|
Partycat posted:So with the Cisco SG300 throw<snip> these things into the incinerator? Yep, do that with a quickness. We have a handful of these out in the field and they are terrible. Just terrible...
|
# ? Mar 20, 2013 21:01 |
|
|
# ? May 31, 2024 18:40 |
|
Partycat posted:So with the Cisco SG300, I am trying to write a recovery procedure for non technical persons. IE, they won't know how to get the device on the network, they just want to get a hot-spare going. Does it support TFTP boot?
|
# ? Mar 20, 2013 21:16 |
|
psydude posted:Anyone ever used Ubiquiti's wired solutions? I've used their wireless stuff before; the price is certainly right. We've had 1 DOA, 1 randomly lose it's config, and 1 that randomly disables it's ethernet port. But at $100/ea, I don't care, they are cheap enough I could do a 3 node VRRP at every site I deploy them at. For the 10 in production, I've been quite pleased. We already used Vyatta rather heavily, so this was a nice fit for branch offices that do not need the Cisco ISR features (voice, basically).
|
# ? Mar 21, 2013 00:23 |
|
Partycat posted:So with the Cisco SG300, There are two decisions I straight-up regret in my current job. 1) buying an Infrant ReadyNAS right before they sold out to Netgear and support went on holiday for a year 2) buying an SG300 Run far, far away. Whatever they're paying you to document the SG300 recovery procedures is more than they'd spend buying a Catalyst switch that isn't a piece of poo poo.
|
# ? Mar 21, 2013 02:17 |
|
As far as I can tell it doesn't support TFTP Boot. The issue is basically that somehow, you can put things into the configuration via the web interface, that you can't put into it with the CLI. When you try, it spits out an error and rejects the line. It also parses the "startup-config" when you copy to it, so you can't sneak it in somewhere. The config file is a mess, anyways. So far the login local statements are no good to be applied from the CLI, nor the login banner. As far as I can tell anyways as it stops trying to tell me what's wrong after about 10 lines worth. But, it does let someone swap the device and get back online and running, we just have to get around to logging in with the default user name/password to the web interface, and then editing those items in by hand through there. As someone here has said, it's the Cadillac of mini switches. But it's no enterprise gear. e: as to the above, it is going into a space/cooling constrained cabinet, and needs PoE, so a large catalyst won't work. The cheap price tag is also very attractive.
|
# ? Mar 21, 2013 20:05 |
|
Is there a reference for all IOS commands (kind of like "man" in Linux?") ? I'm taking a CCNA class and I'm having trouble finding out what each of the commands mean.
|
# ? Mar 21, 2013 23:37 |
|
nescience posted:Is there a reference for all IOS commands (kind of like "man" in Linux?") ? I'm taking a CCNA class and I'm having trouble finding out what each of the commands mean. http://www.cisco.com/en/US/products/ps6350/prod_command_reference_list.html Good luck. If you are looking for a book, you might want to check out Todd Lammle's CCNA IOS Commands Survival Guide. I haven't read it, but his CCNA book is much better than the Cisco Press one. I wish I had that one when I was studying for it. (Screw you, Wendell Odom!)
|
# ? Mar 22, 2013 00:41 |
I can't stand Lammle. Hey Todd... why don't you put more exclamation marks in your book! Networking is fun! gently caress you Todd Lammle.
|
|
# ? Mar 22, 2013 02:15 |
|
teh z0rg posted:I can't stand Lammle. A few years ago, times must have gotten rough for Mr. Lammle. Work sent us out on some ASA training that his company was putting on and each day, we passed him each day in a classroom teaching some CCNA Wireless class.
|
# ? Mar 22, 2013 02:24 |
|
You should've told him to get off his rear end and put out some CCNP books so we don't have to suffer through Odom.
|
# ? Mar 22, 2013 12:15 |
|
Anyone heard of/used ttcp? http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080094694.shtml
|
# ? Mar 22, 2013 21:12 |
|
Powercrazy posted:Anyone heard of/used ttcp? I happened upon and used it a few weeks ago to test link speed asymmetries in our Netherlands MPLS between a few 1841s. It's not much different or difficult than running iperf, but nice to be able to so directly router to router.
|
# ? Mar 22, 2013 21:29 |
|
Yea it's nice, I'm just wondering what the accuracy of it is. On a pair of 3900's connected with a gig uplink across a 10G MAN and <4ms latency between them, I was maxing out at ~2000kB/s.
|
# ? Mar 22, 2013 21:35 |
|
nescience posted:Is there a reference for all IOS commands (kind of like "man" in Linux?") ? I'm taking a CCNA class and I'm having trouble finding out what each of the commands mean. http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
|
# ? Mar 22, 2013 22:06 |
Powercrazy posted:Anyone heard of/used ttcp? never used it. I recommend using nuttcp for performance testing.
|
|
# ? Mar 23, 2013 05:28 |
|
Powercrazy posted:Yea it's nice, I'm just wondering what the accuracy of it is. On a pair of 3900's connected with a gig uplink across a 10G MAN and <4ms latency between them, I was maxing out at ~2000kB/s. I was only using to confirm if a link would crap out and start with packet loss at 2mb downstream, which it did, and that I could push 10 up no problems, and confirm what I was seeing with iperf an ntttcp. It seemed pretty accurate in comparison to the server based tools to me.
|
# ? Mar 23, 2013 11:12 |
|
Powercrazy posted:Yea it's nice, I'm just wondering what the accuracy of it is. On a pair of 3900's connected with a gig uplink across a 10G MAN and <4ms latency between them, I was maxing out at ~2000kB/s.
|
# ? Mar 23, 2013 14:07 |
|
Believe me, If I had servers available I would use them. But if this is all i've got, i'd like to know if i can at least use it to estimate.
|
# ? Mar 23, 2013 20:48 |
|
I've got several branch offices with two outside network connections. One is from an MPLS provider that is only supposed to handle traffic for internal inter-office addresses, we'll say anything on the 10.x.x.x/16 network. The other is for anything else, is sitting on a regular internet connection and goes to a firewall. The MPLS side is using EIGRP to advertise all of the routes with a gateway of last resort pointing at the internet firewall. The idea there being that the routes advertised by EIGRP are going to be hit first, and if they go down, all traffic should go out the internet side. Once the MPLS connection comes back up and EIGRP rebuilds the neighbor table, how long should I expect traffic to keep going to the gateway of last resort? I've done a few tests and if the MPLS connection goes down and comes back up more than a few times in a row, it seems like traffic never stops using the 0.0.0.0 route. Does that sound normal?
|
# ? Mar 25, 2013 18:49 |
I'm looking for a yes or no answer to keep my sanity. ASA NAT is dumb and so am I. Emphasize the last point I have 3 external IP's for a 5505 to use on 9.0 code First ip is set to the external Vlan 2 and put on the outside interface The other 2 external IP's need to be setup to static nat to some internal IP's via a specific range of ports. Is this possible on a 5505 without security+? I'm getting conflicting how-to's and reports from google and the Cisco support forums. If possible, I'll keep on the course I'm on now. Building out a box and going to try to do some static NAT for those IP's anyways but I'm worried things may get rejected on the outside interface somehow. My NAT experience is very limited as I haven't been allowed any chance to practice it at this gig. Edit: Figured out how to do most of it via help from TAC. I gave them a base config for what I was doing and they're helping me fill in the blanks. Love me some cisco support, they have always been amazing to me. Langolas fucked around with this message at 23:19 on Mar 25, 2013 |
|
# ? Mar 25, 2013 20:15 |
|
Add one IP to the interface, add NAT rules for the others. They don't need to be added as "secondary" IPs on the interface or anything.
|
# ? Mar 25, 2013 23:45 |
falz posted:Add one IP to the interface, add NAT rules for the others. They don't need to be added as "secondary" IPs on the interface or anything. Yep thats what I figured out to do. I saw some conflicting reports on the cisco forums from users saying its "not possible" but that didn't make sense to me. I wrote up my basic config with what I figured out and opened a TAC ticket to make sure I get everything right on the first shot before I YOTJ out. Thanks!
|
|
# ? Mar 26, 2013 05:43 |
|
Does anyone here have access to the TAC tool that will read a CPU profile dump from an ASA?
|
# ? Mar 26, 2013 16:34 |
|
squidflakes posted:I've got several branch offices with two outside network connections. One is from an MPLS provider that is only supposed to handle traffic for internal inter-office addresses, we'll say anything on the 10.x.x.x/16 network. The other is for anything else, is sitting on a regular internet connection and goes to a firewall. Technically, once the EIGRP MPLS router rebuilds the table, your routes should go that way since the more specific route is there and not go via the the default route but also metrics could come into play. What does the traceroutes look like when you do this? It could be that the way you are bouncing the router, it doesnt have those routes as stable so maybe the routing table isnt converged? I'm dont work with EIGRP much but that's my routing guess. Sounds like some details are missing as well. If the MPLS connection is down with the default in place, it'll route towards the internet circuit and die unless you build a VPN tunnel to that destined site?
|
# ? Mar 26, 2013 17:22 |
|
Anyone have any ideas about iDevice printing via Bonjour, port 5353, and multicast? We have a Cisco 5505 WLC. I've enabled Multicast globally, but there is a "Multicast Vlan Feature" that I can enable specifically on the SSID for the wireless group. It asks what interface I want to use with a drop down listing management and various VLANs. Curious if anyone could offer any tips.
|
# ? Mar 27, 2013 13:55 |
|
It all sucks. Is your printer on a different vlan than your i device? We "solved" the problem in our corp hq by dropping a linux box running avahi onto a trunk port.
|
# ? Mar 27, 2013 20:17 |
|
Bonjour isn't meant for enterprise use is basically what it comes down to.
|
# ? Mar 27, 2013 20:37 |
|
jwh posted:It all sucks. Is your printer on a different vlan than your i device? Printers are iDevice should all be on the same vlan. How would avahi help? Would it take the place of Bonjour and the software our sys techs are trying to use? Zuhzuhzombie!! fucked around with this message at 22:07 on Mar 27, 2013 |
# ? Mar 27, 2013 22:05 |
|
Zuhzuhzombie!! posted:Printers are iDevice should all be on the same vlan. It proxies the mDNS traffic, so the mDNS SD works across multiple VLANs. Cisco have a built-in version in 7.4 WLC software (Bonjour proxy).
|
# ? Mar 27, 2013 23:56 |
|
Actually that may have inadvertently solved it. We're running 7.2 and it looks like Bonjour was added in 7.4 ed Don't buy an ASR1002. There's a serious bug either software or hardware the fucks with the line cards. We've had to RMA them multiple times and it looks like this is also the source of the sonet problems we've been having. Zuhzuhzombie!! fucked around with this message at 16:10 on Mar 28, 2013 |
# ? Mar 28, 2013 15:06 |
|
Zuhzuhzombie!! posted:Don't buy an ASR1002. There's a serious bug either software or hardware the fucks with the line cards. We've had to RMA them multiple times and it looks like this is also the source of the sonet problems we've been having. A 32-bit counter bug in a timer rebooted our spine switches one night. I got the dubious honor of having my infrastructure generate a field alert. Finally got the maintenance window to upgrade the software, and encountered an unpublished bug where our VLANs won't route. To fix it, either shut/unshut the VLAN interface or occasionally, we get to remove and reconfigure the VLAN interface entirely! Really sweet low-impact workaround.
|
# ? Mar 28, 2013 21:27 |
|
Quick video explaining whats in the new CCENT & CCNA Certifications. It's a google hangout session with Jeremy Cioara (The CBT Nuggets guy).
|
# ? Mar 28, 2013 22:45 |
|
Wow, not sure what to think of that guy. Interesting changes. I think I will try to get through the current exam.
|
# ? Mar 29, 2013 19:59 |
|
Me too.
|
# ? Mar 29, 2013 21:03 |
|
So i've spent at least 2 days trying to get IPv6 working correctly at home. I'm at a point where I can at least get ICMP replies back from ipv6.google.com on the console of the ASA but not from a client (Win8 or Win 2012). I have no idea where i'm going wrong with this... Topology is currently: Internet -> Fritz!Box 7390 VDSL router -> ASA5505 -> Inside switch -> Client ASA is in routed firewall mode. IPv4 connectivity is working perfectly. Software version is 9.1(1) Outside interface (VLAN2) is being autoconfigured via SLAAC (not dhcpv6) - this is working Inside interface (VLAN1) I want to have autoconfigured, but this doesn't work for some reason. Perhaps I need to configure an ACL, I don't know what the ACL should be. Setting the IPv6 address manually is fine and I can ping it from a client and the client picks up an autoconfigured address in the same subnet. I've configured a default route for ::/0 to Fritz!Box link-local address. If I change this to be the globally assigned address of the Fritz!Box I can no longer ping ipv6.google.com from the console. I can't get DHCPrelay working for my clients. I've enabled DHCPv6 on the Fritz!Box and enabled DHCPRelay client on the inside interface and defined the link-local address of the Fritz!Box on the outside interface as the DHCPv6 Server. interface Vlan1 nameif inside security-level 100 ip address 192.168.1.252 255.255.255.0 ipv6 address fc00::/64 eui-64 ipv6 address fe80::1 link-local ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ipv6 address fe80::2 link-local ipv6 address autoconfig ipv6 nd suppress-ra ! ipv6 route outside ::/0 fe80::2665:11ff:feec:d31b ! access-list inside_access_in extended permit icmp6 any6 any6 access-list inside_access_in extended permit ip any any ! It appears mostly that I can't ping through the ASA. From the ASA I can ping IPv6 sites fine. Any help would be appreciated!
|
# ? Mar 31, 2013 05:33 |
|
I'm assuming you have those access lists applied somewhere? Also (probably not related but for what it's worth), all of the TAC FW guys I know are saying stay away from 911 and just go with the newest version of 90x.
|
# ? Mar 31, 2013 13:47 |
|
BlueCat posted:So i've spent at least 2 days trying to get IPv6 working correctly at home. I'm at a point where I can at least get ICMP replies back from ipv6.google.com on the console of the ASA but not from a client (Win8 or Win 2012). ASA doesn't support DHCPv6-PD, so hopefully your v6 alloc is static. You'll want to static route one of your /64s to the ASA on the Fritz!Box, then configure that prefix on your inside interface. If you only get a single /64 from your provider you'll want to look at generating a ULA prefix for internal use, then doing NAT66 in the ASA, or moving to transparent mode.
|
# ? Mar 31, 2013 16:30 |
|
Thought this might be useful here to anyone looking at the UC platform there is now an emulator out for it. Video in the link. http://wahlnetwork.com/2013/04/01/cisco-ucs-platform-emulator-walkthrough-video/ Saw it scroll up on one of the people I use to keep uptodate on. Dilbert As FUCK fucked around with this message at 13:15 on Apr 4, 2013 |
# ? Apr 4, 2013 01:59 |
|
Great, more ponies. Is anyone actually using UCS? By choice?
|
# ? Apr 4, 2013 03:00 |
|
|
# ? May 31, 2024 18:40 |
|
Ninja Rope posted:Great, more ponies. Yes. No pain with it for going on 2 years now. Except the guy that 'owns' it won't upgrade from 1.4 to 2.0 (his prerogative I guess).
|
# ? Apr 4, 2013 03:12 |