|
InferiorWang posted:Do you guys struggle with the language barriers with TAC? With the exception of one time, my issues get sorted out. But I feel it's taking much longer to get to the solution and that the language difference is a large part of that. An example of that would be when I explain a symptom to the engineer. I'll get a response of "yes" or "sorry to hear that" but I'm never really sure if they understood what I was saying. Funny, I just happened to see this... I work for CALO, TAC's lab staff (we run the cables, plug in the cards, etc.) and over half of our actual testing that uses hardware is done stateside in North Carolina. However, if you're on tier 1 support, it's likely that you're getting staff in Costa Rica or Bangalore, which would probably not have English as a first language. Most of my knowledge is about the in-lab work and not customer-facing employees, though. EDIT: And when I say the testing is done in North Carolina, I mean that the hardware is there - the actual TAC engineer could really be anywhere, so I guess it doesn't mean much. Eletriarnation fucked around with this message at 10:13 on Mar 28, 2009 |
#
¿
Mar 28, 2009 09:56
|
|
|
|
| # ¿ May 14, 2024 13:55 |
|
|
jwh posted:Our DC systems folks are attempting to move to UCS-based chassis and blades within the next six to ten months, in an attempt to consolidate our VM environment. Is the 5000 supposed to aggregate links from the 6140s? It seems like if you only have one 5000, then the implication is that you will be connecting several 6140s to it and then using a 10G uplink or two to the 6500s instead of taking up many precious 10G ports on your core switches. That way, you'll have high-bandwidth interconnects between the 6140s and the ability for a particular 6140 or two to get a a lot of bandwidth to the core when necessary, or for all to get a fair amount constantly. Basically, the 5000 seems like a distribution layer switch. ED:Oh, there are only two 6140s... Well, they may be planning for expansion, I guess.
|
|
#
¿
Oct 16, 2010 18:51
|
|
|
Bardlebee posted:Can you guys recommend me a cheap router that has the Cisco IOS on it that I can use for my home router? I would like to setup NAT at home and practice there as well. I know there are sims, but I would like to set it up at home too. You don't need to buy something as expensive as a new 800/1800. I use a 1720 with a WIC-1ADSL as a combination modem/router at my place, and if you already have a modem that makes you happy and just want a router you'd be just fine with a 2611 or 1721 as far as I know, which you can get for $50 or less. I haven't actually used a 2600 except in a lab full of much louder things, but as far as I know they're pretty quiet, and I can vouch that the 1700's slow 30mm-ish fan is literally silent. Just make sure that if you want any specific/exotic features that you check them against the supplied code version on the Software Advisor on Cisco's website, and if you get a 1700 (except the 1760, which is just unnecessary) make sure you buy a power brick because they don't have an internal PSU like the 2600s. Eletriarnation fucked around with this message at 17:26 on Jan 12, 2011 |
|
#
¿
Jan 12, 2011 17:20
|
|
|
CrazyLittle posted:The problem with a 1720/1721 is that its CPU isn't fast enough to be useful for home routing an internet connection like a cablemodem, and you can't get a second ethernet interface unless you hunt down a wic-4esw. Also, 26## routers are not compatible with wic-1adsl. Only 26##-XM routers are. I'm not sure about that, but as I said my 6mbit ADSL connection seems to be able to perform at max speed with no issues. I'm at class right now, but when I get home I'll max it out and let you know what my reported CPU usage is. Also, the point of recommending the 1721 and not the 1720 is that it does have a second FastE interface. I didn't know about the 26xx not supporting ADSL, but that's definitely in the list of features I would check for any model/code version - I clearly remember checking it when I made the decision to buy the 1720. Eletriarnation fucked around with this message at 17:44 on Jan 12, 2011 |
|
#
¿
Jan 12, 2011 17:28
|
|
|
CrazyLittle posted:17## series routers only have 1 FE port built in. You can add a wic-1E to most of them, but that card's pretty worthless in any real-world practical applications. Interesting, I must have imagined it based on the difference between the 26x0/26x1. Sorry, my mistake. OK, if you want two Ethernet interfaces, buy a 2611 instead of a 1720/2610 not only because yes, a 10Base-T WIC does suck, but also because why would you pay more for a WIC and a slower router when you could just get two FastE lines built in? That said, here's a summary of my decidedly unscientific router test: First off, I fired up the eight most seeded torrents on linuxtracker, plus three more that I can seed myself for a total of eleven torrents. Knowing that I only have around 700KBps of bandwidth (due to the ADSL limitations) I rate-limited each to 100KB download so that one wouldn't dominate. Finally, I fired up WoW and logged in at Stormwind, which is probably the busiest area on my high population server. Six of the torrents have hit the full 100KBps, and a couple more are creeping along, and WoW while not as responsive as it should be is playable and stable. Here's a "show proc cpu hist" on my 1721: code:When I hopefully move up to a 15Mb down/2 up connection next year, I'm sure I'll be in the market for a more powerful device. EDIT: Bonus shot of what happens when I turn OFF all those torrents: code:Eletriarnation fucked around with this message at 18:15 on Jan 12, 2011 |
|
#
¿
Jan 12, 2011 18:10
|
|
|
Bardlebee posted:I have been under the impression that when you have two devices in the same layer (switch to a switch or router to router) you use a cross over cable. In fact is it not in the CCNA that you would use a cross over cable to connect them? Of course, barring the fact that you can connect serial to serial on a router, this has been the norm. The CCNA will tell you: Switch to router or host: straight through. Switch to switch, or router/host to router/host: crossover. Auto-MDIX is an optional part of the Gigabit standard, making it likely that a gigabit connection with anything will work with either, but as far as I am aware the vast majority of 100/10 connections will not auto-crossover.
|
|
#
¿
Jan 12, 2011 22:19
|
|
|
Jonny 290 posted:Man, the cheapest way for me to get a gigabit switch that runs ios in my bedroom closet is just to get a 3508 and a bunch of gbics off ebay, isn't it =/ I've been searching for an answer to this exact question too, and I'm pretty sure you're right. I'm probably going to give up and use a FastE switch and just have a little Mikrotik gigabit switch for the few devices that support it/need it.
|
|
#
¿
Jan 25, 2011 06:04
|
|
|
Kind of an odd question, but does anyone know offhand about setting up network-to-host IPsec on an IOS router? I just read an appendix in the ROUTE quick reference about setting up site-to-site IPsec and it looks fairly straightforward, but the main ROUTE certification guide has less information than the quick reference and so I'm not sure how exactly I should alter the example configuration if I wanted to try this out on my home setup. The quick reference guide goes through: ISAKMP policy configuration IPsec transform set configuration Crypto ACL configuration Crypto map configuration Applying the crypto map to an interface and interface ACLs (which is kind of elementary at this point). It all looks good except that the crypto map configuration involves setting a peer address and I'm pretty sure that it doesn't work that way when I'm doing point-to-multipoint IPsec instead of tunneling over a point-to-point link. I searched around on Cisco's site but their basic configuration example there also involves a point-to-point tunnel, so I'm not really sure where to go except buying a VPN cert guide or something. Also, are there any special concerns with doing this? I'm aware that my 1720 doesn't have a super-fast processor so I probably shouldn't try to max out my WAN link with a bunch of VPN tunnels, but I don't want to open up any huge security holes or anything like that.
|
|
#
¿
Feb 8, 2011 16:36
|
|
|
Tremblay posted:I don't understand what you are trying to do. Take a look at Remote Access (RA) VPNs. You are talking about L2L (LAN to LAN) here and I don't think that's what you need. You don't have to specify the ISAKMP peer by IP you can just 0.0.0.0 for any. Oh! See, I didn't know that you can specify a range/subnet - the example only gives a single address. As you say, I am trying to set up a remote access VPN but all of the examples I've found are L2L so I was asking if that's an entirely different feature (that is, I can't do it on my little 1720) or if it's just a slightly different configuration.
|
|
#
¿
Feb 10, 2011 01:09
|
|
|
Tremblay posted:http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml Awesome - yeah, that's exactly what I needed, I just didn't know the proper search terms. Thanks!
|
|
#
¿
Feb 10, 2011 03:48
|
|
|
workape posted:Anyone with a Nexus environment since you have to make an alias for "wr mem" to work. Luckily you can just toss a "cop r s" in there. Although, don't ask your coworkers if they "coppers that damned switch" if they are going to reboot it. You will get funny looks. In IOS XR, your commands don't even do anything until you write them! It was annoying when I was first getting used to it but config versioning can be really useful for debug/testing.
|
|
#
¿
Mar 25, 2011 03:36
|
|
|
ragzilla posted:Does 'commit' actually write the config to nvram? If so that's pretty neat (we're currently looking at some ASRs running XR for our new build, still debating 7600 vs. ASR). I'm pretty sure it does, yes. Running-config and startup-config are the same in XR. XR supports some other neat things that I find myself wishing regular IOS did - like CIDR notation and being able to patch a codebase on the fly without having to replace the entire image and often with no interruption in service at all. Of course, you need that when your image is 400MB and the time from initiating a reboot to resuming full functionality can exceed fifteen minutes. ASRs are especially fun to reinstall code on - we had an RSP that wouldn't properly work as a hot standby, instead going into some kind of indeterminate state, and I decided to try completely wiping the installed code base and reinstalling from an image. Come to find out, the 9k doesn't actually support booting from flash... and the only way we could find out to do that was to move the entire base XR package over TFTP. Of course, it seems to me that in a production environment you wouldn't ever actually need to install XR on a device from scratch, and with a fast connection doing it over TFTP didn't take THAT long (certainly not like Xmodeming a switch over 9600bps) but I remember being baffled why a device that cost tens of thousands of dollars can't boot off CF when an 1800 can. EDIT: Like the previous poster, my vote (not very useful since I have no idea what your situation is) would be for the 9k, since I like working with IOX and presumably at some point not too long in the future they'll have a speed upgrade option like CRS-1 -> CRS-3. Eletriarnation fucked around with this message at 07:05 on Mar 25, 2011 |
|
#
¿
Mar 25, 2011 07:01
|
|
|
FatCow posted:Is it just me or is that really lame on Cisco's part? They could have had 1+1 fan redundancy in the chassis but instead make it so that if one of two fan units fails the system fails. The impression I got from the preceding conversation is that this isn't true, and Cisco's website claims that the power supply/cooling is fully redundant on all ASRs.
|
|
#
¿
Jun 3, 2011 04:44
|
|
|
jbusbysack posted:New thread title: The Cisco Questions Thread - Cheaper, Faster and Smarter than TAC. Well, I guess this is a good time to mention that I'm a TAC new hire on the IOS XR team so... if anyone has any IOS XR questions, ask them, because if I don't know then I should probably learn. Eletriarnation fucked around with this message at 23:44 on Jun 21, 2011 |
|
#
¿
Jun 21, 2011 19:49
|
|
|
adrenaline_junket posted:First time Cisco'er here. 2900XLs are switches, Fast Ethernet if I recall correctly, and they originally ran CatOS I'm pretty sure. If you have any version of IOS on them, it's probably not worth changing because they're very old models, but from what I can tell the newest (and likely last) thing out for them is 12.0.5-WC17. You'll probably be happier using a USB-serial adapter than buying a computer just for a serial port.
|
|
#
¿
Jun 22, 2011 13:12
|
|
|
ragzilla posted:I recommend against using WC17 if you plan to log into the switches on a semi-regular basis. WC10 is our standard for XL devices to avoid some wonderful (presumably AAA related) reload bugs on WC11-WC17. Yeah, I was just searching cisco.com and repeating what Software Advisor says - my personal practice with a system that old would likely be to leave it with whatever code it had unless I needed a specific feature or was actually going to (why?) add it to a production network. Of course, I'd upgrade it if it had CatOS too.
|
|
#
¿
Jun 22, 2011 16:18
|
|
|
routenull0 posted:Yeah I heard that there are many quality of life changes in the NX-OS and IOS-XR line. I believe one of them has already started the "commit 10" idea that Juniper uses to rollback the configuration in a set number of minutes instead of the ole trusty "reload in 10" My knowledge of NX-OS barely extends beyond knowing it exists, but XR has a "commit confirmed [<#sec>|minutes <#min>]" command where you can commit the configuration changes for anywhere from 30 seconds to 5 minutes - at any time during that, you can do a regular "commit" to make things permanent. I can't conclusively say it's not true and I'm no expert on the 7600 platform, but I haven't heard any indications of an XR release for it. If it did happen it would almost certainly work like the 12000, where many older/lower-end modules are unsupported because they don't have the proper architecture to run XR - you can't very well use a distributed operating system that runs on all linecards if some of your linecards are little more than switching ASICs tied to ports.
|
|
#
¿
Jul 6, 2011 13:58
|
|
I thought they were pushing IOS-XR to the 7600 line? Did that change? After I deployed a bunch of 7600s at my old ISP job, that was the rumor.
|
There's MPLS Layer 2 and 3 VPNs, I believe. On an unrelated note... code:
|
|
#
¿
Jul 13, 2011 20:11
|
|
|
Zuhzuhzombie!! posted:Yeah. Just submitted to TAC. New 3750's aren't registered under our warranty or whatever it's called so I had to "escalate" it. Hope that doesn't get to them cause me grief. It just means that the Entitlement team needs to get involved for a bit to verify that you're clear - and then the case bounces back to the LAN Switching team, which handles it normally. No need for worry.
|
|
#
¿
Aug 17, 2011 00:06
|
|
|
routenull0 posted:I went through a 2hour presentation on IOS-XR with our SE's since we are potentially moving to AS9K's at a few sites and I must say that Cisco has fixed a few of my largest problems with Classic IOS in IOS-XR. This is also nice because you have lots of accounting for configuration changes. Yesterday I was checking out a lab setup I had and noticed that one of my BGP neighbors running XR had gone missing. I checked this device and figured out not only that someone had blown up my entire BGP config, but also who did it and when they did it. I rolled the chassis back to exactly how I left it, then sent them a nice email telling them not to do that. In IOS, that would be "dammit, who did this!?" followed by an hour of cursing while reconfiguring.
|
|
#
¿
Sep 9, 2011 17:24
|
|
|
Zuhzuhzombie!! posted:*notices memory leak on two insanely important pieces of equipment* Call in and say you have a system stability issue and want to raise the case severity to 2 or 1 depending on whether you need it fixed "today" or "now".
|
|
#
¿
Sep 10, 2011 06:24
|
|
|
Kenfoldsfive posted:You can look at a CCNA Security as a mid-level jump off point. Also don't forget the CCSP, though I'm really not sure what the difference between that and the CCNP Security is. The CCNP Security replaces the CCSP, like the ROUTE and SWITCH replaced BSCI/BCMSN.
|
|
#
¿
Oct 6, 2011 06:44
|
|
|
ragzilla posted:I haven't had to dig into password recovery on XR platforms (CRS/ASR/GSRXR), I imagine it's a little more in depth. It's similar to an IOS router; just use rommon commands to boot with an empty config. They have a quick guide here: https://supportforums.cisco.com/docs/DOC-15870 Eletriarnation fucked around with this message at 17:27 on Jun 18, 2012 |
|
#
¿
Jun 18, 2012 17:23
|
|
|
Methanar posted:Can someone write some words about why you would ever want to use a software router/firewall like BIRD or vyOS instead of a hardware Cisco or Juniper product? There's actually at least one virtual router that Cisco makes itself: http://www.cisco.com/c/en/us/products/collateral/routers/asr-9000-series-aggregation-services-routers/datasheet-c78-734034.html I saw a presentation about this that I probably should have paid more attention to but I recall one of the use cases being "we want all the same features and CLI, but don't need the same scale/performance numbers that a physical box would provide."
|
|
#
¿
Dec 4, 2015 22:19
|
|
|
Zero VGS posted:I have a core switch with like 16 edge switches plugged into it. I have a MAC address of a device pulling a huge amount of bandwidth. What would be the most efficient commands to find out which port the mac address is on? show mac-address-table
|
|
#
¿
Jan 15, 2016 16:51
|
|
|
Zero VGS posted:Er, I should specify it's HP Procurves... I don't see a mac-address-table command. I did "show mac-address [the mac address I want]" and it returns Port 19 and VLAN 16, I assume then there's a command to figure out the IP of whatever switch is on Port 19 so I can then Telnet into that and run show mac again? Well, on Cisco devices you'd use "show arp" (maybe "show ip arp" depending on OS, don't remember) to see that. I don't know about Procurves. 
|
|
#
¿
Jan 15, 2016 17:04
|
|
|
1000101 posted:If you re-certify for one it'll go ahead and re-up them all. The recertification process is basically "go pass any CCIE written exam" so as long as you stay current on at least 1 technology you can maintain all of them. The only time you have to re-take a lab is when you let one expire. Yeah, there are a lot of people inside of Cisco at least who have more than one and are trying for a new one every few years. As long as you can pass the written for the one you're trying for, it recerts you for everything you already have and you don't have to worry about it. This also applies to lower certs like CCNA and CCNP - you can refresh them by passing the CCIE written, not that anyone cares too much about those earlier certs once you manage to pass the lab as well. Eletriarnation fucked around with this message at 16:55 on Feb 10, 2016 |
|
#
¿
Feb 10, 2016 16:52
|
|
|
It's pretty easy to set up a Linux machine running nfdump and nfsen, which are free. I don't know about performance but if you just need to handle a bit of traffic I've used them before and had no problems.
|
|
#
¿
Mar 26, 2016 01:54
|
|
|
Bigass Moth posted:But what if you don't know the bug ID going in, or that there even is a bug? https://bst.cloudapps.cisco.com/bugsearch/?referring_site=mm Is this what you're looking for, or is it not what you mean?
|
|
#
¿
Mar 28, 2016 18:43
|
|
|
I'm not sure I understand the situation, but if you have some information about the bug I can try and dig up the bugID for you if it's publicly viewable. If you still have the TAC engineer around he should be able to give you the bugID though.
|
|
#
¿
Mar 28, 2016 18:54
|
|
|
Well, I think that's the way to do it. I searched just now when I provided the link and was able to find a bug I remembered from a few years back, so it definitely has some of them. The amount of detail in bug documentation varies though, so you might have problems getting a hit on a documented bug even if you're using keywords that make sense.
|
|
#
¿
Mar 28, 2016 19:05
|
|
|
BiohazrD posted:So I'm working for a small company and we have a bunch of remote users that tunnel in using ASAs. Our network is just kind of a mess in general and we don't really have anyone particularly knowledgeable about networking. I have a certification/continuing ed budget and thought it might be a good idea to pursue a CCNA so we at least have someone who knows how all this poo poo is supposed to work. For CCNA it's relatively easy because there's one official book that covers the whole thing. There are some free materials out there too but they're more likely to be on a topic by topic basis - most people who put together a full course guide seem to want to get paid for it. I also enjoyed the Sybex guide written by Todd Lammle when I was working towards the CCNA and it seemed like a good number of people preferred it to the official one. Make sure that anything you buy is for the most recent version of the test, though - they usually change the test number for a new revision, so just be sure that matches. If you specifically want ASA knowledge you may need to work towards the CCNA Security since the classic cert is just for the fundamental routing and switching topics. Having that basic R&S knowledge will help you with any networking task though.
|
|
#
¿
Apr 12, 2016 18:23
|
|
|
I haven't worked enough on ASAs enough to feel that particular pain but I have recently started learning JunOS in a build that also has IOS-XR, and keeping those two straight when I've been working mostly on Nexus and vanilla IOS the past few months is making me kind of wish I had a GUI. Another abstraction layer is probably the last thing that's needed to add clarity though, and I don't know if Juniper even has one.
|
|
#
¿
Apr 12, 2016 22:04
|
|
|
I'm not even sure that I'm following all that correctly and this would fix anything, but is it an option to use another device as a dedicated DHCP server instead of having to combine your VPN gateway with that function? Having DHCP and VPN both locked to only work on the default VLAN is kind of nuts. Speaking as someone who has only really worked with Cisco and consumer gear though, the whole idea of a "router" that supports VLAN encapsulation but doesn't just let you tag L3 interfaces with whatever encapsulation you want seems pretty bad.
|
|
#
¿
Apr 13, 2016 19:27
|
|
|
Does the switch on the other side also show Rx power? I've definitely seen fiber pairs with one side misconnected or broken and it looks up on one side. I don't think it could happen if you're using autonegotiation (which is built into and can't be disabled with 10G, but can with 1G) but I could be wrong.
|
|
#
¿
May 10, 2016 21:27
|
|
|
Thanks Ants posted:The far end is unfortunately poo poo and doesn't display that information. I am getting the guy on-site to make up LC loopback cable to test the SFPs out with. Yeah, Tx drops sound like a failing port ASIC or maybe optic to me. I don't think that there's any way to detect problems with the physical medium from the Tx side so I would definitely be looking at hardware first with this.
|
|
#
¿
May 10, 2016 23:08
|
|
|
adorai posted:When I first started at this company 7 years ago, they had outsourced their WAN management. The company that did it used "redistribute connected" on any OSPF process. All across the internet I see people using "redistribute connected" on their ospf processes. Is this a normal thing? The first thing I did when we got rid of the outsourced management was remove redistribute connected, set passive-interface default, and specify the networks that should participate in OSPF. It seems lazy and quite frankly dumb to do that unless you have a really good reason for it. Am I right, or am I just anal? You're right about default passive-interface, as someone could perform a blackholing/spoofing attack if they plugged into a non-passive network. If your only connections are to other devices you control though it doesn't seem like a big deal. Redistributing connected shouldn't really be an issue unless you have such a large network or such low-end devices that scaling and performance is a real concern. You could make an argument for only advertising what needs to be advertised, but I would say that unless there's a reason not to advertise everything you should try to keep the config simple and maintainable with a simple redistribute over having lots of network statements. Even in the case where you don't want to advertise everything, you could still make the case that redistributing connected through a route-map makes for a more maintainable configuration. Eletriarnation fucked around with this message at 05:08 on May 17, 2016 |
|
#
¿
May 17, 2016 05:06
|
|
|
Dalrain posted:Yes, you're hitting on the correct reason you want to avoid lazy redistribute connected. They will all be "injected" as external, and depending on your metric type, the paths won't be calculated correctly for internal use. (E1 vs. E2) Passive and network statements are by far preferred for a "professional" OSPF environment. Yeah, that's true. You can set the metrics in a route-map if you're doing it that way instead of just redistributing everything blind, but that's arguably more work than just using network statements.
|
|
#
¿
May 18, 2016 03:20
|
|
|
In my experience if you just say something like "hey, we're depending on this to replace our previous firewall and it's not really working right now, which is a significant impact to our operations - could you make this ticket severity 2?" then you should be fine. Policy is mostly that the customer defines the priority, so you shouldn't really get pushback as long as you have reasons that match the definitions of the different severity levels and are yourself responsive when you want a more urgent severity.
|
|
#
¿
May 21, 2016 05:39
|
|
|
|
| # ¿ May 14, 2024 13:55 |
|
|
Docjowles posted:Also, have fun getting assigned a tech in some random-rear end place. We recently opened a TAC case for our ASA and got a tech in Hawaii or something. "Yes, I would be happy to help you with this. Please join my WebEx at 2AM EST and " A lot of this depends on when you open the ticket and what the product is. Some products are handled by multiple teams and might have, for example, a bunch of people on different shifts in Bangalore or Costa Rica who handle most of the common issues and kick up uncommonly complex issues or those requiring troubleshooting with development to a smaller team elsewhere. Other products only have one support team on shift at any given time and that team takes all cases during this shift. So for example if you open a case at 10AM EST it might go to the RTP (NC) team, but then 6 hours later it might go to San Jose, then Sydney, then Brussels, then back to RTP. I haven't worked with all of the support models so it's hard to speak in general, but it's probably a good in general to open the case around the shift when you would want to work on it (so don't do it as the last thing before you leave on a long day) assuming that it's not an urgent open it ASAP sort of thing. It also couldn't hurt to mention your contact hours in your initial communication.
|
|
#
¿
May 23, 2016 20:14
|
|
