The Cisco Short Questions Thread v12.4.9(WTF)

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›3 »

Docjowles: Apr 9, 2009

Rofl. That reminds me of when the ISP I used to work for sent out a marketing mailer with how fast our packets traveled in miles per hour. IIRC they literally pinged a server in another state, then took the distance from our city to there and half the round-trip time to come up with a speed. It was glorious.

# ¿ Aug 2, 2013 00:25

Adbot: ADBOT LOVES YOU

# ¿ May 13, 2024 23:26

Docjowles: Apr 9, 2009

Syano posted:

Must be nice. I added my CCNA and got bupkis.

Is your linkedin profile filled out to 100% (see the thread in BFC)? I'd get jack poo poo from recruiters no matter what I put on my profile, til one day I finally uploaded a photo. Then bam, multiple emails per week. If your profile isn't complete you basically don't show up in search results.

# ¿ Aug 5, 2013 18:12

Docjowles: Apr 9, 2009

The "swatting a fly with a Buick" aspect of IPv6 does amuse me. Oh, a /24 isn't enough for you, tough guy? Ok, here's more address space than all of IPv4. We give no fucks :dealwithit:

# ¿ Aug 23, 2013 02:33

Docjowles: Apr 9, 2009

Contingency, you just produced the best name/avatar/post combo I have ever seen :golfclap:

Have I said this before about one of your posts? Feels familiar. Anyway.

jwh posted:

The short answer is yes, but the longer, and better answer is no

You should spring for a palo alto box, in my opinion.

Seconding this. I was in the middle of evaluating Palo Alto when I left my last job, and their poo poo is awesome. It was on the higher end of the price spectrum, but put it up against Cisco and it will look pretty great especially considering what you get for the money.

And for the love of god, please try to get management support for taking away local admin. Surely (right? :smithicide:

) if you're talking several hundred users most of them are not special VP or C-level snowflakes that "need" local admin and unrestricted access to Pirate Bay to do their jobs.

# ¿ Aug 31, 2013 09:40

Docjowles: Apr 9, 2009

I am so stealing that image. It's the absolute perfect SH/SC.jpg :allears:

# ¿ Sep 6, 2013 18:44

Docjowles: Apr 9, 2009

Yeah it's not a networking product per se, though it has a networking component. It's basically compute + networking + storage in a box, designed to scale out massively but be centrally managed from one interface. My company's starting to roll them out in a limited fashion. The B-series are a blade chassis, and the C-series are a traditional rack mount form factor.

FWIW we have had no loving end of problems with the C series but the B's have been great.

# ¿ Sep 12, 2013 22:55

Docjowles: Apr 9, 2009

ragzilla posted:

Can you expand on your issues with the C servers? We're looking at adding some for local storage applications.

The biggie was some fuckery with the RAID controllers. I wasn't the main guy working on this but if you really want I can ask the guy who was and get you explicit details. But basically you'd provision the box in UCS manager with a RAID config and everything would boot up fine. Then sometimes the disk IO performance would go to poo poo despite the management software not showing any alerts or issues. Reboot box, suddenly the RAID config is gone along with everything on the disks and you get to start over :haw:

This persisted across a bunch of hardware swaps.

The C series boxes are in production now so I assume that's been resolved (since they're acting as database servers, not some stateless throwaway box) but like I said I wasn't personally handling that issue.

# ¿ Sep 13, 2013 06:44

Docjowles: Apr 9, 2009

Agrikk posted:

The original call was for a join statement to test the availability of a few tables, but that was quickly shot down as being too heavy a transaction for a probe...

At one point we noticed that our monitoring software was running a non-trivial query against the production DB many thousands of times per day, despite being configured to run every 5 minutes or something. Turned out collectd had a bug where the setting to specify how often to poll just didn't work and defaulted to every 10 seconds :haw:

That was a fun discovery.

# ¿ Sep 13, 2013 18:29

Docjowles: Apr 9, 2009

dotster posted:

What RAID controller were they running? I have run the mez card or PCI controllers but those are just LSI.

Looks like LSI MegaRaid 9265-8i.

# ¿ Sep 16, 2013 16:37

Docjowles: Apr 9, 2009

Smokeping might be closer to what you want, too.

# ¿ Sep 26, 2013 18:53

Docjowles: Apr 9, 2009

Martytoof posted:

People who love free junk:

If you sign up for a Meraki webinar, Cisco will supposedly send you a free unit. My boss got his and it's licensed through 2017 so a free $300 doodad with 3 years of cloud management for an hour or two of your time.

https://meraki.cisco.com/webinars

Signed up cause I can't pass up free gadgets, figured I'd pass it on.

Here's the fine print

# ¿ Feb 11, 2014 20:15

Docjowles: Apr 9, 2009

Sepist posted:

We call it the megatron, it's an ASR9922. If you saw a linecard with 1 or 2 ports chances are it was a 100gb linecard. We have a lot of them deployed in our DC's, here's some pics. You can see the 2x100Gb linecards in the lower part of each chassis

I have nothing to add besides holy poo poo, dat router :stare:

# ¿ Mar 14, 2014 20:46

Docjowles: Apr 9, 2009

Cross-posting from the general IT thread since I just remembered this one exists.

My company is hiring if anyone wants a network engineer job in Denver. PM me or reply here with an email address if you want details. Guess I should do a formal post in the job fair thread at some point. Looking for roughly CCNP level experience though the actual cert isn't a hard requirement since we don't in fact run much Cisco gear. Juniper, Force 10, F5. Linux expertise a huge plus. You would be the primary network engineer for a mid-size web property. I hesitate to call it a "startup" since they've been around for going on 10 years but it still has that kind of cultural workplace feel, for better or worse.

Full-time remote is not an option but frequent work-from-home may be as long as you're in the general area.

I am not the hiring manager, just a sysadmin you'd be working with, but I can pass resumes along and put in a goond word.

# ¿ Mar 24, 2014 06:07

Docjowles: Apr 9, 2009

less than three posted:

Yeah our F5s are great, would definitely recommend.

Thirding dis

# ¿ Mar 25, 2014 01:49

Docjowles: Apr 9, 2009

At a past job we ran some old-rear end EOL load balancers from Coyote Point. They were... adequate. Kind of a poo poo UI but I will say they were rock-solid. Years of uptime with no issues.

# ¿ Mar 25, 2014 02:21

Docjowles: Apr 9, 2009

There are some alerting plugins for Cacti like thold. But often people leave Cacti as purely graphing and use something like Nagios for alarms since that's what each was designed for.

Zabbix is one option if you want both functions in one package.

# ¿ Apr 14, 2014 15:49

Docjowles: Apr 9, 2009

Zuhzuhzombie!! posted:

Can anyone recommend a good console server?

The only ones I've used are TrippLite's, they seemed fine.

# ¿ Apr 17, 2014 16:47

Docjowles: Apr 9, 2009

There's plenty of dedicated IPAM tools you can host yourself that might work better than a spreadsheet. Things like Netdot or the venerable IPPlan.

# ¿ Apr 21, 2014 18:02

Docjowles: Apr 9, 2009

No that definitely sounds like an absurdly high failure rate for anything I didn't buy for my kid from the clearance bin at Toys-R-Us. Let alone a serious IT vendor.

# ¿ May 11, 2014 05:12

Docjowles: Apr 9, 2009

Yes, all monitoring software sucks. I am not being sarcastic.

If you hate text files that much, Zabbix is almost entirely point-and-click to configure. If the devices are similar you can set up one template and attach it to all the devices you want to monitor, and you're done. It handles both graphs/trends and alerts.

# ¿ Aug 11, 2014 04:39

Docjowles: Apr 9, 2009

Finally got approval to replace our lovely, ancient Force10 "core router" that doesn't have an adjustable TCAM. Might not actually be completely hosed on 512,000 BGP Entries For Real Day :unsmith:

We have it paired with another, less-lovely router but I wasn't really looking forward to losing redundancy since our business operates 100% online.

Now to submit the order to our VAR and hope they don't say "lol that product is backordered 6 months out".

# ¿ Aug 19, 2014 16:44

Docjowles: Apr 9, 2009

Juniper MX104. The other existing router is an MX80.

# ¿ Aug 19, 2014 16:52

Docjowles: Apr 9, 2009

And surely it exposes SNMP so you can roll your own pretty graphs in whatever tool you like.

# ¿ Aug 31, 2014 17:06

Docjowles: Apr 9, 2009

Since I had to go digging for it tonight, here's Juniper's response and risk assessment per-product.

If anyone finds something relating to Force10 ( :smithicide:

) gear I'd appreciate a link.

# ¿ Sep 26, 2014 06:35

Docjowles: Apr 9, 2009

I'm relaying this question for a coworker, sorry if any part of this doesn't make sense. It's my fault for being a networking dunce.

We're replacing an old Force 10 "core router" with a new Juniper MX104. To be best of our knowledge, the config is 100% identical, translated from F10 to Juniper. Same IP's on all interfaces, same ACL's. When we put the new router in place, almost everything works... except no traffic can pass out through our firewall, an old-rear end Juniper SSG-520 running software rev "6.3.0r10.0". There's a layer 3 switch (Juniper EX4500 virtual chassis) sitting between the two devices, they aren't directly connected.

Is there anyone here with ScreenOS experience that might have a clue as to why that's happening? We've combed the firewall configs 500 times for any reference to an IP or network that was on the old router but not the new or something really obvious like that and come up empty.

Happy to provide additional detail or take it to PM's.

# ¿ Nov 6, 2014 18:35

Docjowles: Apr 9, 2009

Moey posted:

Stupid Experts Exchange. If you find the link on google, you can scroll all the way down and see the answer. But direct links make you have an account.

Hit the first link.

https://www.google.com/search?q=Was...=utf-8&oe=utf-8

I believe the correct spelling is Expert Sexchange :colbert:

# ¿ Mar 13, 2015 01:54

Docjowles: Apr 9, 2009

Yeah I'm not sure how you'd get around that other than preproccessing the output in some way (like sorting, as you said) and making RANCID diff that instead of the original. What problems did you encounter with that approach? (other than that it's hacky as hell)

# ¿ Mar 18, 2015 21:43

Docjowles: Apr 9, 2009

The important thing to remember when it comes to net connections is "god hates you and wants you to be sad". We have two redundant 10Gb fiber links coming into our data center in Colorado over completely different paths. Like, one comes up from New Mexico and one down from Wyoming. One day they were both knocked out at the same time. One due to "vandalism" (we never found out what this meant) and one due to the flooding in Colorado a couple years back creating a gigantic sinkhole in the earth and physically destroying the link. It took techs like 8 hours to splice the fiber in the sinkhole back together in what I can only assume were loving awful conditions.

Sometimes all you can do is sit back, say "yeah having enough redundancy to prevent this 1 in a million bullshit wouldn't have been worth the cost" and give the universe a :bravo:

# ¿ Mar 25, 2015 07:02

Docjowles: Apr 9, 2009

We're doing a switching refresh and Arista has been really aggressively courting our network guy for the business. Their main selling point is "WE HAVE SUB PICO SECOND LATENCY! PACKETS LITERALLY TELEPORT DIRECLTY BETWEEN HOSTS!" Which is cool but I don't run a high frequency trading operation and just don't have that kind of requirement in my environment. We're primarily interested in cost, with ease of management and automation support a close second. By those metrics, we ended up going with a bunch of Juniper QFX stuff.

Also I assume that was a tongue in cheek comment on the similarity between Cisco IOS and Arista, but yeah.

# ¿ Apr 17, 2015 02:49

Docjowles: Apr 9, 2009

CrazyLittle posted:

Wireless video baby monitor

We have one of these in our house. RIP anyone trying to use 2.4 Ghz wifi when that sucker is powered on.

# ¿ Aug 27, 2015 14:00

Docjowles: Apr 9, 2009

Thanatosian posted:

Windows server 2010

This doesn't exist :confused:

2012?

# ¿ Sep 12, 2015 20:31

Docjowles: Apr 9, 2009

I'm trying to set up babby's first Cisco vPC between two Nexus 6k switches. I feel like I must be missing something completely retarded here. From each switch, I can ping the management interface of the other. But I can't get the vpc keepalive link to come up one end. Any idea what is up with this?

Switch A: management interface is 10.63.162.45/16
Switch B: management interface is 10.63.178.45/16

Switch A:

code:

# show run | sec vpc
feature vpc
vpc domain 2
  peer-keepalive destination 10.63.178.45


# show vpc brief

vPC domain id                     : 2
Peer status                       : peer link not configured
vPC keep-alive status             : peer is alive
Configuration consistency status  : failed
Per-vlan consistency status       : failed
Configuration inconsistency reason: vPC peer-link does not exist
Type-2 consistency status         : failed
Type-2 inconsistency reason       : vPC peer-link does not exist
vPC role                          : none established
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Disabled (due to peer configuration)
Auto-recovery status              : Disabled


# ping 10.63.178.45
PING 10.63.178.45 (10.63.178.45): 56 data bytes
64 bytes from 10.63.178.45: icmp_seq=0 ttl=254 time=0.899 ms
64 bytes from 10.63.178.45: icmp_seq=1 ttl=254 time=0.771 ms
64 bytes from 10.63.178.45: icmp_seq=2 ttl=254 time=0.784 ms
64 bytes from 10.63.178.45: icmp_seq=3 ttl=254 time=0.794 ms
64 bytes from 10.63.178.45: icmp_seq=4 ttl=254 time=0.806 ms

--- 10.63.178.45 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.771/0.81/0.899 ms

Switch B:

code:

# show run | sec vpc
feature vpc
vpc domain 2
  peer-keepalive destination 10.63.162.45


# show vpc brief
vPC domain id                     : 2
Peer status                       : peer link not configured
vPC keep-alive status             : Suspended (Destination IP not reachable)
Configuration consistency status  : failed
Per-vlan consistency status       : failed
Configuration inconsistency reason: vPC peer-link does not exist
Type-2 consistency status         : failed
Type-2 inconsistency reason       : vPC peer-link does not exist
vPC role                          : none established
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Disabled (due to peer configuration)
Auto-recovery status              : Disabled


# ping 10.63.162.45
PING 10.63.162.45 (10.63.162.45): 56 data bytes
64 bytes from 10.63.162.45: icmp_seq=0 ttl=254 time=0.922 ms
64 bytes from 10.63.162.45: icmp_seq=1 ttl=254 time=0.696 ms
64 bytes from 10.63.162.45: icmp_seq=2 ttl=254 time=0.923 ms
64 bytes from 10.63.162.45: icmp_seq=3 ttl=254 time=0.71 ms
64 bytes from 10.63.162.45: icmp_seq=4 ttl=254 time=0.741 ms

--- 10.63.162.45 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.696/0.798/0.923 ms

# ¿ Oct 8, 2015 19:28

Docjowles: Apr 9, 2009

Well I've certainly gone down a rabbithole of fail on this project! I got the keepalive link working by adding "vrf default" to the end. I realize this is not the proper config for the reason 1000101 gave, and will try to fix at some point.

However, I've now managed to lock myself out of one of the two switches :saddowns:

It's still up and passing traffic, thank god, but I can't access the management IP. It's in a data center across town and there's apparently no remote console access (I did not set this up, just took over for someone at a new job), so fixing that will have to wait until the next time I have a reason to go over there. I don't understand how I got locked out, though, so any insight on that would be appreciated!

The vPC came up, but I could not reach any of the devices connected to the associated port-channels. After checking the logs, I found that it's because the VLANs those devices were on were set to "switchport mode fabricpath" and I had to convert my poo poo to vPC+. So I did. The last thing I did before getting locked out was editing the port-channel for my vPC peer link. On both ends, I ran "switchport mode fabricpath". When I did that, my SSH connection to switch B immediately dropped and I can no longer reach it. Switch A, with the same config, is fine. Any hope something as simple as shut/no shut on the management interface will restore connectivity, or have I done something seriously retarded? NX-OS bug in our old-rear end version?

Pared-down config for the one switch I can still reach below. The other was identical barring interface descriptions:

code:

!Command: show running-config
!Time: Fri Oct  9 18:13:55 2015

version 6.0(2)N1(2)
install feature-set fabricpath
feature-set fabricpath
hostname switchA

no feature telnet
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature fex
clock protocol none

ssh key rsa 2048
ip domain-lookup
logging event link-status default
class-map type qos class-fcoe
class-map type queuing class-fcoe
  match qos-group 1
class-map type queuing class-all-flood
  match qos-group 2
class-map type queuing class-ip-multicast
  match qos-group 2
class-map type network-qos class-fcoe
  match qos-group 1
class-map type network-qos class-all-flood
  match qos-group 2
class-map type network-qos class-ip-multicast
  match qos-group 2

vrf context management
vlan 1
vlan 63
  name Managment
  mode fabricpath
vlan 444
  name Internal
  mode fabricpath
vlan 1684
  name NetAppSAN
  mode fabricpath
vpc domain 5
  role priority 10
  peer-keepalive destination 10.63.178.45 source 10.63.162.45 vrf default
  delay restore 150
  peer-gateway
  fabricpath switch-id 5
port-profile default max-ports 512


interface Vlan1

interface Vlan63
  no shutdown
  management
  no ip redirects
  ip address 10.63.162.45/16

interface port-channel20
  description "Twinax FabricPath link to other nexus switch"
  switchport mode fabricpath
  switchport trunk allowed vlan none

interface port-channel50
  description "vPC Peer Link"
  switchport mode fabricpath
  switchport trunk allowed vlan 444,1684
  spanning-tree port type network
  vpc peer-link

interface port-channel60
  switchport mode trunk
  switchport trunk allowed vlan 444,1684
  speed 10000
  vpc 1

interface port-channel70
  description "netapp01 node 2 vPC port-channel"
  switchport mode trunk
  switchport trunk allowed vlan 444,1684
  vpc 2

interface Ethernet1/5
  switchport mode fabricpath
  switchport trunk allowed vlan 444,1684
  channel-group 50 mode active

interface Ethernet1/6
  switchport mode fabricpath
  switchport trunk allowed vlan 444,1684
  channel-group 50 mode active

interface Ethernet1/27
  switchport mode fabricpath
  switchport trunk allowed vlan none
  channel-group 20

interface Ethernet1/28
  switchport mode fabricpath
  switchport trunk allowed vlan none
  channel-group 20

interface Ethernet1/37
  description "NetApp Node1 e0c"
  switchport mode trunk
  switchport trunk allowed vlan 444,1684
  channel-group 60 mode active

interface Ethernet1/38
  description "NetApp Node2 e0c"
  switchport mode trunk
  switchport trunk allowed vlan 444,1684
  channel-group 70 mode active

interface mgmt0

code:

# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 5
vPC+ switch id                    : 5
Peer status                       : peer link is down
                                  (peer-keepalive not operational,
                                  peer never alive)
vPC keep-alive status             : peer is not reachable through peer-keepalive
vPC fabricpath status             : peer is reachable through fabricpath
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 2
Peer Gateway                      : Enabled
Peer gateway excluded VLANs     : -
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans
--   ----   ------ --------------------------------------------------
1    Po50   up     -

vPC status
---------------------------------------------------------------------------
id     Port        Status Consistency Reason       Active vlans vPC+ Attrib
--     ----------  ------ ----------- ------       ------------ -----------
1      Po60        up     success     success      444,1684     DF: Yes, FP
                                                                MAC: 5.0.0
2      Po70        up     success     success      444,1684     DF: Yes, FP
                                                                MAC: 5.0.0

Docjowles fucked around with this message at 19:31 on Oct 9, 2015

# ¿ Oct 9, 2015 19:27

Docjowles: Apr 9, 2009

1000101 posted:

Ah, so you're using Fabricpath! That changes a couple things.

First, unsure the purpose of po20. Is this an uplink to another switch or the same? If it's the same I would consider turning this into an l3 port channel, putting a /30 on it in it's own VRF and using this for peer keep alive (you don't even need the keep alive to be reachable by anything but the remote vpc peer). You don't need a separate l2 link between switches to pass data. It can use the peer link as needed. Either that or plug in mgmt0 somewhere and use that for vPC keep alive. Until you've got l3 reachability VPC will never come up. Since there's an issue with VPC and you're using an in-band keep alive it may never come back online. Your l3 interfaces may be down/dead because VPC+ is trying to keep things sane.

Your vPC peer link looks like it's pruning VLANs. From what I recall the default behavior for a port in mode fabricpath is to forward all fabricpath VLANs over it. Just in case though I would make sure the allowed list includes all your fabricpath VLANs.

Also it's worth looking at the 'show fabricpath topology' output and picking a vPC switch ID thats going to make sense. If your 2 nexus switches are actually using a statically defined switch ID (say 1 and 2) then I'd consider making your fabricpath vpc switch-id something like 10 or 100 or something.

I think the root of my problems is not having a dedicated link for the keepalive. I'll work on that.

I'm actually confused as to the purpose of po20 as well. It's one of those things that was already set up when I started and whoever created it is long gone. It appears to be an uplink between the two Nexus 6001's. I'd have thought that since it's configured with "switchport trunk allowed vlan none", nothing would be passing over it. But I see the tx and rx counters incrementing steadily on a "show int port-channel 20". It's not part of a vPC or anything. What I pasted was pretty much the complete config. "show fabricpath topology" doesn't really show anything useful to me:

code:

csw01-a2# show fabricpath topology
Topo-Description                 Topo-ID    Topo-State
-------------------------------- ---------- --------------------
0                                0          Up

I also have a stupid question about the SVI that's serving the management IP. vlan 63 in the config. What physical interface(s) is that IP actually reachable on from another device? I don't see any interfaces (that aren't directly attached to a server) allowing VLAN 63. I did leave a shitload of FEX interfaces (which are all 1Gb ethernet) out of the config I posted. Is it somehow being accessed through the attached FEXes?

# ¿ Oct 14, 2015 16:13

Docjowles: Apr 9, 2009

1000101 posted:

Looking at the config you posted I see that VLAN 63 is reachable via po20 and po50. Fabricpath ports forward all fabricpath VLANs all the time. In order to prune a VLAN out of a fabricpath link you'd need to create a separate topology for it. Basically the 'switchport trunk allowed vlan' list gets ignored since the port isn't technically a trunk port. Thats why you see traffic going over po20.

Thanks! Knowing that the "switchport trunk allowed vlan none" is just ignored makes things MUCH clearer.

# ¿ Oct 20, 2015 19:05

Docjowles: Apr 9, 2009

Ahdinko posted:

Honestly the wallboard requirements are really "look cool and make it look like things are happening to impress people". The helpdesk guys all get the alerts come into an inbox, none of them are sitting there staring at the telly waiting for a colour to change on a box. I'd like to see something more funtional than anything else when I or the helpdesk guys actually log in to go look at an issue or pull some stats for a query.

Just put this up and call it good

http://map.norsecorp.com/

# ¿ Nov 6, 2015 18:45

Docjowles: Apr 9, 2009

frogbert posted:

I'll look into it thanks.

Any recommendations on syslog server software?

Are you at all familiar with Linux? A little VM running rsyslog is all you need. There are tutorials galore for configuring it on Google.

# ¿ Nov 24, 2015 03:07

Docjowles: Apr 9, 2009

I'm dealing with an old-rear end Cisco ASA 5520 (not the -X series, the originals). My boss wants me to update it to the latest software, but it's so drat old it has the original 64MB flash card which only has room for one OS image and one ASDM image. Is it safe to delete the images from a running system, copy over the new ones, update the config, and reload? I'd assume they're already loaded into RAM, but don't really want to test this in production.

Either way I'm going to recommend that we just buy a larger flash card, since YOLOing with no rollback possible sounds awful. But I want to present him with all of the options.

Docjowles fucked around with this message at 19:50 on Dec 3, 2015

# ¿ Dec 3, 2015 19:47

Docjowles: Apr 9, 2009

psydude posted:

9.1(6) has some specific RAM and flash requirements. You'll probably have to upgrade both.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/product_bulletin_c25-586414.html

Somehow the box already has 2GB of RAM. And is already on 9.1(1). It just has this tiny-rear end CF card so I can't upgrade further. I'm guessing whatever VAR we bought it from years ago flashed it up for us using an external card and then pulled it after delivery or something.

code:

# show memory
Free memory:        2199937224 bytes (82%)
Used memory:         484417336 bytes (18%)
-------------     ------------------
Total memory:       2684354560 bytes (100%)
#
# show flash
--#--  --length--  -----date/time------  path
   98  27260928    Mar 14 2013 13:30:32  asa911-k8.bin
   99  23374256    May 17 2014 15:11:30  asdm-716.bin
   11  2048        Mar 14 2013 13:36:56  log
   22  2048        Mar 14 2013 13:37:06  crypto_archive
   23  2048        Mar 14 2013 13:37:14  coredumpinfo
   24  59          Mar 14 2013 13:37:14  coredumpinfo/coredump.cfg
  100  196         Mar 14 2013 13:37:14  upgrade_startup_errors_201303141737.log
  102  200         Mar 20 2013 15:01:06  upgrade_startup_errors_201303201901.log
  103  2048        Aug 15 2014 10:05:04  tmp

62904320 bytes total (11804672 bytes free)
#
# show disk1:

%Error show disk1: (No such device)
#
# show version

Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(6)

# ¿ Dec 3, 2015 20:24

Adbot: ADBOT LOVES YOU

# ¿ May 13, 2024 23:26

Docjowles: Apr 9, 2009

psydude posted:

You could buy a bigger CF card for about $12 and throw both images and the configs on there. I've done that for customers before.

This is the plan. You can just use any rando CF card, it doesn't have to be a ~~~CISCO CERTIFIED~~~ $500 256MB one, right?

# ¿ Dec 3, 2015 21:26

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›3 »