|
SwolenColon posted:They will pull a renewed dhcp lease from the old server, as long as the pool is activated. If the pool is deactivated, the phones just sit there trying to configure an IP. There no static assignments in the dhcp pools, nor on the phones. The TFTP settings are also correct on both servers. We set up another test vlan, using the same settings, and a new phone pulled an address just fine, so the server seems to be ok. The settings on both servers have been mirrored and checked by three different people. The Windows machines swapped servers just as soon as the ip helper-address settings were put on the interface vlans, but these phones just refuse to relinquish the old dhcp server setting. I hear you but other than toggling the release setting or hard power down on the phones , I'm not sure what else to tell you.
|
# ? Sep 29, 2013 22:04 |
|
|
# ? May 30, 2024 10:38 |
|
Yeah, no one seems to know of a way to make them swap over without software resetting each one (400+ phones, no thanks). Oh well, thanks for the help anyway.
|
# ? Sep 29, 2013 22:10 |
|
e: Read that wrong. Well to try and add some value, don't know about those models but 7960s had an SSH or telnet interface so you may be able to script a reset of them all. FatCow fucked around with this message at 00:34 on Sep 30, 2013 |
# ? Sep 30, 2013 00:29 |
|
SwolenColon posted:Yeah, no one seems to know of a way to make them swap over without software resetting each one (400+ phones, no thanks). Oh well, thanks for the help anyway.
|
# ? Sep 30, 2013 00:48 |
|
You could also cycle the power on the switchports. I had to do a similar thing with 3000+ ip phones about two weeks ago.
|
# ? Sep 30, 2013 03:16 |
|
Thanks for the tips. We just blew away and re-input all of the scope settings two or three times, and it magically worked
|
# ? Sep 30, 2013 06:31 |
|
We have two 24-port managed switches (Adtran, not Cisco) which are connected together via ethernet, and then our firewall hangs off the first switchcode:
Would it not not take the traffic or would it all go over the VLAN anyway?
|
# ? Sep 30, 2013 14:51 |
|
The router should be the gateway unless sw1 is a layer3 switch and that's how you want routing to happen.
|
# ? Sep 30, 2013 15:21 |
|
falz posted:The router should be the gateway unless sw1 is a layer3 switch and that's how you want routing to happen. There are 2 firewalls, .252 and .253, but they are seen as one IP - .250. So when one goes down, the 'update' never happens on the switch so all the traffic keeps going to the down firewall node.
|
# ? Sep 30, 2013 15:27 |
|
Sounds like an ARP caching issue, the switch still associates the MAC of the original firewall with the "shared" IP, and until the firewall stepping in sends traffic to the switch, the table doesn't get updated. Is it possible to have the standby firewall send some kind of traffic to the LAN side immediately when it takes over?
|
# ? Sep 30, 2013 15:36 |
|
Dalrain posted:Sounds like an ARP caching issue, the switch still associates the MAC of the original firewall with the "shared" IP, and until the firewall stepping in sends traffic to the switch, the table doesn't get updated. Exactly. The problem is we can't replicate it (it randomly happens every 3 weeks or so), I want to try flushing the cache when it happens. On the model of switch we have you can't turn express cache off, but on others you can. What we do to 'fix' it is power down the primary firewall gateway, and it still doesn't start working until it comes back up. I figured if the link went down it would clear any cached addresses on that port.
|
# ? Sep 30, 2013 16:27 |
|
What FHRP are you running on the firewalls? RFC-compliant VRRP should use a consistent MAC for the gateway IP to avoid this ARP caching issue entirely.
|
# ? Sep 30, 2013 17:55 |
|
SamDabbers posted:What FHRP are you running on the firewalls? RFC-compliant VRRP should use a consistent MAC for the gateway IP to avoid this ARP caching issue entirely. Check Point R75.20 on a pair of couple-generation-old DL360's
|
# ? Sep 30, 2013 18:12 |
|
Looking to set up a config mgmt/archiving solution for some Cisco gear (Nexus 5K and 7K, 4500-X, random IOS switches, maybe some ASAs while I'm at it). Anything reason NOT to go with RANCID? I haven't used it before, but from what I understand, it's what everyone uses (and free).
|
# ? Sep 30, 2013 19:43 |
|
madsushi posted:Looking to set up a config mgmt/archiving solution for some Cisco gear (Nexus 5K and 7K, 4500-X, random IOS switches, maybe some ASAs while I'm at it). Anything reason NOT to go with RANCID? I haven't used it before, but from what I understand, it's what everyone uses (and free). Use RANCID. Or maybe the rancid-git fork if you want to use git for config storage, or want colorized diffs.
|
# ? Sep 30, 2013 19:45 |
|
This might be better asked in the Certification thread but has anyone taken the new ICND2 exam yet? I have the CCENT from the ICND1 1.1 exam but I'm wondering if ICND2 2.0 will rely on information I 'should have learned' from ICND1 2.0. Missed my last ICND2 attempt at the older exam by around 100marks but I'm hoping to get the Cisco Press ICND2 2.0 book and sit the exam in three weeks.
|
# ? Sep 30, 2013 20:47 |
|
This isn't really a short question because it requires a little bit of background, but I'm guessing it's something simple I'm overlooking and it's getting on my last god damned nerve. With UCM 9.0 you can add a calling queue to hunt groups. Ok so I have a hunt group that does what it is supposed to do. But, when you call it, you just get the lovely Cisco hold music and that was apparently confusing the people calling it. So I was asked to add a message telling people they are going into queue. So I created a call handler. This call handler plays a message and the is supposed to transfer to the hunt group. Here's where the issue happens. I have a transfer rule in place but I can't get the fucker to work. It always dumps them back into the "after message action" and I can't seem to get it to do the transfer. Anyone know what I'm possibly missing? TL:DR version. How do I make this call handler actually transfer to the huntgroup? Ah, I was finally able to figure out what was missing. Apparently you have to forward the drat call handler back to itself to make the transfer rules do their job. veedubfreak fucked around with this message at 17:05 on Oct 1, 2013 |
# ? Oct 1, 2013 16:31 |
|
Could someone inform me on how to disable %PARSER-5-CFGLOG_LOGGEDCMD messages whenever I make device changes?
|
# ? Oct 2, 2013 15:01 |
|
Zuhzuhzombie!! posted:Could someone inform me on how to disable %PARSER-5-CFGLOG_LOGGEDCMD messages whenever I make device changes? You have this (or similar) in your config: code:
EDIT: This can be a good thing for tracking changes or isolating who took down a device. It is part of our standard deployment. Storage space is cheap, syslog is just text and compresses very well if you are worried. H.R. Paperstacks fucked around with this message at 15:42 on Oct 2, 2013 |
# ? Oct 2, 2013 15:37 |
|
I have an ASA that I've been reading SNMP data from to monitor and graph the traffic on our outside interface. The other day, I put the PC that collects the SNMP data on a new VLAN and added an access rule to the ASA's SNMP settings to allow reads from the PC's new IP. For some reason that I can't figure out, all of the SNMP reads are timing out since making these changes. It worked fine before, I changed the IP and added a new ASA access rule to match, and now they all time out. I can ping the ASA from the PC with no problems. Does anyone have any ideas? Edit: there are no ACLs on the new VLAN or anything like that either. It's just a boring old no-frills VLAN.
|
# ? Oct 2, 2013 16:02 |
|
geera posted:I have an ASA that I've been reading SNMP data from to monitor and graph the traffic on our outside interface. The other day, I put the PC that collects the SNMP data on a new VLAN and added an access rule to the ASA's SNMP settings to allow reads from the PC's new IP. Does the ASA have an interface in this new VLAN? If not, does it know how to get back to the new VLAN via a route elsewhere?
|
# ? Oct 2, 2013 16:15 |
|
Are there any considerations, or horrible things that could happen, with enabling BGP dampening. One of my ISP's PE devices likes to flap and it's causing all kinds of fun (unfortunately, it's our preferred path out).
|
# ? Oct 2, 2013 18:43 |
|
http://www.ripe.net/ripe/docs/ripe-580 I'd recommend voting with your money.
|
# ? Oct 2, 2013 18:52 |
|
routenull0 posted:Does the ASA have an interface in this new VLAN? If not, does it know how to get back to the new VLAN via a route elsewhere?
|
# ? Oct 2, 2013 19:06 |
|
geera posted:No interface, but there is a static route added for the new VLAN in the ASA. Feels like I've been wrestling with this forever and I'm sure it'll be something simple I've overlooked. How does this new vlan talk to the ASA that has an interface? You need a routed hop to get out of the vlan.
|
# ? Oct 2, 2013 21:15 |
|
geera posted:No interface, but there is a static route added for the new VLAN in the ASA. Feels like I've been wrestling with this forever and I'm sure it'll be something simple I've overlooked. Depending on how VLAN routing is sorted out, you may have to add 'same-security-traffic permit inter-interface' or 'same-security-traffic permit intra-interface.'
|
# ? Oct 3, 2013 04:10 |
|
routenull0 posted:How does this new vlan talk to the ASA that has an interface? You need a routed hop to get out of the vlan. ASA posted:route INSIDE 192.168.161.0 255.255.255.0 192.168.140.140 1 On the 3560: 3560 posted:interface Vlan161 I can ping the ASA from the PC on the new VLAN 161 that is trying to collect the SNMP data, that would indicate routing is working properly right?
|
# ? Oct 3, 2013 15:14 |
|
geera posted:There is a static route back to a 3560 (192.168.140.140) with an interface for that VLAN: Just a few more things to look at: Is an SNMP-server configured on the ASA? What does "Show run snmp-server" tell you? If you had the old IP configured with the snmp-server host command, that basically acts like an access-list. Does the SNMP server have the correct MIBs? Have you tried connecting with an SNMP tool manually? Also, are there no access list on the transit VLAN of your 3560?
|
# ? Oct 3, 2013 15:35 |
|
Jelmylicious posted:Just a few more things to look at: snmpwalk posted:10:46:00 [~]$: snmpwalk -v2c -c public 192.168.140.2 1.3.6.1.2.1.2.2.1.5.3 There aren't any ACLs applied anywhere on the 3560. Here's the snmp-server show output (the PC is 161.12): ASA posted:snmp-server group Authentication&Encryption v3 priv
|
# ? Oct 3, 2013 15:51 |
|
geera posted:
That is what needs to be changed to the new PC IP.
|
# ? Oct 3, 2013 16:03 |
|
That is the new IP address of the PC. I wish it were something that simple We have a network engineer scheduled to come next week to do some Cisco voip stuff for us, so I might run this by him also to see if he can spot the problem.
|
# ? Oct 3, 2013 16:11 |
|
What should I use in my test lab as a SNMP/traps collector? I don't have a corporate Cisco account so I can't evaluate ACS.
|
# ? Oct 3, 2013 16:33 |
|
QPZIL posted:What should I use in my test lab as a SNMP/traps collector? I don't have a corporate Cisco account so I can't evaluate ACS. Receive traps from a device? snmptrapd if you are running a linux system.
|
# ? Oct 3, 2013 16:39 |
|
geera posted:That is the new IP address of the PC. I wish it were something that simple If you can ping from the PC/SNMP device to the inside interface on your ASA and it is working then the network is not the issue. You could ping from the ASA to the PC to double check (make sure the PC firewall permits ICMP) if you like. You can debug SNMP on the ASA to see if you are seeing the connection from the PC and then see if you are getting any error messages. As always be careful turning on debug on a production device, use an ACL if you are going to look at anything that may trigger on a large amount of traffic.
|
# ? Oct 3, 2013 16:40 |
|
veedubfreak posted:This isn't really a short question because it requires a little bit of background, but I'm guessing it's something simple I'm overlooking and it's getting on my last god damned nerve. I'm pretty sure the whole point of including this feature is to just make you wish you bought UCCX, too.
|
# ? Oct 3, 2013 23:37 |
|
DHCP question. Was trying to expand my DHCP pool from a /24 to a /23. However, merely accessing the DHCP pool (ip dhcp pool poolname) and then changing the network to a /23 (network 192.168.1.0 255.255.254.0) did not change the DHCP pool, but created two new entries while keeping the original as a /24. One was with the /23 network in it alone, while the other had the default gateway and options but no network statement. I deleted all three pools and recreated one single one with a /23. It appeared at the end of the DHCP pool listing in the running config. My linux box connected directly to the network pulled a /23 IP just fine. My Windows box daisy chained through my IP phone did not, and my IP phone freaked out for a bit. I reverted my changes since we still had some people working in the office over the weekend. They did not complain of service loss. When I changed back to the /24 I could browse fine, but I could not perform an ipconfig /renew. DHCP would time out. If I performed an ipconfig /release and then a /renew, I was able to pull an IP fine and did not get time out errors any more with just ipconfig /renew. Recreated this on several PCs in the office. Just curious if anyone could provide some DHCP info. These were 3750 switches running a fairly up to date IOS. c3750-ipservicesk9-mz.122-58.SE1.bin
|
# ? Oct 7, 2013 17:17 |
|
Zuhzuhzombie!! posted:changing the network to a /23 (network 192.168.1.0 255.255.254.0) Just FYI 192.168.1.0/23 is not a valid network subnet address. 192.168.0.0/23 is, and 192.168.1.0 is an IP address within that subnet. /24 networks: 192.168.0.0 /24 (192.168.0.0 - 192.168.0.255) 192.168.1.0 /24 (192.168.1.0 - 192.168.1.255) 192.168.2.0 /24 (192.168.2.0 - 192.168.2.255) /23 networks: 192.168.0.0 /23 (192.168.0.0 - 192.168.1.255) 192.168.2.0 /23 (192.168.2.0 - 192.168.3.255)
|
# ? Oct 7, 2013 18:44 |
|
I was wanting to use 192.168.4.0 - 192.168.5.255 for the range. Would it have needed to be along classful boundaries anyway?
|
# ? Oct 7, 2013 19:41 |
|
It is 'classless'.
|
# ? Oct 8, 2013 09:59 |
|
|
# ? May 30, 2024 10:38 |
|
veedubfreak posted:With UCM 9.0 you can add a calling queue to hunt groups. There are a number of bugs that have been opened on this feature already with prompt issues and such. I'm eyeballing it because it is nicer than some of the other options available, and cheaper than UCCX, but wary.
|
# ? Oct 8, 2013 12:37 |