|
Is there a firewall before the edge router or ACL on the interface?
|
#
?
Mar 24, 2011 15:49
|
|
|
|
| # ? May 30, 2024 11:31 |
|
|
Sepist posted:Is there a firewall before the edge router or ACL on the interface?
|
|
#
?
Mar 24, 2011 16:09
|
|
|
What routes are you advertising to the CE? I suspect the CE doesn't have a route back to you.
|
|
#
?
Mar 24, 2011 16:21
|
|
|
jwh posted:What routes are you advertising to the CE? Here is the CE. Fa4 is connected to the NTU onsite which connects to our PE. code:
|
|
#
?
Mar 24, 2011 16:30
|
|
|
Well, so much for that idea. It might be time to debug icmp on the CE and see what's happening.
|
|
#
?
Mar 24, 2011 16:46
|
|
|
Shouldn't you also be redistributing from BGP into RIP?
tortilla_chip fucked around with this message at 17:08 on Mar 24, 2011 |
|
#
?
Mar 24, 2011 16:59
|
|
|
tortilla_chip posted:Shouldn't you also be redistributing from BGP into RIP?
|
|
#
?
Mar 24, 2011 17:35
|
|
|
BGP, IIRC, will always require some form of internal routing.
|
|
#
?
Mar 24, 2011 17:43
|
|
|
Just got back from my interview, not that you guys need an update but I am pretty excited. So at the end of this 6 month contract to hire period they will pick 3 of 6 people to stay on full time. They seemed to make an inclination that just by talking to me I would be the most likely candidate. The one technical question they asked me was what STP was and how does it work. I told them how STP works, as best I could, and then told them why using RSTP brought benefits. He explained they used Multiple Spanning-Tree, which I never encountered yet. During the interview the other person in the room said something like "you shouldn't worry" about not getting picked. Pretty inspiring.  Seriously though, in six months and I don't get picked... I am going to be unemployed. I don't know if this is a good idea to take it or a hilariously bad one.  EDIT: They have over 11000 users.  and they are expanding. Maybe it was nodes... that's a lot of people.
Bardlebee fucked around with this message at 21:09 on Mar 24, 2011 |
|
#
?
Mar 24, 2011 21:07
|
|
|
greatapoc posted:Here is the CE. Fa4 is connected to the NTU onsite which connects to our PE. (not service affecting but) what's your ARP table look like on the CE? iirc routing a static out a broadcast media interface will result in a lot of ARP lookups which may be a 'bad thing'.
|
|
#
?
Mar 24, 2011 21:29
|
|
|
I have a 2811 that loses it's running config on reload. The saved config stays fine. Copy start run brings it right back to where I want it. What can I do to fix this?
|
|
#
?
Mar 24, 2011 21:30
|
|
|
What's the config register? Do a sh ver.
|
|
#
?
Mar 24, 2011 21:59
|
|
|
Do you do 'copy run start' before you reload?
|
|
#
?
Mar 24, 2011 21:59
|
|
|
Powercrazy posted:Do you do 'copy run start' before you reload? lol who does this, "wr" is all you need outside of certs! Always write mem once you are certain of your running config.
|
|
#
?
Mar 25, 2011 00:57
|
|
|
There are some things that don't accept `write`, and for those you alias crs and crt 
|
|
#
?
Mar 25, 2011 01:13
|
|
|
Sprint is finally deploying native IPv6 on AS1239 (vs tunnels on AS6175). Our assigned interface address is 2600:4::/127. I Have this sneaking suspicion that we may be one of their first.
|
|
#
?
Mar 25, 2011 01:57
|
|
|
falz posted:Sprint is finally deploying native IPv6 on AS1239 (vs tunnels on AS6175). Our assigned interface address is 2600:4::/127. I Have this sneaking suspicion that we may be one of their first. Generally a large SP will do aggregated assignments, you're probably the first on that particular router in that particular POP though (or you're "lucky" enough to be on the first interface of the first cust agg router in that POP if they're pre-assigning addresses based on interface).
|
|
#
?
Mar 25, 2011 02:40
|
|
|
Badgerpoo posted:lol who does this, "wr" is all you need outside of certs! Always write mem once you are certain of your running config. Anyone with a Nexus environment since you have to make an alias for "wr mem" to work. Luckily you can just toss a "cop r s" in there. Although, don't ask your coworkers if they "coppers that damned switch" if they are going to reboot it. You will get funny looks.
|
|
#
?
Mar 25, 2011 02:55
|
|
|
Bardlebee posted:Just got back from my interview, not that you guys need an update but I am pretty excited. So at the end of this 6 month contract to hire period they will pick 3 of 6 people to stay on full time. They seemed to make an inclination that just by talking to me I would be the most likely candidate. And if they don't pick you up after the 6 months, then you're out of work? Not to be overly cynical but it's really easy to make someone feel like they're "definitely going to get hired on full time". Until you have it in writing don't count on it. workape posted:Luckily you can just toss a "cop r s" in there. 
|
|
#
?
Mar 25, 2011 03:33
|
|
|
workape posted:Anyone with a Nexus environment since you have to make an alias for "wr mem" to work. Luckily you can just toss a "cop r s" in there. Although, don't ask your coworkers if they "coppers that damned switch" if they are going to reboot it. You will get funny looks. In IOS XR, your commands don't even do anything until you write them! It was annoying when I was first getting used to it but config versioning can be really useful for debug/testing.
|
|
#
?
Mar 25, 2011 03:36
|
|
|
Eletriarnation posted:In IOS XR, your commands don't even do anything until you write them! It was annoying when I was first getting used to it but config versioning can be really useful for debug/testing. Does 'commit' actually write the config to nvram? If so that's pretty neat (we're currently looking at some ASRs running XR for our new build, still debating 7600 vs. ASR).
|
|
#
?
Mar 25, 2011 03:40
|
|
|
ragzilla posted:Does 'commit' actually write the config to nvram? If so that's pretty neat (we're currently looking at some ASRs running XR for our new build, still debating 7600 vs. ASR). My vote is ASR, given their flexibility in turning them into monsters akin or equal to the ASA 5585x's with IPS capabilities, let alone the whole... 'routing' thing.
|
|
#
?
Mar 25, 2011 03:50
|
|
|
Powercrazy posted:Do you do 'copy run start' before you reload? It will still be wiped once it reloads. I'll get config register tomorrow. I'm doing late night updates out in the field right now.
|
|
#
?
Mar 25, 2011 03:51
|
|
|
Ok, so I have a stupid question. I'm pretty sure I'm just missing something dumb, but hell if I can spot it. I'm playing with GRE tunnels at the moment, and I just took this whole thing down to something simple. I'm using two 3725s with a serial connection between them. I can get regular GRE tunnels to come up, and to make sure it's working I put an access list on one of the WAN interfaces that blocks ICMP, nothing else. I have EIGRP working over the tunnel, yay. Everything is good. Then I change the tunnel source to a loopback on each tunnel and it stops working. The tunnel stays up/up, but suddenly traffic stops going over the tunnel. The hell?
|
|
#
?
Mar 25, 2011 05:33
|
|
|
ragzilla posted:Does 'commit' actually write the config to nvram? If so that's pretty neat (we're currently looking at some ASRs running XR for our new build, still debating 7600 vs. ASR). I'm pretty sure it does, yes. Running-config and startup-config are the same in XR. XR supports some other neat things that I find myself wishing regular IOS did - like CIDR notation and being able to patch a codebase on the fly without having to replace the entire image and often with no interruption in service at all. Of course, you need that when your image is 400MB and the time from initiating a reboot to resuming full functionality can exceed fifteen minutes. ASRs are especially fun to reinstall code on - we had an RSP that wouldn't properly work as a hot standby, instead going into some kind of indeterminate state, and I decided to try completely wiping the installed code base and reinstalling from an image. Come to find out, the 9k doesn't actually support booting from flash... and the only way we could find out to do that was to move the entire base XR package over TFTP. Of course, it seems to me that in a production environment you wouldn't ever actually need to install XR on a device from scratch, and with a fast connection doing it over TFTP didn't take THAT long (certainly not like Xmodeming a switch over 9600bps) but I remember being baffled why a device that cost tens of thousands of dollars can't boot off CF when an 1800 can. EDIT: Like the previous poster, my vote (not very useful since I have no idea what your situation is) would be for the 9k, since I like working with IOX and presumably at some point not too long in the future they'll have a speed upgrade option like CRS-1 -> CRS-3. Eletriarnation fucked around with this message at 07:05 on Mar 25, 2011 |
|
#
?
Mar 25, 2011 07:01
|
|
|
Ninja Rope posted:And if they don't pick you up after the 6 months, then you're out of work? Not to be overly cynical but it's really easy to make someone feel like they're "definitely going to get hired on full time". Until you have it in writing don't count on it. Yeah, but I feel like this is a big opportunity and a 3 out of 6 chance ain't bad. My backup plan would be to save up money and if I do get unemployed then I can find a job pretty quickly. To me, the benefits out way the risks, but I may be looking at it from an inexperienced view. I mean, it only took me a week or so to get 4 interviews. Push comes to shove I can do something that isn't network engineering too. Bardlebee fucked around with this message at 13:00 on Mar 25, 2011 |
|
#
?
Mar 25, 2011 12:47
|
|
|
XakEp posted:Ok, so I have a stupid question. I'm pretty sure I'm just missing something dumb, but hell if I can spot it. I'm playing with GRE tunnels at the moment, and I just took this whole thing down to something simple. I'm using two 3725s with a serial connection between them. I can get regular GRE tunnels to come up, and to make sure it's working I put an access list on one of the WAN interfaces that blocks ICMP, nothing else. I have EIGRP working over the tunnel, yay. Everything is good. How do the loopbacks reach each other when the tunnel is sourced off the physical interface vs source off the loopbacks? I'm guessing they either don't have a route to each other; or they are reaching each other via the tunnel, thus causing a recursive routing problem.
|
|
#
?
Mar 25, 2011 13:27
|
|
|
Zuhzuhzombie!! posted:It will still be wiped once it reloads. Then my vote is your config register is 0x2402
|
|
#
?
Mar 25, 2011 19:06
|
|
|
inignot posted:How do the loopbacks reach each other when the tunnel is sourced off the physical interface vs source off the loopbacks? I'm guessing they either don't have a route to each other; or they are reaching each other via the tunnel, thus causing a recursive routing problem. I had a brainfart and forgot how traffic passes over a GRE tunnel vs between the interfaces. Pinging tunnel destinations has to pass over the WAN link, not the tunnel itself, whereas traffic to other destinations over the GRE tunnel will pass just fine. It's sorted out and working now. Duh. Thanks!
|
|
#
?
Mar 25, 2011 23:18
|
|
|
Powercrazy posted:Then my vote is your config register is 0x2142 Fixed that for you. 0x2402 would enable break, and all zeroes broadcast. http://www-tss.cisco.com/eservice/compass/common/activities/Tool-confreg.htm#confbitmeans
|
|
#
?
Mar 26, 2011 13:41
|
|
|
Powercrazy posted:Then my vote is your config register is 0x2402 Configuration register is 0x2142
|
|
#
?
Mar 28, 2011 15:35
|
|
|
Well that's your problem.
|
|
#
?
Mar 28, 2011 16:01
|
|
|
Someone probably had to break in / do a password recovery and then forgot to set the config register back to normal.
|
|
#
?
Mar 28, 2011 16:04
|
|
|
Has anyone implemented WCCP on a Nexus 7k running 5.1(2)? I believe that our bluecoats are set up correctly for L2/Mask for WCCP, but it doesn't seem like the service groups are being handled correctly. Haven't really done debugging so far yet, just looking to see if anyone else has done this and if you have any pointers.
|
|
#
?
Mar 29, 2011 01:08
|
|
|
ragzilla posted:(not service affecting but) what's your ARP table look like on the CE? iirc routing a static out a broadcast media interface will result in a lot of ARP lookups which may be a 'bad thing'. This can be service affecting because the router will start populating the arp table with entries for any host that can be reached from this interface, local or not. Eventually you run out of memory and the router crashes. Cisco has a doc on it: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800ef7b2.shtml I seem to remember reading somewhere that CEF was somehow going to assist with lowering resource usage but I can't find the doc now.
|
|
#
?
Mar 29, 2011 10:24
|
|
|
Does anyone know of an application that will send e-mail alerts if netflow sees a spike in packets? We're using Netflow on our core and Netflow EE for pretty graphs; we had a client get DDoS'd but since we only monitor core traffic the packet increase was barely visible. Netflow EE and Netflow both can see the packet increase per vlan in their own ways but neither have e-mail notification for it.
|
|
#
?
Mar 29, 2011 16:55
|
|
|
CrackTsunami posted:This can be service affecting because the router will start populating the arp table with entries for any host that can be reached from this interface, local or not. Eventually you run out of memory and the router crashes. Possibly, usually it leads to increased CPU load since ARP is all slow path. We talked about this a while ago with Bardlebee and a few others. Don't do it!
|
|
#
?
Mar 29, 2011 16:58
|
|
|
Okay, I got another one. Is is possible to configure "anonymous call block" as a toggle feature in the CUCM? I can see that you can turn it on, on a SIP trunk, but I don't see where you could create that as a vertical service code or anything.
|
|
#
?
Mar 29, 2011 17:18
|
|
|
Not entirely, 100% Cisco, but I'm having a bit of trouble wrapping my mind around this today. I was presented with the following question: If you telnet into a Cisco switch, and you have a device on a switchport that has a static IP of 192.168.4.2, what is the easiest way to communicate with that device via telnet? Set up a temporary vlan for 192.168.4.* and put that switchport into the vlan? Here's the gist of what's going on. One PoE device is being installed per switch, on approximately 285 switches in approximately 27 locations. The PoE device is set to 192.168.4.2 from the factory. It needs to be set to DHCP and thrown in the appropriate VLAN, and that can be done via Telnet. The 192.168.4 subnet/scope doesn't exist on these switches, so you can't just telnet via the switch itself. I'm trying to find a way for my guys to avoid going to 27 different campuses, walking to each IDF, plugging their laptop in, just to make a minor configuration change on that device. Any recommendations?
|
|
#
?
Mar 29, 2011 21:02
|
|
|
|
| # ? May 30, 2024 11:31 |
|
|
PainBreak posted:Not entirely, 100% Cisco, but I'm having a bit of trouble wrapping my mind around this today. I was presented with the following question: You could put a secondary address on an SVI and then source the telnet from that ip on the switch. Or you could just configure the POE devices before shipping them out for install.
|
|
#
?
Mar 29, 2011 21:28
|
|