
|
Tremblay posted:The last paragraph in your quote. Hard setting speed is allowed but auto still happens to setup M/S, flow control, etc. Interesting that they mention half duplex Gig. I always thought it was full only. :moreyouknow: That would be correct for 10/100 speeds, but according to the standard the only way to force negotiation at GigE speed is to use autonegotiation with 1000BASE-T as the only option. Unless I'm really retarded and don't understand what that paragraph is saying, which is entirely possible  .
|
|
#
?
Jan 13, 2010 16:32
|
|
|
If you are looking at commercial products I highly recommend Splunk. I don't believe there is a Windows version though.
|
|
#
?
Jan 13, 2010 16:33
|
|
|
Richard Noggin posted:That would be correct for 10/100 speeds, but according to the standard the only way to force negotiation at GigE speed is to use autonegotiation with 1000BASE-T as the only option. Unless I'm really retarded and don't understand what that paragraph is saying, which is entirely possible No you are right. Practically speaking there is no difference between hard setting the speed and only advertising gig. That was all I meant.
|
|
#
?
Jan 13, 2010 17:15
|
|
|
I'm running into a wall trying to help a buddy move his stuff to a new colo. Right now they have a pair of 1700s running a pair of point to point T1s, with the office 1700 acting as a gateway ip to the local machines to a 3750/ASA at the colo. They are replacing the T1s with a ten meg point to point with it's own hardware, and the office 1700 with a 2960 which doesn't support ip routing as far as I can tell in IOS. Now, I had planned to redo the vlans on the colo side anyway, but is there any way I can pass the local office vlan info across the point to point and let the 3750/ASA handle the default gateway/routing for the local office? They are a really small shop so buying new hardware is probably out of the question. The 1700s were leased from their old provider and going away as well. I'm pretty sure I can do this with intervlan routing on the 3750, just IOS isn't my strong suite.
|
|
#
?
Jan 13, 2010 18:37
|
|
|
A Duck! posted:I'm running into a wall trying to help a buddy move his stuff to a new colo. What is the 10MB PtP? Is it aggregated T1s? Ethernet? If it's Ethernet- how many workstations at the office (most metro-e providers have MAC limits). If you have too many workstations at the office you may need to swap that 2960 for something that does L3 (like a 3550/3560).
|
|
#
?
Jan 13, 2010 19:22
|
|
|
It's a bunch of bonded T1s with some Anda 2108s on each end offering a 10bt ethernet port. I agree I'd rather they have an L3 switch, but my hands are tied. It's for maybe ten servers/application hosts, and some downstream unmanaged switches. So yeah I'm worried about passing that many mac addresses across the link. I would really, really like to keep the vlans on the colo and office side segregated, and to be able to do QoS tagging on the 2960 (so I can let it handle the dumb unmanaged switches on the network on a port by port basis), then pass everything through a 3550 gate way to the point to point. Then I wouldn't have to change anything on the colo end. If I pick up a cheap 3550 with SMI, and I'm not worried about passing vlan info to the colo 3750/ASA, do I need to worry about it not having an EMI image? In a perfect world I just want something that can do a simple gateway and route of all local traffic from vlanN across an uplink port, and pass it all off to the 3750 on the other end without having to really bridge vlans or do anything crazy. They are a small shop and don't need anything complex, or a full time sys/cisco admin. Thanks!
|
|
#
?
Jan 13, 2010 19:53
|
|
|
A Duck! posted:It's a bunch of bonded T1s with some Anda 2108s on each end offering a 10bt ethernet port. Those look like true point-to-point boxes, the only time you really need to worry about MAC limits is when you're using the various telco's metro-e products (where they drop off a switch, and you have point-to-multipoint options etc), any time it's dedicated PtP or MPLS pseudowires they don't care about MAC count because they never see it. If they have multiple VLANs (or even address ranges) at the office it'd be beneficial to have something local for the interVLAN routing though. I forget how the old 3550 licensing (SMI/EMI) worked but if all you need is static routes you should be able use IP Base.
|
|
#
?
Jan 13, 2010 20:05
|
|
|
ragzilla posted:Those look like true point-to-point boxes, the only time you really need to worry about MAC limits is when you're using the various telco's metro-e products (where they drop off a switch, and you have point-to-multipoint options etc), any time it's dedicated PtP or MPLS pseudowires they don't care about MAC count because they never see it. If they have multiple VLANs (or even address ranges) at the office it'd be beneficial to have something local for the interVLAN routing though. I forget how the old 3550 licensing (SMI/EMI) worked but if all you need is static routes you should be able use IP Base. Ah, so for ease of use I really should just bite the bullet and pick up something like this 3550-24 PWR SMI for the layer three and future intervlan routing. I don't really need the inline power on that 3550, but I'm assuming I can ignore that and use it as a normal switch as well correct? And it'll handle the basic IOS ip route and assignable ip per port so I can use it as a gateway on the office side? Thanks for all the help by the way. edit: Actually I think I'll just end up ordering 3560-8PC instead of the 3550 since the other is a refurb and EOL anyway. I just need a few ports to handle the QoS tagging and layer 3 switching. Thanks again! A Duck! fucked around with this message at 21:31 on Jan 13, 2010 |
|
#
?
Jan 13, 2010 20:30
|
|
|
Cisco is not my speciality, but in my duties I have inherited administration of a PIX 505e, and I'm going to be replacing it with an ASA 5505. How much of a world of poo poo can I expect to be in? I don't suppose it's possible to just paste in my PIX's running config and go, right? I'm furiously reading guides and manuals.
|
|
#
?
Jan 18, 2010 21:55
|
|
|
|
| # ? May 14, 2024 21:54 |
|
|
gregday posted:Cisco is not my speciality, but in my duties I have inherited administration of a PIX 505e, and I'm going to be replacing it with an ASA 5505. How much of a world of poo poo can I expect to be in? http://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html
|
|
#
?
Jan 18, 2010 22:01
|
|