|
Powercrazy posted:Many devices don't speak lldp and so in that case you want to get the layer 2 to layer 3 mapping. Show mac-address then show arp on the router of the network the host you are interested in. Find the MAC that and match it to the arp entry. Anything that isn't garbage any more runs lldp. Device management IPs won't necessarily appear in Arp since they are relevant to the interfaces on the device itself, not transitive items.
|
#
?
Jan 15, 2016 23:13
|
|
|
|
| # ? May 22, 2024 07:59 |
|
|
It's just 'show mac-address' on a Procurve, for the ARP table, it's 'show arp' ('| i <MAC>' is useful if you're looking for a single entry).From my Procurve posted:# show mac-address ?
|
|
#
?
Jan 16, 2016 00:04
|
|
|
Filthy Lucre posted:It's just 'show mac-address' on a Procurve, for the ARP table, it's 'show arp' ('| i <MAC>' is useful if you're looking for a single entry).
|
|
#
?
Jan 16, 2016 00:14
|
|
|
adorai posted:Showing the arp table only helps if your switch has an IP interface on the same vlan. many many times I've temporarily added an IP to a vlan just for that reason
|
|
#
?
Jan 16, 2016 01:19
|
|
|
DigitalMocking posted:many many times I've temporarily added an IP to a vlan just for that reason
|
|
#
?
Jan 16, 2016 02:11
|
|
|
Zero VGS posted:Er, I should specify it's HP Procurves... I don't see a mac-address-table command. I did "show mac-address [the mac address I want]" and it returns Port 19 and VLAN 16, I assume then there's a command to figure out the IP of whatever switch is on Port 19 so I can then Telnet into that and run show mac again? Zero VGS posted:I figured it out, "show lldp info remote" tells me the names of all the switches in the ports, then I was able to telnet into the edge switch and find the true port that MAC was connected to. 
|
|
#
?
Jan 16, 2016 06:07
|
|
|
The trick is to have no password set, then you don't have to worry about it being intercepted in plain text.
|
|
#
?
Jan 16, 2016 07:06
|
|
|
Procurves are such massive pieces of poo poo. I'm sorry you're stuck with them.
|
|
#
?
Jan 16, 2016 16:35
|
|
|
psydude posted:Procurves are such massive pieces of poo poo. I'm sorry you're stuck with them. I disagree. They have some great switches.
|
|
#
?
Jan 16, 2016 18:53
|
|
|
I'm SSHing into them, it's just an expression, sheesh. Procurves are awesome because you can buy them off eBay for $100 each and HP will still overnight you a new one if it breaks, no questions asked. Zero VGS fucked around with this message at 18:58 on Jan 16, 2016 |
|
#
?
Jan 16, 2016 18:56
|
|
|
Does anybody that you work for understand how "best value" and "lowest purchase cost" are not the same things?
|
|
#
?
Jan 16, 2016 21:14
|
|
|
Powercrazy posted:This sounds correct based on my understanding of MSTP interacting with switches in non-mstp domains. Now what are best practices for putting switches in an MSTP region? Sorry I didn't respond as I have been away. You need at least the configuration name and instance to vlan mapping to be the same for switches to be in the same region. You might find you think you've configured the mapping the same but if a vlan doesn't exist on one switch but not on the other then it is not compatible.
|
|
#
?
Jan 17, 2016 03:03
|
|
|
Anyone else have problems with ASA in GNS3? Console keeps hanging at unpacking initramfs. Tried using local server and GNS3 VM in VMware workstation, and upping the ram on the ASA and the GNS3 VM itself and its doing the same thing. I remember it being functional with 8.4.2 like a month and a half ago too because I was using it at work...
|
|
#
?
Jan 17, 2016 23:04
|
|
|
abigserve posted:Sorry I didn't respond as I have been away. You need at least the configuration name and instance to vlan mapping to be the same for switches to be in the same region. To expand on this: Just make sure the MST digest matches on both switches show spanning-tree mstp configuration
|
|
#
?
Jan 18, 2016 05:19
|
|
|
Sorry if there's a generic networking thread, but I have a question. I know what protocols run at OSI levels 1-4, but what runs at 5-6? I can't really find anything, so I'm not clear what they do.
|
|
#
?
Jan 18, 2016 05:40
|
|
|
22 Eargesplitten posted:Sorry if there's a generic networking thread, but I have a question. I know what protocols run at OSI levels 1-4, but what runs at 5-6? I can't really find anything, so I'm not clear what they do. Session is mostly things like cookies and stateful user experiences (SSO/STS tokens/etc) Presentation is...buffering I guess. Maybe some sort of synchronization of different data streams (audio/visual in the case of video streaming). Neither are that important from a networking perspective as far I know.
|
|
#
?
Jan 18, 2016 05:58
|
|
|
Session is cookies, encryption, timeout, synchronization type things of a connection between devices. Think of it as the rules that will be used for communication. Presentation is file structure format. jpg, docx, rar, etc. Basically your file extensions. Application is your actual programs, applications, and services that use the files/data. Session is relevant to networking often, but the other two are for Sysadmins to know in depth.
|
|
#
?
Jan 18, 2016 07:04
|
|
|
Methanar posted:Session is mostly things like cookies and stateful user experiences (SSO/STS tokens/etc) Session is important in that TCP PSH flags are indicators that the TCP/IP stack is handing off data. But in actuality the OSI model is just a model so don't try to map things to it too strictly.
|
|
#
?
Jan 18, 2016 10:27
|
|
|
adorai posted:I have employees with read only access to our switches. This would not help them, and is probably not the best way to do things. I am not saying that I haven't done it myself, i'm just saying making a config change on the fly isn't always a good idea. Oh, its a terrible idea and I cringe doing it, but Procurve.  what can you do?
|
|
#
?
Jan 18, 2016 19:11
|
|
|
psydude posted:Procurves are such massive pieces of poo poo. I'm sorry you're stuck with them. They have their flaws (like how easy they are to bring down with any kind of packet storm) but bang for the buck I think they're one of the best switches you can buy as "baby's first corporate switch"
|
|
#
?
Jan 18, 2016 19:12
|
|
|
DigitalMocking posted:Oh, its a terrible idea and I cringe doing it, but Procurve.
|
|
#
?
Jan 18, 2016 19:36
|
|
|
What's the best way to do an IGP like ospf between two eBGP neighbors without mucking with either organization's internal routing table (assuming they were using ospf internally)?
|
|
#
?
Jan 19, 2016 22:30
|
|
|
1. Use BGP 2. Build the IGP in a separate VRF 3. Use BGP
|
|
#
?
Jan 19, 2016 23:01
|
|
|
tortilla_chip posted:1. Use BGP Can you expound a bit? I'm not sure if you're suggesting that using an IGP underneath eBGP neighbors isn't recommended but that if I had to do it I'd use a VRF, or if it's fine/common and that this is the proper way to do it.
|
|
#
?
Jan 19, 2016 23:12
|
|
|
The use-case in my head is where you have a multi-homed edge router to an ISP, and you're using loopback addresses to establish the eBGP neighbor relationships.
|
|
#
?
Jan 19, 2016 23:14
|
|
|
Almost always that's handled via static routes on each end. Or in the case of Cogent a bunch of years ago, you got two eBGP peers. 1st beer gave you the route to #2 which gave you all the routes.
|
|
#
?
Jan 19, 2016 23:17
|
|
|
sudo rm -rf posted:Can you expound a bit? I'm not sure if you're suggesting that using an IGP underneath eBGP neighbors isn't recommended but that if I had to do it I'd use a VRF, or if it's fine/common and that this is the proper way to do it. Yes as you've guessed my point was to not run an IGP with an organization outside of your control. As was mentioned above, if you want to do multiple links you can use static routes with eBGP multi hop. You can also run multiple parallel sessions. Each approach has its own merits.
|
|
#
?
Jan 19, 2016 23:27
|
|
|
Static routes with BFD. Just say no to IGPs outside your AS.
|
|
#
?
Jan 19, 2016 23:37
|
|
|
tortilla_chip posted:Yes as you've guessed my point was to not run an IGP with an organization outside of your control. As was mentioned above, if you want to do multiple links you can use static routes with eBGP multi hop. You can also run multiple parallel sessions. Each approach has its own merits. unknown posted:Almost always that's handled via static routes on each end. Word, thanks guys.
|
|
#
?
Jan 19, 2016 23:38
|
|
|
unknown posted:1st beer gave you the route to #2 which gave you all the routes.
|
|
#
?
Jan 20, 2016 00:50
|
|
|
VOIP / IP Telephony thread was closed, so posting here seeking anyone interested in consulting on a full PBX server install (FreePBX?) + SIP config for ~50 users, PM please,    
|
|
#
?
Jan 20, 2016 12:28
|
|
|
Panda Time posted:VOIP / IP Telephony thread was closed, so posting here seeking anyone interested in consulting on a full PBX server install (FreePBX?) + SIP config for ~50 users, Step one: kill self (not serious) Out of curiosity, do you have any plans in place to manage QoS for this voip server?
|
|
#
?
Jan 21, 2016 00:34
|
|
|
CrazyLittle posted:Step one: kill self (not serious) Internally for QoS, we have a Sonicwall TZ400 which is garbage. I'm pushing for: • MX100 or Sophos XG310, [ accounting is saying to piss off on the $~7k price tag + license fees ] • ERPro-8 • ES-48-500W Cisco rep is apparently just a stealth Meraki sales person. Assuming the UBNT enterprise line isn't pure garbage I think we might be fine considering we just need to pump internet and VOIP around. Maybe host our own website/FTP which might be a fun way to learn how to implement a reverse proxy and whatever linux IDS packages are out there. We'll have a 100mb fiber ISP. Obviously no QoS on the public internet.. so is T1/MPLS to a sip trunk necessary? There's some decent tutorials on youtube for FreePBX, but it seems like there's a lot of unexpected bullshit that will arise if our firewall is poo poo or if the ISP-SIP trunk is poo poo, or if the ubnt gear goes to poo poo. Codec quality isn't really that important. Our VP is also getting wet for a jitterless 30FPS/720p video conference system, which I'm assuming is unrealistic without MPLS (CA to Eurozone) I think I might just set them up with a winamp TV stream and call it a day. Tried shooting the Jitsi listserve a message asking if it had a buffer/latency setting trade off and 30FPS but not really holding my breath. The easiest/cheapest route seems to be Open Broadcaster Software + live streaming gamer websites, or youtube, but that's not really gonna fly for the business suits who are using it for conferencing/presentations. Sales reps are all frothing and throwing their huge $10,000 h323 hardware. Either way I'm anticipating some long nights to come, working out the kinks for making these systems work through NAT. Looks like the Sonicwall would require a service group for SIP, enabling consistent NAT, disabling SIP transformations, and having a lager with the SIP trunk support team. We'll have time to phase it in while we stick with our current provider.
|
|
#
?
Jan 21, 2016 05:51
|
|
|
Panda Time posted:[ accounting is saying to piss off on the $~7k price tag + license fees ] You have my condolences. I mean, Polycom wants >$6000 for their middling-tier video conferencing hardware, not including any software licensing or support, so if you're getting pushback on the primary firewall, you're hosed from the start. Just for giggles see if you can get even a basic SIP-SIP video call running using x-lite/bria without jitter over the internet. (Or try google hangouts/skype if the SIP call is too much of a pain.) If that's no-go, the same would apply to any fancypants hardware system you buy. The problem is likely going to be jitter introduced on the hops handing off between transit carriers, which you'll never be able to persuade or compensate-for in your own hardware QoS, hence the MPLS or dedicated line options frequently employed. As for the voice-only portion, you should shop around your sip providers to see who has their media proxy closer to you hop-wise. If you can't find a sip provider adjacent, that's when you start looking at direct links. UBNT stuff is simply "okay." You get what you pay for, and you make up for the price tag in having to hand-janitor some of the more eclectic features. That said, their price points on hardware and its throughput performance beat the poo poo out of pretty much anything you could roll on your own with commodity hardware per dollar.
|
|
#
?
Jan 21, 2016 08:47
|
|
|
For NAT traversal, don't do anything to your SIP and have your provider do it. The NAT-T on carrier class SBCs is flawless. The ALGs on firewalls in your price range (and honestly, most price ranges) are garbage. If you're on business class Internet MPLS isn't required. The human brain also can't detect latency less than ~250ms or so so I wouldn't worry too much about the location of their media servers either, as long as everyone is in CONUS you're fine. The media is going to go all over the drat place on the back side anyhow.
|
|
#
?
Jan 21, 2016 17:22
|
|
|
Panda Time posted:Internally for QoS, we have a Sonicwall TZ400 which is garbage. This is a lot of word soup but does not make sense. I think you need to slow down a bit here. QoS internally is what we are referring to. Your border firewall has nothing to do with that. voice/video need QoS rules in place on your internal switches (packet marking and traffic policing) to ensure that your comms get through and are not butchered up by oversubscribed interfaces. Most of the time things will work fine since voice is low bandwidth but bursty traffic like file transfers and that can crush a shared interface and break something. I have no comment on the UBNT VoIP system, I have not used it. The Cisco rep should be able to get you a price on licensing and maintenance for roll-your-own VM or a Business Edition if you want to run their solution. Then, if you don't want to upgrade, you just stop paying maintenance. You just get no patches or anything that way. Also you buy it all again when you want to upgrade in several years. quote:We'll have a 100mb fiber ISP. Obviously no QoS on the public internet.. so is T1/MPLS to a sip trunk necessary? There's some decent tutorials on youtube for FreePBX, but it seems like there's a lot of unexpected bullshit that will arise if our firewall is poo poo or if the ISP-SIP trunk is poo poo, or if the ubnt gear goes to poo poo. What are you even talking about here? I don't understand. The reason you would get a dedicated circuit for SIP is so that you can have QoS to your provider. As you note, you can shape and enforce to the edge and bounce off to discount whatever VoIP provider, but on a SMB type circuit, you may be not given guarantee that it won't be oversubscribed on their end. Circuit costs are going to be non zero that's for sure, so, if your ISP offers you the ability to get VoIP service on the same transit that you're using for data access, that would solve your quality problem as long as you police traffic appropriately on your end. FreePBX and cookie cutter square style key system deployment is not difficult, there are provisioning templates for most of the major SIP phone vendors, so you would create users and extensions inbound, and then handle DID translation for whatever is coming from your peers to make internal phones ring or go to an auto attendant or whatever. If you get under the hood and start tinkering with things in the dial plan, or start running half-assed open source modules for fax and conferencing that aren't fleshed out, then it can fall apart. There is a reason business pay big bux. Throw away half of whatever you were saying about NAT and SIP trunks as well. You can use an ALG but you would not want unsolicited SIP traffic just beaming into your endpoints. They should sit behind a border type proxy on your end to leave your network. I believe, last time I used asterisk, that would be the canreinvite=no on a peer registered through to Asterisk, which will keep the call pinned into place through the appliance. Then you let it out of your network and calls flow that way. Or you buy a real border device. Regarding video conferencing, a video call is the same as a voice call in the SIP world, it is just additional media that flows using a different set of advertised capabilities. This is the same with ISDN and H.323 conceptually. With a software client connected to your system, and a webcam, you can have a video call to another participant. To have multiple participants, you need a video capable bridge. Traditionally this requires a lot of CPU, especially when everyone is not getting the same resolution and content streams back depending on their capabilities. I did use a java based open source MCU at one point, but it was not very good. The expensive stuff from your vendors will work better. This is for traditional B2B type conferencing. If you have two sites then this gets easier since you can have to room codec systems dial into each other. Then, given the appropriate bandwidth available between the two rooms, you are all on the quality of the camera being used, the codec's capabilities, and, most importantly, how your room is going to be set up. Put the camera in the right place so the caller is looking at it and it looks natural in face-to-face. Have the correct lighting and microphones. Don't have the HVAC blowing into the microphone, etc. If you're operating on a shoestring budget there is a lot of time and effort that is going to go into trying to provision something that is competent and capable. I really apologize in advance if this comes off way too arrogant but, you're talking like I did 5 years ago, and it sounds like you really need a bit of help and study before you go forward.
|
|
#
?
Jan 21, 2016 17:35
|
|
|
Anyone have suggestions on handing change control approval / peer-review? I'm thinking of building something that centers around Git where admins will do a pull request against the device config that is stored/updated via RANCiD. CCB/Peer-Review can approve/modify/deny the change and merge the PR. Admin would then be free to push out the changes or the setup could be extended with something like Jenkins to automate the changes at set times.
|
|
#
?
Jan 22, 2016 03:02
|
|
|
That would "IMO" add unneeded complexity or complication. If the people with full write access know what they are doing and how to get out of trouble no one should need to "review" it or spend time being up to speed on the work that is being done and why. Configuration reversion and overall change control can minimize unexpected outages. I can see using some sort of generic master template that is revised with something but a full version control suite seems to still be overkill. IIRC with RADIUS you can configure which commands a user can escalate and operate to prevent weird things from happening. We also make some pretty heavy usage of macros to handle consistency in operations.
|
|
#
?
Jan 22, 2016 04:23
|
|
|
I think you can easily make change control way more complicated than it needs to be. If you have competent, trustworthy admin, the goal of change control should be about making sure management knows what the staff is doing, and to put outside eyes (in the case of a change committee) on planned changes to identify unintentional consequences.
|
|
#
?
Jan 22, 2016 04:28
|
|
|
|
| # ? May 22, 2024 07:59 |
|
|
It really depends on what other things CM data is used for. Peer reviews are common sense, a second set of eyes doesn't hurt when you are talking about changes that are more significant than code upgrades and reconfiguring user ports.
|
|
#
?
Jan 22, 2016 07:26
|
|