|
AUX is a serial port for connecting a modem or another console device.
|
#
?
Nov 14, 2012 04:25
|
|
|
|
| # ? May 14, 2024 06:28 |
|
|
double poast lol
Social Media fucked around with this message at 04:36 on Nov 14, 2012 |
|
#
?
Nov 14, 2012 04:34
|
|
|
Ah. I thought for some reason that it could work. I guess I'll need an AUI to RJ-45 transceiver to connect a switch with Ethernet cable then.
|
|
#
?
Nov 14, 2012 04:36
|
|
|
ragzilla posted:The cooling bits a typo right? You can't just magic away heat. This rack will heat up the room it's in unless you have some way to duct the heat away (or some kind of elaborate portable split system). I don't care about heating up the room, I just don't want the equipment to overheat, since I plan on put around 16 devices, some PoE, in an enclosed space.
|
|
#
?
Nov 14, 2012 07:34
|
|
|
Buy an air conditioner for the room.
|
|
#
?
Nov 14, 2012 17:54
|
|
|
I've taken over a bit of a mess from a previous network admin and was asked to allow traffic from our secondary data center to one of our remote offices. Getting on the remote ASA I notice that there are only two access lists, both are basically permit ip <home network> <remote network> and there are no access-group entries. This whole set-up is working, but I was under the impression that without something as simple as 'access-group <acl> in interface outside', you wouldn't be able to get any traffic past the ASA. As it stands, I can access the remote office from the home office, but I can't get to it from the secondary data center. When I try to ping I get a few destination host unreachable responses from the dynamic IP of the ASA. This is probably going to TAC tomorrow, but I was hoping this was something short and dumb on my part.
|
|
#
?
Nov 15, 2012 01:00
|
|
|
post your sanitized config, it's probably nat.
|
|
#
?
Nov 15, 2012 01:16
|
|
|
Powercrazy posted:I don't care about heating up the room, I just don't want the equipment to overheat, since I plan on put around 16 devices, some PoE, in an enclosed space. Any decent 4 post mobile cabinet should work, not like it's terribly dissimilar to a datacenter deployment. Biggest consideration should be the casters as you want to make sure you get the right ones for your floor type(s).
|
|
#
?
Nov 15, 2012 02:17
|
|
|
sootikin posted:I'm trying to make a connection from a Cisco switch's FastEthernet interface to a 2501 router's AUX port. The terminals are RJ-45 on both sides, but what type of cable do I need? The switch is a Catalyst 2924 XL if that makes any difference. You need an Ethernet to AUI transceiver. It'll plug into the DB15 on your 2501 and give you a 10BaseT Ethernet port. As others have mentioned the Aux port is a serial port, typically used for attaching a modem to do OOB management.
|
|
#
?
Nov 15, 2012 04:32
|
|
|
If I want to get a used cisco switch for the house can some one suggest some models to look for? I don't know my cisco models. I imagine anything more than 1-2 Gig ports is going to cost me a lot of $$$? I'd like to spend less than $100. Ebay is full of them, but I am having trouble assessing them.
|
|
#
?
Nov 15, 2012 15:15
|
|
Associate Christ
|
Kaluza-Klein posted:If I want to get a used cisco switch for the house can some one suggest some models to look for? I don't know my cisco models. bort fucked around with this message at 16:15 on Nov 15, 2012 |
|
#
?
Nov 15, 2012 16:07
|
|
|
Kaluza-Klein posted:If I want to get a used cisco switch for the house can some one suggest some models to look for? I don't know my cisco models. If you want Gig then it will be more than $100. Otherwise yea, 2950 is the lowest you want to go. 2912 is cheaper, but runs an extremely limited IOS so it's not even good for learning on. 3550's are going for cheap to, but again, non-gigabit, however they are layer 3 switches so you can do some routing etc.
|
|
#
?
Nov 15, 2012 16:11
|
|
|
We have 2950s in class, I believe. I have found 2950s for $15, and someone has 2950SXs for $30. I suppose ideally I would get a 2950T, as it would have two gigabit ports?
|
|
#
?
Nov 15, 2012 16:17
|
|
|
I don't rememeber the nomenclature for the older switches, but that sounds right.
|
|
#
?
Nov 15, 2012 16:19
|
|
|
Again, depends what you're using it for. The 2950T is end of sale and if I were using it for IOS training, I'd get a model that's still supported. If I were actually wiring my house with a $100 switch for some reason, and I needed 24 ports in one place also for some reason, I'd buy the one with the gig ports. e: powercrazy has a point about the 3550, too. It might be a better training device, since learning layer three is really important bort fucked around with this message at 16:33 on Nov 15, 2012 |
|
#
?
Nov 15, 2012 16:24
|
|
|
Probably just get a WS-C2950G-24-EI + Qty 2 WS-G5483, should be under $100 on ebay. Or if gig, WS-C2970G-24T-E (WS-C2970G-24TS-E is 1.5u w/ SFP ports). Both are very very EOL. Any non-EOL cisco (not rebranded linksys) switch is going to be at least $500.
|
|
#
?
Nov 15, 2012 16:40
|
|
|
I am not using it for training per se, just to wire up the house. Using a consumer switch just wouldn't be the same post Cisco academy  . I got a 2950T for under $40 shipped. Thank you for the help.
|
|
#
?
Nov 15, 2012 16:59
|
|
|
ASA 8.2 NAT question. Currently we just NAT all outbound traffic to one IP: code:code:
|
|
#
?
Nov 15, 2012 20:41
|
|
|
static (inside, outside) <public host> <private host> netmask 255.255.255.255 ! access-list outside_access_in extended permit tcp any host <public host> eq smtp log notifications ! access-group outside_access_in in interface outside 1:1 NAT map - allow traffic inbound via SMTP GOOCHY fucked around with this message at 21:01 on Nov 15, 2012 |
|
#
?
Nov 15, 2012 20:59
|
|
|
GOOCHY posted:static (inside, outside) <public host> <private host> netmask 255.255.255.255 That's what I would do for inbound requests. The DNS option sounds like it might be required as well depending on how their DNS servers are setup. static (inside, outside) <public host> <private host> netmask 255.255.255.255 dns code:
|
|
#
?
Nov 15, 2012 21:35
|
|
|
Yeah, what GOOCHY wrote is exactly what we're doing for all our public-facing services. This is the first time I've wanted to modify our setup for outbound traffic, though.CheeseSpawn posted:It looks like the access list for outbound traffic is reversed? Any reason for the nat 0 bypass? There's actually 4 entries in that ACL. : code:I agree that the ACL looks reversed - not sure why that is.
|
|
#
?
Nov 15, 2012 22:08
|
|
|
Mierdaan posted:Is the NAT 0 bypass there so that there's no translation performed between these internal ranges? Yes, nat 0 is 'NAT exempt'.
|
|
#
?
Nov 15, 2012 23:18
|
|
|
Mierdaan posted:Yeah, what GOOCHY wrote is exactly what we're doing for all our public-facing services. This is the first time I've wanted to modify our setup for outbound traffic, though. Yeah, Nat 0 would bypass the the NAT translation. It's looks like there's a lot more you have going on on your ASA that we can see. I'm guessing the nat0_ACL is being applied on some other interface. To me, it doesnt seem like that is the ACL you need to place your outbound ACL rule at because they dont make sense to me in an outbound direction. I should see something similar to below where there is a something going to any as a destination unless your traffic is going to here <ip any (internal IP range)> and then going out to the internet there which is weird and redundant. access-list outbound_ACL extended permit ip 10.10.0.0 255.255.0.0 any NAT STATEMENTS access-group outbound_ACL in interface inside
|
|
#
?
Nov 16, 2012 00:42
|
|
|
falz posted:Probably just get a WS-C2950G-24-EI + Qty 2 WS-G5483, should be under $100 on ebay. Or if gig, WS-C2970G-24T-E (WS-C2970G-24TS-E is 1.5u w/ SFP ports). Both are very very EOL. Any non-EOL cisco (not rebranded linksys) switch is going to be at least $500. Most brokers will sell you refurb Cisco 2960 24pt+2xgbit (WS-C2960-24TT-L)for ~$200 refurb (cheaper by volume). Atleast in Australia anyway. We order like 10 a month. You can even get smartnet contracts for them should you so desire. I won't plug a particular broker but PM me if you want to know where we shop. I'd be surprised if ebay cost more for these than a broker.
|
|
#
?
Nov 16, 2012 09:07
|
|
|
BurgerQuest posted:Cisco 2960 I was surprised no-one mentioned the 2960 earlier, they have 2x gig ports and can support "limited" routing/layer 3 capability starting from IOS version 12.2(55)SE3. vvvv true Gap In The Tooth fucked around with this message at 04:46 on Nov 19, 2012 |
|
#
?
Nov 18, 2012 19:53
|
|
|
Because he wanted to spend under $100.
|
|
#
?
Nov 19, 2012 00:28
|
|
|
I'm glad they got rid of nat 0, finally.
|
|
#
?
Nov 19, 2012 20:36
|
|
|
For anyone following me trying to figure out how ASA NAT works, it was simple in the end. Mostly I was confused trying to figure out what the point is of ACLs that don't actually permit/deny traffic, just exist for the purposes of matching traffic to a NAT ID. The inside_outbound_nat0_acl access list was just for matching traffic for the NAT bypass. We just added two new ACL entries to our outside_access_in for the host we cared about, and static (inside,outside) <internal IP> <external IP>, bam, done.
|
|
#
?
Nov 19, 2012 20:58
|
|
|
The first ACL defines interesting traffic, i.e. traffic that will be trans-versing the NAT boundary. Like you said, MATCHING traffic. After that you need to define where that traffic is NATted to. That same matching ACL defines any traffic that will be Cryptod through a tunnel or w/e. Don't get too used to it though because ASAs change the way their NAT works every major release, and sometimes the interim releases too 
|
|
#
?
Nov 19, 2012 21:40
|
|
|
The NAT 0 way was a vestigial practice, due to the nature of the box. If you build a box that mostly just does NAT, it stands to reason you'd need an explicit way to tell it NOT to do NAT. Unfortunately, it's a backwards way of doing things. The ASA changes post 8.2 and 8.4 went a long way toward making the ASA a more 'modern' piece of equipment, thankfully. Although I'm surprised that Cisco hasn't brought the CX module down to the rest of the X line. I imagine Cisco is getting murdered out there by Palo Alto and others in the small enterprise segment.
|
|
#
?
Nov 19, 2012 21:59
|
|
|
I wonder when cisco wil give up on the firewall segment, at least commercially/SOHO.
|
|
#
?
Nov 19, 2012 23:01
|
|
|
I have a customer who needs a port opened in their RVS4000 and the guy who configured it did not write down the admin password, and he no longer works here. I have done the password recovery process on an 1800 router before. Is there a similar process with the RVS4000? I would prefer not to do a hard reset and lose the configuration. Thanks! Gweenz fucked around with this message at 04:22 on Nov 20, 2012 |
|
#
?
Nov 19, 2012 23:41
|
|
|
Gweenz posted:I have done the password recovery process on an 1800 router before. Is there a similar process with the RVS4000? I would prefer not to do a hard reset and lose the configuration. I would say that there is almost assuredly not a password recovery option besides factory defaulting. That looks like a consumer line device (aka Linksys). OS and development are completely separate between the consumer and enterprise/SP hardware.
|
|
#
?
Nov 20, 2012 07:47
|
|
|
Mierdaan posted:For anyone following me trying to figure out how ASA NAT works, it was simple in the end. Mostly I was confused trying to figure out what the point is of ACLs that don't actually permit/deny traffic, just exist for the purposes of matching traffic to a NAT ID. When you get right down to it, a NAT is just dynamic policy based routing that uses control lists to source its mapping.
|
|
#
?
Nov 21, 2012 01:09
|
|
|
So who experienced all the fun NTP issues yesterday/today? Good work USNO. They apparently rebooting Tick/Tock servers and when they did, they came back up in the year 2000 and caused all kinds of issues.
|
|
#
?
Nov 21, 2012 02:21
|
|
|
I don't really manage a lot of network gear, but all my servers refuse automatic time changes that are more than a few minutes off, and even then the clock is slewed instead of stepped. What devices step the clock regardless of the offset?
|
|
#
?
Nov 21, 2012 02:33
|
|
|
Ninja Rope posted:I don't really manage a lot of network gear, but all my servers refuse automatic time changes that are more than a few minutes off, and even then the clock is slewed instead of stepped. What devices step the clock regardless of the offset? That is how it is supposed to work, no Stratum 2 should have ever accepted the update with that far of a drift, but apparently most did.
|
|
#
?
Nov 21, 2012 02:33
|
|
|
routenull0 posted:So who experienced all the fun NTP issues yesterday/today? A partner of ours experienced the same thing. That's why I always use sundial.columbia.edu
|
|
#
?
Nov 21, 2012 02:37
|
|
|
routenull0 posted:That is how it is supposed to work, no Stratum 2 should have ever accepted the update with that far of a drift, but apparently most did. That's really bizarre. Why would any NTP time source ever accept that type of update unless it were manual. Even our terribly managed windows domain rejected the incorrect Stratum 2 servers.
|
|
#
?
Nov 21, 2012 02:51
|
|
|
|
| # ? May 14, 2024 06:28 |
|
|
routenull0 posted:So who experienced all the fun NTP issues yesterday/today? GPS time server on site crew represent.
|
|
#
?
Nov 21, 2012 02:55
|
|