|
So I started working at my first "real" job out of college, and I'm basically going to be taking over a few server rooms that each have four/five racks as well as a couple classrooms with some lab computers. The equipment is a mix of Cisco video products (think QAM modulators), server products (UCS, DNCS, etc), and networking products (various routers and switches). I also get a /23 to play with, but at the moment everything seems to be thrown into a single network - no logical or physical subnets at the moment. The server rooms are kind of cluttered. No real cable management - coaxial and ethernet everywhere. No real documentation either. About 25% of the equipment is no longer being used, and there aren't any real-time monitoring systems in place. I feel like I can do this, I just haven't done it yet, so I'm not sure where to start. I started building an inventory using an excel sheet to get an idea of where things are physically - I figure the next step is to document how everything is connected. I want to get into a position where this equipment can be centrally managed and monitored. I figure you guys could point me in the right direction.
|
#
?
Oct 9, 2013 03:54
|
|
|
|
| # ? May 31, 2024 21:15 |
|
|
Eh, just drink a beer and take a nap. That's really the best advice I have.
|
|
#
?
Oct 9, 2013 05:27
|
|
|
Erkenntnis posted:So I started working at my first "real" job out of college, and I'm basically going to be taking over a few server rooms that each have four/five racks as well as a couple classrooms with some lab computers. The equipment is a mix of Cisco video products (think QAM modulators), server products (UCS, DNCS, etc), and networking products (various routers and switches). I also get a /23 to play with, but at the moment everything seems to be thrown into a single network - no logical or physical subnets at the moment. Step one will always be to make zero changes until you have documented everything. There might be a method to the madness, you just haven't seen/found it yet. The last thing you want to do is come in and start making sweeping changes and potentially break things. Take a few weeks and build a big initial set of documentation, then start to build projects around what you want to see implemented / changed, like a management network, centralized logging, authentication, etc
|
|
#
?
Oct 9, 2013 13:24
|
|
|
I was drinking a beer and looking at this http://www.opendcim.org before my nap. And yeah, proceed with caution. "I was trying to clean stuff up" doesn't generally satisfy people when your network is down.
|
|
#
?
Oct 10, 2013 00:18
|
|
|
bort posted:I was drinking a beer and looking at this http://www.opendcim.org before my nap. And yeah, proceed with caution. "I was trying to clean stuff up" doesn't generally satisfy people when your network is down. My DC manager acquired iTRACS at the start of the financial year. Many months later he's still working on getting all the cable runs and auditing complete to make it useful  .
|
|
#
?
Oct 10, 2013 04:23
|
|
|
Just changed the console password on a 3750 stack and the master switch crashed hard. Hmmmmmmmmmmmmm.
|
|
#
?
Oct 11, 2013 00:28
|
|
|
Zuhzuhzombie!! posted:Just changed the console password on a 3750 stack and the master switch crashed hard. Hmmmmmmmmmmmmm. Yikes.
|
|
#
?
Oct 14, 2013 21:58
|
|
|
Zuhzuhzombie!! posted:Just changed the console password on a 3750 stack and the master switch crashed hard. Hmmmmmmmmmmmmm. I did that once by adding a SNMP community 
|
|
#
?
Oct 15, 2013 05:13
|
|
|
At least you didn't hold down the mode button to demonstrate express setup wasn't enabled on the service desk switch stack only to find out it was enabled... (who decided that feature was a good idea).
|
|
#
?
Oct 15, 2013 05:34
|
|
|
I've had that feature used by an errant janitor cart that was the right height to somehow press the mode button. I've had the lovely bezel on the 3750 bust off and press the mode button. And, I've had it used by a guy who said "it wasn't blinking right so I pressed the reset button". The day I realized it just renamed the config files and VLAN database was the day I stopped being concerned about it, though I still can't convince engineering it needs to be turned off.
|
|
#
?
Oct 16, 2013 17:17
|
|
|
Question: I'm being asked to look at long-term packet retention appliances- probably no more than 1-2gbps. No IDS functionality is required, just straight pcaps. We had originally tried rolling our own, but it seems as though our security-onion box was dying under only 100-200mbps. I'm not on our sysadmin team, so I don't know the details. Anyway, I know Riverbed makes their Cascade / Shark stuff, and I've heard of nPulse, but have no experience directly. Anyone have any recommendations?
|
|
#
?
Oct 16, 2013 19:25
|
|
|
We use Fluke's Network Time Machine at 10gbps and it doesn't choke.
|
|
#
?
Oct 16, 2013 19:36
|
|
|
Not completely relevant, since I am perennially trying to justify budget for Shark, but we use Cascade for Net-/Sflow. Recent versions have been challenging. We had the most recent (10.0.7) Profiler upgrade hang up and require us to set it to defaults and restore from backup (support: 'it happens'). It later crashed hard when a device had time that was off -- and sure, I'll take partial blame for that. But most unlike a Riverbed product, and never had an issue with a Cascade before. Getting burned by expensive equipment makes an especially sour taste. e: forgot a word bort fucked around with this message at 20:19 on Oct 16, 2013 |
|
#
?
Oct 16, 2013 20:14
|
|
|
I had used RiOS boxes before, supposedly for wan opt, but our users were pretty ambivalent about apparent improvement. This most recent need for long term pcap retention came about as part of a 'security incident', so they're asking for long term forensic capabilities. I'm sure we'll figure something out. I'm still of the mind that they don't actually need full frames written to disk for, say, 90 days, but then again, I just work here.
|
|
#
?
Oct 16, 2013 23:00
|
|
|
You should be able to roll your own just using Gulp or some equivilent (tcpdump might even work natively) and a properly tuned linux host. I have not tried it myself but honestly if you have spare hardware it doesn't sound difficult (http://staff.washington.edu/corey/gulp/ ; http://blog.crox.net/archives/72-gulp-tcpdump-alternative-for-lossless-capture-on-Linux.html) Make sure you have fast disk, a cron job to rotate the files, and some sort of process checking so if it crashes for whatever reason it starts again and doesn't overwrite the older files. Let me know if you get the chance to do it because I'd like to look at doing it myself.
|
|
#
?
Oct 17, 2013 03:23
|
|
|
This sounds like a perfect opportunity to use pf_Ring from the Ntop crew: http://www.ntop.org/products/pf_ring/
|
|
#
?
Oct 17, 2013 14:33
|
|
|
Could some one help me understand how to navigate the Cisco Feature Navigator? Tried to install a 48 port gigabit blade in our 6509 (running adventerprisek9_wan-mz.122-33.SXJ.bin). This was released in 2011. Upon installing the blade I received an error that, according to Google sources, means that my OS is out of date and doesn't support the blade. Fine. Found the latest release in this train that was released in July this year (adventerprisek9_wan-mz.122-33.SXJ6.bin) but I can't for the life of me figure out how to verify that it will support the 48 port blade.
|
|
#
?
Oct 17, 2013 15:48
|
|
|
Zuhzuhzombie!! posted:Could some one help me understand how to navigate the Cisco Feature Navigator? Tried to install a 48 port gigabit blade in our 6509 (running adventerprisek9_wan-mz.122-33.SXJ.bin). This was released in 2011. Upon installing the blade I received an error that, according to Google sources, means that my OS is out of date and doesn't support the blade. Fine. Found the latest release in this train that was released in July this year (adventerprisek9_wan-mz.122-33.SXJ6.bin) but I can't for the life of me figure out how to verify that it will support the 48 port blade. Go to the product page for the linecard. It should have the earliest supported version listed.
|
|
#
?
Oct 17, 2013 15:54
|
|
|
Zuhzuhzombie!! posted:Could some one help me understand how to navigate the Cisco Feature Navigator? Tried to install a 48 port gigabit blade in our 6509 (running adventerprisek9_wan-mz.122-33.SXJ.bin). This was released in 2011. Upon installing the blade I received an error that, according to Google sources, means that my OS is out of date and doesn't support the blade. Fine. Found the latest release in this train that was released in July this year (adventerprisek9_wan-mz.122-33.SXJ6.bin) but I can't for the life of me figure out how to verify that it will support the 48 port blade. What line card and error message?
|
|
#
?
Oct 17, 2013 16:04
|
|
|
%C6KPWR-SP-4-UNSUPPORTED: unsupported module in slot 1, power not allowed: Unknown Card Type. I'll grab the model number and see what's up. Thanks. Zuhzuhzombie!! fucked around with this message at 16:31 on Oct 17, 2013 |
|
#
?
Oct 17, 2013 16:29
|
|
|
what model 48 port blade is it?
|
|
#
?
Oct 17, 2013 16:31
|
|
|
ws-x6848-GE-TX V01 ed Data sheet says: • Supervisor engine: Compatible with Supervisor Engine 2T and Supervisor Engine 2TXL Though we're using Supervisor 720. Maybe that's my problem? Zuhzuhzombie!! fucked around with this message at 17:12 on Oct 17, 2013 |
|
#
?
Oct 17, 2013 17:03
|
|
|
You will need to know your chassis as well, 6509 vs 6509-E, because if they are similar to how the 4500 vs 4500-E series is, there are specific slots that E series line cards can go into. EDIT: You can check with "sh module", it will be similar to: code:
|
|
#
?
Oct 17, 2013 17:12
|
|
|
You're trying to run a linecard with a DFC4 with a MSFC3 supervisor. Not supported. e: You might be able to install a DFC3 on the linecard, effectively making it a WS-X6748-GE-TX tortilla_chip fucked around with this message at 17:18 on Oct 17, 2013 |
|
#
?
Oct 17, 2013 17:14
|
|
|
WS-C6509-E ed quote:PFC4 linecard with a MSFC3 supervisor Just curious as to what this means, specifically. But thank you for clearing that up. I doubt we'd want to change SUP engines, but curious, would doing so fix that issue or is it something larger? Zuhzuhzombie!! fucked around with this message at 17:17 on Oct 17, 2013 |
|
#
?
Oct 17, 2013 17:14
|
|
|
https://supportforums.cisco.com/docs/DOC-21377 http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps11878/qa_c67-648478.html
|
|
#
?
Oct 17, 2013 17:19
|
|
|
Thanks! Which brings up another question... what kinda CPUs are in these things?
|
|
#
?
Oct 17, 2013 17:21
|
|
|
Some bitchin Motorola PowerPCs!
|
|
#
?
Oct 17, 2013 17:22
|
|
|
jwh posted:I had used RiOS boxes before, supposedly for wan opt, but our users were pretty ambivalent about apparent improvement.
|
|
#
?
Oct 17, 2013 17:28
|
|
|
Direct link to the Cisco Live presentation for 6500 architecture: http://d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKARC-3465.pdf If that doesn't work, create an account on https://www.ciscolive365.com
|
|
#
?
Oct 17, 2013 17:35
|
|
|
"• Supervisor engine: Compatible with Supervisor Engine 2T and Supervisor Engine 2TXL" On this page http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/data_sheet_c78-451794.html is "Supervisor 2" On this page https://supportforums.cisco.com/docs/DOC-21377#Policy_Feature_Card_PFC Yes? Sorry if this just seems blatantly obvious. Ah. DMCA policing, the time I get to search through my eMails for "Horny White Moms 2" at the office with legitimate purpose.
|
|
#
?
Oct 17, 2013 17:51
|
|
|
Sup2 != Sup2T Sup2 = MSFC2 Sup2T = MSFC5
|
|
#
?
Oct 17, 2013 18:10
|
|
|
Thank you again. One more question if you'll spare some more patience. Where can I go to find what kind of card it is? For example: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/data_sheet_c78-451794.html This is the spec sheet for the card I have but a ctrl F doesn't find anything PFC or MSFC. Or am I supposed to figure that out from the Supervisor Engine requirement listing?
|
|
#
?
Oct 17, 2013 19:01
|
|
|
The PFC/MSFC are both on the Supervisor. Linecards have a CFC/DFC. Both the PFC/MSFC and CFC/DFC have to be compatible for the card to boot. Furthermore, the whole chassis can only boot to the lowest common denominator of features. e: Slide 45 in the Cisco Live presentation explains this with a nice table.
|
|
#
?
Oct 17, 2013 19:48
|
|
|
Thanks. Completely glossed over the post with that link.
|
|
#
?
Oct 17, 2013 20:16
|
|
|
What do you guys think about a catalyst 4900m as a cheap 10gig aggregation switch? I won't be using much if any routing logic on it.
|
|
#
?
Oct 18, 2013 00:39
|
|
|
CrazyLittle posted:What do you guys think about a catalyst 4900m as a cheap 10gig aggregation switch? I won't be using much if any routing logic on it.
|
|
#
?
Oct 18, 2013 03:12
|
|
|
What kind of switches should I be looking at for top-of-rack 10g uplinks to a core 6509-e? Something like the 3650-X?
|
|
#
?
Oct 18, 2013 07:23
|
|
|
Erkenntnis posted:What kind of switches should I be looking at for top-of-rack 10g uplinks to a core 6509-e? Something like the 3650-X? Are you looking for 1Gb or 10Gb edge ports? Do you want to stack?
|
|
#
?
Oct 18, 2013 11:55
|
|
|
|
| # ? May 31, 2024 21:15 |
|
|
This isn't a strictly Cisco question but can you make ntp more tolerant of time difference for a switch. We enabled ntp on a few switches and now they're spewing snmp messages about the time changing a few times an hour. Our monitoring software throws an alarm for this but it's literally changes of sub second values.
|
|
#
?
Oct 18, 2013 12:00
|
|