|
GreenNight posted:Yeah I've spent the last few weeks migrating users to using Jabber as a softphone. You need the server software to be v12+ and then setup a phone on CallManager that uses Jabber instead of a hard phone. Jabber does not require 12+
|
#
?
Jun 18, 2019 22:37
|
|
|
|
| # ? May 31, 2024 08:29 |
|
|
If I have APs in two offices that are across the road from each other which are connected via a VPN tunnel but otherwise don't share any infrastructure, am I better off putting all the APs into the same logical group and enabling L3 roaming, or trying to turn the Tx power on the APs down to such a low value that you drop off the network before you reach the other building? There's no requirement for a connection to be maintained, and I'm 90% sure that trying to make sure the networks aren't visible outside the walls is the way to go.
|
|
#
?
Jun 18, 2019 22:42
|
|
|
Thanks Ants posted:If I have APs in two offices that are across the road from each other which are connected via a VPN tunnel but otherwise don't share any infrastructure, am I better off putting all the APs into the same logical group and enabling L3 roaming, or trying to turn the Tx power on the APs down to such a low value that you drop off the network before you reach the other building? Build a faraday cage
|
|
#
?
Jun 18, 2019 22:43
|
|
|
Partycat posted:Jabber does not require 12+ No it doesn’t. But for our call center we needed jabber with multi line capability so apparently we had to go to 12. Earlier versions didn’t support it.
|
|
#
?
Jun 18, 2019 22:44
|
|
|
Jabber 12.0 introduced multi line. There is a COP I think good down to UCM 10.5(2) to enable multi line - I think. 12.1 for multiline over MRA. Some limitations on functionality which can put him back on VPN which would be a problem if it disconnects every 2 hours, but it’s mostly usable for call center. Def don’t need UCM 12 for that .
|
|
#
?
Jun 18, 2019 23:10
|
|
|
Yeah we have an MRA so we can use jabber outside but we’ve never tested voice via jabber via mra.
|
|
#
?
Jun 18, 2019 23:17
|
|
|
GreenNight posted:Yeah I've spent the last few weeks migrating users to using Jabber as a softphone. You need the server software to be v12+ and then setup a phone on CallManager that uses Jabber instead of a hard phone. Cucm doesn’t need to be 12+ for jabber. We run soft phones on 11.5 just fine. E: err did not see the whole new page. Beaten.
|
|
#
?
Jun 18, 2019 23:31
|
|
|
Has anybody had any success getting Sonos gear to play nice on a network where people aren't all shoved onto the same broadcast domain? I have IoT stuff segregated from our wired PCs and our staff Wi-Fi and mDNS forwarding on our Aruba switches means that both sets of clients can print fine to AirPrint-enabled printers, send content to Apple TVs, discover Chromecasts etc. but I have no idea where to start with Sonos. Really trying to avoid dumping it all onto a user VLAN.
|
|
#
?
Jun 19, 2019 10:13
|
|
|
For Sonos we said it would not work and is not supported. They bought it anyways and we ended up shoving it onto a small VLAN with the people who needed to use it. Airgroup doesn’t support it yet I don’t think but the last I looked there was some poo poo you could run on a rasp pi as a forwarder for it - that’s not enterprise either though.
|
|
#
?
Jun 19, 2019 12:28
|
|
|
Same with us, not supported, they got it anyway. Same solution as well, you had to use a dedicated PC on a small VLAN to stream to it. It's very consumer oriented, no unicast option I could discern.
|
|
#
?
Jun 19, 2019 14:45
|
|
|
Dealing with random crashes on small business switches where multiple stacks of them reboot several times a week. Find a bug where someone else is having the same issue. "Terminated - A decision was made not to fix this bug." Motherfucker.
|
|
#
?
Jun 19, 2019 21:42
|
|
|
The SB has a number of terminated bugs that seem to be limitations - this sounds like a traffic thing that maybe can be filtered to save your bacon at least
|
|
#
?
Jun 19, 2019 22:02
|
|
|
Dalrain posted:Same with us, not supported, they got it anyway. Same solution as well, you had to use a dedicated PC on a small VLAN to stream to it. It's very consumer oriented, no unicast option I could discern. We got an iPod setup on the same VLAN via a SSID for the ~executive space~ . They had their own poo poo router which was less secure but otherwise less of my problem and I’d rather have left that. Wireless speakers (I use older Korus SKAA myself) I can leave a laptop with the dongle and Spotify open and just play there. Many better options but people don’t like hearing no.
|
|
#
?
Jun 19, 2019 22:04
|
|
|
Partycat posted:The SB has a number of terminated bugs that seem to be limitations - this sounds like a traffic thing that maybe can be filtered to save your bacon at least Current theory is that it's a problem with having more than two active etherchannels per switch on a stack. The stack with 3-4 etherchannels on some switches reboots. The stack with 1-2 per switch does not. They are all the same production run. If there's seriously a limitation of two active etherchannels per stack I am going have lots of short angry words with someone
|
|
#
?
Jun 20, 2019 00:41
|
|
|
Obligatory I didn't initially set this up disclaimer. My public garbage wifi traffic network has a 3850 MDF and a single ASA5525x . This obviously isn't a huge deal if it goes out for a few minutes, which I why I did it today. Plain old router on a stick setup. However, the circuit was bumped from 500 to 1g recently, and as I suspected, it's not going to see all that throughput because the trunk is a single 1g copper. There's vlan interfaces for the clients traffic, management, wifi controller backhauls, pretty standard stuff. Pointing out the obvious here that it's not optimal since all that intervlan traffic is being routed through that same port. I can operate Cisco, but I'm not an expert by any means. I run over to the DC today to cure that bottleneck. As I feared there aren't any SFP+ cages on the ASA, so instead I decide to build a LAG between the 3850 and the ASA. Backed up both configs to tftp and I also like to paste them plaintext into a notepad++ additionally just in case. I set up the "port-channels"(hate that marketing bullshit term) carve out two unused ports on each device, and get ready to move the vlans from one interface to the LAG. Problem one: The ASA didn't seem capable of moving the vlans to another interface that I could find. I can accomplish this in two clicks on a Mikrotik, so that threw me. I was already in my window, so I copied all the subinterface code out of my handy little notepad++, make no int ge0/1.x commands, ctrl+H the existing commands to say port-channel 1.x, nuke the vlans off the old port Name the LAG "inside" and set security level to 1 and voila! Problem 2: When I did that, the ASA decided to delete all the inside/outside NAT rules on the box. I pasted them back in from my notepad, but it did cause a brief loss of connectivity and dropped a couple of lan to lan tunnels temporarily. This is garbage traffic so no real harm done, but I want to learn from this. Is there a way to complete a task like this more cleanly on an ASA?
|
|
#
?
Jun 20, 2019 23:22
|
|
|
I’ve accidentally blown away NATs doing the exact same thing, I have not found a way around it but I hope somebody else has an answer. It seems ASAs like to delete config statements that have dependencies without telling you before. Same thing with removing an ACL(iirc) will delete your matching cryptomap match statement
|
|
#
?
Jun 21, 2019 00:09
|
|
|
I got a really good answer elsewhere. Posting for educational purposes.quote:With ASA firewalls I save the configuration to a TFTP server, edit it, copy it back as startup-config, and reboot when I have to re-arrange interfaces.
|
|
#
?
Jun 21, 2019 01:09
|
|
|
That’s a good workaround but AFAIK there’s no way to pre-validate the config so you’ve just got to hope that you’ve made no mistakes and that it loads it properly on the reboot.
|
|
#
?
Jun 21, 2019 08:10
|
|
|
I tried "copy start run" once to avoid a reboot, and it ends up merging configs.
|
|
#
?
Jun 21, 2019 14:49
|
|
|
Contingency posted:I tried "copy start run" once to avoid a reboot, and it ends up merging configs. ASA doesn’t have “configure replace” sadly.
|
|
#
?
Jun 21, 2019 22:49
|
|
|
Build a delta (all the commands you want to run) and copy it to run is the best method. There is no way to get around the "deleting this will delete all its dependencies" so you just have to assume it will all the time
|
|
#
?
Jun 22, 2019 00:06
|
|
|
Anyone ever work much with CWDM fiber? We're having a really strange issue, and I am not a fiber expert at all, with one of our fiber channels. Its the same dark fiber between multiple sites, all of the sudden its like we were bleeding trunks and looped the network, storm control kicked in shut off interfaces and then everything came back up except for one specific 1390 wavelength. My understanding is that those muxes are passive devices, there isnt much to them. Is it possible for them to go bad and like combine wavelengths somehow? Maybe just the optics got messed with, like they put on an OTDR to do testing somewhere and burned an optic? Im at a complete loss.
|
|
#
?
Jun 25, 2019 19:13
|
|
|
BaseballPCHiker posted:Anyone ever work much with CWDM fiber? Muxes are passive, transceivers can drift but it really depends on how your mux is constructed what happens when they do (good muxes will have input filters, bad muxes don't). If you don't have an OSA I'd swap transceivers on 1390 and 1410 (and 1370 if using an extended channel system) on the affected span and see if that resolves your issue (and while you're at it, double check light levels/clean end faces/check that nobody miswired anything if OTDR testing was done).
|
|
#
?
Jun 25, 2019 19:32
|
|
|
Also check your light levels on both sides pre:show interface transciever
|
|
#
?
Jun 27, 2019 04:14
|
|
|
Been getting flooded reports from nearly all of our locations of wireless phones dropping calls. Checked the AP settings in the controller and the flexconnect tagging for or voice subnet was set back to 1 on about HALF of our APs so phones were reregistering with a VLAN 1 ip when they roamed. How the gently caress could this happen? They were absolutely all set correctly before. At least the web UI for the wireless controller is a piece of poo poo and loses your search after you go into an AP and fix it.. its great. e: it looks like the tagging settings for the affected APs got set to 'wlan specific' which isnt configured, the ones that remain correct are all AP-specific, hmm.
|
|
#
?
Jun 28, 2019 21:05
|
|
|
So uh, what's the hottest a Cisco switch can be before failure? Getting some alerts from Solarwinds that a switch hit 120F in one of our manufacturing facilities.
|
|
#
?
Jul 2, 2019 16:06
|
|
|
That's probably pushing it. Cat9200s are rated for an environmental temperature of 45 C. 3850s as well. Wouldn't be surprised if the rest of the lineup is similar. You might want to look into proper industrial switches. The Catalyst IE4010 is good up to 75 C.
|
|
#
?
Jul 2, 2019 16:35
|
|
|
Yeah these are 3560x's. That's a good idea, for refresh time. The issue is we tend to put brand new switches in the main closet and these are edge switches with a few timeclocks and AP's running off them. Very low use.
|
|
#
?
Jul 2, 2019 16:40
|
|
|
There's some smaller industrial switches that you can get with 8-12 ports (modular, too) but they're DIN rail instead of half width 1 RU or desktop. Pretty sure they're all PoE. I don't know what the cost difference is between them and the 1RU ones is though. Only problem with the IE series is you need to wire a power lead into them yourself, but IIRC there's a kit included.
|
|
#
?
Jul 2, 2019 16:48
|
|
|
The other option is to run the cables back to a location that doesn't require a switch that can cope with extreme temperatures, and if the distances are too long for copper then maybe drop fibre to each one. Even if it works out costing the same it will make maintenance a lot more pleasant in future.
|
|
#
?
Jul 2, 2019 19:14
|
|
|
Thanks Ants posted:Even if it works out costing the same it will make maintenance a lot more pleasant in future. There's a lot to be said for this. I have quite a few phone systems that are located in mechanical rooms, so it's hot and often noisy. Not fun.
|
|
#
?
Jul 3, 2019 16:21
|
|
|
Proper env is a thing - even if it’s a small cabinet with fans. In my experience they will get up to “RED” thermal and cry about shutdown - I have never had the switch shut itself down since I don’t know that it is capable. The power supply will eventually turn off due to thermal somewhere around there . It may decrease the mTBF but if you are on 5 - 7 year replacement cycle then it should be okay .
|
|
#
?
Jul 3, 2019 23:11
|
|
|
I've had transceivers seemingly die during an AC failure. Reseated the dead ones, they came back to life.
|
|
#
?
Jul 4, 2019 00:57
|
|
|
We had glitches way back on the 12.2 IOS where negotiation would fail or it would come up “auto” speed and break bundling until cycled. Maybe it’s that ?
|
|
#
?
Jul 4, 2019 14:40
|
|
|
How well does OSI troubleshooting work vertically? Eg because I know layer 3 works fine (no dropped packets to destination), I can rule out layer 1 as the reason for connectivity issues to that device, but would that also allow me to rule out layer 2?
|
|
#
?
Jul 5, 2019 23:16
|
|
|
klosterdev posted:How well does OSI troubleshooting work vertically? Eg because I know layer 3 works fine (no dropped packets to destination), I can rule out layer 1 as the reason for connectivity issues to that device, but would that also allow me to rule out layer 2? Its possible to have flapping vlans/vxlans, or maybe some kind of l2 qos problems (ASK ME ABOUT ESXI STANDARD VSWITCHES) that cause intermittent issues. Or maybe IP address conflicts and your arp tables are getting confused periodically.
|
|
#
?
Jul 5, 2019 23:35
|
|
|
I think that reasoning breaks down pretty quickly. MTU mismatches are a good example. Pings work, TCP sessions get established, etc, basic tests look fine. But when you start to put load on the link, it becomes very erratic, dropping packets left and right. So in that case, layer 3 and up were actually fine, but the MTU at layer 2 was wrong. So your "I can ping, gotta be higher up the stack" premise falls apart. Wrong speed/duplex settings on an interface causing it to be at 10/Half or some poo poo are another one off the top of my head. That would probably look OK during cursory testing, but perform like utter rear end under load. e: wtf I have to get used to a new Methanar avatar?
|
|
#
?
Jul 6, 2019 01:19
|
|
|
Docjowles posted:I think that reasoning breaks down pretty quickly. MTU mismatches are a good example. Pings work, TCP sessions get established, etc, basic tests look fine. But when you start to put load on the link, it becomes very erratic, dropping packets left and right. So in that case, layer 3 and up were actually fine, but the MTU at layer 2 was wrong. So your "I can ping, gotta be higher up the stack" premise falls apart. Wrong speed/duplex settings on an interface causing it to be at 10/Half or some poo poo are another one off the top of my head. That would probably look OK during cursory testing, but perform like utter rear end under load. I got red titled. I should probably change it back.
|
|
#
?
Jul 6, 2019 01:54
|
|
|
If he’s saying no dropped packets - assuming you’re looking at the right data like application data instead of ICMP then that should rule out some of those problems . If we’re also saying we’ve examined window sizing and retransmission rates then it can go a bit further. OSI is not always a good way to approach an issue as things are interrelated between the “layers” making not everything as easy to compartmentalize as it would seem.
|
|
#
?
Jul 6, 2019 07:16
|
|
|
|
| # ? May 31, 2024 08:29 |
|
|
Anyone here working with Fortinet firewalls? What are your opinions on them? Looking to replace a half dozen SRX240H2 firewalls. My kneejerk reaction was just 2x SRX1500 clustered at each site, but at a similar price point, the FortiGate 500E seems to exceed the performance and are pretty highly reviewed.
|
|
#
?
Jul 11, 2019 17:41
|
|