The Cisco Short Questions Thread v12.4.9(WTF)

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›431 »

Sepist: Dec 26, 2005; FUCK BITCHES, ROUTE PACKETS; Gravy Boat 2k

For our Firewall on a stick setup we carve out the vlan on R3/R4 and the firewall then just default gateway to the inside IP on the firewall, same setup abigserve explained.

We have the FoaS connected into the access layer with L3 MSFC's instead of distro to avoid dumping gig's of inside traffic to the core so I guess it makes sense for us to use it.

# ? Aug 11, 2011 15:05

Adbot: ADBOT LOVES YOU

# ? May 30, 2024 20:39

ate shit on live tv: Feb 15, 2004; by Azathoth

Yea putting the network that needs to be firewalled behind the firewall makes the most sense as well as using specific statics for the interesting traffic and letting your IGP take care of the rest.

Firewall on a stick isn't all that desirable if you are in any kind of bandwidth or latency sensitive situation.

So basically something like this:

code:

                
         outside   ||  /      \  ||   outside    
|=======|       |======|      |======|       |=======|
|  FW1  |-------|  R3  |------|  R4  |-------|  FW2  |
|=======|       |======|      |======|       |=======|           
  |                |             |                  |
  |                |             |                  |
  |                |             |                  |
 DMZ/firewalled  INSIDE NON-FIREWALLED            DMZ/firewalled

Obviously FW1 and FW2 would be part of a cluster, and would be Layer 2 Adjacent. And the inside non-firewalled networks could be anything, other routers/networks/etc.

# ? Aug 11, 2011 18:38

jwh: Jun 12, 2002

FatCow posted:

Does anyone have any recommendations of how to implement a firewall on a stick architecture?

What kind of firewalls are these?

# ? Aug 11, 2011 20:22

FatCow: Apr 22, 2002; I MAP THE FUCK OUT OF PEOPLE

jwh posted:

What kind of firewalls are these?

Haven't selected a vendor yet, it's mostly likely going to be ASAs or SRXs though.

The reason we're going with an "on a stick" architecture is because only ~5-7% of our traffic by volume actually needs to go through a firewall.

Having the protected hosts directly hang off the firewall would mean I need another switch, I'd prefer to just use R3/R4 as a L2 device for those vlans. I'm not sure why I dismissed putting the default routes on the firewall now that I spend some more time thinking about it.

# ? Aug 11, 2011 21:29

abigserve: Sep 13, 2009; this is a better avatar than what I had before

FatCow posted:

Haven't selected a vendor yet, it's mostly likely going to be ASAs or SRXs though.

The reason we're going with an "on a stick" architecture is because only ~5-7% of our traffic by volume actually needs to go through a firewall.

Having the protected hosts directly hang off the firewall would mean I need another switch, I'd prefer to just use R3/R4 as a L2 device for those vlans. I'm not sure why I dismissed putting the default routes on the firewall now that I spend some more time thinking about it.

You don't need a new switch, all you do is trunk your firewalled vlans down to the firewalls from R3/R4.

Any vlans you didn't want firewalled you just route directly off R3/R4.

# ? Aug 12, 2011 00:39

jwh: Jun 12, 2002

Palo Altos are a good choice. They can terminate layer 2 / layer 3 on-box, at wire or more or less.

That would give you some significant flexibility in handling your layer-3 boundaries.

Just a FYI.

# ? Aug 12, 2011 06:25

workape: Jul 23, 2002

jwh posted:

Palo Altos are a good choice. They can terminate layer 2 / layer 3 on-box, at wire or more or less.

That would give you some significant flexibility in handling your layer-3 boundaries.

Just a FYI.

Just watch your HA configs and state sync on this, we got bit in the rear end because of the dual forwarding nature of the nexus environment created all sorts of async routing that our security guys didn't plan for accordingly and we were dropping traffic for out of state and all sorts of things. You'll want to have HA1-3 up and operational on there.

# ? Aug 12, 2011 13:47

FatCow: Apr 22, 2002; I MAP THE FUCK OUT OF PEOPLE

I finally remembered why I didn't want the defaults on the FW, I simplified the drawing too much to show the reason, then forgot it. I'd really rather not extend L2 from R5/6 to R3/4. Anyone see something obvious that I'm missing here that would let me keep the defaults on FW2 (And R5/R6) and still be easy for NOC guys to manage?

code:

                   ||   /    \   || 
         outside   ||  /      \  ||   outside    
|=======|-------|======|      |======|-------|=======|
|  FW1  |       |  R3  |      |  R4  |       |  FW2  |
|=======|-------|======|------|======|-------|=======|           
         inside    ||   inside   ||   inside  
                   ||            ||
Suite/Bldg A       ||            ||
-  -  -  -  -  -  -||  -  -  -  -||  -  -  -  -  -  -  -  -
Suite/Bldg B    |======|      |======|
                |  R5  |------|  R6  |
                |======|      |======|
                   ||            ||
                 More Protected Hosts

# ? Aug 12, 2011 21:08

Panthrax: Jul 12, 2001; I'm gonna hit you until candy comes out.

This question concerns interface errors. We've been having some issues with a couple interfaces getting input errors, usually only a couple a minute, and I haven't been able to track it down. No CRC or other errors, just input. Both interfaces are gig fiber SFPs, one going out to ISP for one of our IP uplinks, the other goes to an internal piece of equipment. I've talked to the ISP and they're not seeing any output errors, speed and duplex are correct. Settings from the Cisco to the internal equipment is fine as well. This is only happening on one Cisco in one city. Redundant links to the other Cisco aren't getting errors, and no other issues in other cities.

The Cisco is a 6506 with SFPs in slot 1. I've tried looking through Cisco troubleshooting docs, but I haven't really gotten anywhere. If it were dirty fiber or a bad port, we'd be getting CRC and other errors, wouldn't we? We haven't tried moving ports, because both are pretty heavily used and would cause some pretty heavy downtime even early AM if we messed with them. We also get very little input traffic on the ISP interface. The internal equipment interface is higher usage in/out.

Any ideas on what else to look for?

# ? Aug 15, 2011 15:53

jbusbysack: Sep 6, 2002; i heart syd

Panthrax posted:

This question concerns interface errors. We've been having some issues with a couple interfaces getting input errors, usually only a couple a minute, and I haven't been able to track it down. No CRC or other errors, just input. Both interfaces are gig fiber SFPs, one going out to ISP for one of our IP uplinks, the other goes to an internal piece of equipment. I've talked to the ISP and they're not seeing any output errors, speed and duplex are correct. Settings from the Cisco to the internal equipment is fine as well. This is only happening on one Cisco in one city. Redundant links to the other Cisco aren't getting errors, and no other issues in other cities.

The Cisco is a 6506 with SFPs in slot 1. I've tried looking through Cisco troubleshooting docs, but I haven't really gotten anywhere. If it were dirty fiber or a bad port, we'd be getting CRC and other errors, wouldn't we? We haven't tried moving ports, because both are pretty heavily used and would cause some pretty heavy downtime even early AM if we messed with them. We also get very little input traffic on the ISP interface. The internal equipment interface is higher usage in/out.

Any ideas on what else to look for?

What kind of errors are they? Please mark the box below that corresponds:

Input queue: 1/75/356/174 (size/max/drops/flushes); Total output drops: 0
0 runts, 0 giants, 1 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected

It's possible that it's a buffer miss or some kind of malformed packet. Have you taken captures of that port to check for runts/giants etc?

# ? Aug 15, 2011 16:51

Panthrax: Jul 12, 2001; I'm gonna hit you until candy comes out.

Input errors.

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 6000 bits/sec, 18 packets/sec
5 minute output rate 521977000 bits/sec, 340673 packets/sec
L2 Switched: ucast: 2273 pkt, 221465 bytes - mcast: 0 pkt, 0 bytes
L3 in Switched: ucast: 592337 pkt, 46276236 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 1452292053 pkt, 280123836332 bytes mcast: 0 pkt, 0 bytes
596050 packets input, 46578990 bytes, 0 no buffer
Received 2584 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
152 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
1451819138 packets output, 280024647378 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

# ? Aug 15, 2011 16:54

ragzilla: Sep 9, 2005; don't ask me, i only work here

Panthrax posted:

Input errors.

152 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

show int <interface> counters errors

# ? Aug 15, 2011 18:40

ate shit on live tv: Feb 15, 2004; by Azathoth

Is there a tool I can use to visually map out how a particular address space is being used?

For example we have a /16 allocated for static natting. Unfortunately we are getting a variety of networks that we need to nat.

Everything from /23s up to /32s. I tried to plan out the utilizations logically, but it's grown so much that I've got overlapping IP space in my nat statements. Luckily for now, not all the space in each nat is being used, but in the future things may change, or I may add more nats etc.

So what I'd like is to give a program an arbitrary number of networks smaller than a /16. Say something like 10.80.4.0/23 10.80.6.161/32 10.80.1.0/25 etc. Then the program would map out overlapping space, free space, and used space so I could evaluate where my free blocks are, and where my overlapping blocks are.

I've tried to do it with Excel, but it's pretty awkward especially since most of my networks are small /26's and /27's, but I also have a few /23's /24's and /25's.

Any tips?

# ? Aug 15, 2011 19:24

jwh: Jun 12, 2002

Just gen a spreadsheet of /24s and then break them down to /32 in excel, and colorize?

# ? Aug 15, 2011 19:29

ate shit on live tv: Feb 15, 2004; by Azathoth

There are 256 /32's in a /24 though. So that would be 256 cells per /24, and I'm mapping out a /16 (though most of it is empty for now, except for a few /20's) so that is another 256 columns.

I'm not really interested in looking at 2^16 /32s

# ? Aug 15, 2011 20:08

tortilla_chip: Jun 13, 2007; k-partite

Use a Hilbert Curve?

# ? Aug 15, 2011 21:15

jwh: Jun 12, 2002

Well, you're going to have to start somewhere

# ? Aug 15, 2011 21:15

jbusbysack: Sep 6, 2002; i heart syd

Have you looked into IPPlan? http://iptrack.sourceforge.net/

It works nicely for us in carving out segments from five /16's into more manageable borders.

# ? Aug 15, 2011 21:20

some kinda jackal: Feb 25, 2003; �
�

Is the whole NET-192-168-0-0 style of designation standard? I see it everywhere when I whois but I just realized I have no idea whether it's an actual "thing" or just something that people started using that has no set guidelines, etc. What a ridiculously dumb question, right? I'm not even sure I'm asking it right :downs:

# ? Aug 15, 2011 22:10

ragzilla: Sep 9, 2005; don't ask me, i only work here

Martytoof posted:

Is the whole NET-192-168-0-0 style of designation standard? I see it everywhere when I whois but I just realized I have no idea whether it's an actual "thing" or just something that people started using that has no set guidelines, etc. What a ridiculously dumb question, right? I'm not even sure I'm asking it right

I don't think it's formalized in any RFC I've read.

# ? Aug 15, 2011 22:21

some kinda jackal: Feb 25, 2003; �
�

Have you guys gleamed any sort of usage guidelines in your years of experience? Like right now I'm seeing NET-130-113-0-0-1 for my campus network, and that -1 is giving me the evil eye.

Aside from the obvious stuff that I can guess, where you just staple NET- onto your network address.

# ? Aug 15, 2011 22:24

Panthrax: Jul 12, 2001; I'm gonna hit you until candy comes out.

ragzilla posted:

show int <interface> counters errors

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards
Gi1/16 0 0 0 889 0 0

Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts Giants
Gi1/16 0 0 0 0 0 0 0

Port SQETest-Err Deferred-Tx IntMacTx-Err IntMacRx-Err Symbol-Err
Gi1/16 0 0 0 0 0

I found this in reference to it, but I'm not really sure it pertains, since there's so little inbound traffic, the buffers shouldn't be filling up, obviously.

# ? Aug 15, 2011 23:08

falz: Jan 29, 2005; 01100110 01100001 01101100 01111010

Martytoof posted:

NET-130-113-0-0-1

That's usually how information is input and presented from rwhoisd. The -1 is probably just indicating the first block since the next block could share the same network address if it's smaller.

# ? Aug 15, 2011 23:52

ragzilla: Sep 9, 2005; don't ask me, i only work here

Panthrax posted:

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards
Gi1/16 0 0 0 889 0 0

Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts Giants
Gi1/16 0 0 0 0 0 0 0

Port SQETest-Err Deferred-Tx IntMacTx-Err IntMacRx-Err Symbol-Err
Gi1/16 0 0 0 0 0

I found this in reference to it, but I'm not really sure it pertains, since there's so little inbound traffic, the buffers shouldn't be filling up, obviously.

Flow control enabled and working? Depending on the card you're probably using shared buffers, so it could be another port on the ASIC group chewing up buffers (especially if you're going 1GbE->100MbE).

'show int <interface> capabilities' to see the ASIC group, iirc.

# ? Aug 16, 2011 01:38

Panthrax: Jul 12, 2001; I'm gonna hit you until candy comes out.

ragzilla posted:

Flow control enabled and working? Depending on the card you're probably using shared buffers, so it could be another port on the ASIC group chewing up buffers (especially if you're going 1GbE->100MbE).

'show int <interface> capabilities' to see the ASIC group, iirc.

Here's the capabilities output:

GigabitEthernet1/16
Dot1x: yes
Model: WS-X6724-SFP
Type: 1000BaseSX
Speed: 1000
Duplex: full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
Membership: static
Fast Start: yes
QOS scheduling: rx-(1q8t), tx-(1p3q8t)
CoS rewrite: yes
ToS rewrite: yes
Inline power: no
SPAN: source/destination
UDLD yes
Link Debounce: yes
Link Debounce Time: yes
Ports on ASIC: 13-24
Port-Security: yes

# ? Aug 16, 2011 16:00

Zuhzuhzombie!!: Apr 17, 2008; FACTS ARE A CONSPIRACY BY THE CAPITALIST OPRESSOR

Here's something interesting. Finally got the replacement 48 port 3750s in production. Everything is running better than previously. Good.

However, whenever logging in via radius or local credentials, the CPU spikes to 80 - 100%. The other switches on the domain only jump to 20% or so when logging in.

The switch hit 100mbps+ earlier and the CPU was more than stable.

Thoughts?

# ? Aug 16, 2011 17:28

jbusbysack: Sep 6, 2002; i heart syd

Zuhzuhzombie!! posted:

Here's something interesting. Finally got the replacement 48 port 3750s in production. Everything is running better than previously. Good.

However, whenever logging in via radius or local credentials, the CPU spikes to 80 - 100%. The other switches on the domain only jump to 20% or so when logging in.

The switch hit 100mbps+ earlier and the CPU was more than stable.

Thoughts?

Do this:

TRB-TT8N-A-SW4506#sh proc cpu sort
CPU utilization for five seconds: 17%/0%; one minute: 16%; five minutes: 16%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
27 33617339444059290755 0 10.07% 10.01% 10.12% 0 Cat4k Mgmt HiPri
28 2187111912 11223403 194876 2.55% 3.72% 4.10% 0 Cat4k Mgmt LoPri
41 1469365084 886583619 1657 1.67% 1.39% 1.37% 0 Spanning Tree
5 150560424 23127386 6510 1.19% 0.15% 0.07% 0 Check heaps
96 112 85 1317 0.63% 0.12% 0.02% 3 Virtual Exec

See which process is the hog.

# ? Aug 16, 2011 18:13

Zuhzuhzombie!!: Apr 17, 2008; FACTS ARE A CONSPIRACY BY THE CAPITALIST OPRESSOR

Not exactly sure how to read the output, but I got:

code:

show proc cpu his
                                                                  
                                                                  
                                                                  
         111119999933333                                          
      888222222222288888666666666688888555556666677777888886666688
  100                                                           
   90         *****                                             
   80         *****                                             
   70         *****                                             
   60         *****                                             
   50         *****                                             
   40         **********                                        
   30         **********                                        
   20         **********                                        
   10 **********************************************************
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)

                                                                  
                                                                  
                                                                  
      311111111111111111111111111111111111111111111111111111111111
      811112222332212222111111122212222222211112222111112122212255
  100                                                           
   90                                                           
   80                                                           
   70                                                           
   60                                                           
   50                                                           
   40 *                                                         
   30 *                                                         
   20 *                                                         
   10 ##########################################################
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per minute (last 60 minutes)
              * = maximum CPU%   # = average CPU%

                                                                              
                                                                              
                       1                                                      
      9199914111116918909                                                     
      6717972756543138909                                                     
  100 *  **           ***                                                   
   90 * ***        * ****                                                   
   80 * ***        * ****                                                   
   70 * ***        * ****                                                   
   60 * ***       ** ****                                                   
   50 * ***       ** ****                                                   
   40 * *** *     ** ****                                                   
   30 * *** *     ** ****                                                   
   20 *********** ** **#*                                                   
   10 ###################                                                   
     0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
               0    5    0    5    0    5    0    5    0    5    0    5    0  
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%


Ren-SW1-A#sh proc cpu sort
CPU utilization for five seconds: 8%/0%; one minute: 15%; five minutes: 9%
 PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process 
 102      148785        6918      21506  0.95%  0.23%  0.18%   0 HULC Tcam Memory 
  12      475620      874738        543  0.79%  0.88%  0.84%   0 ARP Input        
 134        5594         490      11416  0.63%  6.91%  1.66%   1 SSH Process      
 171       65213       13856       4706  0.15%  0.11%  0.10%   0 HQM Stack Proces 
 289        5792      142115         40  0.15%  0.01%  0.00%   0 DHCPD Receive    
 238       48020      269350        178  0.15%  0.08%  0.05%   0 Spanning Tree    
 172       41404       27745       1492  0.15%  0.07%  0.05%   0 HRPC qos request 
 161       69357     2052681         33  0.15%  0.49%  0.12%   0 Hulc LED Process 
 274        2016      153038         13  0.15%  0.02%  0.00%   0 Marvell wk-a Pow

# ? Aug 16, 2011 20:24

Zuhzuhzombie!!: Apr 17, 2008; FACTS ARE A CONSPIRACY BY THE CAPITALIST OPRESSOR

What's weird is that if I immediately login and do a show proc cpu his I'm showing 100% and logging in is slightly laggy.

If I do show proc cpu sort SSH has hit up to 7.5% but according to that, there isn't enough processes running to cause a jump to 100%.

EDIT

Finally got usable output.

code:

PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
 323        4717         237      19902 78.68%  7.07%  1.47%   3 SSH Process
 161       73279     2101515         34  6.06%  0.69%  0.39%   0 Hulc LED Process
 134        6126         789       7764  1.68%  0.21%  0.58%   1 SSH Process
 102      152421        7083      21519  1.17%  0.26%  0.19%   0 HULC Tcam Memory
  82       20597     3775866          5  1.01%  0.11%  0.05%   0 Fifo Error Detec

I was SSH'd into the switch and had a coworker login. Basically reentered the command over and over. This happens right when the connection attempts to open.

Did the same on another switch and it only jumped to 20%.

Zuhzuhzombie!! fucked around with this message at 20:56 on Aug 16, 2011

# ? Aug 16, 2011 20:41

jbusbysack: Sep 6, 2002; i heart syd

Zuhzuhzombie!! posted:

What's weird is that if I immediately login and do a show proc cpu his I'm showing 100% and logging in is slightly laggy.

If I do show proc cpu sort SSH has hit up to 7.5% but according to that, there isn't enough processes running to cause a jump to 100%.

EDIT

Finally got usable output.
code:
PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
 323        4717         237      19902 78.68%  7.07%  1.47%   3 SSH Process
 161       73279     2101515         34  6.06%  0.69%  0.39%   0 Hulc LED Process
 134        6126         789       7764  1.68%  0.21%  0.58%   1 SSH Process
 102      152421        7083      21519  1.17%  0.26%  0.19%   0 HULC Tcam Memory
  82       20597     3775866          5  1.01%  0.11%  0.05%   0 Fifo Error Detec
I was SSH'd into the switch and had a coworker login. Basically reentered the command over and over. This happens right when the connection attempts to open.

Did the same on another switch and it only jumped to 20%.

Well it's clearly the SSH process that is screwing up, so follow-ups:

1) Are they on the same code rev?
2) Generate another SSH cert 'crypto key generate rsa mod 1024'
3) Try and see if it matters when using say putty vs securecrt. They handle SSH in different fashions (1.99 vs SSH2). This is usually limited to super old switches with old implementations of SSH daemons though.

# ? Aug 16, 2011 20:59

Zuhzuhzombie!!: Apr 17, 2008; FACTS ARE A CONSPIRACY BY THE CAPITALIST OPRESSOR

So far same with Putty. Will regen keys now.

EDIT

Regen'd keys at 1024 and tried with putty as well. Still jumped into the 70%.

Now, the only other difference between these two 3750s and the ones we're testing against is that the ones we're seeing spikes on are running ipservicesk9-mz.122-58.SE1.bin where as the other switches are running ipbasek9-mz.122-58.SE1.bin.

However, we have two switches also trunked to the master switch (the one causing problems) that is running ipservices and experiences no issues.

Zuhzuhzombie!! fucked around with this message at 21:15 on Aug 16, 2011

# ? Aug 16, 2011 21:05

jbusbysack: Sep 6, 2002; i heart syd

Zuhzuhzombie!! posted:

So far same with Putty. Will regen keys now.

EDIT

Regen'd keys at 1024 and tried with putty as well. Still jumped into the 70%.

Now, the only other difference between these two 3750s and the ones we're testing against is that the ones we're seeing spikes on are running ipservicesk9-mz.122-58.SE1.bin where as the other switches are running ipbasek9-mz.122-58.SE1.bin.

However, we have two switches also trunked to the master switch (the one causing problems) that is running ipservices and experiences no issues.

Scanned the Cisco bug list for known bugs and didn't find any related to SSH for that code rev. File a TAC case or go to a different code version and roll the dice.

# ? Aug 16, 2011 21:17

Zuhzuhzombie!!: Apr 17, 2008; FACTS ARE A CONSPIRACY BY THE CAPITALIST OPRESSOR

Yeah. Just submitted to TAC. New 3750's aren't registered under our warranty or whatever it's called so I had to "escalate" it. Hope that doesn't get to them cause me grief.

# ? Aug 16, 2011 21:23

Zuhzuhzombie!!: Apr 17, 2008; FACTS ARE A CONSPIRACY BY THE CAPITALIST OPRESSOR

Debugging ip ssh shows this switch receiving multiple times as many packets as other switches when creating an ssh connection.

# ? Aug 16, 2011 22:32

Eletriarnation: Apr 6, 2005; People don't appreciate the substance of things...
objects in space.; Oven Wrangler

Zuhzuhzombie!! posted:

Yeah. Just submitted to TAC. New 3750's aren't registered under our warranty or whatever it's called so I had to "escalate" it. Hope that doesn't get to them cause me grief.

It just means that the Entitlement team needs to get involved for a bit to verify that you're clear - and then the case bounces back to the LAN Switching team, which handles it normally. No need for worry.

# ? Aug 17, 2011 00:06

H.R. Paperstacks: May 1, 2006; This is America
My president is black
and my Lambo is blue

I tried renewing support for all our Cisco equipment this month and Cisco comes back and says that about 15 of our devices "are not in the system at all". As in they have ZERO clue what the serial number corresponds to for a product.

How does that happen? How do you ship/sell an item with a serial that isn't even in your system to assign to a contract number.

# ? Aug 17, 2011 00:20

falz: Jan 29, 2005; 01100110 01100001 01101100 01111010

Chinese knockoffs?

# ? Aug 17, 2011 00:40

H.R. Paperstacks: May 1, 2006; This is America
My president is black
and my Lambo is blue

falz posted:

Chinese knockoffs?

I highly doubt it. The majority of the devices were the Embedded Cisco (CBS-3032) with the Dell M1000E chassis. The other big surprise was the serial number for a 4510R-E.

Being government, we have to buy from approved resellers, etc etc but it's not *impossible*.

# ? Aug 17, 2011 00:42

ate shit on live tv: Feb 15, 2004; by Azathoth

routenull0 posted:

I highly doubt it. The majority of the devices were the Embedded Cisco (CBS-3032) with the Dell M1000E chassis. The other big surprise was the serial number for a 4510R-E.

Being government, we have to buy from approved resellers, etc etc but it's not *impossible*.

Whoa, 3032's? Get rid of that poo poo post haste. We finally swapped all of our old 3032's out with 4948E's and now rather than having literally millions of discards a day, we have 10's now.

It kind of sucks for cable management (48 copper instead of 4 fibers), but meh, you typically only cable it up once.

# ? Aug 17, 2011 01:43

Adbot: ADBOT LOVES YOU

# ? May 30, 2024 20:39

H.R. Paperstacks: May 1, 2006; This is America
My president is black
and my Lambo is blue

Powercrazy posted:

Whoa, 3032's? Get rid of that poo poo post haste. We finally swapped all of our old 3032's out with 4948E's and now rather than having literally millions of discards a day, we have 10's now.

It kind of sucks for cable management (48 copper instead of 4 fibers), but meh, you typically only cable it up once.

3032s are the embedded switches for the chassis, only current upgrade option is 3130X. They aren't standalones like a 4948.

# ? Aug 17, 2011 01:59

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›431 »