|
If this is strictly a lab environment and you're not planning on routing your home internet through your 2620 then I'd suggest even finding a NM-1E. You won't need 100meg if all you're looking for is connectivity. Otherwise yeah, the NM-1FE is fine. Just make sure you're running the minimum supported OS which everyone on planet earth should be, and you'll be good.
|
#
?
Mar 7, 2015 22:09
|
|
|
|
| # ? May 28, 2024 12:57 |
|
|
I think the guy on CBT nuggets said he suggested running internet through it but I don't know if that's really necessary. Thank you for the help!
|
|
#
?
Mar 7, 2015 22:20
|
|
|
Drunk Orc posted:I think the guy on CBT nuggets said he suggested running internet through it but I don't know if that's really necessary. Thank you for the help! I probably wouldn't, if I were just learning the IOS. The last thing you want is to make a mistake and not be able to google your way out of it because your internet is out. Nothing in the CCNA will be relevant to features on a home router anyway. You're better off dedicating a lab environment, throwing a raspberry pi or old laptop on one side if you want to have a "host", then playing with the environment until you can take the test 
|
|
#
?
Mar 7, 2015 22:22
|
|
|
Martytoof posted:I probably wouldn't, if I were just learning the IOS. The last thing you want is to make a mistake and not be able to google your way out of it because your internet is out. Nothing in the CCNA will be relevant to features on a home router anyway. You're better off dedicating a lab environment, throwing a raspberry pi or old laptop on one side if you want to have a "host", then playing with the environment until you can take the test This clears up a lot for me actually, I have the old laptop on hand! Thanks a bunch and I'm sure I'll be back to bug you guys with other dumb questions in the future.
|
|
#
?
Mar 7, 2015 22:28
|
|
|
No worries and don't forget, there are no dumb questions when you're learning. Unless it's about RIP which is a question ABOUT a dumb thing.
|
|
#
?
Mar 7, 2015 22:45
|
|
|
Martytoof posted:No worries and don't forget, there are no dumb questions when you're learning. I went ahead and ordered that NM-1E. I saw some NM-1E2W modules that were cheaper but looked like they wouldn't fit the 2620xm. I can't find a comprehensive list or chart for compatibility, does one even exist?
|
|
#
?
Mar 7, 2015 22:50
|
|
|
It's been quite a while since I had to worry about sticking things into a Cisco chassis so I don't remember off the top of my head. I would guess that if you just google for "network module 2600 comatibility" or "wic 2600 compatibility" you'll get some hits. I know if you look up specific network modules or WICs you should get a compatibility chart, but that's going at it from the opposite direction I guess. I'm sure someone here will know better than me
|
|
#
?
Mar 7, 2015 23:49
|
|
|
Drunk Orc posted:I went ahead and ordered that NM-1E. I saw some NM-1E2W modules that were cheaper but looked like they wouldn't fit the 2620xm. I can't find a comprehensive list or chart for compatibility, does one even exist? http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routermodxref.pdf
|
|
#
?
Mar 8, 2015 01:49
|
|
|
Anyone done a firmware load onto a 7962 phone using tftpd32? Got the firmware loaded onto my tftp server, and the phone is requesting term62.default.loads (and tftpd serves it, according to the log), but then the phone just sits there doing nothing and eventually reboots. After that it requests term62.default.loads again. Screen is completely blank. Not really sure where to go from here.
|
|
#
?
Mar 9, 2015 00:44
|
|
|
Is it CUCM or CME? If it's the former, we used to have the best luck just putting it on the CUCM node serving TFTP (don't even need to do the cop.sgn install, you can just download the raw .loads file and friends if you poke around on Cisco's site) and changing the phone's load name on the phone configuration page (or on the device pool, or on the phone default settings page, depending on how widespread the upgrade was supposed to be).
|
|
#
?
Mar 9, 2015 04:23
|
|
|
Martytoof posted:Anyone done a firmware load onto a 7962 phone using tftpd32? Make sure that every file that's listed in term62.defaults.loads file (if you didn't know, you can open it in notepad to see said list) has been downloaded and is sitting in the same directory being served via tftp32. That's usually all I've needed to do in the past.
|
|
#
?
Mar 9, 2015 04:30
|
|
|
CCNP studying, had a question. What would the best practice IP scheme look like for the layer 3 part of this design?  I was putting down a bunch of /30s but I wasn't really sure where I should be starting or ending when thinking about scalability or summarization. e: If there's a book or resource that goes into this kind of thing, I'd jump all over it as well.
|
|
#
?
Mar 9, 2015 05:19
|
|
|
You'd still use some /30s for the point to point links. You've only got 4 devices doing l3 in the diagram so even with a full mesh you're not looking at a whole lot of routes in the routing table. If there's more to the topology then you could create a null0 route and put that in the IGP. When packets hit your core your more specific /30 routes will take precedence.
|
|
#
?
Mar 9, 2015 06:13
|
|
|
funk_mata posted:Make sure that every file that's listed in term62.defaults.loads file (if you didn't know, you can open it in notepad to see said list) has been downloaded and is sitting in the same directory being served via tftp32. That's usually all I've needed to do in the past. There are minimum firmware versions needed on those for hardware compatibility. If it still is up with a GUI you'll see 'HC' as a reason for failure in this case. If you were way old somehow and it says Auth Fail that is different. The default loads is just a manifest of files so you need them all as mentioned, which come in the firmware zip anyways. Add it to the UCM with a point to 9-3-1SR1 or newer if it is alive enough to ask for its own config. tftpd32 or default fw if not.
|
|
#
?
Mar 9, 2015 12:41
|
|
|
BGP design question(s) about this topology;  All PE routers are route reflector clients in AS100, full mesh iBGP exists between R1, R2, R3, and R4. From what I understand, this is a fairly common design. In this design, are R3 and R4 also route reflector clients of R1 and R2? If not, what function does R1 and R2 serve? No traffic other than BGP route information would be sent to R1 or R2, any real traffic would stay on the link between R3 and R4 depending on which PE router it needed to go to.
|
|
#
?
Mar 9, 2015 17:05
|
|
|
1000101 posted:You'd still use some /30s for the point to point links. You've only got 4 devices doing l3 in the diagram so even with a full mesh you're not looking at a whole lot of routes in the routing table. If there's more to the topology then you could create a null0 route and put that in the IGP. When packets hit your core your more specific /30 routes will take precedence. If its only ptp use /31
|
|
#
?
Mar 9, 2015 17:19
|
|
|
Filthy Lucre posted:BGP design question(s) about this topology; I'm pretty sure the purpose of R1/R2 is so that you realize you need full mesh iBGP there. In reality those routers could be ingress MPLS routers, or routers on a provider exchange or whatever.
|
|
#
?
Mar 9, 2015 19:08
|
|
|
Filthy Lucre posted:BGP design question(s) about this topology; This looks like a per-POP design where R1 and R2 would be your core/backbone BGP carrying routers in a full mesh with other R1/R2 topology equivalents in other POPs. R3 and R4 are clients of R1/R2 in each POP and also act as inline RR's for their respective downstream PEs, which makes sense given the lack of redundant physical paths for the PEs. e: This design has fallen out of favor as the MPLS based BGP-free core design has become more in vogue. e2: Unless you run native v6 instead of 6PE. tortilla_chip fucked around with this message at 20:38 on Mar 9, 2015 |
|
#
?
Mar 9, 2015 20:35
|
|
|
Martytoof posted:Anyone done a firmware load onto a 7962 phone using tftpd32? What's the version difference between what's on the phone now, and what you're trying to load? There are sometimes issues going directly from one version to the other, and you've got to have an intermediate version to get the load to work.
|
|
#
?
Mar 9, 2015 23:01
|
|
|
n0tqu1tesane posted:What's the version difference between what's on the phone now, and what you're trying to load? There are sometimes issues going directly from one version to the other, and you've got to have an intermediate version to get the load to work. Hmm, don't know. I was given this phone in this state. Maybe I'll try finding an older revision first. Partycat posted:There are minimum firmware versions needed on those for hardware compatibility. If it still is up with a GUI you'll see 'HC' as a reason for failure in this case. If you were way old somehow and it says Auth Fail that is different. Don't have any UCM/E install to try this with so I was hoping to just load it up with tftpd32 and the SIP firmware  funk_mata posted:Make sure that every file that's listed in term62.defaults.loads file (if you didn't know, you can open it in notepad to see said list) has been downloaded and is sitting in the same directory being served via tftp32. That's usually all I've needed to do in the past. Yeah, going to have to doublecheck they're all present. single-mode fiber posted:Is it CUCM or CME? If it's the former, we used to have the best luck just putting it on the CUCM node serving TFTP (don't even need to do the cop.sgn install, you can just download the raw .loads file and friends if you poke around on Cisco's site) and changing the phone's load name on the phone configuration page (or on the device pool, or on the phone default settings page, depending on how widespread the upgrade was supposed to be). Neither, unfortunately. I may have access to CUCM media through work and I /think/ I can run it in 60 day trial mode if I'm not mistaken, but I'm kind of hoping to do that as a last resort since I just want to use the phone with asterisk.
|
|
#
?
Mar 10, 2015 00:54
|
|
|
Yeah, look on the back of the phone for hardware revision. If you plug it in and it boots up with a screen, it should show the firmware loader and you'll see reason messages flash by very quickly if it fails. If it boots with just a speaker light and goes out, it needs firmware as it was wiped. If it is just the speaker light, it is busted. You can load it with tftpd32, just put the files from the firmware package in the tftproot and it will grab them. I do this all the time for weird firmware jumps. If its old enough load 8.3.2 then a new firmware. If its too new, 9.3.1sr1s or later. Some need like SR13 or 9.2.1+ It may work with chan_sccp-b, but I have not gotten any of the recent loads to work with SIP, they just sit there and do nothing when specifying asterisk as the proxy. E: yeah, verify all files, try an 8-3-2, or maybe 9-2-1 and see if it takes it, you can fix this p easy Partycat fucked around with this message at 12:48 on Mar 10, 2015 |
|
#
?
Mar 10, 2015 12:46
|
|
|
Client has two internet connections. One is business cable and the other is basically just a direct line to another department that shares their connection to this office. They want to force all internet traffic out of one while using the other to terminate a site to site and RA VPN. Presales sold them on the idea of running active/active, which seems unnecessary. I want to convince them to go to active/standby, but the problem is that they're terminating their internet links directly on the firewalls instead of on an external router. Transparent mode wouldn't work because their router is actually just a 3560 that won't support route maps, and the site to site VPN is terminating on the perimeter firewall. Is there any way to make this work without doing active/active?
psydude fucked around with this message at 20:55 on Mar 10, 2015 |
|
#
?
Mar 10, 2015 20:42
|
|
|
You can't just do simple routing? 0/0 -> ISP A VPN Site Address (10.10.10.1/24 -> ISP B) RA VPN would have only a single public IP that it would terminate to anyway.
|
|
#
?
Mar 10, 2015 21:24
|
|
|
Has anyone encountered a situation where the IP address of each hop returned by a trace route is the same as the target IP address? I asked the networks team that I work with but they've never seen such an anomaly before. Background: we've got a remote site which is connected to our DC via an IPsec tunnel. The tunnel is from a Cisco 2911 at the remote site to an ASA 5555-X at the DC. When I perform a trace route from a server at the remote site to another server at the DC the IP address of each hop is the same as the target IP address. Example: pre:C:\>tracert -d 10.180.49.15 Tracing route to 10.180.49.15 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.180.112.126 2 * * * Request timed out. 3 54 ms 54 ms 53 ms 10.180.49.15 4 71 ms 55 ms 56 ms 10.180.49.15 5 55 ms 55 ms 56 ms 10.180.49.15 Trace complete. pre:C:\>tracert -d 10.180.112.1 Tracing route to 10.180.112.1 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.180.49.254 2 1 ms 1 ms 1 ms 10.180.255.1 3 1 ms 1 ms 1 ms 10.180.55.238 4 * * * Request timed out. 5 55 ms 56 ms 55 ms 10.180.112.1 Trace complete. I'm not really a networks person by trade but I know a fair bit and can provide config excerpts if need be. Any help would be much appreciated.
|
|
#
?
Mar 12, 2015 20:35
|
|
|
What version of ASA code are you on? http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_27930769.html
|
|
#
?
Mar 12, 2015 21:36
|
|
|
Richard Noggin posted:What version of ASA code are you on? http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_27930769.html We're running 9.3(1). I don't have an Experts Exchange account so I can't read that thread. Is there a known issue with code-levels >9.0? Edit: the remote site 2911 is running 15.1(4)M8 if that's at all helpful. Pile Of Garbage fucked around with this message at 21:58 on Mar 12, 2015 |
|
#
?
Mar 12, 2015 21:53
|
|
|
Stupid Experts Exchange. If you find the link on google, you can scroll all the way down and see the answer. But direct links make you have an account. Hit the first link. https://www.google.com/search?q=Was...=utf-8&oe=utf-8
|
|
#
?
Mar 12, 2015 22:11
|
|
|
Moey posted:Stupid Experts Exchange. If you find the link on google, you can scroll all the way down and see the answer. But direct links make you have an account. Cool thanks for that. I've checked the ASA config and the statements for inspect icmp and inspect icmp error aren't present so that may very well be the issue. Of course if that fixes it then my suspicion that it was a symptom related to the half-open connection issue is probably incorrect. We're already escalating that one to Riverbed so it's their problem now. Honestly gently caress spurious inter-site traffic as it's the whole reason I've been dragged into this and it's become the bane of my existence (loving Lync 2010 client is the worst offender in a Windows AD environment).
|
|
#
?
Mar 12, 2015 22:24
|
|
|
Yeah, sorry about that EE link - I found it through Google. We ran into this once and I just did a quick search. I should have posted the bug ID instead. Oh well...worth a shot.
|
|
#
?
Mar 12, 2015 23:52
|
|
|
Any point in using PFS on a site to site VPN if it isn't going over the internet?
|
|
#
?
Mar 13, 2015 00:02
|
|
|
Moey posted:Any point in using PFS on a site to site VPN if it isn't going over the internet? How paranoid are you? I don't mean this in a derogatory way.
|
|
#
?
Mar 13, 2015 01:47
|
|
|
Moey posted:Stupid Experts Exchange. If you find the link on google, you can scroll all the way down and see the answer. But direct links make you have an account. I believe the correct spelling is Expert Sexchange 
|
|
#
?
Mar 13, 2015 01:54
|
|
|
Tremblay posted:How paranoid are you? I don't mean this in a derogatory way. We do it over WiFi links.
|
|
#
?
Mar 13, 2015 02:54
|
|
|
Tremblay posted:How paranoid are you? I don't mean this in a derogatory way. The paranoid guy at the other end of the VPN said to have it off. I don't see why it would hurt to have it on. It is confidential data going over this link, thus the reason it is being tunneled through our LAN. No sweat off my back either way. He manages the data and compliance, I just support a department accessing it.
|
|
#
?
Mar 13, 2015 04:52
|
|
|
Moey posted:Any point in using PFS on a site to site VPN if it isn't going over the internet? It's trivial to enable.
|
|
#
?
Mar 13, 2015 11:37
|
|
|
Moey posted:Any point in using PFS on a site to site VPN if it isn't going over the internet? If it's cisco to cisco I would enable it. It's pretty neat how it works, but there are a lot of random rear end compatibility issues to other vendors (gently caress Sonicwall). Not across the Internet is probably useless though.
|
|
#
?
Mar 13, 2015 12:33
|
|
|
Thanks guys. I'll go ahead and just leave it disabled. It would be going from a Juniper SRX to a Cisco ASA.
|
|
#
?
Mar 13, 2015 15:45
|
|
|
I just finished converting the company over to Cisco phones, Call Manager 9.1.2, and installing voice gateways at all of sites. The primary site has a voice gateway with 4 ISDN PRIs to the telco and 1 QSIG PRI to a legacy phone system that I need to leave up for a couple of weeks for faxing. Two of our PRIs are old fashioned analog copper trunks, while the other two are newer digital trunks. The digital lines have cheaper long distance minutes so they are set with the best priority but faxing over them is total poo poo. I really need to send fax calls to the copper PRIs but QSIG doesn't send any sort of facility IE or incoming calling number that I can use to hook a dial peer. Does anyone know if it is possible to create a dial peer or any other sort of configuration that will route calls coming from the QSIG trunk and send them out a specific PRI?
|
|
#
?
Mar 16, 2015 16:39
|
|
|
Translate on inbound from the trunk, and prefix to your outbound peers with the pri group you want in it. You can also try some poo poo with COR but prefixing is going to be much easier. You can also match on incoming but since there are other peers, you would have to be careful on how you wanted to do that.
|
|
#
?
Mar 16, 2015 17:23
|
|
|
|
| # ? May 28, 2024 12:57 |
|
|
Yep, that did it! I created this voice translation rule voice translation-rule 55501 rule 1 // /555/ Which should take any number and append 555 I applied that translation rule to the voice port associated with the QSIG trunk. I then created this dial peer dial-peer voice 55500 pots preference 1 destination-pattern ^5559..........$ fax rate voice port 0/0/0:23 forward-digits 10 I also made one with an extra . and forwarding 11 digits for +1 numbers. I'm sure there was a more elegant way to do it, but this seems to be working. Thanks Partycat!
|
|
#
?
Mar 16, 2015 21:46
|
|