|
forever gold posted:Not cisco specific, but is there a difference between these IP addresses? No. IPv4 addresses are 32 bit numbers, the last eight are 00000001 in both cases.
|
#
¿
Apr 29, 2013 03:21
|
|
|
|
| # ¿ May 14, 2024 18:55 |
|
|
Even if he was trying to demonstrate a decimal to binary conversion, the answer still makes no sense. The dotted quad notation is input as decimal, so any octet with 010 is exactly the same as 10. forever gold, leading zeros do not matter in an octet.
|
|
#
¿
Apr 29, 2013 06:20
|
|
|
From inet_aton(3);inet_aton(3) posted:components of the dotted address can be specified in decimal, octal (with a leading 0), or hexadecimal, with a leading 0X). Addresses in any of these forms are collectively termed IPV4 numbers-and-dots notation. The form that uses exactly four decimal numbers is referred to as IPv4 dotted-decimal notation (or sometimes: IPv4 dotted-quad notation). I had no idea dotted addresses could be put in as anything other than decimal. I was wrong, leading zeroes do matter. Edit: Cisco doesn't care about your crazy octal IP addresses. #ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 49/49/50 ms #ping 010.010.010.010 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Filthy Lucre fucked around with this message at 16:04 on Apr 29, 2013 |
|
#
¿
Apr 29, 2013 14:26
|
|
|
Ask the ISP for a single port ADSL bridge modem. It'll pass the traffic transparently to whatever Ethernet connection you want. Or you can just buy a couple yourself, cheap ones run $60 or so.
|
|
#
¿
May 6, 2013 00:06
|
|
|
Herv posted:Its been forever but doesn't the CCNA focus on layer 2 switching? I had EIGRP questions/troubleshooting when I took mine last year.
|
|
#
¿
Jul 29, 2013 23:26
|
|
|
If you have access to the DHCP server, watch the log file for the discover/offer/ack when the E7 should be requesting a new lease. DHCP is obviously working if the E7 is getting a lease on boot, I can't think of any reason it wouldn't get a new lease when it comes time to renew unless it's not asking.
|
|
#
¿
Aug 13, 2013 16:49
|
|
|
Zuhzuhzombie!! posted:Gonna throw this out there see if anyone knows any ideas. I don't have access to the hardware and the guys who do aren't the brightest. We have some Calix E7s out in the field that pull management IPs via a DHCP pool. He says that when the lease expires, they do not receive a new IP from the DHCP pool. You're not using a LAG on that E7 are you? I have seen E7s drop DHCP traffic on cross card LAGs before. Every other type of traffic would work, just not DHCP. I could see the DHCP server receive the renewal request and it offer the new lease, but the client never received the offer. Sniffing the traffic showed the E7 nearest the DHCP server receiving the offer, but the offer never made it to the far end E7. My suspicion was that the E7 was somehow getting the destination MAC on the stand-by port, but even after working with TAC and my SE we were never able to prove it. Making the other port of the LAG active will temporarily fix the problem. We never did find a solution, I finally gave up working with Calix on it and put a work around in place.
|
|
#
¿
Aug 14, 2013 06:44
|
|
|
Going to display my ignorance here, but wouldn't this be a good place to consider a MED? Without the prepends, border7 and border8 would have the same AS hop count as they are connected to the same provider. A MED could be used to tell the upstream which circuit you would prefer. Or am I totally misunderstanding how MEDs work? I've never tried using one, myself.
|
|
#
¿
Sep 4, 2013 22:16
|
|
|
Can someone help me figure out why the gently caress my route-map ROUTE_MAP_FROM_HURRICANE isn't working?pre:#show run | i neighbor 184.105.249.5
neighbor 184.105.249.5 remote-as 6939
neighbor 184.105.249.5 description Hurricane Electric eBGP Session
neighbor 184.105.249.5 update-source GigabitEthernet0/0/7.1127
neighbor 184.105.249.5 version 4
neighbor 184.105.249.5 next-hop-self
neighbor 184.105.249.5 route-map ROUTE_MAP_FROM_HURRICANE in
neighbor 184.105.249.5 route-map ROUTE_MAP_TO_HURRICANE out
#show run | b route-map ROUTE_MAP_FROM_HURRICANE permit
route-map ROUTE_MAP_FROM_HURRICANE permit 10
match ip address prefix-list PREFIX_LIST_AS6939
set local-preference 150
set weight 100
#show run | i ip prefix-list PREFIX_LIST_AS6939
ip prefix-list PREFIX_LIST_AS6939 seq 10 permit 1.0.20.0/23
#show ip bgp 1.0.20.0
BGP routing table entry for 1.0.20.0/23, version 2957089
Paths: (2 available, best #1, table default)
Multipath: eBGP iBGP
Advertised to update-groups:
4
Refresh Epoch 1
174 2914 2519, (received & used)
38.104.102.10 (metric 2) from 24.36.32.66 (24.36.32.66)
Origin IGP, metric 51061, localpref 100, valid, internal, best
Refresh Epoch 1
6939 2519, (received-only)
184.105.249.5 from 184.105.249.5 (216.218.252.168)
Origin IGP, localpref 100, valid, external38.104.102.10 is my upstream connection to Cogent from one of my other routers (24.36.32.66). I've stripped down the route-map and the prefix-list trying to get it to work. I can't figure out why it's not setting the local pref for 1.0.20.0/23 to 150.
|
|
#
¿
Sep 13, 2013 16:22
|
|
|
I've gone home for the day (been awake for 30+ hours at this point), but I've done several soft and a few hard clears. I'll grep the logs when I go back to the office for an exact count. The issue is more of a personal challenge at this point. Traffic is coming in and going out, so people are getting their porn, it's just not necessarily the way I want it.
|
|
#
¿
Sep 13, 2013 21:27
|
|
|
Follow up on my BGP issues; From my ssh logs, multiple bgp resets; pre:C:\PuttyLogs>grep -ic "clear ip bgp 184.105.249.5 soft" 24.36.32.66-20130913.log 10 C:\PuttyLogs>grep -ic "clear ip bgp 184.105.249.5$" 24.36.32.66-20130913.log 2 I don't loving know.
|
|
#
¿
Sep 16, 2013 17:45
|
|
|
If I have three subinterfaces on my router, will a QoS policy applied to the physical interface cover all three subinterfaces? Our SIP trunk runs on one of the subinterfaces, with Internet traffic on the other two. I'm looking for a way to prioritize the SIP traffic.
|
|
#
¿
Dec 3, 2013 16:55
|
|
|
Does URPF work on subinterfaces? Here's the config I'm using, pre:interface GigabitEthernet1/1 no ip address ! interface GigabitEthernet1/1.101 encapsulation dot1Q 101 ip address 10.0.1.1 255.255.255.0 ip verify unicast source reachable-via rx ! interface GigabitEthernet1/1.102 encapsulation dot1Q 102 ip address 10.0.2.1 255.255.255.0 ip verify unicast source reachable-via rx ! interface GigabitEthernet1/1.103 encapsulation dot1Q 103 ip address 10.0.3.1 255.255.255.0 ip verify unicast source reachable-via rx pre:#show ip verify source interface GigabitEthernet 1/1.101
^
% Invalid input detected at '^' marker.
#show ip verify source interface GigabitEthernet 1/1.102
^
% Invalid input detected at '^' marker.
#show ip verify source interface GigabitEthernet 1/1.103
^
% Invalid input detected at '^' marker.
#
#show ip verify source interface GigabitEthernet 1/1
IP source guard is not configured on the interface Gi1/1
|
|
#
¿
Feb 12, 2014 00:48
|
|
|
ragzilla posted:Looks like it reports on 'show ip int <intf>': Yup, that did it. Thanks. I'm not entirely where allow-default comes into play with URPF. 'ip verify unicast source reachable-via rx' is strict mode, so only the network on the interface is allowed ingress into the interface. 'ip verify unicast source reachable-via any' is loose mode, so any IP matching a route in the routing table is allowed ingress. But what does the allow-default do?
|
|
#
¿
Feb 13, 2014 18:45
|
|
|
We use the old Xangati flow analyzer that was purchased by Calix.
|
|
#
¿
Feb 28, 2014 01:22
|
|
|
I know a 3750 can pass double tagged traffic, but I've never used one to actually do the double tagging. (We push the tag at the customer NID.) Here is Cisco's page on qinq for the 3750, it certainly looks possible.
|
|
#
¿
May 15, 2014 20:17
|
|
|
When you create a VRF, which part of the rd makes the route table unique? So if I have pre:ip vrf VRF1 rd 10:10 ip vrf VRF2 rd 10:11
|
|
#
¿
Aug 7, 2014 18:19
|
|
|
Thanks. The documentation I was looking at wasn't real clear on exactly what the two numbers in the RD do. Just that it was in the form of [ASN|IP]:XX. I wasn't clear if it was creating a routing table [ASN|IP] and XXX identified the VRF in that routing table or what. So is the second part of the RD arbitrary?
|
|
#
¿
Aug 7, 2014 23:15
|
|
|
ragzilla posted:3 mins seems really slow to withdraw Google's ~300 prefixes they advertise in Chicago. The default BGP dead timer is 60 seconds, three timers have to be missed in order for it to become a dead session. Just an idea where that three minutes could be coming from.
|
|
#
¿
Sep 23, 2014 21:10
|
|
|
Edit: I'm stupid. Thought you were asking for the Cisco side config.
Filthy Lucre fucked around with this message at 01:48 on Feb 16, 2015 |
|
#
¿
Feb 16, 2015 01:45
|
|
|
Don't most of the nextgen firewalls just use NBAR to recognize P2P traffic? An encrypted Bittorrent session should be unrecognizable to NBAR. For the customers I have had request blocking but refuse to spend any money, I went the ACL route. Before you put it in place, you need to be completely clear with them that it may interfere with some legitimate traffic. I permit udp 53, tcp 25,80,110,143,443,587,993,995, and icmp.
|
|
#
¿
Mar 7, 2015 00:23
|
|
|
BGP design question(s) about this topology;  All PE routers are route reflector clients in AS100, full mesh iBGP exists between R1, R2, R3, and R4. From what I understand, this is a fairly common design. In this design, are R3 and R4 also route reflector clients of R1 and R2? If not, what function does R1 and R2 serve? No traffic other than BGP route information would be sent to R1 or R2, any real traffic would stay on the link between R3 and R4 depending on which PE router it needed to go to.
|
|
#
¿
Mar 9, 2015 17:05
|
|
|
Are there any substantial difference between the 642-902 (CCNP Route) exam and the new 300-101 (Routing V2) exam? From what I understand, the 300 exam has replaced the 642 for the CCNP. I'm supposed to take the 300 exam in a few months, but I just realized Odom's book that I have been using is for the 642 exam. Edit: New exam is 300-101, not -001. Filthy Lucre fucked around with this message at 15:21 on Apr 21, 2015 |
|
#
¿
Apr 21, 2015 15:07
|
|
|
Wireshark can rotate log files by time or by file size. I would also set up a capture filter so you're only recording VOIP traffic instead of filling up the file with unrelated traffic.
|
|
#
¿
May 15, 2015 20:08
|
|
|
Default STP priority is 32768, priority values are 0-65535 have to be multiple of 4096. Zero is the best priority, 65535 the worst. Not sure what the HP is doing if it is accepting priority values of 11. Using 11*4096, maybe? Edit: had my Max STP value off by one. Filthy Lucre fucked around with this message at 21:06 on May 28, 2015 |
|
#
¿
May 28, 2015 20:45
|
|
|
Powercrazy posted:Anyone know any good online resources for anycast, BGP/DNS? Just looking to brush up and make sure that how I think it works is how it actually works. Real-world IPv6 setup would be cool too. Just a normal google search is surprisingly sparse, except for one cisco command reference paper. Anycast DNS is pretty straightforward. You have your DNS server participate in your IGP (we use OSPF), then put the anycast address on as a loopback adapter. The servers look just like another router with a path to the DNS server as far as the IGP is concerned. Here's a bad drawing I made to explain it to a coworker one time; 
|
|
#
¿
Jul 28, 2015 16:50
|
|
|
Wireshark your connection and try to ping your IP from an off-site location. You should eventually see an ARP request from the upstream router. Everywhere I've ever worked has used either the first or last usable IP in the subnet as the gateway, you could also try both of those.
|
|
#
¿
Oct 13, 2015 18:13
|
|
|
Something else to keep in mind in your scenario is that you are only affecting the egress traffic from AS200. The return traffic from the 30.30.30.0/24 network in AS100 are still coming in across the direct connection between AS100 and AS200.
|
|
#
¿
Dec 15, 2015 23:44
|
|
|
Most providers don't accept anything larger than a /24 prefix via BGP to keep the global table from getting out of hand. I'm guessing you have two connections to GTT and are just doing BGP with them for redundancy? I can't imagine any other carrier accepting a /27 from some one else's allocation via BGP.
|
|
#
¿
Dec 17, 2015 19:59
|
|
|
Methanar posted:Neat. Start introducing iBGP inside your AS. For example, in AS200 you would have separate routers connected to AS100 and AS300. Build a large BGP core in a single AS (4+ routers). Then collapse that into a 2 router core with Route Reflectors.
|
|
#
¿
Dec 17, 2015 20:11
|
|
|
10.1.0.0/19 would be 10.1.0.0 - 10.1.31.255. If you need four /24 networks, you would use a /22. If you specifically needed 10.1.1.0/24 through 10.1.4.255, you would have to use 10.1.0.0/21 and have some unused space. 10.1.0.0/22 would be 10.1.0.0 -10.1.3.255, so if you needed 10.1.4.0/24, you'l need to shift over one more bit.
|
|
#
¿
Dec 31, 2015 21:00
|
|
|
Let's say you want to know how many /24 networks are in a /18. 24 - 18 = 6. The largest number you can create with six bits is 63 (1+2+4+8+16+32), so there are 64 /24 networks in a /18. Basically, just figure out how many bits you have between your network mask (/18), your subnet mask is (/24), and how big of a number you can make with the difference.
|
|
#
¿
Jan 14, 2016 03:31
|
|
|
It's just 'show mac-address' on a Procurve, for the ARP table, it's 'show arp' ('| i <MAC>' is useful if you're looking for a single entry).From my Procurve posted:# show mac-address ?
|
|
#
¿
Jan 16, 2016 00:04
|
|
|
Jedi425 posted:The good news is a lot of the basic stuff you'll learn in the CCNA will apply to the ASA, there's just a lot of weird little differences in the syntax and such, because the ASA doesn't run IOS, it runs its' own thing. For example, ASA Access Control Lists use subnet masks, not wildcard masks like IOS ACLs do. Why? 'gently caress you, that's why' is the best answer I ever came up with. My personal favorite is IOS 'show ip int br' vs the ASA's 'show int ip br'. That just seems like a totally useless gently caress you move.
|
|
#
¿
Apr 12, 2016 21:17
|
|
|
My Telia link does about 30% of the traffic I see coming in from Zayo or Hurricane Electric.
|
|
#
¿
May 3, 2016 22:15
|
|
|
Farking Bastage posted:description LACP-Master-Router Not sure if it's the problem, but you're not actually using LACP. On is for static etherchannels. If the other end is actually expecting LACP, you need to use active or passive (if the other end is active). I usually just set both ends of the etherchannel to active since active/active doesn't hurt anything. On = you're in a etherchannel, no negotiation Active = try to set up an LACP channel Passive = wait for the other end to set up the LACP etherchannel Auto = wait for the other end to set up the PAgP etherchannel Desirable = try to set up a PAgP channel
|
|
#
¿
Sep 20, 2016 22:22
|
|
|
Anyone know how to reset the root password on a Cisco ASR 9000? I set the root password to something dumb/easy while configuring it and hosed if I can figure out how to change it to a more secure password now that I'm done.
|
|
#
¿
Sep 23, 2016 19:41
|
|
|
Thirteenth Step posted:support role without having to occasionally deal with plugging people's mice in for them. There's no getting away from stupid, instead of plugging in people's mice for them you'll just get asked different but equally stupid questions. Some of my favorites from supposedly "Senior" network technicians; 1) Do I need an SFP on both sides of the fiber? 2) The follow up to 1; Does having an SFP on both ends double the bandwidth? 3) Does the wavelength of my SFPs have to match? (He was trying to make an 850nm short range multimode SFP work with a 1550nm long range single mode SFP) 3) Why won't it let me put in 192.168.1.1 for my gateway? (His IP was 10.1.x.x/24) 4) When I plug cables A and B from Switch1 into Switch2, why does my network go down? (He had disabled spanning tree and was creating a loop, hello broadcast storm!) 5) Why doesn't "deny ip host 192.168.1.100 any" work in this ACL? (The subnet for that interface was 10.1.x.x/24)
|
|
#
¿
Sep 26, 2016 19:33
|
|
|
Methanar posted:How can I gracefully cease all traffic on one of my wan links? neighbor 1.1.1.1 shutdown That will shut down the BGP session with your neighbor, causing all the routes over that link to withdraw and start using other links. I usually see all traffic cease in a couple of minutes, but I imagine it would depend on the size of your network/other peering.
|
|
#
¿
Nov 4, 2016 22:14
|
|
|
|
| # ¿ May 14, 2024 18:55 |
|
|
Is there a way to do BFD across Loopback interfaces? Router A is a route reflector client of Router C, Loopback0 is 10.0.0.1/32. Router A is directly connected to Router B. Router C Loopback0 is 10.0.0.3/32. Router C is directly connected to Router B. BGP Session is between 10.0.0.1 and 10.0.0.3. Routers A and C have routes to each other's Loopback Address via OSPF. I would like to run the BFD across the BGP session for faster failure detection, but all I'm finding are examples on two directly connected interfaces.
|
|
#
¿
Nov 10, 2016 00:16
|
|