|
We just upgraded to a bunch of Cisco Gigabit switches at work (2960?). We asked what we should do with all the old 100 Mbps 2950 switches. We were told to just toss them. There are 3 decommissioned at the moment, with at least 1 more coming. Two 2950G and one 2950C units are the ones I've looked at. I know the 2950C has the 100 Mbps Fiber uplink ports, and the 2950G has the two Gig uplink port slot thingies. I grabbed one of the 2950G units. Now, what kind of fun can I have with this thing? Is there any point to having one of these at home? I know we used them at work because of their great VLAN support. I don't plan on using VLANs at home. I'd much prefer a basic GigE switch, as I already have stacks of 10/100 switches, it's just it would be such a shame to toss a Cisco 2950, since they use to cost a ton.
|
# ? Dec 15, 2009 07:21 |
|
|
# ? May 10, 2024 17:12 |
|
Xenomorph posted:We just upgraded to a bunch of Cisco Gigabit switches at work (2960?). Those models run the enhanced image and they're pretty decent other than not doing gig, seems like they would be kind of big and loud for use at home though, unless they're in a closet or something. You could SPAN a port and make sure that you know what every connection on your network is doing, screw around with MRTG/Cacti/other SNMP stuff, or mess around with 802.1x. Their real value is that you can loan them out to people who want to learn and practice STP and port security (and for certifications it's the only hardware you need, everything else can be done easier in dynamips).
|
# ? Dec 15, 2009 09:02 |
|
I'm having a bizzaire issue as of late with my 3845 routers. For some reason, the Gig0/0 interfaces will only show as up up unless I admin shut them. It doesn't matter if there's no cable plugged in, or if the wrong cable is plugged in. It will always show as up/up. The version is up to date on all of them. I've noticed it for about a week now on 4 routers, but it hasn't been an issue up til now because I'm trying to plug something into g0/0. The link lights won't come on for either side of the connection when I plug it into the port that they want me to plug into on their switch. If I plug it into one of the other ports, I get link lights on both sides. But either way, in the router I see up/up. I've tried stright thru and crossover as well. It's from the 3845 to a Juniper switch/firewall thingy that I have no login access to. code:
code:
|
# ? Dec 15, 2009 09:57 |
|
Slickdrac posted:
Try: int gig0/0 keepalive 10
|
# ? Dec 15, 2009 14:19 |
|
CrazyLittle posted:Debug's on at both sides, neither outbound nor inbound show up in logs. It's as if the ping packets never get sent. Maybe overly obvious, but if you're telnet/ssh'd in, you do have 'term mon' turned on right?
|
# ? Dec 15, 2009 15:27 |
|
ragzilla posted:Maybe overly obvious, but if you're telnet/ssh'd in, you do have 'term mon' turned on right? Yeah, I'm watching everything else scroll through my terminal except for the information I want to show up To make things weirder, mtr can see/reach/respond to the device just fine.
|
# ? Dec 15, 2009 18:46 |
|
ior posted:Try: That works. I'm still failing to understand how that would cause the interface to think it's up when absolutely nothing is plugged in to it besides a bit bucket. I did figure out why I wasn't getting a connection up to the Juniper tho, apparently it wanted to duplex set to auto instead of full on my interface. Worked fine with duplex full off the old router that was the exact same type of device and configuration.
|
# ? Dec 17, 2009 08:34 |
|
Syano posted:Above poster is correct. IPs and interface names (inside/outside) are assigned to the VLAN interfaces. You're right. Thanks for knocking my head back on straight, it's been a while since staging an 05 from scratch. Im actually setting up a barebones 5505 to replace a sonicwall TZ160 right now that was causing the strangest VPN issue in a while. From a functional standpoint, the tunnel works, each network to network segment having its own SA. What made this interesting however is that the Sonicwall would present its proxy ID as not the local LAN segment, but the external (public) address segment and the Cisco ASA on the other end would get rather upset, yet still pass traffic due to the default crypto map. Effectively the tunnel would get built, pass traffic for one cycle of the data lifetime and get broken down....repeat. They had been looking to replace the sonicwall for a while anyway, so this was a decent excuse.
|
# ? Dec 17, 2009 22:34 |
|
Incidentally I found my issue. I finally yanked the wall plate off the wall and noticed the cable (cat5e) had been split and had half the pairs going to one jack and half the pairs to my jack. Apparently the errors are due to some wicked crosstalk
|
# ? Dec 17, 2009 23:48 |
|
along the way posted:Need some advice on buying a lab kit for the CCNA. I'm just finishing Network Fundamentals (Cisco 1) in the local Cisco Network Academy and I'm starting Routing and Switching classes next semester. Your prof is bang on - ideally you need 3 2950 Switches and 2x 2600 series routers. But, if I'm honest, I'd recommend just getting a 2950 and then using Packet Tracer or something similar. It's always good to have a real switch to play with (especially if you've never physically plugged a console cable in or whatever) but it just becomes hassle having a stack of Cisco kit in your living room! I'd say this is even moreso if you're getting the chance to use kit at college or wherever.
|
# ? Dec 17, 2009 23:56 |
|
hermand posted:Your prof is bang on - ideally you need 3 2950 Switches and 2x 2600 series routers. But, if I'm honest, I'd recommend just getting a 2950 and then using Packet Tracer or something similar. It's always good to have a real switch to play with (especially if you've never physically plugged a console cable in or whatever) but it just becomes hassle having a stack of Cisco kit in your living room! Agreed with the 2950, I like GNS3 for router emulation.
|
# ? Dec 18, 2009 02:23 |
|
I went a little out with my setup and picked up three 3640s, one 2600, and three 2950s. I wanted a kit that I could use after CCNA as well though, and the money was there so I figured why not. I really wanted the 3640 so I could throw a bunch of NM-4Ts in and do frame relay, but also be able to use it for something else if I didn't feel like running a frame setup. I forgot why I ended up buying the 3640s other than they were pretty cheap. All my equipment came from cablesandkits.com. I can't recommend them enough. Also just finished Network Fundamentals, beginning routing and switching on the 12th. Can't wait! some kinda jackal fucked around with this message at 09:54 on Dec 18, 2009 |
# ? Dec 18, 2009 09:51 |
|
Martytoof posted:I went a little out with my setup and picked up three 3640s, one 2600, and three 2950s. I wanted a kit that I could use after CCNA as well though, and the money was there so I figured why not. I really wanted the 3640 so I could throw a bunch of NM-4Ts in and do frame relay, but also be able to use it for something else if I didn't feel like running a frame setup. I forgot why I ended up buying the 3640s other than they were pretty cheap. Yeah, I snagged up a couple of 2600's, a 3640, a couple of 2900's and a couple of 2950's. Overall, I could have saved some cash and just gotten a 2950. Having the gear is great, but if you're watching cost and want to do things on the cheap you really just need a switch and something that will let you interact with the IOS. For the CCNA I found it to be more about theory and some general configuration that IOS emulation can handle without a problem. Once you start working on the NP track you want to get a layer 3 switch (hopefully with an enterprise license not the standard so you get eigrp), just for some of one off commands and config (like turning a switchport into a routing interface).
|
# ? Dec 18, 2009 15:50 |
|
Harry Totterbottom posted:Yeah, I snagged up a couple of 2600's, a 3640, a couple of 2900's and a couple of 2950's. Overall, I could have saved some cash and just gotten a 2950. Having the gear is great, but if you're watching cost and want to do things on the cheap you really just need a switch and something that will let you interact with the IOS. If you can find an L3 switch with a recent image, IPBASE should include EIGRP stub. But for full blown EIGRP/OSPF/ISIS you need IPSERVICES.
|
# ? Dec 18, 2009 17:02 |
|
3600's are so cheap because they are practically worthless, many of them don't even have stand alone interfaces and require wic's to get any. The wics are usually pretty expensive because most of them can still be used in the 2800's and 3800's. If it comes with the wics or at least 2 interfaces, then you are good, but don't assume.
|
# ? Dec 18, 2009 17:06 |
|
From an ASA, is there a way to log any inside node from attempting to pass through the firewall via port 25? CBL has our ASA's general NAT IP blocked. For some reason, and I can't figure out why, that's causing our SPAM filter which has RBL's configured on it to block messages from yahoo.com. The situation actually doesn't make much sense to me as our SMTP server has a completely different public IP being NATed by the ASA than is being reported. I've finally put some ACLs to block outbound traffic as when the ASA was installed, there were just PATs setup for outbound access. No DMZ(yet). I've got the following: code:
|
# ? Dec 18, 2009 17:14 |
|
I think I know what part of the issue is now. The NAT works from the outside in, as in an email sent from a foreign host will go to our smtp server with the mx address via NAT, but that server will not use the correct address to send an email outbound(or even http traffic according to whatsmyip). It uses the PAT address instead.code:
Boner Buffet fucked around with this message at 17:58 on Dec 18, 2009 |
# ? Dec 18, 2009 17:52 |
|
Lab gear is frustrating- I have much, much, much too much lab gear, and I never even power it on. Why? Because it's too loud, eats a ton of power, and in my microscopic 750 square foot condo, takes up too much room. I guess what I'm really saying is, don't do what I did, and think you need to buy a ton of Cisco hardware just because it seems like a good idea.
|
# ? Dec 18, 2009 18:03 |
|
We just upgraded some of our 3750 switches here at work from 12.2 (48) SE to 12.2 (52), and our syslog server is now being flooded with the new dot1x traps. We only upgraded one of our smaller buildings as a test, and good thing. As we didn't enable them specifically, we didn't expect the sudden flood we got about dot1x. Our environment has a lot of user connections that we really don't want to know when they connect/disconnect and authenticate. We have event 'no logging event link-status' on all of their interfaces. Our snmp server setup and logging setup with obvious snmp-server community X RO 40 snmp-server community X RW 41 snmp-server tftp-server-list 49 snmp-server enable traps tty snmp-server enable traps license snmp-server enable traps stpx root-inconsistency loop-inconsistency snmp-server file-transfer access-group 49 protocol tftp logging trap notifications logging source-interface VlanX logging x.x.x.x logging y.y.y.y logging z.z.z.z We want to have logging level 5(notification) minimum setup and not be slammed by all of these dot1x messages. There was a specific bug/security issue that we hit in the (48) release that we just spent all summer upgrading to, hence the move to (52). Does anyone have any suggestions on how we can suppress these dot1x traps other than moving the logging level up to 4(warning)? Additional info, from one of the upgraded switch stacks. code:
dark_3y3 fucked around with this message at 07:52 on Dec 20, 2009 |
# ? Dec 20, 2009 07:46 |
|
jwh posted:Lab gear is frustrating- I have much, much, much too much lab gear, and I never even power it on. Why? Because it's too loud, eats a ton of power, and in my microscopic 750 square foot condo, takes up too much room. I didn't spend money to learn this, but I did borrow (genuinely, over a weekend) a load of Cisco kit from work. Same thing - after the initial woo factor you realise it's just as beneficial playing on a sim and not tripping over equipment all the time. When I get a proper study area and I move on to the CCNP track, I'd like a little rack and some nice kit. Again, I think this only counts if you have hands on experience anyway. I'd hate to see a CCNA get a job where they've never actually held a switch.
|
# ? Dec 20, 2009 13:04 |
|
hermand posted:kit
|
# ? Dec 20, 2009 20:59 |
|
Its probably because Cisco gear is known as expensive and whenever you have some expensive stuff (watches, labgear, a car, or mods for a car, etc) its some "expensive kit."
|
# ? Dec 20, 2009 22:26 |
|
jwh posted:I never even power it on. Why? Because it's too loud, eats a ton of power, and in my microscopic 750 square foot condo, takes up too much room. My poor dog runs away every time I power on my router or switch stacks
|
# ? Dec 21, 2009 04:42 |
|
Powercrazy posted:Its probably because Cisco gear is known as expensive and whenever you have some expensive stuff (watches, labgear, a car, or mods for a car, etc) its some "expensive kit." Anyway, on to a real question. My goal is to get MPLS working between various 6500s and 7200s w/ NPE-400's and FastEthernet interfaces, and one 2800 that has no user settable MTU. (MPLS requires > 1500 MTU). OSPF requires MTU to match, and this is where I'm having the problem. 12.2SB on 7200s allow me to adjust MTU up to 1530 on FE's. These are connected to Gigabit interfaces on the 6500 that only allow an MTU setting of 9216 or 1500. The real IP on the 6500s lives on an SVI (vlan) interface. I also have one 2800 that's a member of area 0 that has no user settable MTU, so it's 1500. This 2800 will not partake in MPLS but since it's on the same subnet and in area 0, my goal is to get OSPF working @ MTU 1500 while the MPLS routers can operate at 1530 (max possible on 7200 FE's). In dynamips I've been testing between 7200 & 2600 and found that: - I can set 'ip ospf mtu-ignore' on the lower MTU side (2600) and OSPF works. OR - I can set 'ip mtu 1500' on the 7200 (which has mtu 1530) and OSPF works. Clearly 'ip mtu 1500' is making the 7200's originating OSPF packets say it actually has an MTU of 1500. 'ip ospf mtu-ignore' does exactly what it sounds like. Does the 'ip mtu' command force the router to NEVER generate a packet that's larger than 1500 (generate as in OSPF neighbors, BGP peers)? This works in an emulator but in real life I would suspect I'd have some OSPF packets that are larger than 1500 and possibly some problems due to that.
|
# ? Dec 21, 2009 19:08 |
|
jbusbysack posted:June 30, 2010 is the end of the existing 4-exam CCNP track for non-Network Academy people. After that it's more or less mix and match of the old/exams, so really get running on it. The funny thing is that it used to be: Routing Switching Dial Up! Troubleshooting Thats what my CCNP was tested on and the courses were ACRC and whatnot. This is late 90's though. Figures they are changing, I recently started up the cert thing again, not really sure why but just in case I have to look for another gig and don't feel like using MS Project all the time.
|
# ? Dec 21, 2009 19:17 |
|
falz posted:Some people use the word "kit" when it comes to Cisco gear. I see it used a lot on c-nsp as well but never felt like asking. My guess is it's region related? I didn't really know what you meant until I read your second post, but yeah, just a British thing I guess. Kit is synonymous with the word gear or equipment over here. Actually, the British Oxford Dictionary says: "noun 1 a set of articles or equipment for a specific purpose. 2 Brit. the clothing and other items needed for an activity. 3 a set of all the parts needed to assemble something" http://www.askoxford.com/concise_oed/kit_1?view=uk It dates back, too, if you look at this World War 1 song: http://en.wikipedia.org/wiki/Pack_Up_Your_Troubles_in_Your_Old_Kit-Bag Sorry for perpetuating the derail but it's one of those words which I thought traversed the whole English language spectrum.
|
# ? Dec 21, 2009 19:19 |
|
hermand posted:http://www.askoxford.com/concise_oed/kit_1?view=uk falz posted:mtu ospf mtu ospf.. Will setting "ip mtu 1500" on an interface ensure that packets created by this router (OSPF) will not be larger than 1500 or could it still create packets up to the interface's MTU setting ("mtu 1530")?
|
# ? Dec 21, 2009 22:51 |
|
One of the first things on Cisco's site for "ip mtu". I'm sure if you dig more some docs from a recent IOS will come up. Sounds roughly like a control plane vs data plane distinction. http://www.cisco.com/en/US/docs/ios/12_2/ipaddr/command/reference/1rfip2.html#wp1081151 quote:To set the maximum transmission unit (MTU) size of IP packets sent on an interface, use the ip mtu interface configuration command. To restore the default MTU size, use the no form of this command.
|
# ? Dec 22, 2009 01:22 |
|
inignot posted:One of the first things on Cisco's site for "ip mtu". I'm sure if you dig more some docs from a recent IOS will come up. Sounds roughly like a control plane vs data plane distinction. - ip mtu - ipv6 mtu - mpls mtu From there you can feel free to set any of the above lower to keep that protocol happy. Also, 'ip mtu' shuld really be called 'ipv4 mtu'.
|
# ? Dec 22, 2009 21:33 |
|
Does anyone have any suggestions for a good MacOS serial capable terminal emulator? I have a USB-serial dongle that I can talk to using 'screen', but somehow that always comes off feeling like a pretty inelegant solution. Edit: I guess I should have asked in the Mac software thread, but maybe there are other Cisco junkies that also enjoy Macs vv
|
# ? Dec 23, 2009 00:55 |
|
Currently looking at the feature set of the Cisco ASA 5505 vs the ASA5510, specifically the HA options. I'm not readily finding this piece of information: What is the difference between Stateless Active/Standby High Availability on the 5505 Security Plus license, and the Active/Standby High Availability on the Cisco ASA 5510 Security Plus License?
|
# ? Dec 23, 2009 01:22 |
|
Martytoof posted:Does anyone have any suggestions for a good MacOS serial capable terminal emulator? I have a USB-serial dongle that I can talk to using 'screen', but somehow that always comes off feeling like a pretty inelegant solution. Z-Term and/or minicom
|
# ? Dec 23, 2009 01:27 |
|
Wicaeed posted:Currently looking at the feature set of the Cisco ASA 5505 vs the ASA5510, specifically the HA options. Basically when the the 5505 failsover it will drop all established connections, so all your users will have to VPN in again, and a site-to-site vpn will have to reestablish. Whereas on the 5510, the TCP state information will be shared between the two devices and it can failover gracefully.
|
# ? Dec 23, 2009 01:38 |
|
falz posted:Yep, it works as I had hoped. I also asked in one other spot and got decent responses. Yes, the Cisco-NSP list is a good resource.
|
# ? Dec 23, 2009 03:56 |
|
Martytoof posted:Does anyone have any suggestions for a good MacOS serial capable terminal emulator? I have a USB-serial dongle that I can talk to using 'screen', but somehow that always comes off feeling like a pretty inelegant solution. I exclusively use minicom for all my terminal needs, all my cisco, hp, force10 and other random serial devices get configured using minicom. It's much nicer than running hyperterminal under windows (though I use putty when I only have windows), it's like using telnet or ssh.
|
# ? Dec 23, 2009 19:10 |
|
This may be a tad bit out of place... anyhow... someone convince me why I need POE on the next switch I buy, if you can. I am going to be replacing two distribution switches at a remote site here soon and in the replacement I will be upgrading from 24 port to 48 ports. Right now the site uses injectors to power the 1130 radios. Problem with buying POE is is Cisco only sells 48 port models as 48 ports of POE or none. I actually only have 9 devices needing power at the moment. One side of me says to just bite the bullet and get POE in case we need to add other powered devices (phones maybe? I dont know what else we could add that would need power over ethernet) but the price difference in the models is really making the budget minded part of me pause before sending in the PO. Anyone have any insight or advice to help swing me one way or the other?
|
# ? Jan 6, 2010 15:22 |
|
If you have devices that require POE, then you should buy something with POE. I couldn't give you exact prices but if you bought something with 12 or 16 ports of POE plus a normal 48 port switch, it'd be more expensive. And if you get 48 ports of POE, then you have plenty of spare slots in case an interface goes bad or something. It's always better to have more than you need vice less. As for what uses POE, all I really know about is phones, which we use so drat many of that all our switches are POE whether it's used or not. (then again, that's military spending for you )
|
# ? Jan 6, 2010 16:07 |
|
Slickdrac posted:As for what uses POE, all I really know about is phones, which we use so drat many of that all our switches are POE whether it's used or not. (then again, that's military spending for you ) I believe most (if not all) of the aironet stuff can run off PoE as well.
|
# ? Jan 6, 2010 17:57 |
|
Also video cameras, also they make a 2960 that's powered by POE (2960PD-8TT-L).
|
# ? Jan 6, 2010 18:43 |
|
|
# ? May 10, 2024 17:12 |
|
Syano posted:This may be a tad bit out of place... anyhow... someone convince me why I need POE on the next switch I buy, if you can. Might want to price a small midspan injector, like from D-Sine, in combination with a 2960. It could (most likely is) cheaper than a POE 3560.
|
# ? Jan 6, 2010 19:27 |