|
Martytoof posted:Given the following scenario:
|
#
?
Feb 1, 2012 20:04
|
|
|
|
| # ? May 14, 2024 09:28 |
|
|
Langolas posted:So I'm working on a lab I've come up with to learn the basics of Layer 3 VLAN Routing and a few other things using a couple of 37050s. I am kind of stuck as to why one portion isn't happening, and its probably an easy question.
|
|
#
?
Feb 1, 2012 20:07
|
|
|
Powercrazy posted:Also I don't think you are actually creating a DHCP pool on the switch because I don't think a 3750 can act as a DHCP server. Post the conifgs anyway though. I've never tried it, but I was assuming that if it came up in the service list it would be an option... ORG-SW00#sho ver Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE, RELEASE SOFTWARE (fc2) ORG-SW00(config)#service ? compress-config Compress the configuration file config TFTP load config files counters Control aging of interface counters dhcp Enable DHCP server and relay agent disable-ip-fast-frag Disable IP particle-based fast fragmentation exec-callback Enable exec callback
|
|
#
?
Feb 1, 2012 20:24
|
|
|
quote:I don't think a 3750 can act as a DHCP server They can. Vlan 1 on Switch 2 is on a different network. Do you have a DHCP pool setup for that network on Switch 1? EDIT Anyway. Speaking of labs. I have to create one for my group. We like to be "proactive" and distinguish our group from all of the others in the company. One thing we do is have different departments give a little lecture and example on some of the things we do throughout the day, hardware, etc. Well, I'm doing basic switching. Gonna setup four 3500s with an SVI, each with it's own IP range. Gonna try to do some basic routing between them. I'll explain spanning tree, try to create a loop, etc. Break it and ask them what happened. Same with VTP, VTP status, server, etc and over writing VTP domains, etc. Anything level 1 that I should add that you'd suggest? Zuhzuhzombie!! fucked around with this message at 20:41 on Feb 1, 2012 |
|
#
?
Feb 1, 2012 20:33
|
|
|
Powercrazy posted:Turn off spanning tree on the switch connecting to the existing network, use port fast. That should take care of it. I suspect on the network port you are plugging into they have BPDU Guard enabled to auto-recover after 5 minutes. Which is pretty typical to prevent people from plugging switches into their network, like what you are doing. Just be careful not to carelessly create a loop somewhere else.  PBDU guard: I figured I was forgetting something. I'll give this a shot in a second, thanks!I assume that in my case I'd just need "no span vlan 990", since that's the only VLAN that g0/24 participates in, correct? edit: 100% effective, thanks. I knew it was something simple 
some kinda jackal fucked around with this message at 20:51 on Feb 1, 2012 |
|
#
?
Feb 1, 2012 20:40
|
|
|
BelDin posted:Try separating the VLANs and use one for the .1.x/24 network and the other for the .2.x/24 network. Technically as another goon pointed out, the two vlan 1's are separate as I am using the Vlan 997 to route traffic between them. The 3750 does support DHCP functions that the dhcp item I linked used. I need to try to get the 192.168.2.0 dhcp pool to work with having switch 2 sending dhcp requests to switch 1. Edit: I have a 2621 sitting around doing nothing I can make into a full blown DCHP server if needed as the goal is to have a source of DHCP that is connected to switch 1 give out dhcp to Switch 2 and then I turn on DHCP snooping to stop a rogue router from interfering with dhcp functions Langolas fucked around with this message at 20:59 on Feb 1, 2012 |
|
#
?
Feb 1, 2012 20:56
|
|
|
Ok I got it working how I want. Thank you all for your ideas that got my brain kicked into gear like I needed. Here are my configs for the hell of it: Switch 1 version 15.0 hostname switch1 no aaa new-model switch 1 provision ws-c3750v2-48ps system mtu routing 1500 ip routing ip dhcp excluded-address 192.168.1.1 192.168.1.5 ip dhcp excluded-address 192.168.2.1 ip dhcp pool VLAN1 network 192.168.1.0 255.255.255.0 ip dhcp pool VLAN2 network 192.168.2.0 255.255.255.0 default-router 192.168.1.1 interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 interface GigabitEthernet1/0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 channel-group 1 mode on spanning-tree portfast interface GigabitEthernet1/0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 channel-group 1 mode on spanning-tree portfast interface Vlan1 ip address 192.168.1.1 255.255.255.0 interface Vlan997 ip address 192.168.20.1 255.255.255.0 ip route 192.168.2.0 255.255.255.0 192.168.20.2 Switch 2: version 12.2 hostname switch2 ip subnet-zero ip routing interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 switchport mode trunk interface GigabitEthernet1/0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 switchport mode trunk channel-group 1 mode on spanning-tree portfast interface GigabitEthernet1/0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 switchport mode trunk channel-group 1 mode on spanning-tree portfast interface Vlan1 ip address 192.168.2.1 255.255.255.0 ip helper-address 192.168.1.1 interface Vlan997 ip address 192.168.20.2 255.255.255.0 ip classless ip route 0.0.0.0 0.0.0.0 192.168.20.1
|
|
#
?
Feb 1, 2012 21:11
|
|
|
I've inherited several 2811's with various interface cards, mostly T1 and ISDN cards. My boss swears up and down that when he disconnected them from the old site the previous owners had the T1 cards connected to various DSL/Cable modems. I called bullshit but he insists it's the truth. Is it possible to configure those cards to work with a DSL or cable modem? If so will these routers provide redundant/fail over WAN connections?
|
|
#
?
Feb 2, 2012 06:55
|
|
|
Boundless316 posted:I've inherited several 2811's with various interface cards, mostly T1 and ISDN cards. My boss swears up and down that when he disconnected them from the old site the previous owners had the T1 cards connected to various DSL/Cable modems. I called bullshit but he insists it's the truth. I'm fairly certain I've seen that setup before as well. We may even have a customer with that setup via a third party (we merely provide transport/routing). A quick Google gives me the impression that this is a thing.
|
|
#
?
Feb 2, 2012 15:22
|
|
|
I've only seen ATM cards able to handle DSL since it usually requires a VPI/VCI. I guess I can't really see how a serial T1 WIC would work with a DSL or cable modem.
|
|
#
?
Feb 2, 2012 15:38
|
|
|
You can terminate VC's over ATM, but an ATM card alone won't work with DSL because the media isn't the same type. And no, you can't just plug a cable modem into an ISDN card or a T1 CSU/DSU card because ISDN/T1 is not ethernet, and last I knew nobody's ever made a DSL or DOCSIS cable modem that spits out serial.
|
|
#
?
Feb 2, 2012 17:25
|
|
|
GOOCHY posted:I've only seen ATM cards able to handle DSL since it usually requires a VPI/VCI. I guess I can't really see how a serial T1 WIC would work with a DSL or cable modem. Which is what I told him but he swears they had it working and that he personally unplugged several DSL/Cable modems from the T1 cards. And I should point out these weren't from some backwoods tech shop, we inherited these from a recently bankrupt multinational company with a huge IT infrastructure. Though I got bored the other day and did a quick search on ebay for Cisco interface cards. They do sell both DSL and Cable cards (so far I've only found DOCSIS 2 cards). Assuming the ISP will support it it doesn't seem like it would be to difficult to configure the cards and set them up to do load balancing. Thanks guys!
|
|
#
?
Feb 2, 2012 20:28
|
|
|
Boundless316 posted:And I should point out these weren't from some backwoods tech shop, we inherited these from a recently bankrupt multinational company with a huge IT infrastructure.
|
|
#
?
Feb 2, 2012 21:51
|
|
|
Boundless316 posted:Which is what I told him but he swears they had it working and that he personally unplugged several DSL/Cable modems from the T1 cards. And I should point out these weren't from some backwoods tech shop, we inherited these from a recently bankrupt multinational company with a huge IT infrastructure. Why don't you pull the model number and show him the spec sheet? He might be mis-remembering, I do it all the time.
|
|
#
?
Feb 2, 2012 22:43
|
|
|
Boundless316 posted:They do sell both DSL and Cable cards (so far I've only found DOCSIS 2 cards). Just a warning about the DSL cards - the normal WIC-1ADSL cards are ADSL1 only. You don't get ADSL2+ speeds unless you buy the HWIC-1ADSL-M card (which is really expensive.) You're better off (and better supported) by just plugging a telco/cableco-provided modem into an ethernet port on your router. Even a HWIC-4ESW is a better idea than having the DOCSIS card.
|
|
#
?
Feb 2, 2012 23:21
|
|
|
Boundless316 posted:Which is what I told him but he swears they had it working and that he personally unplugged several DSL/Cable modems from the T1 cards. No, what he did was unplug the T1 cards from NIUs that he thought were DSL or cable modems.
|
|
#
?
Feb 3, 2012 01:56
|
|
|
jwh posted:No, what he did was unplug the T1 cards from NIUs that he thought were DSL or cable modems. Or unplug the DSL modem from the ethernet port he thought was a T1 WIC?
|
|
#
?
Feb 3, 2012 02:23
|
|
|
Ninja Rope posted:Or unplug the DSL modem from the ethernet port he thought was a T1 WIC? That's kinda unlikely because ethernet WICs are really expensive and don't support full feature sets (or are simply unsupported in many routers) like the built-in ports do. It typically makes more sense to just buy a router that has enough ports from the start. CrazyLittle fucked around with this message at 05:56 on Feb 3, 2012 |
|
#
?
Feb 3, 2012 05:54
|
|
|
nah, ethernet hwics are fully layer 3 compliant, and afaik not that expensive compared to T1-V2 cards.
|
|
#
?
Feb 3, 2012 09:24
|
|
|
Is there a downside to enabling jumbo frames on a C3560X-24, given that none of the hosts connected to it are set for jumbo frames? We've got some power work that will require a full shutdown of everything coming up, so it'd be a good time to get the switch reboot out of the way. The switch just handles iSCSI/NFS traffic between a NetApp FAS2020, a few ESXi 4.1 hosts and (soon) some Compellent controllers. If there's no downside to enabling it on the switch first, I'll do that and then get the hosts reconfigured for it as well.
|
|
#
?
Feb 3, 2012 16:11
|
|
|
Powercrazy posted:nah, ethernet hwics are fully layer 3 compliant, and afaik not that expensive compared to T1-V2 cards. You can get grey-market WIC-1ADSL for ~$50-70, and T1-V2 wics for ~$40. HWIC-1FE cards are $400+ and that's a pretty high cost just for one ethernet port. I was fudging it with a few routers with HWIC-4ESW but I just realized that SVI interfaces arent' fully layer 3, so traffic shaping doesn't work.
|
|
#
?
Feb 3, 2012 17:34
|
|
|
Yea SVIs aren't the same as routed ports. But that applies in general even across vendors. You're right about the costs though, especially if you are aggregating multiple DSL/Cable modems.
|
|
#
?
Feb 3, 2012 19:18
|
|
|
Mierdaan posted:Is there a downside to enabling jumbo frames on a C3560X-24, given that none of the hosts connected to it are set for jumbo frames? We've got some power work that will require a full shutdown of everything coming up, so it'd be a good time to get the switch reboot out of the way. The switch just handles iSCSI/NFS traffic between a NetApp FAS2020, a few ESXi 4.1 hosts and (soon) some Compellent controllers. As long as anything moving the packets and the servers support it/configured for it you should be fine, oh and you're not doing ospf on the 3560
|
|
#
?
Feb 3, 2012 21:03
|
|
|
Just manually set 'ip mtu' to 1500 on any routed interfaces and you're fine w/ OSPF. May want to consider upping MTU to max as well (2000ish?) as I suspect it requires a reeboot to take.
|
|
#
?
Feb 3, 2012 21:16
|
|
|
Yeah, no routing of any sort, it's just a dumb L2 switch moving iSCSI and NFS traffic between some storage and some hosts. Just wanted to make sure I had the order of operations right. I'm not sure if I should flip jumbo frames on for the iSCSI targets or the ESXi/windows hosts first, but since I'll be coming back up from downtime it won't really matter.
|
|
#
?
Feb 3, 2012 21:28
|
|
|
Building up a lab to demonstrate basic switching for non network types. Got a bunch of old rear end 3500s. Trying to get a trunk up between the two of them. Bare bones on both interface. Set the encap to dot1q, switchport mode trunk, no shut. Vlan 2 with an SVI and appropriate IP address exists on both switches. Interfaces stay down. Tested multiple interfaces, etc. Am I forgetting something really dumb? EDIT Yes, I was. Needed a crossover cable. MDIX not supported on these 3500s. Zuhzuhzombie!! fucked around with this message at 23:46 on Feb 3, 2012 |
|
#
?
Feb 3, 2012 23:19
|
|
|
Zuhzuhzombie!! posted:Building up a lab to demonstrate basic switching for non network types. My question is... who hasn't had this exact problem before? I know I've done that before and after 30 minutes of banging my head i figured it out.
|
|
#
?
Feb 4, 2012 00:54
|
|
|
Langolas posted:My question is... who hasn't had this exact problem before? I know I've done that before and after 30 minutes of banging my head i figured it out. It's usually one of the first things I check. I always use crossover when connecting network devices though to prevent this kind of thing from happening.
|
|
#
?
Feb 4, 2012 01:30
|
|
|
Auto-MDIX is such a great invention but it's so terrible in terms of bad habits.
|
|
#
?
Feb 4, 2012 01:41
|
|
|
I love the little videos that Cisco managers do for the website to show off products, but it's terribly obvious why each and every manager at Cisco didn't go into acting as a career. "  Each cisco UCS 5100 chassis comes with four --" *paws at chassis trying to not break eye contact with camera, trying to point at power supplies* "-- up to four redundant power supplies. "It's the -face that gets me every time 
|
|
#
?
Feb 5, 2012 16:48
|
|
|
Not too mention that those videos aren't useful at all. I much prefer the white papers and maybe some labeled hi-res pictures (which don't exist.)
|
|
#
?
Feb 6, 2012 21:33
|
|
|
Martytoof posted:I love the little videos that Cisco managers do for the website to show off products, but it's terribly obvious why each and every manager at Cisco didn't go into acting as a career. oh I love those, there are some terrible terrible ones which makes me wonder wtf they were thinking when they allowed them through On topic: Random question, leaking a route between virtual routers in juniper land, how do I handle the next hop? If I leak say 10.1.1.0/27 the next hop is in another inet table which means it won't work. I'm not being lazy here Ill figure it out tomorrow but was just wondering. When I did it in Cisco land (static routes) you just set the next-hop and VRF. I'm also leaking using OSPF which mayyyy not work. The other thing is I need to leak a discard route which also dons't seem to be right after a glance as the static route placed in the table is set to be discarded. Probably not explaining this very well 
|
|
#
?
Feb 7, 2012 06:12
|
|
|
Powercrazy posted:Not too mention that those videos aren't useful at all. I much prefer the white papers and maybe some labeled hi-res pictures (which don't exist.) I like Jimmy Ray on TechWise 
|
|
#
?
Feb 7, 2012 08:11
|
|
|
nzspambot posted:oh I love those, there are some terrible terrible ones which makes me wonder wtf they were thinking when they allowed them through Nub question. What is "leaking"?
|
|
#
?
Feb 7, 2012 15:39
|
|
|
Zuhzuhzombie!! posted:Nub question. Leaking is referring to importing/exporting routes between VRF instances. A VRF as a virtual router inside your router, with it's own routing/arp tables which is typically used in SP networks to separate customers (MPLS Layer 3 VPN). Sometimes you'll have routes you want to leak between VPNs (especially if the customer has multiple VPNs) for shared service networks etc.
|
|
#
?
Feb 7, 2012 18:48
|
|
|
TY. Here's a problem I came across today. Very very high IP Input. I've checked over our traffic graph and am not seeing any customers maxing out their traffic. This core 6500 is BGP peered with our ASRs but is not sending or receiving full routes. The only interface that has a high counter for broadcasts is an interface that's been down for quite some time. No debugging either. Not sure where else to look. EDIT I'm under the impression that L3 Input being high means that a high number of packets are being punted to the CPU. Here's a sample. quote:L2 Switched: ucast: 74 pkt, 5546 bytes - mcast: 5 pkt, 368 bytes Zuhzuhzombie!! fucked around with this message at 22:13 on Feb 7, 2012 |
|
#
?
Feb 7, 2012 21:34
|
|
|
So I need you guys to again confirm my train of thought. Honestly the quick answers I get from this thread makes it the best place to ask a yes/no question for bouncing an idea off of someone else. I have a Cisco asa 5520 setup with Two factor VPN. I am using a LOCAL-CA server on this 5520 to handle the certificates for my 2nd factor. I plan on making a remote office 5505 use two factor as well for connecting to that device. I am going to set them up with certificate revocation and a CRL pointing to my 5520. Would this work the way I think it will? Here is my outline of what its gonna look like: 5520 Local-CA server(Certificates are Here) -----INTERNETZ------ 5505 at remote site. 5505 Set to use the CRL Located on my 5520 and point everything to authenticate certificates via there. Any thoughts on why this idea will/won't work? I'm pretty sure once I setup the certificates and trust between them it should be ok
|
|
#
?
Feb 7, 2012 22:33
|
|
|
Zuhzuhzombie!! posted:Here's a problem I came across today. Very very high IP Input. By IP input, do you mean the IP input process is consuming large amounts of CPU? If so this would be due to packets punting to the RP, did you make any changes recently (ACLs, etc) ? What's the output of "show platform hardware capacity forwarding" and "show mls cef exception status" ? ragzilla fucked around with this message at 22:53 on Feb 7, 2012 |
|
#
?
Feb 7, 2012 22:51
|
|
|
ragzilla posted:By IP input, do you mean the IP input process is consuming large amounts of CPU? Correct. Show Proc CPU Sort shows IP Input at the top, usually around 25% but sometimes higher. L2 Forwarding Resources MAC Table usage: Module Collisions Total Used %Used 4 0 98304 230 1% 5 0 65536 229 1% 6 0 65536 229 1% 9 0 65536 230 1% VPN CAM usage: Total Used %Used 512 0 0% L3 Forwarding Resources FIB TCAM usage: Total Used %Used 72 bits (IPv4, MPLS, EoM) 245760 1339 1% 144 bits (IP mcast, IPv6) 8192 26 1% detail: Protocol Used %Used IPv4 1337 1% MPLS 1 1% EoM 1 1% IPv6 19 1% IPv4 mcast 4 1% IPv6 mcast 3 1% Adjacency usage: Total Used %Used 1048576 1277 1% Forwarding engine load: Module pps peak-pps peak-time 4 371060 2441831 20:44:00 CDT Wed Jan 18 2012 5 13799 2359402 21:08:49 CDT Thu Dec 15 2011 6 15423 890464 01:14:56 CDT Mon Jun 27 2011 9 100579 3455430 22:27:41 CDT Wed Aug 24 2011 Current IPv4 FIB exception state = FALSE Current IPv6 FIB exception state = FALSE Current MPLS FIB exception state = FALSE
|
|
#
?
Feb 7, 2012 23:39
|
|
|
|
| # ? May 14, 2024 09:28 |
|
|
For the time being I've turned off ip unreachables on the interfaces heading out to our ASRs. Where as IP input has been hovering around 40% all day, now it's down to 15%. Dunno if that's a coincidence or not.
|
|
#
?
Feb 7, 2012 23:54
|
|