|
delslo posted:I am in the process of upgrading my home/home office network and I have a thing for good equipment and slight 'overkill.' I was looking at the Pix 501 since I've deployed a few of them. While looking I came across the ASA 5505 and it appears to have a lot of kick rear end features/specs. Also looking in that price range at other entry level "small office" firewalls and none seem to compare (I won't touch the low end watchguards, also not a fan of sonicwall). That said, Has anyone had much experience with the ASA 5505 (or I guess the 5510)? Does it perform well for what it is? Any issues/problems with it? I have extensive experience with the ASA series of firewalls and the 5505 is great for small offices or home offices which require VPN concentration. My only complaint on the 5505 vs the 5510 are the licensing restrictions (only 3 vlans, 1 of those can only be used to make an interface management only). The 5505 is also great if you plan on having PoE phone devices, the one problem is that the 5505 will NOT terminate a site-to-site VPN unless you are using another ASA. 5510 is also a good choice but more suitable for a medium size office or if you require hardware IPS.
|
# ? Jul 31, 2007 02:11 |
|
|
# ? Mar 28, 2024 15:37 |
|
^^ Thanks. none of those restrictions are important to me, so I should be OK. Also, pardon my n00bness, but the 10 user licenses refer to concurrent VPN connections, not devices/users accessing the internets at the same time? If that is how it works, how well does it handle the licenses? The only other concern is how stable the intel/OS X cisco VPN client is these days.
|
# ? Jul 31, 2007 03:55 |
|
bj2001holt posted:My only complaint on the 5505 vs the 5510 are the licensing restrictions (only 3 vlans, 1 of those can only be used to make an interface management only). If you do trunking out of the 5505, you're supposed to be able to do up to 20 VLANs. -edit- ugh, I see what you mean about the licensing, without security plus it kind of sucks. -/edit- ragzilla fucked around with this message at 05:48 on Jul 31, 2007 |
# ? Jul 31, 2007 05:44 |
|
inignot posted:Yeah, I'm going to go put in failure number 2. Given that I haven't even begun to study multicast & QoS I know I'm going to fail. At the very least I get to see another copy of the exam & sanity check my progress on IGP & EGP routing. So how did it go?
|
# ? Aug 1, 2007 00:57 |
|
update: while troubleshooting a Watchguard Edge device for a client today, I became so annoyed with it and the idea that ANYONE, much less a MANAGER* at my company would recommend such a pile of poo poo to one of our clients... that I placed my order for the ASA 5505 as soon as I got off the phone. Seriously, you shouldn't have to tell a client that: "when someone in your office can't get to the internet, please power cycle your brand new firewall" (that some rear end in a top hat didn't spec right for you guys) to allow that person to get on (while kicking someone else off) delslo fucked around with this message at 01:51 on Aug 1, 2007 |
# ? Aug 1, 2007 01:45 |
|
delslo posted:update: while troubleshooting a Watchguard Edge device for a client today, I became so annoyed with it and the idea that ANYONE, much less a MANAGER* at my company would recommend such a pile of poo poo to one of our clients... that I placed my order for the ASA 5505 as soon as I got off the phone. What, is it doing a nat pool with no pat overload?
|
# ? Aug 1, 2007 02:12 |
|
I have yet to encounter a firewall that didn't make me at least partially irate. I don't like my PIX 501, and I didn't like the ASA's, although they're markedly better to work with. I'm not too crazy about NetScreen's either. We're a big CheckPoint shop, and I don't even like them very much come to think of it.
|
# ? Aug 1, 2007 02:16 |
|
The thing that pissed me off about Checkpoint was that so much hung off of pushing the policy and being the hero. This was version 4.x though. The NG seemed to be a bit better, and less wacky to bring up trust points (fw putkey, fw putlic, wow). Once you wanted to get a little deeper past the gui, the config files were a little cumbersome. They were seemed made to be edited with a gui only. Having said that, I love CP because it runs (ran) on anything, the logging/filtering is the bees knees. Well it was last time I checked. 501 was a real let down. I am still pissed I didn't keep my PIX 'Classic'. Cool looking piece, even if it was a pc with 3 intel nics and booted off an ISA Flash card.
|
# ? Aug 1, 2007 02:45 |
|
Checkpoint has a few good things going for it, and a truckload of bad things going for it. The logging is nice, although it doesn't scale well- lots of enforcement modules logging thousands upon thousands of entries per day with nightly rotation can make scouring through logs late in the evening a real chore. You can rotate out faster, but that means having to pull up hourly chunks of data at a time. There's also the issue of the object database, which is a tremendous source of entropy. My biggest problem with Checkpoint is that it's sugar-coated to appear easy to use, but the underlying mechanisms are obscure, unnecessarily complicated, and potentially disastrous. Anybody could add a few rules to a Checkpoint policy, but if the enforcement module croaks on you, or the policy corrupts, you are in a nightmare world of suffering. There's also the issue of Checkpoint not naming anything sensibly. SmartView Dashboard is the policy tool, for instance. Recently Checkpoint decided to screw around with their code train names, leading to nonsense like "RG62 NGX," whatever the christ that is. Oh well, at least the Nokia IP series boxes are pretty painless, even if the routing engines leave something to be desired. I want to like the PIX, but it just never feels right. It seems like the 7.x code is trying to make things more like IOS, which is a good thing, but it's still just different enough to irritate the living hell out of me.
|
# ? Aug 1, 2007 03:08 |
|
XakEp posted:So how did it go? It ended much like the ever replayed ski jump by Vinko Bogataj. I was only able to attempt 73 points given my lack of multicast or qos knowledge. The more I study for this test the more I'm convinced it's just a stupid router tricks test. It's odd to see full reachability via TCL scripted pings of the environment from all devices, yet the score report indicates it was all so utterly wrong. When you are directed to route a network up your rear end on odd numbered Tuesdays I guess you're supposed to sit on it instead of using your hands to insert it. There was actually a substantial difference between the second test vs the first. I imporoved in IPv6, BGP did not go so well. I think I'm going to put some effort into trying out dynamips. Netmaster Class & Internetwork Expert are producing labs for dynamips. This renting rack time once a week stuff is getting old, and it's clearly not enough.
|
# ? Aug 1, 2007 04:15 |
|
delslo posted:^^ Thanks. none of those restrictions are important to me, so I should be OK. Also, pardon my n00bness, but the 10 user licenses refer to concurrent VPN connections, not devices/users accessing the internets at the same time? If that is how it works, how well does it handle the licenses? The only other concern is how stable the intel/OS X cisco VPN client is these days. Correct, that refers to concurrent connection restrictions over VPN. The only restriction you would encounter from a devices/users perspective would be the bandwidth restrictions (150Mb/s if I remember correctly on the 5505). The Cisco VPN client on a Microsoft OS is the most stable VPN I have ever used, connections will last for days without any problems and I have never encountered any problems with the client crashing or any weird issues. I have never used the OSX client so unfortunately I cannot speak of that. With ASA 8.0 they are going to be pushing out a new type of VPN client, I haven't played with it yet but it could be interesting.
|
# ? Aug 1, 2007 05:38 |
|
inignot posted:It ended much like the ever replayed ski jump by Vinko Bogataj. I was only able to attempt 73 points given my lack of multicast or qos knowledge. Sorry to hear that. I've been toying with the idea of getting my CCIE, but I know its years away. Edit - Ok cisco gurus, I have a question for you. Yesterday here at work, we had a sudden outage in our core network. One of the core switches was experiencing "extensive memory errors and high cpu usage". He failed over to the backup switch the problem went away. He's claiming that we had a network loop because STP is disabled because of incompatibility between vendor equipment. 1) How do you disable STP and why the hell would you do that? Wouldnt disabling it reduce your switch to a hub? What does a cisco switch use instead of STP if STP isnt in use? 2) Does this sound like bullshit to anyone else? I'm responsible for signing off on this report, and its not making a whole lot of sense. 3) We've apparently had STP disabled for a long time now, why would we only just NOW suddenly develop a network loop that would take down our network? 4) How is it possible that only one switch would be effected by a network loop? XakEp fucked around with this message at 15:10 on Aug 1, 2007 |
# ? Aug 1, 2007 13:35 |
|
inignot posted:It ended much like the ever replayed ski jump by Vinko Bogataj. I was only able to attempt 73 points given my lack of multicast or qos knowledge. Congratulations on getting further sir. I have to start all over again and shake the rust off my skill set in that area. I remember failing my first certification test. I was really let down, but then a friend told me 'The guy that gets up last, wins'. I got the wind back and passed it on the next try. Of course that was a dos 6.2 / win 3.1 exam. I am sure the average failing rate for any ccie is a bit higher! Looking forward to your 'I did it' post.
|
# ? Aug 1, 2007 15:21 |
|
XakEp posted:STP stuff Without seeing what the actual errors were, "Extensive memory errors" is most likely bad hardware. 1. STP is just a protocol that lets a bunch of switches/bridges that are connected together turn off redundant paths so that a frame can't end up circling around in an endless loop. It takes about 30 seconds or so for that to happen when you turn a port on, so if you don't have any loops in your L2 network, you can disable STP to avoid the wait. Turning it off doesn't turn a switch into a hub. You just get a nasty surprise if create a loop. There's not another protocol that replaces it, just other flavors of STP. 2/3. If you've had your network running for a long time, I'd be pretty surprised to suddenly get an STP loop out of the blue. 4. Um... if you looped two ports on the same switch together you could do it. But seriously, different switches might have different symptoms (high CPU/no symptoms other than loss of traffic) depending on what type of frame is looping. In any case, the explanation you got doesn't sound right.
|
# ? Aug 1, 2007 15:41 |
|
Fleshpeg posted:Without seeing what the actual errors were, "Extensive memory errors" is most likely bad hardware. http://www.dell.com/downloads/global/products/pwcnt/en/app_note_1.pdf quote:Without STP, all switches “flood” any frames they receive with an unknown destination media access control (MAC) address. The switches will forward the frame to all interfaces, introducing duplicate frames and leading to a “loop” in which all switches continually forward all frames. This is not only inefficient but also extremely taxing on network resources. Besides violating IEEE protocols, duplicate frames can create “broadcast storms” that pose a threat to network and application stability Having never disabled STP on a switch, I have no idea what would happen, but looking through cisco's site I cant really get a clear idea of what would happen. quote:2/3. If you've had your network running for a long time, I'd be pretty surprised to suddenly get an STP loop out of the blue. Agreed, this doesnt make any sense at all. quote:4. Um... if you looped two ports on the same switch together you could do it. But seriously, different switches might have different symptoms (high CPU/no symptoms other than loss of traffic) depending on what type of frame is looping. In any case, the explanation you got doesn't sound right. No one was in the data center at the time of the outage, so I dunno how that could have happened.
|
# ? Aug 1, 2007 15:55 |
|
XakEp posted:Having never disabled STP on a switch, I have no idea what would happen, but looking through cisco's site I cant really get a clear idea of what would happen. Imagine you have two switches (A and B) connected to each other with a single link and two PCs (1 and 2) connected to switch A. PC #1 ARPs or somehow sends an L2 broadcast. It goes to switch A, which needs to send it to all its ports. It gets sent to both switch B and to PC #2. Switch B gets the frame and sends it to all its other ports. If you have spanning tree turned on in this scenario and plugged in a new PC or attached another switch, you'd have to wait for STP to converge (about 30 seconds or so) before traffic would be allowed to go through it. But since you don't have any loops, you can turn it off and can send traffic as soon as something is plugged in. Now lets take the same example and add a redundant connection between switch A and B. There's now a loop in your network. PC #1 ARPs again and switch A gets it. He now has 3 links to send it out, one to PC #2, and 2 that go to switch B. Switch B gets one of the frames and sees that he has a link to switch A that he needs to forward the broadcast to. The frame now goes back to switch A. Switch A gets it and sees that he's got links to broadcast it to, etc... You've now got traffic circling around forever. If you have STP turned on, A and B would talk to each other and one of them would end up blocking traffic from going in or out one of the ports. Let's say switch A blocks one of the ports going to switch B. When switch A gets the first packet, he sends it to switch B on the unblocked port. Switch B gets it, but he still has two forwarding connections to switch A. He sends it back to switch A on the 2nd port, but since A has blocked the port, it won't receive it, breaking the loop. I hope that kind of makes sense. It's hard to visualize without a diagram. Basically, if you connect a whole bunch of switches together and turn on STP, it figures out the minimum spanning tree that gives you one and only one path to every other switch. If you ever disconnect something or add another connection, it dynamically changes the tree for the new network.
|
# ? Aug 1, 2007 16:17 |
|
Fleshpeg posted:Imagine you have two switches (A and B) connected to each other with a single link and two PCs (1 and 2) connected to switch A. PC #1 ARPs or somehow sends an L2 broadcast. It goes to switch A, which needs to send it to all its ports. It gets sent to both switch B and to PC #2. Switch B gets the frame and sends it to all its other ports. If you have spanning tree turned on in this scenario and plugged in a new PC or attached another switch, you'd have to wait for STP to converge (about 30 seconds or so) before traffic would be allowed to go through it. But since you don't have any loops, you can turn it off and can send traffic as soon as something is plugged in. THen the question is, with STP disabled does the switch still learn mac addys at all or does it function like a hub and just forward packets out every port? Learning Mac addys is core to STP. With STP off, what does the switch do in absence of this?
|
# ? Aug 1, 2007 16:49 |
|
XakEp posted:Learning Mac addys is core to STP. XakEp posted:With STP off, what does the switch do in absence of this?
|
# ? Aug 1, 2007 17:04 |
|
ior posted:Not really. Now I feel dumb. Time to go read up.
|
# ? Aug 1, 2007 18:02 |
|
For future reference, i did some simple testing on an 2621 and found that it maxes out at about 50mbit. Three NATed streams results in 100% cpu usage. So unless you are a swede a 2621 should work nicely for home use. Found a free newish 806 but those things only have 10mbit ports Edit: To comment on ior's post further down. The traffic is three FTP threads from two localish servers. Packetsize should hover around 1500 unless something retarded is going on. conntrack fucked around with this message at 18:25 on Aug 1, 2007 |
# ? Aug 1, 2007 18:09 |
|
Is there a way to alter the access list of a PIX 515e on a live network without it being automatically removed from the interface? I have an entry that needs to go at the very top. Should I just write it up in notepad and execute it quick to minimize downtime? I'm worried about making typo or something and then I have a half finished ACL with erroneous entries that I have to clean up. So, editing a firewall ACL without downtime. Impossible?
|
# ? Aug 1, 2007 18:13 |
|
conntrack posted:For future reference, i did some simple testing on an 2621 and found that it maxes out Keep in mind that packet sizes and number of flows matters. My 871 is rated for the same amount of PPS that a 2621. When maxing out my connection (10Mbit) with torrent traffic it hovers at about 50% cpu. In theory mine would therefore max out at about 20Mbits simplex with my traffic patterns. But yes, a 2621 is a great home / learning router.
|
# ? Aug 1, 2007 18:17 |
|
XakEp posted:1) How do you disable STP and why the hell would you do that? Wouldnt disabling it reduce your switch to a hub? What does a cisco switch use instead of STP if STP isnt in use? It's been a long time since I've disabled STP, but if I remember right you just add a "no span" command under the vlan interface. The only reason I've ever had to do it was due to problems with network timeout incompatablities with certain versions of Novell's client32 and 3c90x NICs. It's been a LONG time since I've seen a similar problem to that (about 8-9 years ago) quote:Does this sound like bullshit to anyone else? I'm responsible for signing off on this report, and its not making a whole lot of sense. It sounds reasonable to me, as long as he identified the source of the loop. A loop can take down a network pretty quick. quote:3) We've apparently had STP disabled for a long time now, why would we only just NOW suddenly develop a network loop that would take down our network? Well, something would have had to change to cause a loop. Like connecting an extra switch or WAP that looped back to your network. quote:4) How is it possible that only one switch would be effected by a network loop? If STP is disabled everywhere it would be odd that only one device was effected. Maybe you have one vlan that is only on that switch and it isolated the flood? Hard to say.
|
# ? Aug 1, 2007 19:45 |
|
TheCaptain posted:Is there a way to alter the access list of a PIX 515e on a live network without it being automatically removed from the interface? I have an entry that needs to go at the very top. Should I just write it up in notepad and execute it quick to minimize downtime? I'm worried about making typo or something and then I have a half finished ACL with erroneous entries that I have to clean up. I am crap at PIX, but I've had to write up a bunch of rule changes for our firewall gents to implement. I believe there is a feature for line numbers in PIX acls. Pull your existing ACL out & put it back in using gapped line numbers (line 10, line 20, etc) for future expansion.
|
# ? Aug 1, 2007 22:14 |
|
I am looking to overhaul our firewall/VPN situation (as in we don't have one other than a W2K3 box serving pptp connections). It is one main office going through a cisco 1720 with a dozen servers and 100 users. Also we have 6 remote offices that we would like to have site to site vpn access that have no more than 20 users. We will also need mobile VPN for ~25 uses via radius or AD LDAP auth. I am leaning towards the ASA5510 w/ ASA5505s at the remote site. I have no ASA experience but I'm not terribly worried for myself but I am concerned if I keeled over there is nobody else here who does networking. Is the GUI for the ASAs good enough a general computer person could operate them or would watchguard, checkpoint, sonicwall, etc have a better solution? The other thing I would like to do is put in vlans due to the CFD cluster we are going to be building shortly. While having a semi-decent gui takes precedence it would be nice.
|
# ? Aug 1, 2007 22:38 |
|
Mr. Fossey posted:I am looking to overhaul our firewall/VPN situation (as in we don't have one other than a W2K3 box serving pptp connections). It is one main office going through a cisco 1720 with a dozen servers and 100 users. Also we have 6 remote offices that we would like to have site to site vpn access that have no more than 20 users. We will also need mobile VPN for ~25 uses via radius or AD LDAP auth. I am leaning towards the ASA5510 w/ ASA5505s at the remote site. My suggestion, but this can be done in multiple ways. 5510 at the main branch 2821 or 2851 at main branch for site-to-site termination 871s at each remote branch You can run 5505s at the remote branches but you will need a much beefier ASA at the main branch if you are going to be terminating that many connections to one device. Cost will be higher but security will be tighter. Also, if I remember correctly you cannot run multiple VLANS over a site-to-site VPN with the 5505, which is why I recommend using the 871s or even 2811s, especially if you ever plan on running voice at the remote sites.
|
# ? Aug 2, 2007 03:02 |
|
Already have an open TAC case but in case anyone here's seen it before: Turning up a new 7609 w/ RSP720s. We can get both RSPs up in SSO mode, but as soon as we turn on dcef-only fabric switching mode, the redundant RSP is no longer able to boot, it gets all the way up into the RP code, then abruptly drops to ROMMON and we get the following message on the active sup: code:
|
# ? Aug 2, 2007 03:37 |
|
TheCaptain posted:Is there a way to alter the access list of a PIX 515e on a live network without it being automatically removed from the interface? I have an entry that needs to go at the very top. Should I just write it up in notepad and execute it quick to minimize downtime? I'm worried about making typo or something and then I have a half finished ACL with erroneous entries that I have to clean up. Hey, sorry I missed your previous IMs. It depends on the version of code. I think line numbers were introduced in 6.3. access-list foobar line X ... Depending on load and ACL size there could be a brief impact to traffic. This is due to ACL compilation which is an option in 6.3 and default in 7+. Mr. Fossey posted:I am looking to overhaul our firewall/VPN situation (as in we don't have one other than a W2K3 box serving pptp connections). It is one main office going through a cisco 1720 with a dozen servers and 100 users. Also we have 6 remote offices that we would like to have site to site vpn access that have no more than 20 users. We will also need mobile VPN for ~25 uses via radius or AD LDAP auth. I am leaning towards the ASA5510 w/ ASA5505s at the remote site. ASDM is pretty good. The biggest deal with any of this stuff is doing a little reading. For basic administration ASDM is pretty idiot proof. Do yourself a favor and pretend watchguard doesn't exist. I'd say do the same with sonicwall. Checkpoint, meh. I don't like the policy structure. I like PIX and ASA, but I work with them every day so familiarity and all that. Disclaimer, I work for Cisco. Is all of this traffic hub to spoke or do the spokes need to chat to one another? I'd think you'd want routers if its the latter, that way you can use DMVPN. You'd probably want something larger than a 5510 for your hub but work with some presales people. I don't do a whole hell of a lot of design work. Tremblay fucked around with this message at 05:54 on Aug 2, 2007 |
# ? Aug 2, 2007 05:35 |
|
Girdle Wax posted:Already have an open TAC case but in case anyone here's seen it before: Do a show mod, and make sure that the RSP with the lowest firware revision is the active one. If they are both the same firmware and otherwise identical, then it sounds like you discovered a bug. Also what code are you using? SRA, SRB, SRB1 or SRB2 (not sure if SRB2 is deployed yet). e: If you want, I can try to reproduce the error in the Lab tomorrow, since we aren't really doing anything anyway, besdies that I'd like to know if this is a common problem so that I can save the day whenver we have a Demo that runs into a similiar problem. ate shit on live tv fucked around with this message at 05:54 on Aug 2, 2007 |
# ? Aug 2, 2007 05:50 |
|
Powercrazy posted:Do a show mod, and make sure that the RSP with the lowest firware revision is the active one. If they are both the same firmware and otherwise identical, then it sounds like you discovered a bug. It's SRB1, and yeah, there's a known bug (CSCsj12034), which is fixed in 12.2(33.1.1)SRB, but we're stuck waiting for SRB2 unless TAC can/will provide the rebuild. Both RSPs have the same Hw/Fw/Sw versions (both purchased brand new at the same time).
|
# ? Aug 2, 2007 15:22 |
|
I'm wondering if anyone here has had a similar problem, or can offer some advice as to the solution. I am installing a bunch of 3845 routers with NM-4T cards in, recently I have had a set of cards fail on me. The error I get is code:
At the moment we are replacing the cards as they fail but we are worried that 3 out of 6 cards have failed in the last 3 months.
|
# ? Aug 3, 2007 09:29 |
|
Tremblay posted:Hey, sorry I missed your previous IMs. It depends on the version of code. I think line numbers were introduced in 6.3. Thanks for the response. This version hasn't introduced accesslist numbers yet and PDM isn't installed. I ended up just asking permission to have a brief lapse in connectivity and applied the new rules successfully without too much noise.
|
# ? Aug 3, 2007 17:20 |
|
Sneaksie posted:At the moment we are replacing the cards as they fail but we are worried that 3 out of 6 cards have failed in the last 3 months. Are they honest-to-god real Cisco cards? We've had 3 out of a 4-card purchase of WIC-T1-V2's and that's pretty much because they're all cheap chinese counterfeit WICs
|
# ? Aug 3, 2007 17:39 |
|
CrazyLittle posted:Are they honest-to-god real Cisco cards? We've had 3 out of a 4-card purchase of WIC-T1-V2's and that's pretty much because they're all cheap chinese counterfeit WICs Is there a market for those serial cards? We have like 50 of them in the poo poo heap at work.
|
# ? Aug 3, 2007 18:15 |
|
CrazyLittle posted:Are they honest-to-god real Cisco cards? We've had 3 out of a 4-card purchase of WIC-T1-V2's and that's pretty much because they're all cheap chinese counterfeit WICs Are they WIC-1T's, or WIC-1DSU-T1? Apparently there are a lot of counterfit WIC-1DSU-T1's around, especially the V1's with the four big Taiwanese capacitors.
|
# ? Aug 3, 2007 18:42 |
|
conntrack posted:Is there a market for those serial cards? We have like 50 of them in the poo poo heap at work. Yes, because the new routers 28xx and 18xx series routers only accept V2 WICs. jwh posted:Are they WIC-1T's, or WIC-1DSU-T1? WIC-1DSU-T1-V2 And when you purchase them on eBay for ~$100, you can guarantee they're going to be counterfeit. poo poo, if it was just a cap problem I'd break out my soldering iron any day, but I don't think that's what's going on here.
|
# ? Aug 3, 2007 19:11 |
|
CrazyLittle posted:Are they honest-to-god real Cisco cards? We've had 3 out of a 4-card purchase of WIC-T1-V2's and that's pretty much because they're all cheap chinese counterfeit WICs Definatly Cisco cards, bought from Cisco direct (or at least thats what my buyer tells me) I recieved one of the faulty cards back yesterday and the build quality is really low; dry solder, missing solder, chips not straight, gouges in the board. I have also checked the ones in stock and it looks like it may be a dodgy batch. We are raising a TAC at the moment.
|
# ? Aug 4, 2007 10:42 |
|
conntrack posted:Is there a market for those serial cards? We have like 50 of them in the poo poo heap at work. There's a market for them. I work for a CLEC and we still use them since many of our customer facing links are Frame Relay T1s. If you're looking to move those and they're V2 T1 WICs I can get you our inventory guys number. For the right price I bet he'll take the whole lot.
|
# ? Aug 4, 2007 13:01 |
|
Sneaksie posted:Definatly Cisco cards, bought from Cisco direct (or at least thats what my buyer tells me) post a picture of the faulty card. Among other things, if there's no hologram sticker, it's counterfeit.
|
# ? Aug 4, 2007 18:30 |
|
|
# ? Mar 28, 2024 15:37 |
|
A furniture chain in my area is going out of business so I stopped over there with my wife to see what kind of discounts they had going on. On a table with misc. junk they had a Cisco PIX 501 and a Cisco 2600 series router with a 56K WIC in it. Neither had a price tag on them so I offered $20 for the PIX - and they took it!! Once they took the $20 for the PIX I figured I'd offer $10 for the 2600 - apparently my ultra low ball got the guy nervous and he said, "Oh, well - that's not supposed to be out on the table our IT guy was looking into that one so I can't sell it." I guess that's what I get for being too greedy. That PIX for $20 is the steal of the week for me though.
|
# ? Aug 4, 2007 22:08 |