|
Jeff73 posted:Korensky, how did MST fail and what was the fix? 5 switches. 4 of them in a loop-type topology with GEC trunks. Switches 1-3 running MST, switch 4 running PVST (whoops). Switch 5 was hanging off switch 1 on a fibre spur to another floor but still ran MST. What threw me off the problem initially was the huge amount of traffic between switch 1 and 5 which made me think the problem was there (switch 5 was just bigger and badder than the rest - sup 5 4506). But yea... switch 4 running PVST and having both it's GEC links unblocked ended up being the root cause (configuration oversight when the gear was deployed).
|
#
?
Jul 25, 2007 00:02
|
|
|
|
| # ? Apr 27, 2024 01:37 |
|
|
Korensky posted:PVST in an MST loop. Ack. I had the reverse situation for a bit, but the rogue thankfully had no redundant links. jwh posted:How about some of these? Interesting. I suspect I'd need to buy a version that doesn't require reading. By the way, did 8.0(2)'s VPN VLAN support resolve your default route problem a few pages back?
|
|
#
?
Jul 25, 2007 01:45
|
|
|
Jeff73 posted:Interesting. I suspect I'd need to buy a version that doesn't require reading. By the way, did 8.0(2)'s VPN VLAN support resolve your default route problem a few pages back? In other words, you can drop users into vlans on the inside no problem, but good luck getting them out of there with any intelligence. We've scrapped the ASA's for now, and are looking to do vpn remote-access termination with an IOS based platform and new PA-VSA or whatever the successor to the VAM2+ is. IOS is much smarter at routing than ASA, which is to be expected, so it's a good fit. Ultimately, we just needed VRF capabilities. I've labbed the entire thing out, and we'll be going to a phase 2 limited production deployment soon. There are still a few issues, namely IOS vtemplate manager not reclaiming cloned virtual-access interfaces all the time, and IP local pools not always being freed up when a client disconnects unexpectedly- pool IP's show tied up by IKE hwidb's. Anyway, speaking of spanning-tree, when is it worth going to MST? I'm not much of a spanning-tree wizard, and currently we're toting around somewhere in the neighborhood of ~100 vlans on our most critical trunks, but with a collapsed distribution/access model and vtp pruning enabled. Everything right now is PVST, but we're not utilizing per-vlan cost features. Worth considering MST at this point?
|
|
#
?
Jul 25, 2007 01:53
|
|
|
So here's a question. I'm dinking with getting an 1811 and getting a second Internet connection, one DSL the other Cable. Whats the best way to load balance between the two interfaces? CEF or what?
|
|
#
?
Jul 25, 2007 03:42
|
|
|
jwh posted:Anyway, speaking of spanning-tree, when is it worth going to MST? I'm not much of a spanning-tree wizard, and currently we're toting around somewhere in the neighborhood of ~100 vlans on our most critical trunks, but with a collapsed distribution/access model and vtp pruning enabled. Everything right now is PVST, but we're not utilizing per-vlan cost features. Worth considering MST at this point? If everything in your topology can run MST+RSTP, you want to configure load-balancing later and it wouldn't be an enormous headache to change, I'd say yes. I don't know at what number of vlans the drop from running 100+ spanning tree instances to 1 would translate to a real performance increase, but it can't hurt to reduce CPU load while maintaining flexibility and boosting convergence speed. If you have scattered equipment that can't run it, though, you'll end up with MST regions divided by devices that see them as giant CST switches, which sounds terrible. Also I think Cisco's MST is limited to the IST + 15 MSTIs, so if you want to set up crazily-complex balancing schemes you might have to pinch your network off into regions anyway. If you have time, set up a few switches in your lab with PVST+ and your network's number of vlans, track the switches' stats and convergence time, swap them to MST, record again and decide if that change warrants the effort it'd take to migrate.
|
|
#
?
Jul 25, 2007 03:46
|
|
|
I can get a cisco 2620 with a T1 WIC from work for cheap. It was made prior to 2002. Would getting it help me earn my CCNA?
|
|
#
?
Jul 25, 2007 04:05
|
|
|
landoverbaptist posted:I can get a cisco 2620 with a T1 WIC from work for cheap. It was made prior to 2002. Would getting it help me earn my CCNA? How cheap is "cheap"?
|
|
#
?
Jul 25, 2007 06:23
|
|
|
CrazyLittle posted:How cheap is "cheap"? under a hundred
|
|
#
?
Jul 25, 2007 06:24
|
|
|
landoverbaptist posted:under a hundred How much flash memory and how much DRAM? It can't hurt to have on hand - you might not be able to run newer IOS but at the least you can learn the routing concepts and basic commands faster by being able to use an actual router device. Really you would need TWO routers with T1 WICs in them so that you could actually make a two-network lab that you're routing between. If that's not an option due to space or due to money, see about getting some of the router simulator software packages and decide if those would work better for you.
|
|
#
?
Jul 25, 2007 06:27
|
|
|
XakEp posted:So here's a question. I'm dinking with getting an 1811 and getting a second Internet connection, one DSL the other Cable. Whats the best way to load balance between the two interfaces? CEF or what? Check out OER: http://www.cisco.com/en/US/products/ps6628/products_ios_protocol_option_home.html That's actually a good price for the 2620. A WIC-1DSU-T1 version one or two is still fairly expensive to begin with. You won't have access to 12.4 IOS, but that's probably fine.
|
|
#
?
Jul 25, 2007 15:58
|
|
|
jwh posted:Check out OER: http://www.cisco.com/en/US/products/ps6628/products_ios_protocol_option_home.html Ya know, I haven't found anyone who's actually implemented that correctly yet. I've had a ticket open with Cisco TAC for 3 months now which has been escalated twice, and yet they still can't figure out why the border/master isn't actually performing any heartbeats or changing any of the route metrics. That's also considering that I've repeatedly told them that none of the configuration lines they've given me actually assign any OER policies to any real interfaces.  That said, XakEp, you can also look into Policy-Based Routing, which isn't as slick as OER but offers some minor load balancing and hot-spare failover. jwh - if you feel like taking a look I'd appreciate if you could help me out (off-forums) with the OER configs I was working on.
|
|
#
?
Jul 25, 2007 16:32
|
|
|
All I know about OER is what I found in the design doc "Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4T". I haven't used it myself. OER is one of those things that's apparently new enough to not work correctly unless you stumble upon the one IOS image that was broken in such a way as to accidentally fix it. Are you running OER MC/BR on a single router, or distributed?
|
|
#
?
Jul 25, 2007 17:29
|
|
|
Great news my boss said I can have that 2620 for free if I promise to try for a CCNA this year! hooray
|
|
#
?
Jul 25, 2007 17:50
|
|
|
landoverbaptist posted:Great news my boss said I can have that 2620 for free if I promise to try for a CCNA this year! hooray That must be nice. I get to work 60 hours next week pushing racks around. God I hate my job. 
|
|
#
?
Jul 25, 2007 17:53
|
|
|
jwh posted:All I know about OER is what I found in the design doc "Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4T". I haven't used it myself. Yeah. I think my ticket dragged on so long that Cisco decided to transfer my TAC rep out of the department so they wouldn't have to fire them. Currently the router's setup for PBR because well... it just works. It's an 1841 acting as both border and master. landoverbaptist posted:Great news my boss said I can have that 2620 for free if I promise to try for a CCNA this year! hooray hah  You should have pushed for an 1841 instead.
|
|
#
?
Jul 25, 2007 18:10
|
|
|
jwh posted:All I know about OER is what I found in the design doc "Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4T". I haven't used it myself. I'll be running it on a single router. No need to get really fancy. If I run into problems I'll post them up here. Thanks!
|
|
#
?
Jul 25, 2007 23:32
|
|
|
XakEp posted:I'll be running it on a single router. No need to get really fancy. If I run into problems I'll post them up here. Thanks! Hell if you do get it running, post the config.
|
|
#
?
Jul 25, 2007 23:41
|
|
|
XakEp posted:So here's a question. I'm dinking with getting an 1811 and getting a second Internet connection, one DSL the other Cable. Whats the best way to load balance between the two interfaces? CEF or what? As noted I think you're going to be stuck with OERs "dick around with default routing based on ping tests to an upstream address" feature. Two equal metric default routes will load balance on a per session basis without you having to do anything (nat would need some work). The problem is that if you have an ethernet connection to an external dsl or cable modem, that interface isn't going to go down when the dsl or cable service does.
|
|
#
?
Jul 25, 2007 23:58
|
|
|
inignot posted:As noted I think you're going to be stuck with OERs "dick around with default routing based on ping tests to an upstream address" feature. Yeah, I'd thought of this. Not sure what to do, other than possibly do a straight 50/50 split.
|
|
#
?
Jul 26, 2007 01:12
|
|
|
inignot posted:The problem is that if you have an ethernet connection to an external dsl or cable modem, that interface isn't going to go down when the dsl or cable service does. Ugh, this is the thing I hate the most about cable/dsl. We have a deployed base of about 100 broadband sites, and we can't use our standard monitoring packages to detect link failure, because the link doesn't typically go down. I don't understand why cable/dsl modems can't be configured to down the ethernet side if the cable/dsl side is down. It would make life so much easier.
|
|
#
?
Jul 26, 2007 01:31
|
|
|
does anyone know how to tell what type of PVDM module i have installed in a 2851 with CCME? sh ver, and sh hardware haven't given me any love.. i think it might be something to do with sh voice dsp but its not making much sense at the moment... cheers
|
|
#
?
Jul 27, 2007 06:53
|
|
|
try:code:
|
|
#
?
Jul 27, 2007 07:26
|
|
|
worked a treat thanks!
|
|
#
?
Jul 27, 2007 07:48
|
|
|
jwh posted:Ugh, this is the thing I hate the most about cable/dsl. We have a deployed base of about 100 broadband sites, and we can't use our standard monitoring packages to detect link failure, because the link doesn't typically go down. You can use big brother for this. In fact, We use bbro at work to monitor our static DSL customers so that we can pro actively repair their service before they realize they're out. Bbro could easily scale to your 100 sites and you'd be able to monitor all of them in one convenient web interface. PS Anyone want some spaghetti?  You don't even want to see the back. Oh and one last thing. Does anyone have a 2500 series with two Fast Ethernet ports that you don't want? Paul Boz_ fucked around with this message at 13:20 on Jul 28, 2007 |
|
#
?
Jul 28, 2007 13:09
|
|
|
Paul Boz_ posted:Oh and one last thing. Does anyone have a 2500 series with two Fast Ethernet ports that you don't want?  If you don't like the sound of ebay for Cisco kit, you should be able to find a local(ish) second source supplier that has pre-loved kit cheaply.
|
|
#
?
Jul 28, 2007 15:26
|
|
|
Hey guys, I think it's about time for me to start studying for the CCNP. What literature would you recommend to prepare for it? How long after your CCNA did you go for the CCNP? How long after CCNP did you go for CCIE? Also, how many of you are CCIE? I figured they would be pretty rare.. But they aren't, it seems. v  v
|
|
#
?
Jul 28, 2007 21:36
|
|
|
Arkady posted:Also, how many of you are CCIE? I figured they would be pretty rare.. But they aren't, it seems. v I'm driving to RTP tomorrow. 
|
|
#
?
Jul 28, 2007 23:28
|
|
|
I started reading the Cisco Press books for my CCNP right after my CCNA but as of yet I've only finished my BCMSN, about to take my BCSI. The Cisco Press books were A++ for the CCNP but were utterly terrible when I took the CCNA, so I'd give them a look.
|
|
#
?
Jul 28, 2007 23:31
|
|
|
inignot posted:I'm driving to RTP tomorrow. Good luck! Routing and switching?
|
|
#
?
Jul 29, 2007 05:25
|
|
|
nene posted:Uh, the 2500 never had FE ports - a 2621 is probably what you're after I meant a 2500 with two FA ports via WIC.
|
|
#
?
Jul 29, 2007 08:44
|
|
|
Arkady posted:Also, how many of you are CCIE? I figured they would be pretty rare.. But they aren't, it seems. v Failed the R&S written test about 18 months ago by a few marks (Thx EIGRP) and didn't bother re-taking it since I moved into much more VOIP focused roles that had me using other kit. CCNP is going to expire in a month so I'll probably give the written another shot (and study useless poo poo like EIGRP this time). Paul Boz_ posted:I meant a 2500 with two FA ports via WIC. Pretty sure 2500s are fixed config only (at least all the ones I can remember seeing). I think you're thinking of the 2600 - and even then, relying on this failing memory, FA was only on NMs not WICs --- and 2600 only supported 1 NM?
|
|
#
?
Jul 29, 2007 09:24
|
|
|
jwh posted:Good luck! Routing and switching? Yeah, I'm going to go put in failure number 2. Given that I haven't even begun to study multicast & QoS I know I'm going to fail. At the very least I get to see another copy of the exam & sanity check my progress on IGP & EGP routing.
|
|
#
?
Jul 29, 2007 16:32
|
|
|
Paul Boz_ posted:I meant a 2500 with two FA ports via WIC. In fact the 2500 never even had 10BaseT let alone 100BaseT. You got an AUI port and had to supply your own transciever. (Up hill both ways, in snow, broken glass yadda yadda) Also, you can't get an FE port on a WIC. You can get 10BaseT on a WIC assuming that whatever you put it into supports it, though. The only thing close to that is a HWIC, but that won't fly unless the base router supports it, again. Korensky posted:Pretty sure 2500s are fixed config only (at least all the ones I can remember seeing). I think you're thinking of the 2600 - and even then, relying on this failing memory, FA was only on NMs not WICs --- and 2600 only supported 1 NM? The 2500s were solid beasts, but they were slow as hell and only ever sold in a variety of fixed configurations, with serial ports and an AUI or Token Ring port. There's actually probably still a lot in use, especially the version with 16 Async ports. The 26xx and 26xx XM series has one NM slot and two WIC slots. 261x series is 10BaseT, 262x series is 100BaseT, with the last digit being 0 or 1 to signify with it had one or two on board ethernet ports.
|
|
#
?
Jul 29, 2007 16:50
|
|
|
Has anyone taken the new Advanced Wireless exam yet (642-587 AWLANFE)? The exam was just updated last month, Test King released their new revision but it doesnt cover most of what is on the test. I also went through all of the test materials on the partner E-learning center and that doesnt seem to be up with the material on the new test either....Any recommendations for other places to look? (I have to pass the exam for work)
|
|
#
?
Jul 29, 2007 17:40
|
|
|
inignot posted:Yeah, I'm going to go put in failure number 2. Given that I haven't even begun to study multicast & QoS I know I'm going to fail. At the very least I get to see another copy of the exam & sanity check my progress on IGP & EGP routing. Best of luck - here's to hoping you at least ace your IGP and EGP sections.
|
|
#
?
Jul 29, 2007 18:19
|
|
|
nene posted:The 26xx and 26xx XM series has one NM slot and two WIC slots. Also don't fool yourself into thinking that the NM-2FE2W will work in a 26xx series router. They won't.
|
|
#
?
Jul 29, 2007 21:25
|
|
|
nene posted:The 2500s were solid beasts, but they were slow as hell and only ever sold in a variety of fixed configurations, with serial ports and an AUI or Token Ring port. There's actually probably still a lot in use, especially the version with 16 Async ports. All of our Lab Console Servers are 2500's with the 16 Async ports. Some of they have uptimes of >1 year. But yea, they are loving slow.
|
|
#
?
Jul 29, 2007 21:32
|
|
|
Oh well, I Thought the 2500 was more modular than that, but I've really only worked with 2600's+. I don't want to spend $300 on a properly equipped 2600 though :/
|
|
#
?
Jul 30, 2007 06:05
|
|
|
I could have sworn I saw a few 2500's at weird stuff that had a WIC slot. I'm heading back there this week and I'll take another look, Paul Boz_.
|
|
#
?
Jul 30, 2007 07:09
|
|
|
|
| # ? Apr 27, 2024 01:37 |
|
|
I am in the process of upgrading my home/home office network and I have a thing for good equipment and slight 'overkill.' I was looking at the Pix 501 since I've deployed a few of them. While looking I came across the ASA 5505 and it appears to have a lot of kick rear end features/specs. Also looking in that price range at other entry level "small office" firewalls and none seem to compare (I won't touch the low end watchguards, also not a fan of sonicwall). That said, Has anyone had much experience with the ASA 5505 (or I guess the 5510)? Does it perform well for what it is? Any issues/problems with it? Thanks!
|
|
#
?
Jul 30, 2007 22:27
|
|
