|
Is this the same as rollover cable? http://www.monoprice.com/Product?c_id=102&cp_id=10222&cs_id=1022203&p_id=948&seq=1&format=2 Looks the same to me, RJ45, 8 pins... I figure I'll just buy 25 feet and re-terminate it into a bunch of ~2ft cables.
|
# ? Feb 18, 2014 21:54 |
|
|
# ? Jun 10, 2024 11:52 |
|
Anyone have a v6 access list example to stave off the NTP DDoS issue that's been getting a lot of attention recently?
|
# ? Feb 18, 2014 22:15 |
|
Aexo posted:Anyone have a v6 access list example to stave off the NTP DDoS issue that's been getting a lot of attention recently? Are you the target of the DDoS or are you trying to prevent being the source in someway? If it is the latter......http://www.bcp38.info (source based filtering) and if you have NTP servers, patch them. H.R. Paperstacks fucked around with this message at 22:31 on Feb 18, 2014 |
# ? Feb 18, 2014 22:25 |
|
QPZIL posted:Is this the same as rollover cable? You'd have to cut the heads off these and crimp new heads on the opposite way, it's a super easy job though. http://www.monoprice.com/Product?c_id=102&cp_id=10222&cs_id=1022203&p_id=945&seq=1&format=2 This is already rolled over, I'm pretty sure.
|
# ? Feb 18, 2014 22:31 |
|
H.R. Paperstacks posted:Are you the target of the DDoS or are you trying to prevent being the source in someway? If it is the latter......http://www.bcp38.info (source based filtering) and if you have NTP servers, patch them. Trying to prevent network devices from being used as a source. IOS and JunOS seem to be running ridiculously old versions of NTP.
|
# ? Feb 18, 2014 22:33 |
|
Aexo posted:Trying to prevent network devices from being used as a source. IOS and JunOS seem to be running ridiculously old versions of NTP. Then there isn't anything special about the v6 ACL/Firewall filter you need that differs from how you control access to the control-plane of the devices, just block everything but known IP's from talking to NTP port.
|
# ? Feb 18, 2014 23:38 |
|
Does anyone have any good guides or info on setting up QOS for VOIP on an ASA (5505) ? I'm not asking for someone to write a config, just any general tips or guides or anything. The office I'd like to set this up for has maybe 8 voip phones, but seems to be having some call quality issues - I believe they're on a T1. I'm thinking SIP inspection may be turned on by default so that may clear up some issues once I disable it. Either way though, definitely curious on how to properly set this up on an ASA, and what the various methods are and pros/cons of each if anyone can give me the skinny.
|
# ? Feb 19, 2014 00:41 |
|
Don't use Skinny.
|
# ? Feb 19, 2014 16:49 |
|
I've got a Cisco ASA 5505, and I need to open two ports on it for a security system; I need the ports forwarded to a static IP on the inside. I've added the following code for the two ports, however it still isn't letting traffic through:quote:access-list outside_access_in extended permit tcp any interface outside eq hostname The ASA is on iOS 7.3 currently, and I'd prefer to do this through CLI. There were some other things I had attempted but being that I was working with this a week or two ago I can't remember the details. Basically I need ports 101(hostname) and 8670 open and forwarded to 192.168.1.50. Any help would be greatly appreciated!
|
# ? Feb 19, 2014 18:59 |
|
Any Smartnet knowledgeable people in here? We are going through our renewal right now and have gotten rid of most of our Cisco switches and stuff. We are still running CUCM with a handful of Cisco phones. We also have a few VG224s, 2811s and ATAs. Can I get away with only renewing software support for CUCM and all of our end user licenses, then just stocking up on some extra used hardware? Will Cisco not support any of our phone setup in everything isn't covered?
|
# ? Feb 19, 2014 19:35 |
|
If you've got problems with the 2811s, and you don't have smartnet on them, they may not give you support if the problem is determined to be with the 2811 (configuration or hardware) and not the CUCM.
|
# ? Feb 19, 2014 19:51 |
|
n0tqu1tesane posted:If you've got problems with the 2811s, and you don't have smartnet on them, they may not give you support if the problem is determined to be with the 2811 (configuration or hardware) and not the CUCM. But that would be easy enough to just swap out the hardware with a known working spare. As long as they will still provide support for the CUCM itself, I think we would be fine. If they found it to be hardware related and told us to deal with it because of lack of support, I would be fine with that.
|
# ? Feb 19, 2014 20:00 |
|
Any advice on removing stripped rack ear screws?
|
# ? Feb 19, 2014 20:43 |
|
Morganus_Starr posted:Does anyone have any good guides or info on setting up QOS for VOIP on an ASA (5505) ? I'm not asking for someone to write a config, just any general tips or guides or anything. The office I'd like to set this up for has maybe 8 voip phones, but seems to be having some call quality issues - I believe they're on a T1. I'm thinking SIP inspection may be turned on by default so that may clear up some issues once I disable it. Here are my go-to guides: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml
|
# ? Feb 19, 2014 21:46 |
|
sudo rm -rf posted:Any advice on removing stripped rack ear screws? 2 Ways i have done it is either drilling them out, or using a tap and die set like a "Grabit". Drilling them out takes some work, but the Grabit style of bits runs between $30 to $50 at a hardware store.
|
# ? Feb 19, 2014 21:49 |
|
Moey posted:But that would be easy enough to just swap out the hardware with a known working spare. Well, you could still run into configuration issues, but if you're doing basic h323 voice gateways with the 2811s, there really isn't a ton to go wrong.
|
# ? Feb 19, 2014 23:02 |
|
n0tqu1tesane posted:Well, you could still run into configuration issues, but if you're doing basic h323 voice gateways with the 2811s, there really isn't a ton to go wrong. Yea, very simple config and never really changes. So as long as I have backups of the configs, dropping in a replacement should be a walk in the park.
|
# ? Feb 19, 2014 23:15 |
|
Not really a Cisco related question, more general networking: Does anyone use Monoprice as a vendor for Fiber optic cabling? I've been doing quite a bit of ordering of Cat6 & power cables through them, and while it's hard to gently caress that kind of stuff up, I was entertaining the thought of using them for my Fiber optic orders as well. Does anyone have feedback as to their quality? Thanks.
|
# ? Feb 20, 2014 00:46 |
|
Wicaeed posted:Not really a Cisco related question, more general networking: Not anything against monoprice, but we order all our cables (custom assembly and off the shelf patch) from fiber instrument sales. Can't think of a time when we've had a bad jumper or cable assembly from them.
|
# ? Feb 20, 2014 01:13 |
|
Arkitektbmw posted:I've got a Cisco ASA 5505, and I need to open two ports on it for a security system; I need the ports forwarded to a static IP on the inside. I've added the following code for the two ports, however it still isn't letting traffic through: ACL applied to the outside interface? Also, "packet-tracer input outside* tcp 64.1.2.3 999 1.2.3.4** 8670 det" can show you where the breakdown is. *whatever your WAN/outside interface is named **whatever your WAN address is
|
# ? Feb 20, 2014 02:23 |
|
Having the oddest Juniper / Cisco interoperability problem and TAC/JTAC are dodging me/not being helpful so figured I would ask here. Basically throughput is poo poo(like 20% of expected) on serial connections but fine parallel. Everything I can think of checking is green across the board though. More detail: We have an SRX1400(XGE model) for L3, and a pair of Nexus 5548s for Layer 2. No FEXes or anything fancy yet. Software-wise - SRX is Junos 12.1X44, Nexus switches are both NX-OS 6.0(2)N2(2). Juniper xe-0/0/7 is connected to nexus1 eth1/1. Juniper xe-0/0/8 is connected to nexus2 eth1/1. Nexuses are set up for VPC. Junos side is configured for LACP. Here's the relevant config: code:
code:
Buffer fucked around with this message at 03:14 on Feb 20, 2014 |
# ? Feb 20, 2014 03:12 |
|
what is the output of sh vpc on each nexus?
|
# ? Feb 20, 2014 04:13 |
|
adorai posted:what is the output of sh vpc on each nexus? Looks fine on both Nexus 1 code:
code:
code:
show lacp interfaces ae0 code:
Buffer fucked around with this message at 05:21 on Feb 20, 2014 |
# ? Feb 20, 2014 04:18 |
|
Wicaeed posted:Not really a Cisco related question, more general networking: I only order cat5e jumper cables from them, and get overnight delivery for $5. There's a shop in Pleasanton (cablewholesale.com) that I buy fiber patch from because they ship it ground to SF which takes ~1 day and all their patch cables are high quality. Monoprice only just recently started carrying fiber patch cables, and while I might give them a shot I have no particular incentive to break from my current vendor purchase patterns especially when my current vendor isn't -that- much more expensive.
|
# ? Feb 20, 2014 07:29 |
|
We're looking at the 15.0 train on our 3750x stacks for 10g support. Still concerned by some of the reports of memory leakage, etc. What code revs are people happy with?
|
# ? Feb 20, 2014 14:40 |
|
gooby pls posted:We're looking at the 15.0 train on our 3750x stacks for 10g support. Still concerned by some of the reports of memory leakage, etc. What code revs are people happy with? I've got a site running on 15.0(1)SE3 for a while without any issues. I know there were some weird bugs with 15.0(2) but it looks like they've been sorted out. 15.0 isn't a requirement for 10gig though, minimum version is 12.2(53)SE2.
|
# ? Feb 20, 2014 19:27 |
|
I know this is probably super basic but I'm confused about something and was hoping someone could tell me why things are working. Right now I have a Catalyst 3750 Core network stack that is handling our vlan routing and internal network. We have 3 vlans. It's set up so that all the Vlans have corresponding Switch virtual interfaces that are 10.10.100/101/102.1 How exactly do these interfaces communicate with eachother? I also don't understand how these switch virtual interfaces are joined to a vlan. Here's some running-conf output: code:
quote:At this point, ip routing has been enabled. When issuing the show ip route command, the switch shows all networks learnt from the supported routing protocols (none active at the moment). Hosts between different VLANs are now able to communicate with each other as long as they have their IP gateway set to the 3560’s VLAN IP interface of their network.
|
# ? Feb 21, 2014 21:41 |
|
interface vlan100 is the layer-3 interface on that switch for the corresponding vlan 100. The same is true for vlan 101, 102, etc. The SVI interfaces are simply the platforms way of representing a routable interface belonging to a particular vlan. It's analogous to having a router with handful of ports, and connecting one of them to a switch on vlan 100, or 101, or 102, for example. It's the same thing, except it's all happening inside this particular switch platform. There is no process of joining a SVI to a corresponding vlan, it happens automatically, based on the number. ie., if you have an interface Vlan100, that is the layer-3 interface for vlan 100. There's nothing magical happening here. The last paragraph, what is being said there is that if you have a bunch of hosts on vlan 100, 101, and 102, and each of these hosts have their own default gateway set to the corresponding address for their Vlan SVI on the switch (for example, a host on vlan 100, say, 10.10.100.95 would have a gateway of 10.10.100.1, and a host on vlan101 would have a gateway of 10.10.101.1, etc.), they would be able to communicate by routing between these vlans (facilitated by the routing functionality of the switch). Does that make sense?
|
# ? Feb 21, 2014 21:54 |
|
jwh posted:interface vlan100 is the layer-3 interface on that switch for the corresponding vlan 100. The same is true for vlan 101, 102, etc. I guess, I just thought that when those SVIs were created with code:
Spudalicious fucked around with this message at 22:15 on Feb 21, 2014 |
# ? Feb 21, 2014 22:11 |
|
Well, trunks are (in this case) a collection of vlans. SVIs are the layer-3 interface of a single corresponding vlan. So by definition, a SVI can't be a trunk. Part of the difficulty in conceptualizing what's going on inside a routing switch platform is that you're dealing with two different things: layer 2 transport, and layer 3 routing. I tend to think of it like this: every vlan is a lake, and every SVI is a toe in the water from a guy sitting above the lake. Or something like that, I dunno. edit: Maybe it's more like the SVIs are the fishing nets belonging to a particularly enterprising parks and wildlife officer, and he takes fish (packets) from one lake and puts them in another lake. Hey, at least it's not a car analogy.
|
# ? Feb 21, 2014 23:08 |
|
jwh posted:Well, trunks are (in this case) a collection of vlans. SVIs are the layer-3 interface of a single corresponding vlan. So by definition, a SVI can't be a trunk. If VLANs are lakes then an SVI is a dock and when you want to go to another lake you dock your boat on the SVI and walk over to another dock so you can ride a boat in the other lake. Think of an SVI as a sort of network card. With IP routing enabled you're basically creating a computer with a network card in every VLAN you define an SVI in. Since that computer has an interface in every VLAN it can naturally reach them all! It just happens that this particular computer isn't a physical thing and the SVIs are basically "virtual NICs." Generally a switch can only have 1 SVI in a given VLAN. If you're using vrfs then just think of each vrf as a separate computer.
|
# ? Feb 22, 2014 00:27 |
|
You're all going to have fun when Cisco moves to only support bridge domains shortly.
|
# ? Feb 23, 2014 03:14 |
|
Wicaeed posted:Not really a Cisco related question, more general networking: I have a few hundred installed. Light makes it through them, not sure what else to say.
|
# ? Feb 23, 2014 03:41 |
|
tortilla_chip posted:You're all going to have fun when Cisco moves to only support bridge domains shortly. Well if they're going to throw more XR commands down to classic maybe they should give us commit too! Man I love XR.
|
# ? Feb 23, 2014 13:10 |
|
Sepist posted:Well if they're going to throw more XR commands down to classic maybe they should give us commit too! Man I love XR. +1 million. Edit: Does anyone know if Cisco supports WRED ECN+? I see that post 12.2(8)T supports WRED ECN, but I'm interested to know if it supports setting the ECN bits in SYN/ACK packets as well as data packets (RFC 5562). ruro fucked around with this message at 00:01 on Feb 24, 2014 |
# ? Feb 23, 2014 22:20 |
|
Can anybody think of a quick reason why a polycom system would be able to make external calls in a cisco setup, but when calls are placed internally, the mics are mute?
|
# ? Feb 27, 2014 16:09 |
|
SIP calls should communicate directly between the phones. Ate the phones on the same subnet/Can they talk to each other over IP?
|
# ? Feb 27, 2014 17:22 |
|
ElGroucho posted:Can anybody think of a quick reason why a polycom system would be able to make external calls in a cisco setup, but when calls are placed internally, the mics are mute? Yes. Your firewall is allowing the control traffic to set up the call but now allowing the rtp audio traffic. I cant 100% confirm this is your problem but 99% of the time with these symptoms thats it
|
# ? Feb 27, 2014 19:02 |
|
Does anyone make use of NetFlow? Or run anything else that shows real-time info? We've got big bloaty monitoring servers going but I'd like to be able to have some more lightweight things that are more useful at a glance when something goes down. Like a couple instances of MTR and RTMT or whatever. I get the feeling you guys have a couple tools you'd probably swear by
|
# ? Feb 27, 2014 20:04 |
|
|
# ? Jun 10, 2024 11:52 |
|
We use Plixer Scrutinizer.
|
# ? Feb 27, 2014 22:17 |