|
Welp, according to one of a million documents scattered all over HP's website, that is exactly what it's for. How it fits into the grand scheme I'm not sure, though that's out of the scope of this thread. Thanks for the help, my main Cisco related question was whether it's a L3 switch, which it doesn't appear to be 
|
#
?
Jan 2, 2012 22:39
|
|
|
|
| # ? May 31, 2024 01:13 |
|
|
Martytoof posted:Interesting. Do you happen to know if I have the option of putting both GigE ports from the server and directing them to a switchport instead of routing one to the passthrough module? No, the ports are hard wired to a specific IO module port. Generally they're set up for the first 2 ports (the onboards) to go to IO modules 1 & 2, then the first mezz card is 3 & 4, second mezz is 5 & 6 (assuming half height blades).
|
|
#
?
Jan 3, 2012 01:39
|
|
|
Trying to setup a port channel to a Windows server. Whenever I have just one interface open to the server and have it placed in the right VLAN, server can access internet, ping gateway, etc. Whenever I set the other three interfaces into the port channel, set the port channel into the right vlan, and turn them all up, server loses connectivity. Here's how every interface is setup: switchport switchport access vlan 160 switchport mode access no ip address channel-group 160 mode on And here's the channel group: switchport switchport access vlan 160 switchport trunk encapsulation dot1q switchport mode access no ip address Any suggestions? EDIT Since it's a Windows server I channged channel-group mode to active instead of on to force LACP. EDIT II Which seems to have fixed it. Sauce. Zuhzuhzombie!! fucked around with this message at 16:46 on Jan 4, 2012 |
|
#
?
Jan 4, 2012 16:30
|
|
|
This is what we have in the HP C7000 chassis: 4 copper uplinks and 4 sfp uplinks. The 16 slots map to gi0/1-16, then those 8 extra will be 17+
|
|
#
?
Jan 4, 2012 16:37
|
|
|
I've posted in here because our backbone is all Cisco and I don't know where else to ask. I'm looking for a book on IS-IS and I wondered if anyone can recommend one I can easily get in the UK. The only thing I've really found so far is this: http://www.amazon.co.uk/Complete---Routing-Protocol/dp/1852338229/ref=sr_1_10?s=books&ie=UTF8&qid=1325692057&sr=1-10 Any suggestions?
|
|
#
?
Jan 4, 2012 17:22
|
|
|
http://www.amazon.com/OSPF-Choosing-Large-Scale-Networks/dp/0321168798 This is a good book, especially if you already have a background in OSPF.
|
|
#
?
Jan 4, 2012 17:28
|
|
|
tortilla_chip posted:http://www.amazon.com/OSPF-Choosing-Large-Scale-Networks/dp/0321168798 That sounds good, I did know some OSPF from when I did my CCNA but in my company we rarely use it so it would be nice to brush up.
|
|
#
?
Jan 4, 2012 17:37
|
|
|
routenull0 posted:This is what we have in the HP C7000 chassis: For the HP GBE2C C7000 switches, here's the port mapping: 1-16 = mapped to blades. 17-18 = internal interconnect to the other switch. Typically make these an aggregated trunk. Switch Bay 1 Port 17-18 connect to Switch Bay 2 Port 17-18 Switch Bay 3 Port 17-18 connect to Switch Bay 4 Port 17-18 Switch Bay 5 Port 17-18 connect to Switch Bay 6 Port 17-18 19-up = all of the ports on the outside And the bay mapping: Switch Bay 1 to onboard NIC 1 Switch Bay 2 to onboard NIC 2 Switch Bay 3 to mezzanine card 1 port 1 Switch Bay 4 to mezzanine card 1 port 2 Switch Bay 5 to mezzanine card 2 port 1 Switch Bay 6 to mezzanine card 2 port 2.
|
|
#
?
Jan 4, 2012 20:34
|
|
|
Well, while we're aboard the HP Cisco train, does anyone happen to have the password recovery mechanism for the GESM interconnect module?
|
|
#
?
Jan 5, 2012 00:43
|
|
|
Martytoof posted:Well, while we're aboard the HP Cisco train, does anyone happen to have the password recovery mechanism for the GESM interconnect module? When you power cycle it (either through HPOA or physically cycling the card) you should get a prompt to interrupt boot by sending a break. Send a break then it's the same as any other switch (flash_init , load_helper , rename flash:/config.text flash:/config.old , boot)
|
|
#
?
Jan 5, 2012 04:30
|
|
|
Buenos nachos, ragzilla. If I get this blade box working I'll name one of the servers after you.
|
|
#
?
Jan 5, 2012 07:02
|
|
|
Trying to configure an IPSEC tunnel on a 3925 (config)#crypto isakmp policy 10 ^ % Invalid input detected at '^' marker. Edit: Problem may be my image Version 15.0(1r)M6 c3900-universalk9-mz.SPA.150-1.M3.bin brent78 fucked around with this message at 08:20 on Jan 5, 2012 |
|
#
?
Jan 5, 2012 08:07
|
|
|
You are probably not using a "k9" IOS chain, so crypto doesn't exist. Alternatively it may be a licensing issue and you have to "activate" encryption, in addition to having a "k9" code. More details: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/product_bulletin_c25-566278_ps10537_Products_Bulletin.html
|
|
#
?
Jan 5, 2012 08:20
|
|
|
Powercrazy posted:You are probably not using a "k9" IOS chain, so crypto doesn't exist. Alternatively it may be a licensing issue and you have to "activate" encryption, in addition to having a "k9" code. code:
|
|
#
?
Jan 5, 2012 08:24
|
|
|
afaik, you need to purchase than load a license file, which is basically a number that you type in. Then you have to reboot and it will activate the new licensed features, I'm not super familiar with the process though as I've never done it. I do know that if you don't have the license you can enable features temporarily, but I've never done that either. However the license won't work if all you have is the ipbase non K9 code. I suggest talking to your account rep or supplier. I think TAC can issue you a temporary license, but obviously you'll have to open a case with them. http://www.cisco.com/en/US/prod/collateral/routers/ps10616/white_paper_c11_556985.html#wp9000767 Sorry I can't be of more help, as I'm not super familiar with the G2 platforms yet.
|
|
#
?
Jan 5, 2012 08:39
|
|
|
brent78 posted:
Do "license boot module c3900 level security" and you should be set if you are running 15.0(1)M4 or newer. Keep in mind you do need to purchase a license even though it now is honor based.
|
|
#
?
Jan 5, 2012 10:46
|
|
|
ior, are you involved in The Gathering this year? If so any chance I can be one of the network engineers on staff? I'd like to take a vacation around that time anyway.
|
|
#
?
Jan 5, 2012 14:57
|
|
|
Powercrazy posted:ior, are you involved in The Gathering this year? If so any chance I can be one of the network engineers on staff? I'd like to take a vacation around that time anyway. Yes I am. But sorry, you are too late, the crew was filled up a couple of weeks ago. 
|
|
#
?
Jan 6, 2012 16:29
|
|
|
This might not be a Cisco question, but the fiber does attach to some Cisco switches! I'm curious what this object is in our demarc. A fiber cable goes from one switch, to the panel in the upper right of the box, then back out the same panel to another switch. The switches are right next to each other though, why not just use a 2 foot patch cable instead of running cables all the way to this mystery box? Edit - Thanks! aksuur fucked around with this message at 15:38 on Jan 12, 2012 |
|
#
?
Jan 10, 2012 20:28
|
|
|
aksuur posted:This might not be a Cisco question, but the fiber does attach to some Cisco switches! It's a fiber patch panel, it presumably connects to some outside plant cable. And looking at the bottom, it also has some unmounted splice trays. I would highly recommend not handling or disturbing the trays in bottom unless you know what you're doing.
|
|
#
?
Jan 10, 2012 21:38
|
|
|
So I'm the new kid on the block at my new gig, and I'm trying to critique our current datacenter deployments. In a particular segment we have 4 L3 switches on the same L2 domain, each with two uplinks to our core switches. The 4 switches are currently configured so that the same switch is the HSRP master for all vlans. I'm going to more evenly distribute the load by changing the HSRP priority on each switch so that each switch will be the HSRP master for about a quarter of all the networks in that segment. Best practices dictate that I should make each HSRP master the Spanning Tree root as well. So my question is, Why? Why does spanning tree need to match HSRP, and what are the consequences if it does not? I want some justification because I hate taking things based on faith, and I want to definitively prove that in X scenario, sub-optimal event Y will happen unless STP and HSRP are aligned. Any guidance here, anecdotes, problems that have been run into etc?
|
|
#
?
Jan 11, 2012 18:44
|
|
|
Powercrazy posted:Why does spanning tree need to match HSRP, and what are the consequences if it does not? If you have a situation where HSRP requires failover, you typically are in the same situation that you would have a Spanning Tree reconvergence as well. Most likely a switch failure. Having the Spanning Tree in the same place that you have HSRP means that your traffic paths will operate in a much more optimal fashion. 
|
|
#
?
Jan 11, 2012 19:12
|
|
|
Yea I knew about the failover implications, I was wondering about the Day to Day stuff, where having arbitrary/mismatched HSRP/STP roots, won't have any affect.
|
|
#
?
Jan 11, 2012 22:05
|
|
|
Anyone interested in a Juniper SRX210h-POE? I'm pretty sure it's pretty much brand new. I took it out and powered it up to make sure it worked. I am getting a minor alarm light on the front, but I'm not seeing any errors or alarms in the logs or the show commands, so I'm assuming you get that when there's no config on it? Not sure. If there's anything you want me to check I can. I can also put it up in SA-Mart if you want to make it all official and stuff. Let me know!
|
|
#
?
Jan 11, 2012 23:12
|
|
|
Powercrazy posted:Yea I knew about the failover implications, I was wondering about the Day to Day stuff, where having arbitrary/mismatched HSRP/STP roots, won't have any affect. I haven't seen anything in the sites that i have cleaned up that anyone went "wow, it's faster!" or anything like that. But those sites were fairly stable, I can't imagine what an unstable site would look like with things mismatched like that.
|
|
#
?
Jan 11, 2012 23:18
|
|
|
Panthrax posted:Anyone interested in a Juniper SRX210h-POE? I'm pretty sure it's pretty much brand new. I took it out and powered it up to make sure it worked. I am getting a minor alarm light on the front, but I'm not seeing any errors or alarms in the logs or the show commands, so I'm assuming you get that when there's no config on it? Not sure. If there's anything you want me to check I can. I can also put it up in SA-Mart if you want to make it all official and stuff. Let me know! The alarm is probably from not setting a password or not setting a recovery config. I don't think SRX's alarm for having nothing in the management port, but that could be it too. So it's probably not broken.
|
|
#
?
Jan 12, 2012 03:13
|
|
|
I've got a quick question, and this looks like the best place for it: If I stack two switches, can I create a LAG from a port on each switch to two ports on a single switch? I'm attempting to create a redundant connection that will cover both cable failure and switch failure, but will not limit our voice and data networks to a single 1GB link.
|
|
#
?
Jan 12, 2012 23:56
|
|
|
Drighton posted:I've got a quick question, and this looks like the best place for it: http://en.wikipedia.org/wiki/Link_aggregation
|
|
#
?
Jan 13, 2012 00:21
|
|
|
Drighton posted:I've got a quick question, and this looks like the best place for it: When you say "stack" do you mean something like Cisco's stackwise, or juniper's equivalent or whatever? If so, then yes, as logically the switch stack is 1 switch. If they are two independent switches, then no you can't.
|
|
#
?
Jan 13, 2012 00:33
|
|
|
Powercrazy posted:When you say "stack" do you mean something like Cisco's stackwise, or juniper's equivalent or whatever? If so, then yes, as logically the switch stack is 1 switch. If they are two independent switches, then no you can't. Cisco would be nice, but it'd be Dell switches. But it should work just the same. Awesome, I love learning this stuff. Got to look into stacking the riser closet too. Thanks!
|
|
#
?
Jan 13, 2012 01:33
|
|
|
If the switch supports multichassis LACP and ICCP you can from two seperate switches.
|
|
#
?
Jan 13, 2012 18:29
|
|
|
Panthrax posted:Anyone interested in a Juniper SRX210h-POE? I'm pretty sure it's pretty much brand new. I took it out and powered it up to make sure it worked. I am getting a minor alarm light on the front, but I'm not seeing any errors or alarms in the logs or the show commands, so I'm assuming you get that when there's no config on it? Not sure. If there's anything you want me to check I can. I can also put it up in SA-Mart if you want to make it all official and stuff. Let me know! I am seriously interested. email z0rz0rz0rz0rz0rz0rz0rz0rz0rz0r@gmail.com with the info. I will take it off your hands.
|
|
#
?
Jan 13, 2012 19:43
|
|
|
Is there a way to use policy nat on a pix to change the source IP on incoming traffic? For example: Outside IP 9.9.9.9 going to 4.5.6.7 ----> Pix with static nat for 4.5.6.7 to 192.168.1.1 rewrites source IP of 9.9.9.9 to 192.168.1.254 ---> Router with 192.168.1.1 IP Doing this because of routing changes made for a client cause asynchronous routing when the source is an external IP.. I could probably add a static route to 9.9.9.9 to traverse the MPLS and out the WAN circuit but 
Sepist fucked around with this message at 23:28 on Jan 13, 2012 |
|
#
?
Jan 13, 2012 21:59
|
|
|
I have an Android ICS tablet that I'd like to connect to my Cisco ASA550 VPN. It's a standard IPSec vpn connection with group name/pre-shared key. I put in all the settings and all I get is a timeout. I thought ICS was supposed to work with Cisco IPSec? Anyone know?
|
|
#
?
Jan 16, 2012 17:30
|
|
|
Frozen-Solid posted:I have an Android ICS tablet that I'd like to connect to my Cisco ASA550 VPN. It's a standard IPSec vpn connection with group name/pre-shared key. I put in all the settings and all I get is a timeout. I thought ICS was supposed to work with Cisco IPSec? Anyone know? You haven't posted any: details of the connection (L2TP, PPTP, IPSEC [AH, ESP], cyphers, hash SW version on the ASA logs or debugs from both the ICS device and the ASA How are you expecting anyone to help you again?
|
|
#
?
Jan 16, 2012 17:54
|
|
|
Tremblay posted:You haven't posted any: I didn't give more details because I wasn't even sure if it should work at all. As far as I was aware it didn't work at all pre-ICS so I was asking that before going any further. For details of the connection: I already said it's Cisco IPSec with a groupname/preshared key. On an iOS device you can hit IPSec fill in that info and it just works, if that describes it better? As for version it's an ASA version 8.3(1), ADSM 6.3(1). Here's a log of what the logcat on the Andriod reports. It looks like it's connecting, and immediately claiming that the session is expired? D/racoon ( 5375): Waiting for control socket D/racoon ( 5375): Received 9 arguments I/racoon ( 5375): ipsec-tools 0.8.0 (http://ipsec-tools.sf.net) I/racoon ( 5375): 192.168.0.179[500] used for NAT-T I/racoon ( 5375): 192.168.0.179[500] used as isakmp port (fd=10) I/racoon ( 5375): 192.168.0.179[4500] used for NAT-T I/racoon ( 5375): 192.168.0.179[4500] used as isakmp port (fd=11) I/racoon ( 5375): initiate new phase 1 negotiation: 192.168.0.179[500]<=><ip removed>[500] I/racoon ( 5375): begin Aggressive mode. I/racoon ( 5375): received Vendor ID: CISCO-UNITY I/racoon ( 5375): received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt I/racoon ( 5375): received Vendor ID: DPD I/racoon ( 5375): received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 I/racoon ( 5375): I/racoon ( 5375): received broken Microsoft ID: FRAGMENTATION W/racoon ( 5375): port 500 expected, but 0 I/racoon ( 5375): Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02 I/racoon ( 5375): I/racoon ( 5375): Hashing 192.168.0.179[500] with algo #2 I/racoon ( 5375): NAT-D payload #-1 doesn't match I/racoon ( 5375): Hashing <ip removed>[500] with algo #2 I/racoon ( 5375): NAT-D payload #0 verified I/racoon ( 5375): NAT detected: ME I/racoon ( 5375): KA list add: 192.168.0.179[4500]-><ip removed>[4500] I/racoon ( 5375): couldn't find the proper pskey, try to get one by the peer's address. I/racoon ( 5375): Adding remote and local NAT-D payloads. I/racoon ( 5375): Hashing <ip removed>[4500] with algo #2 I/racoon ( 5375): Hashing 192.168.0.179[4500] with algo #2 I/racoon ( 5375): ISAKMP-SA established 192.168.0.179[4500]-<ip removed>[4500] spi:04ba6ad1d781f1de:f722198067edaf2a I/racoon ( 5375): ISAKMP-SA expired 192.168.0.179[4500]-<ip removed>[4500] spi:04ba6ad1d781f1de:f722198067edaf2a I/racoon ( 5375): ISAKMP-SA deleted 192.168.0.179[4500]-<ip removed>[4500] spi:04ba6ad1d781f1de:f722198067edaf2a I/racoon ( 5375): KA remove: 192.168.0.179[4500]-><ip removed>[4500] E/racoon ( 5375): Connection is closed I/racoon ( 5375): Bye I have no idea how to get the ASA logs from the ASA itself.
|
|
#
?
Jan 16, 2012 18:46
|
|
|
Is Cisco Nexus layer 2 only or is there a model with IP services?
|
|
#
?
Jan 17, 2012 23:31
|
|
|
Zuhzuhzombie!! posted:Is Cisco Nexus layer 2 only or is there a model with IP services? Which ones? The 5K or the 7K? The 5K are layer 2 out of the box, but you can add a layer 3 routing module to the 5500 series. Be careful, because that will drop you from 24 FEX in layer 2 to 8 FEX in layer 3 operating mode. For reference: Configuration Limitations with N55-D160L3, N55-M160L3, and N55-M160UP That said, the 7k are made to be layer 3 out of the box. Just be careful of the feature sets... they seem to have hosed over people in the past due to the equipment not having the features they wanted.
|
|
#
?
Jan 17, 2012 23:42
|
|
|
Does anybody have any recommendations of IOS 12.4(x) vs 15? There are no specific features that compel me to go to 15, but when I'm deploying new hardware, it seems like it would make sense for me to go with the latest. I know there were some issues with licensing before (you can no longer make your lan base switch think it's running advanced enterprise services), but now that all the new stuff uses universal images, that's less of an issue. Although when getting hardware shipped from Cisco, it still comes loaded with 12.2. It's almost like they don't trust their own release. 
|
|
#
?
Jan 18, 2012 01:07
|
|
|
|
| # ? May 31, 2024 01:13 |
|
|
IOS 12.4 is for routers and it's end of life. Use 15. IOS for switches used a different numbering scheme; there was never a 12.3 or 12.4 for switches. IOS 15 recently came out for switches. I don't know if the older stuff has been officially EOLd yet or not. You may as well use 15 if it's available.
|
|
#
?
Jan 18, 2012 02:03
|
|
