|
Mugaaz posted:Heard something goofy from TAC today and want to verify I'm not the idiot. Opened case on high CPU on a 6509 from intterupts, they came back with it being caused by a majority of the traffic being sent to the default route and not a more specific route. According to him this causes it to be kicked up to the CPU? Hows your tcam look? sh platform hardware capacity forwarding
|
#
?
Oct 3, 2012 04:37
|
|
|
|
| # ? May 30, 2024 02:58 |
|
|
Did anyone have any parity error crashes on Saturday? There was a solar flare that hit earth Saturday and one of our Sup's in VSS got a one-off parity error that day and rebooted, I found it a bit amusing that they coincided  Mugaaz posted:Heard something goofy from TAC today and want to verify I'm not the idiot. Opened case on high CPU on a 6509 from intterupts, they came back with it being caused by a majority of the traffic being sent to the default route and not a more specific route. According to him this causes it to be kicked up to the CPU? show mls cef lookup [external route] and see if it is glean or an interface, glean is a punt. Sepist fucked around with this message at 05:42 on Oct 3, 2012 |
|
#
?
Oct 3, 2012 05:34
|
|
|
n0tqu1tesane posted:Yeah, it looks like it's an issue with the Apple iOS (I hate that I have to specify this these days) devices disconnecting the wireless when in standby and the WLC dropping auth since it's not getting any more traffic from the device. Folks using iPads like they're going out of style. "Why do I have to reconnect when moving from the 4th floor to the 7th floor? Can we fix this?" Nope - Engi/Lana 7.0.98.0 is the software version I'm running. Hardware is ren-wlc5508. Setting up 802.1x with this is pretty easy, yes? I'm handling Cisco side for physical based 802.1x and the guy handling the NAC/Radius is dragging rear end on his end. Figured that would give me some practice.
|
|
#
?
Oct 3, 2012 15:38
|
|
|
Zuhzuhzombie!! posted:7.0.98.0 is the software version I'm running. Hardware is ren-wlc5508. Setting up 802.1x with this is pretty easy, yes? You are using the built-in web authentication bundle on the WLC, correct? Are the RADIUS servers already configured on the WLC for use with the webauth? I think you should be able to configure a WLAN that points at the same RADIUS servers for 802.1x. On the Layer 2 tab under Security for the wlan, set the dropdown to WPA+WPA2, tick all the checkboxes, and set the Auth Key Mgmt to 802.1x. The Layer 3 tab shouldn't have anything configured, and the AAA server config should be the same as your webauth wlan.
|
|
#
?
Oct 3, 2012 16:37
|
|
|
n0tqu1tesane posted:You are using the built-in web authentication bundle on the WLC, correct? Are the RADIUS servers already configured on the WLC for use with the webauth? I think you should be able to configure a WLAN that points at the same RADIUS servers for 802.1x. Currently I'm setting up an additional network/SSID for testing this. Following these directions: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#auth-8201 Radius server was already an option, thankfully. Now the question I have is: quote:Configure Wireless Client for 802.1x Authentication This section. Is this something I need to configure on my Windows box? Will this need to be configured on all Windows boxes? ed This setup is different than your recommendation. I currently have Layer 2 Security set to 802.1x, which changes the bottom option to WEP and Key Size. If I change it to WPA+WPA2 I have the option of Auth Key Management, and it is set to 802.1x. Which would you recommend? Would you mind taking a moment to explain the differences between the two? Or is your recommendation a way of avoiding client side configuration? ed Tried it with your settings and I couldn't connect. Will try with the first set. ed No go on either. Zuhzuhzombie!! fucked around with this message at 16:55 on Oct 3, 2012 |
|
#
?
Oct 3, 2012 16:44
|
|
|
In my next house I intend to get FTTC 80/20 from my company and speak BGP with them since a colleague says I can use a /23 of his (which I don't even need  ). I don't know anything about low-end Cisco devices. What's the cheapest router I can get that can handle this? i.e. BGP capable and can manage up to 100Mbps of burst traffic.
|
|
#
?
Oct 3, 2012 16:49
|
|
|
Mugaaz posted:Heard something goofy from TAC today and want to verify I'm not the idiot. Opened case on high CPU on a 6509 from intterupts, they came back with it being caused by a majority of the traffic being sent to the default route and not a more specific route. According to him this causes it to be kicked up to the CPU? Uhm yes that sounds like BS. Do you have a case id I can have a look at?
|
|
#
?
Oct 3, 2012 16:55
|
|
|
Anjow posted:In my next house I intend to get FTTC 80/20 from my company and speak BGP with them since a colleague says I can use a /23 of his (which I don't even need I'd get a 3825 off of ebay for about $200.
|
|
#
?
Oct 3, 2012 17:06
|
|
|
falz posted:I'd get a 3825 off of ebay for about $200. Thanks. I had a look and based on the pictures I saw on ebay it is possible we may have one of these spare at the office 
|
|
#
?
Oct 3, 2012 17:21
|
|
|
Quick question regarding GNS3. I have a small lab of a few switches and routers; Can I connect that lab to my GNS3 virtual lab via the pcs ethernet? I've heard vaugely that it can be done but I was hoping someone could get me a quick Yes or No so I'd know if it was worth looking into.
|
|
#
?
Oct 3, 2012 17:27
|
|
|
ToG posted:Quick question regarding GNS3. http://www.ehow.com/how_7895037_connect-gns3-real-network.html
|
|
#
?
Oct 3, 2012 17:28
|
|
|
Yes it can be done, but I've never done it and I haven't had a whole lot of success with GNS3. Lots of crashes, routers become unresponsive etc. Unrelated. What is the cheapest cisco way to support wireless n? I'm moving into a place that will be offering 75mb down and some amount up. I want to get a new router probably a small ISR that can handle that with NAT, DHCP, inspection, etc. and also supports 802.11n. Can you buy 802.11n MIMO WICs? Anyone know any model numbers?
|
|
#
?
Oct 3, 2012 17:34
|
|
|
^ GNS3 crashes alot for me too but all I really want to do is build a topology, test it, tear it down. Repeat. Oh wow, That's way easier than I thought. Thanks. ToG fucked around with this message at 17:37 on Oct 3, 2012 |
|
#
?
Oct 3, 2012 17:35
|
|
|
Anjow posted:In my next house I intend to get FTTC 80/20 from my company and speak BGP with them since a colleague says I can use a /23 of his (which I don't even need
|
|
#
?
Oct 3, 2012 17:53
|
|
|
Zuhzuhzombie!! posted:Currently I'm setting up an additional network/SSID for testing this. Use these directions: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#wifi If I remember correctly, the client side configuration only has to be done on Windows XP machines, and can be pushed out via GPO. There isn't any client-side configuration that has to be done on Apple iOS devices, other than connecting to the SSID and logging in. There is an issue if you're authenticating against an ACS server that's using active directory for the user information. The AD user account has to have "Allow access" selected under the "Dial-in" tab. Otherwise you won't be able to authenticate. Not sure if this is also the case on the web auth bundle, because we use a Cisco NAC Guest server for that back end.
|
|
#
?
Oct 3, 2012 17:56
|
|
|
ragzilla posted:Do you have an ASN or will they let you use a private ASN? It will be me that sets it up so I'll just use a private one. That is unless these IPs are assigned to a spare ASN of my colleague's, which is quite possible.
|
|
#
?
Oct 3, 2012 18:01
|
|
|
Anjow posted:It will be me that sets it up so I'll just use a private one. That is unless these IPs are assigned to a spare ASN of my colleague's, which is quite possible. You also realize that running BGP over a dedicated circuit with a carrier is much more expensive than the usual "internet access" residential ISPs have right? Like you won't be able to just call up your local Comcast office order triple play + BGP.
|
|
#
?
Oct 3, 2012 18:07
|
|
|
Zuhzuhzombie!! posted:Folks using iPads like they're going out of style.
|
|
#
?
Oct 3, 2012 18:08
|
|
|
WIth respect to 802.1x, you'll need to ensure your authentication server is configured for the appropriate EAP types. That's a big part of the battle. You'll most likely want to be using PEAP, as it's mostly seamless from the iOS perspective. As for Windows machines, that's a whole other animal. You can push settings via GPO, but only if your GPO is running on a 2008 server or later (I think, it's been a while). Earlier versions didn't have the extensions for setting 802.1x attributes.
|
|
#
?
Oct 3, 2012 18:17
|
|
|
Powercrazy posted:You also realize that running BGP over a dedicated circuit with a carrier is much more expensive than the usual "internet access" residential ISPs have right? I don't know if you missed my first comment, but this will be from the company I work for. The costs will be that of the line (£20-30/month as any other customer of ours), potentially the cost of the router if I can't sway one for free, and the 3 minutes it takes me to set up the BGP on one of our routers. The downside is that if my connection goes down in the night I either have to call one of the night staff on site (who will be useless) if it's a line problem, or fix it myself on my phone if it's a config problem.
|
|
#
?
Oct 3, 2012 18:20
|
|
|
Anjow posted:I don't know if you missed my first comment, but this will be from the company I work for. The costs will be that of the line (£20-30/month as any other customer of ours), potentially the cost of the router if I can't sway one for free, and the 3 minutes it takes me to set up the BGP on one of our routers. While I'm sure this sounds like fun and a good idea now, I suggest that you consider not running BGP to your home. When you get down to it, whats the point? So you will setup a private ASN and use a /23... for your house? Just grab a /29 or something from your company and save yourself a lot of trouble and just statically route it. You get a couple of static IPs, and no headaches in the future. And you don't have to buy a router that can speak BGP to receive a default and announce one route.. Remember, BGP is useful when you are dealing with multiple ISPs and you want to have some failover, or you value having provider independence by using your own IP space, you want to try to influence your traffic's path across different ISPs, or you want to do something like anycast with a subnet. But I don't think any of these apply to you, and I can't think of any legitimate reason why you need a /23 routed to your house (which of course you still could do with a simple static route anyway). I'm not trying to ruin the party, but I think you'll be happier long term if you keep it simple.
|
|
#
?
Oct 3, 2012 18:33
|
|
|
Thanks, I appreciate your points and as the time nears I will keep them in mind. I'm not planning to do it because I've carefully considered my requirements and decided it is something I need, I'm planning to do it mainly just because I can and it will be interesting and fun. If I wrangle a free router, set this up, then decide I don't like it I have lost nothing - I'll just get a normal home router that we send out to customers and reconfigure. This colleague that has the IPs is already doing this with an 1841 we had lying around. I am well aware that if I wasn't in this exact situation this would be a massive waste of money but as it stands it will cost me nothing extra. Sir Sidney Poitier fucked around with this message at 18:39 on Oct 3, 2012 |
|
#
?
Oct 3, 2012 18:37
|
|
|
Anjow posted:
Of course Cost is the main limiting facotr for me. I can't justify 2-300 per month just for novelty.
|
|
#
?
Oct 3, 2012 19:08
|
|
|
Sepist posted:Did anyone have any parity error crashes on Saturday? There was a solar flare that hit earth Saturday and one of our Sup's in VSS got a one-off parity error that day and rebooted, I found it a bit amusing that they coincided I had this a few weeks ago, didn't see any solar activity that day. What did your crashinfo log? Mine was: code:
|
|
#
?
Oct 3, 2012 19:18
|
|
|
I had an active sup-720 fail and recover with no crashlog or any indication it had reset except a syslog entry about module 5.
|
|
#
?
Oct 3, 2012 20:06
|
|
|
If you're only taking one feed, there really isn't a reason to take full tables that I can think of.
|
|
#
?
Oct 3, 2012 20:13
|
|
|
jwh posted:If you're only taking one feed, there really isn't a reason to take full tables that I can think of. Eh, if I had my own router taking full routes I'd probably do analysis on it. Check the availability of various Networks, monitor path changes, etc. Maybe make a blog about it, in general though, yea, there is no point.
|
|
#
?
Oct 3, 2012 20:25
|
|
|
falz posted:I had this a few weeks ago, didn't see any solar activity that day. What did your crashinfo log? Mine was: Same errors. TAC just said to monitor it but I remember a particular engineer in the past mentioned solar flares but any kind of voltage or electromagnetic disruption could cause a bit error.
|
|
#
?
Oct 4, 2012 02:49
|
|
|
Why do it? Because DDWRT can, nothing says over-engineered like running BGP with your home Internet provider with a Linksys router.
|
|
#
?
Oct 4, 2012 04:09
|
|
|
Why not do something more useful/educational like get allocated/advertise an IPv6 /64 ? http://ipv6.he.net/certification/
|
|
#
?
Oct 4, 2012 04:39
|
|
|
falz posted:I'd get a 3825 off of ebay for about $200. Just found exactly this in our store
|
|
#
?
Oct 4, 2012 09:11
|
|
|
Hopefully your employer isn't reading these forums
|
|
#
?
Oct 4, 2012 14:16
|
|
|
Plenty of places have an "old crap we don't need" room/closet where you only have to ask before you can take whatever.
|
|
#
?
Oct 4, 2012 14:35
|
|
|
falz posted:Hopefully your employer isn't reading these forums I've asked, and I won't start experimenting until I get an okay. Taking anything without asking is always an invitation to trouble.
|
|
#
?
Oct 4, 2012 15:31
|
|
|
Powercrazy posted:You also realize that running BGP over a dedicated circuit with a carrier is much more expensive than the usual "internet access" residential ISPs have right? With all them v6 address we should be able to 
|
|
#
?
Oct 4, 2012 17:05
|
|
|
doomisland posted:With all them v6 address we should be able to
|
|
#
?
Oct 4, 2012 21:36
|
|
|
Someone brought this up in the office today: We recently switched from PVST to MST, but there's a chance that a few switches may have missed the update. Is there a way to tell which ones are still using PVST without logging in to all of them? As far as I know (and have discovered by screwing up) a PVST switch that's trunked to a MST switch would be unreachable, but not sure if it poses any other problems aside from that?
|
|
#
?
Oct 5, 2012 02:53
|
|
|
VR Cowboy posted:Someone brought this up in the office today: We recently switched from PVST to MST, but there's a chance that a few switches may have missed the update. Is there a way to tell which ones are still using PVST without logging in to all of them? If so just search for the configs that contain "spanning-tree mode rapid-pvst"?
|
|
#
?
Oct 5, 2012 04:23
|
|
|
We do. I logged in and stared at it just after I posted that and it flew right over my head  Thanks.
|
|
#
?
Oct 5, 2012 04:33
|
|
|
|
| # ? May 30, 2024 02:58 |
|
|
Hi, I'm pretty clueless when it comes to what has what in switches and routers, so I need a suggestion for a device. Our network looks something like this: code:L2 switching within the sites are done with HP Procurve 2910al's (does not support ACL on VLANs). L2 switching between sites are mostly WS-C3560G's and WS-C2960G's (not ours). What kind of switch/router should the (R) device be? I'm thinking we need 24 Gb ports. I don't care if it's a HP Procurve of Cisco as long as it can do what I need.
|
|
#
?
Oct 5, 2012 14:34
|
|
