|
falz posted:I recommended Mikrotik earlier in this thread, I'd take it over Linksys any day. Hell their $40 RB750's would do this. I have many RB493's doing all sorts of stuff (ospf, bgp, mpls, etc). RB1100's are awesome if you can find them in stock ($400, 13gig-e interfaces) I have actually been looking at these along with some pfsense boxes. How do these compare to something like this: http://www.logicsupply.com/products/ps_fw100b I spent some time yesterday messing with pfsense in a VM, I guess I should do the same for routerOS.
|
# ? Nov 7, 2010 21:59 |
|
|
# ? May 29, 2024 00:49 |
|
You can download RouterOS as software and put it on any box too. License for it is cheap and it has a trial period so you could mess with it for some period of time first. Under the hood it's really just Linux but it's completely their own shell and management tools, no way to break out to a bourne shell or anything that I've found. That mini ITX thing is more general purpose obviously, the RB's are purpose built for this stuff. You'll get a lot more ethernet ports and switch chips (offload l2 switching between ifaces) on most of the RB's. I've had very little downside to them. The firewall rule config is a bit tedious but oh well. Some PDFs of theirs with performance tests: * http://www.routerboard.com/pdf/RouterBOARD_Price_Performance_Comparison.pdf * http://www.routerboard.com/pdf/routerboard_performance_tests.pdf
|
# ? Nov 8, 2010 02:06 |
|
falz posted:You can download RouterOS as software and put it on any box too. License for it is cheap and it has a trial period so you could mess with it for some period of time first. Under the hood it's really just Linux but it's completely their own shell and management tools, no way to break out to a bourne shell or anything that I've found. It can't be any worse than this firebox. I'm stuck with. The dual WAN upgrade they paid for before I started there never worked, and I'm not about to shell out more money for firmware updates to find out it still isn't fixed. edit: can't figure out how to turn on the web interface on routeros either... PuTTY riot fucked around with this message at 02:13 on Nov 8, 2010 |
# ? Nov 8, 2010 02:10 |
|
I am posting this here because it is a Cisco job at our company.. and I am also cross-posting from the job fair: Please note: If you have a CCNA and experience with Cisco routing and switching, please apply. If you have Call Manager/Unity experience you need to apply RIGHT NOW PM/IM me with any questions Even if you don't think you fit the description, apply anyway, it doesn't have to be senior level. JUST HAVE A CCNA AND EXPERIENCE!! Who we are: A large nationwide Oncology company Where we are: HQ is in FT Myers, FL Job Title: Senior Network Admin Description: PURPOSE: The Senior Network Administrator will have overall responsibility for maintaining network systems and services including routers, switches, firewall, VPN, CoS/QoS, VoIP, and other IP devices. The Senior Network Administrator is responsible for maintaining service levels for all critical applications by installing, upgrading, configuring and troubleshooting as required. The Senior Network Administrator will assist and/or lead the development and/or enhancement of procedures and/or methodologies to achieve optimum performance, security, delivery, and continuity of network services. The Senior Network Administrator will install and maintain LAN, WAN, and telecommunication equipment and recommend the purchase of hardware, software and telecommunication equipment as necessary. The Senior Network Administrator will train users on LAN operations as necessary. Must be able to travel domestically. This position currently reports to the Director of IT Operations. RESPONSIBILITIES: * Maintain a large nationwide LAN/WAN environment * Perform network performance monitoring and tuning * Recommend, perform, and coordinate upgrades to network software and hardware which may require after hours and weekend work. * Manage all networking projects including voice/data circuit installation and operation, CoS/QoS initiatives, monitoring and timely problem resolution * Maintain telephone systems (PBX) in cooperation with outside vendors * Implement appropriate levels of network security * Assist with development and maintenance of IT Disaster Recovery plans, security policies, etc. * Document network configuration REQUIREMENTS: * 3+ years of hands-on experience supporting a large nationwide Cisco LAN/WAN environment is required * Experience with Cisco Call Manager configuration and support preferred * Experience with non-Cisco telephone systems/ PBX * Experience with managing telecom service providers * Excellent analytical, troubleshooting, problems solving skills required * Strong understanding of Windows networking in an enterprise environment * Excellent interpersonal, written, verbal presentation and time management skills * Must work well in a team environment EDUCATION: * Bachelor's Degree in IT or related field, or equivalent experience * A minimum of CCNA certification is required APPLY RIGHT HERE NOW: http://www.21stcenturyoncology.com/...ortunities.aspx If you apply, please im/pm me right away!!
|
# ? Nov 8, 2010 03:54 |
|
This kind of stuff seriously only pops up after I move out of an area
|
# ? Nov 8, 2010 20:16 |
|
What's your pay rate on that job?
|
# ? Nov 8, 2010 21:21 |
|
American Jello posted:firebox Oh god those are the worst ever. Requires a windows app to admin it, makes no sense in general, huge steaming pile. We have one customer with one that they ask us to admin for them, it's terrible. Also it needs to be rebooted frequently. As for RouterOS and its web interface, isn't it on by default? Honestly it's not that useful except for maybe the initial config. Use its CLI or Winbox which connects to port 8291.
|
# ? Nov 9, 2010 15:11 |
|
workape posted:What's your pay rate on that job? Apply and you will find out!
|
# ? Nov 9, 2010 20:43 |
|
falz posted:Oh god those are the worst ever. Requires a windows app to admin it, makes no sense in general, huge steaming pile. We have one customer with one that they ask us to admin for them, it's terrible. Also it needs to be rebooted frequently. Am I wrong in thinking that opening a port for RDP or whatever should not knock out the entire office's internet for 30-45 seconds? I played around with winbox-- I think web gui is disabled on the unlicensed version. Winbox is kind of weird looking but doesn't seem to be *that* bad really. For a hundred bucks or whatever I'll take the gamble on it working out.
|
# ? Nov 9, 2010 22:05 |
|
American Jello posted:Am I wrong in thinking that opening a port for RDP or whatever should not knock out the entire office's internet for 30-45 seconds? Changing NAT rules and stuff won't reset any TCP sessions and should go unnoticed. Winbox is a little strange but 1) it's a single EXE that doesnt require an installer, 2) runs perfectly under `wine` which is how I always use it.
|
# ? Nov 9, 2010 22:43 |
|
falz posted:Changing NAT rules and stuff won't reset any TCP sessions and should go unnoticed. Winbox is a little strange but 1) it's a single EXE that doesnt require an installer, 2) runs perfectly under `wine` which is how I always use it. Sorry, what I was saying is that the Watchguard Firebox I have is a piece of poo poo and actually does crap out like that for everyone whenever I do anything. I'd totally take some 'strangeness' with winbox for stability over the PoS system we have now.
|
# ? Nov 9, 2010 22:46 |
|
winbox is strictly a gui for configuring so that you don't have to memorize Microtik syntax. The device itself seems really stable so far from what I'm testing.
|
# ? Nov 9, 2010 23:49 |
I'm a huge MikroTik fan. We've got hundreds of Routerboards running RouterOS throughout our network (we're a pretty large WISP). We've got everything from RB112's (don't ask ...) to RB450G's in production. My biggest problems with them are that they still don't have good SNMPv2 support, and their support is basically free forum responses from Latvia, when they feel like responding. But still, for under $200/unit, you get a router capable of doing ospf, ipv6, dhcp over radius, and MPLS ... and you can put it in a NEMA enclosure in the Texas summer without AC. For American Jello: It is very possible to have a MikroTik duplicate the functionality of many of these "dual WAN" routers, but, load balancing verses redundancy means subjecting more sessions to coming from different source IPs and requiring reauthentication, etc. It is nowhere near as seamless as advertisers try to make it. If you want real redundancy, figure out how to do it with dynamic routing protocols advertising a real IP block, not NAT through two different ports. If two pipes to 1 provider and limited BGP is too expensive/complicated, you just need to accept the significant limitations a dual NAT solution will provide, and are probably going to get better results having one of them be failover-only verses trying to use both at once in a load-balance setup.
|
|
# ? Nov 11, 2010 06:51 |
|
Anyone use an NMS solution besides SolarWinds Orion? It needs to be a robust enterprise solution so no homebrewing some kind of SNMP trap script.
|
# ? Nov 11, 2010 16:12 |
|
Statseeker is ok for SNMP polling and visualization, a little expensive in my opinion. Manage Engine OpManager is a jack of all trades, master of none type solution. It's pretty modestly priced ($5Kish) and the support staff is pretty responsive.
|
# ? Nov 11, 2010 18:23 |
|
We have probably 60ish 1130ag access points deployed in our various locations and I am broadcasting a public SSID for anyone to jump on to. I would really really like to get a captive portal in place to authenticate and log usage of this system though. I know that you can do this through the wireless controller but that is out of the budget at this point. Is there some other way to captive portal this guest traffic?
|
# ? Nov 11, 2010 19:57 |
|
Are T1 interfaces full-duplex? I'm trying to figure out what our capacity is but serial interfaces don't seem to show duplex settings, I can't seem to find anywhere in the cisco documentation that says our specific T1/E1 vwics are full-duplex or not. We're using VWIC-2MFT-E1, does anyone have any documentation that shows if this is full-duplex or some way to get that information out of the router?
|
# ? Nov 11, 2010 20:27 |
|
They are full duplex in the sense that you have a dedicated send/receive pair.
|
# ? Nov 11, 2010 20:59 |
|
tortilla_chip posted:They are full duplex in the sense that you have a dedicated send/receive pair. I thought this was the case since the cable diagram shows seperate pairs for RX and TX but I can't seem to find any documentation that explains this. I'm trying to show my bosses what are capacity is but they don't seem to believe that T1s can have 1.5Mbps down and 1.5Mbps up simultaneously. Is there any documentation that shows this anywhere?
|
# ? Nov 11, 2010 21:42 |
|
http://en.wikipedia.org/wiki/Digital_Signal_1 Does wikipedia count
|
# ? Nov 11, 2010 21:51 |
|
tortilla_chip posted:http://en.wikipedia.org/wiki/Digital_Signal_1 From the "bandwidth" section: Wikipedia posted:A DS1 is also a full-duplex circuit, which means the circuit transmits and receives 1.544 Mbit/s concurrently. Here's another source: NetworkDictionary.com posted:Within the communications network, copper twisted pairs are used. One pair for transmit, and another for receive making four wires for each T1. This allows T-carrier systems to transmit and receive simultaneously in both directions at full speed (full duplex).
|
# ? Nov 11, 2010 21:57 |
|
yarrmatey posted:MikroTik SNMPv2 support http://www.mikrotik.com/download/CHANGELOG_5 Steve Slavery posted:I'm trying to show my bosses what are capacity is but they don't seem to believe that T1s can have 1.5Mbps down and 1.5Mbps up simultaneously.
|
# ? Nov 11, 2010 22:08 |
|
SamDabbers posted:From the "bandwidth" section: Thanks, I've been searching for specific specs/information about our gear, hopefully this is good enough to make my case.
|
# ? Nov 11, 2010 22:15 |
|
Not only that, but you can wire up half a T1 and TX-only or RX-only. (You can also gently caress up the wiring and achieve the same effect)
|
# ? Nov 11, 2010 23:07 |
|
We're experiencing some network issues at one of our schools. We just signed up for a new streaming video services and it's running slower at one particular school. This building has the "weakest" core switch. Other buildings have 4500 series switches which the problem building has a 3560 handling traffic and L3 duties. Here's a crappy diagram:code:
code:
Checking the error counters for G0/1: code:
Any thoughts about why performance is struggling. Have we hit the performance limit of the 3560?
|
# ? Nov 15, 2010 18:06 |
|
We are about to license SSL VPN for our ASA. What options do we have for limiting the actual host that the user will be connecting from?
|
# ? Nov 15, 2010 18:24 |
|
What multicast mode are you using? Are the links between switches layer 2 or 3?
|
# ? Nov 15, 2010 18:41 |
|
InferiorWang posted:Any thoughts about why performance is struggling. Have we hit the performance limit of the 3560? Doubt it- you're using 5% of Gi0/1. I think your problem is elsewhere. Have you been able to verify the problem at the site? edit: do a sh proc | ex 0.00 on the 3560 jwh fucked around with this message at 19:11 on Nov 15, 2010 |
# ? Nov 15, 2010 19:08 |
|
tortilla_chip, ip pim sparse-mode. L3 between the 3560 and the 4507, L2 within the school if I'm understanding your question. While the school has multiple vlans, the 3560 core switch is the only device doing L3 at that school. jwf, I've tested it myself. I didn't see the problem as severe as has been reported. I plan on going back on site to test some more. Here's the output from that command... code:
|
# ? Nov 15, 2010 19:39 |
|
The CPU utilization looks fine. If the multicast stream is responsible for all the traffic across g0/1 and you're only doing 100meg to the receiver I could see potential for a 50mbps stream to make the experience "slow". Have you already ruled out duplex mismatch at the user end?
|
# ? Nov 15, 2010 19:51 |
|
Not really up to speed on the details, but I've seen multicast issues on 3560 where especially multicast traffic gets punted to CPU because of load/too many routed interfaces. This was solved by changing SDM template. Its probably not the case with your traffic load, but you might try changing SDM prefer to default or layer-2 - whichever fits best.
|
# ? Nov 15, 2010 20:17 |
|
You might be having replication issues on your distribution 3560. there are a few show commands you should run to see if you are (over)subscribing to the mlticast groups. If the 3560 is getting flooded and has to fail to software, performance is going to suffer. (I doubt this is problem, but since I don't know the profile of your traffic, its the best I can do) show ip igmp groups show ip igmp interface show platform tcam utilization show platform ip multicast groups show platform ip multicast hardware There are some others that might be beneficial (sho ip mroute) so you can see where the bottle neck is. With such a small amount fo traffic I'm goign ot guess its an issue of the hosts not subscribing to the multicast stream and there for you are unicasting N number of streams. Oh also make sure that you have enabled ip multicast routing on your 3560. ate shit on live tv fucked around with this message at 22:41 on Nov 15, 2010 |
# ? Nov 15, 2010 22:37 |
|
InferiorWang posted:tortilla_chip, ip pim sparse-mode. L3 between the 3560 and the 4507, L2 within the school if I'm understanding your question. While the school has multiple vlans, the 3560 core switch is the only device doing L3 at that school. Maybe do a SPAN on a port in the same vlan as the users who want access to the multicast group - in fact, that's probably the next thing I'd do, that'd rule out anything stupid/underlying problems.
|
# ? Nov 16, 2010 08:55 |
|
Sorry, I think I misrepresented the issue. The streaming video isn't multicast traffic, or shouldn't be, as in the source isn't an RP on our inside network. The streaming video is from a service and originates from an outside server. I'm thinking now it's a client side issue. I brought a machine back to my office and I'm having the same problem. Just using the basic windows network connection status screen, there is no traffic occurring while the player is hung up. edit: no duplex mismatches.
|
# ? Nov 17, 2010 15:36 |
|
Do any of you guys have callmanager experience, and if you do can you post up a sample SIP trunk config? Thanks
|
# ? Nov 17, 2010 22:01 |
|
CrazyLittle posted:Do any of you guys have callmanager experience, and if you do can you post up a sample SIP trunk config? Thanks I'm assuming Call Manager Express? http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_configuration_example09186a00808f9666.shtml If you have any problems configuring it, post em here.
|
# ? Nov 18, 2010 02:33 |
|
I'm currently having an issue setting up Dual Wan for a customer on an ISR 1941. Previously they had only one internet connection through Verizon, with 3 VPNs to remote branches. Initially when I added the default route for the secondary wan connection, I would immediately lose connectivity to the outside WAN interface. Added a metric of 10 to the default route for the secondary interface and then put in a route map to push everything coming in on the secondary interface back out the secondary interface and everything seemed to work peachy. Their secondary WAN connection however has much higher bandwidth, so I was hoping to move the VPN connections to that connection instead. I was able to successfully move them over, VPNs are connecting ok but found traffic is not flowing between the sites. Also found that if I remove the access list corresponding to the route map I had set up traffic starts flowing across the VPNs but then I lose connectivity to the router. I've called Cisco, spent a good long while just trying to get the technician to understand what was going on and kept getting bounced between the router and VPN technicians so I was hoping if anyone had some free time they might be able to take a look at my config and see what I might be doing wrong. http://home.singlecircuit.com/dualwan.txt Thanks in advance!
|
# ? Nov 18, 2010 14:52 |
|
We have 8 sites connected using T1's to an MPLS cloud provided by AT&T. Each of our site's CE routers BGP peer with AT&T. Then each of the 8 routers have 7 tunnels addressed in the same /24 subnet that go to each of the other 7 routers, and EIGRP runs over the tunnels to provide our internal routing. All communication between sites go through these tunnels. Is this a normal configuration? It just seems like it would be a hassle to add a new site because that would require creating a new tunnel on every other router on the WAN.
|
# ? Nov 18, 2010 15:10 |
|
para posted:We have 8 sites connected using T1's to an MPLS cloud provided by AT&T. Each of our site's CE routers BGP peer with AT&T. Then each of the 8 routers have 7 tunnels addressed in the same /24 subnet that go to each of the other 7 routers, and EIGRP runs over the tunnels to provide our internal routing. All communication between sites go through these tunnels. That sucks and is not best practice config. Unless you have a need for spoke to spoke communication then you just need to have a a single tunnel going to each remote site from your hub. The tunnel addresses should be p2p /30's and the sites should each be on their own network. So say site 1 would be 10.1.0.0/16 site 2 would be 10.2.0.0/16 etc. and all your tunnel /30 addresses would be in 10.0.x.x/16. I can post a config of how we do it if you'd like. If you do need spoke to spoke communication then look up DMVPN. Its much more scalable and adding new sites requires zero new hub configuration, I've got some configs for that as well.
|
# ? Nov 18, 2010 17:08 |
|
|
# ? May 29, 2024 00:49 |
|
para posted:We have 8 sites connected using T1's to an MPLS cloud provided by AT&T. Each of our site's CE routers BGP peer with AT&T. Then each of the 8 routers have 7 tunnels addressed in the same /24 subnet that go to each of the other 7 routers, and EIGRP runs over the tunnels to provide our internal routing. All communication between sites go through these tunnels. When you say tunnels are you saying you've got VPN tunnels configured through each of those pairs? I've setup quite a few of these and generally I use BGP from CE to PE and then redistribute OSPF or EIGRP back into your internal network. If you require encryption for PCI or something similar I usually setup GET VPNs over an MPLS. Without GETVPN adding a new site is as easy as getting the line dropped, setting up the BGP peer between the CE and PE then adding your internal BGP/OSPF/EIGRP.
|
# ? Nov 18, 2010 17:22 |