The Cisco Short Questions Thread v12.4.9(WTF)

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›431 »

ate shit on live tv: Feb 15, 2004; by Azathoth

Oh btw to any that are interested. Our more junior networking guy is going to go into Windows Management and get out of networking, so we want a CCNP level type guy to replace him. If you don't have your CCNP and your name is jwh then we would be interested, if you have your CCNP or above we would also be interested.

If you have a good amount of experience but haven't had time to get your CCNP that would be fine to, these aren't HR requirements they are practical ones. The position is in New York City. If you are interested send me an email at
usedaegis at live .com and I'll give you more details then.

# ? Jul 13, 2010 22:22

Adbot: ADBOT LOVES YOU

# ? May 10, 2024 20:41

abigserve: Sep 13, 2009; this is a better avatar than what I had before

Brb booking a plane to new york

# ? Jul 14, 2010 00:53

Panthrax: Jul 12, 2001; I'm gonna hit you until candy comes out.

Hey guys. This is kind of niche, but I figured I'd throw it out there. I work for a VoIP wholesale company that has grown to the point of needing to come into the 20th century and start using an SBC on all of our customer-facing SIP transactions. And actually, we'll possibly use it for our vendor-facing transactions as well. Basically, we're using Sonus GSXes as our core, and need a high availability SBC solution that will get us down to one customer-facing IP. We're only going to be using these as a SIP proxy to hunt between 7 Sonus switches on the back end. We've looked at several possibilities, but we feel they don't fit what we're looking for for various reasons.

We had heard that Cisco has a newer product out that can and as an HA, high performance SIP proxy. We'd be looking at at least 1000 calls per second now, possibly to 1500 or more in the future. I think it's called a GSR? ASR? I can't remember what it was now. Does anyone know anything about these things? We were looking a bit at them, but nothing in the documentation we found were able to tell us any top-end stats about what its performance was.

Any other suggestions would be sweet too, not just limited to Cisco. We've looked at Freeswitch, OpenSBC, Sonus SBC, Acme Packet, and maybe a couple others, and for once reason or another, these won't work for us. Anyone have any other suggestions?

# ? Jul 14, 2010 01:03

adorai: Nov 2, 2002; 10/27/04 Never forget; Grimey Drawer

I feel dumb asking this in this thread, but does anyone have a recommendation for a wireless headset that works well with Cisco IP Communicator? USB or bluetooth are both good, hopefully under $100.

# ? Jul 14, 2010 02:42

FatCow: Apr 22, 2002; I MAP THE FUCK OUT OF PEOPLE

Panthrax posted:

Any other suggestions would be sweet too, not just limited to Cisco. We've looked at Freeswitch, OpenSBC, Sonus SBC, Acme Packet, and maybe a couple others, and for once reason or another, these won't work for us. Anyone have any other suggestions?

Sup VoIP wholesaler buddy. We just front our Sonus network with OpenSIPS currently. There is a b2bua module there as well, I haven't used it in production yet but the 1.6.1 OpenSIPS is production grade. We generally run our production OpenSIPs proxies up to 100-150CPS but we're limited by the IO blocking to do database lookups. Without database lookups we've run it to over 1200CPS on a Dell 1950 with SIPp. Hit me up on AIM if you want more specifics.

Using OpenSIPs as a completely stateless proxy with BGP anycast might also get you what you want. It'll take some support from the IP side of things.

One thing I've noticed though is that customers who can't make/receive calls to multiple IPs generally don't have platforms that you want on your network. Sonus is also releasing what is basically a NBS/PSX/DSI in one box with no TDM. I don't have pricing on it yet but I hear it's not cheap.

FatCow fucked around with this message at 02:52 on Jul 14, 2010

# ? Jul 14, 2010 02:45

Panthrax: Jul 12, 2001; I'm gonna hit you until candy comes out.

Interesting, thanks for the reply. Not sure if we'd looked at OpenSIPS, but I'll mention it at work tomorrow. I know we've had some bad experiences with Freeswitch, which I think has soured our taste for open source, to be honest.

How well does OpenSIPS allow for failover between two nodes? As in, do they trade call states between the boxes in case one fails, the other will take over seamlessly? How well does the backup handle the failover? Freeswitch doesn't save states between nodes, so once one node goes down, the other will take over and doesn't know poo poo about the calls that are currently up. Plus, it takes 2-4 minutes for the Sophia processes or whatever to kick in, so there's several minutes of either no response or 503s back to the customer. Do you know of any organizations that handle paid support, or is it all community based/hack it together yourself?

And believe me, we know all about customers who can't do more than one or two IPs. Unfortunately, it's more the people who can't route past us on a 503, and have to continue to route to all of our switches until they exhaust all of our GSXes. That's primarily what we're trying to solve.

And for the Sonus all-in-one, that's what I meant when I said the Sonus SBC. We had the sales engineers in a couple weeks back, and it looks pretty slick, but yeah, they're not cheap. A node runs right around the same price as a full-blown GSX setup, but I'm not sure if that was the price for just the GSX+cards or GSX/PSX/DSI, etc. Either way, it's expensive. Plus, they're going to be putting out the 1.1 version of code soon, which allows each node to talk to each other, so they really aren't even fully-functional in a large production environment yet.

Anyway, sorry for the derail. If anyone else has suggestions I'll take them, and I'll definately hit you up, FatCow, if we have any questions.

# ? Jul 14, 2010 03:27

fake_roogle: Jun 20, 2008

This is probably going to sound strange and perhaps has been answered before but I figure I'll go with it as I'm not sure where to start:

I'm interning for a year in China for a company's IT department (finishing my Bachelor's in CS in the UK) and they're not quite sure what to do with me in terms of a role, so they've started me off by getting me to understand how their switches work (specifically the Catalyst 2960 with LAN Base software). I have no previous experience with Cisco routers or switches, so should I start reading CCNA material along with running a simulated switch to mess about with or is there a better way?

# ? Jul 14, 2010 08:34

ate shit on live tv: Feb 15, 2004; by Azathoth

You won't be able to run a simulated switch (switches are a distributed computing system that is difficult to simulate), but I wouldn't worry about it. Read some CCNA material, and the 2960's are just the tip of the iceberg. If you are in a position to get hands on familiarity with Cisco stuff that will be invaluable for teaching you the basics of networking.

# ? Jul 14, 2010 12:16

Richard Noggin: Jun 6, 2005; Redneck By Default

Powercrazy posted:

So you have a private IP address on the outsdie interface? Presumably the public IP Space? If that is the case how would the ASA know where 192.168.2.1 is coming from, and how would it get back?
code:
                    /-------------------------\
192.168.2.1/24 <-> |70.168.0.1 <-> 198.70.16.2| <-> 192.168.3.1/24  
                    \_________________________/
                                CLOUD
The only reason those two /24s are reachable is that the site to site tunnel connects them, if you choose the outside interface to source from it has no idea how to get to a private network. You need to have the ASA encapsulate the private address and send it across the cloud, as persumably both ASA's know how to get to the network behind the other.

Say I wanted to ping from the ASA at Site B to an address at Site A over the tunnel:

code:

asa-co# ping inside 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to server08, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)

Sourcing the ping on the inside interface doesn't work. You have to source it on the outside interface:

code:

asa-co# ping outside 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to server08, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/80 ms

I figured the same would be the case for aaa, but I've tried applying the aaa-server command to the inside and the outside interfaces; neither work.

# ? Jul 14, 2010 15:04

ElCondemn: Aug 7, 2005

I have a question about setting up SPAN/Port Mirroring. I understand I can do the port mirror with these commands.

code:

monitor session 1 source interface fastEthernet 0/5
monitor session 1 destination interface fastEthernet 0/6

That should take the traffic passing through fa0/5 and mirror it to fa0/6, right? If that's correct my only question now is how do I capture this data? I assume with wireshark but what IP would I put on the computer I'm capturing on? Do I have to configure an IP on fa0/6? What if the data is crossing the line on a VLAN?

I've never had to do this before but we're trying to solve an issue and it looks like the only way to do it is to analyze what's crossing the wire.

# ? Jul 14, 2010 20:48

some kinda jackal: Feb 25, 2003; �
�

Wireshark will just do a dump of raw data that's coming in on the line, so I don't think an IP is even required. You just need to make sure the interface is up and in promiscuous mode.

I do my SPAN traces on a Mac laptop with no IP on the ethernet interface, so I can at least vouch that it works. I don't have any experience with doing multi VLAN traffic on a SPAN trace so that's a good question. I'll have to fire up the lab and try it for myself later. My first guess would be that since you're just mirroring ports there will be no indication of what packet is from what VLAN so you'll have to decipher that from the IP or something.

some kinda jackal fucked around with this message at 21:02 on Jul 14, 2010

# ? Jul 14, 2010 20:55

ElCondemn: Aug 7, 2005

Martytoof posted:

Wireshark will just do a dump of raw data that's coming in on the line, so I don't think an IP is even required. You just need to make sure the interface is up and in promiscuous mode.

I do my SPAN traces on a Mac laptop with no IP on the ethernet interface, so I can at least vouch that it works. I don't have any experience with doing multi VLAN traffic on a SPAN trace so that's a good question. I'll have to fire up the lab and try it for myself later. My first guess would be that since you're just mirroring ports there will be no indication of what packet is from what VLAN so you'll have to decipher that from the IP or something.

Thanks I'll give it a try, I just wanted to make sure I wasn't missing a big piece of how to do this. I'm assuming if it's VLAN traffic I should just see the dot1q tag in wireshark.

# ? Jul 14, 2010 21:11

some kinda jackal: Feb 25, 2003; �
�

Steve Slavery posted:

Thanks I'll give it a try, I just wanted to make sure I wasn't missing a big piece of how to do this. I'm assuming if it's VLAN traffic I should just see the dot1q tag in wireshark.

I'm not sure. I thought that d1q tags only went out on trunk ports. You've got me really curious now so I'm going to have to google this up :3:

# ? Jul 14, 2010 21:13

Harry Totterbottom: Dec 19, 2008

Steve Slavery posted:

I have a question about setting up SPAN/Port Mirroring. I understand I can do the port mirror with these commands.
code:
monitor session 1 source interface fastEthernet 0/5
monitor session 1 destination interface fastEthernet 0/6
That should take the traffic passing through fa0/5 and mirror it to fa0/6, right? If that's correct my only question now is how do I capture this data? I assume with wireshark but what IP would I put on the computer I'm capturing on? Do I have to configure an IP on fa0/6? What if the data is crossing the line on a VLAN?

I've never had to do this before but we're trying to solve an issue and it looks like the only way to do it is to analyze what's crossing the wire.

Disable TCP/IP on the network interface.

# ? Jul 14, 2010 21:14

some kinda jackal: Feb 25, 2003; �
�

Fortunately, Wireshark has a pretty good resource page for VLAN capturing:

http://wiki.wireshark.org/CaptureSetup/VLAN

You might need to change some registry setting to get your NIC to stop trimming off d1q tags.

# ? Jul 14, 2010 21:19

Richard Noggin: Jun 6, 2005; Redneck By Default

Richard Noggin posted:

I have a pair of ASA 5505s with an IPSEC tunnel between them. Site A has a Windows NPS (RADIUS) server at 192.168.1.2 that I'd like to authenticate Site B's RA VPN users against. I have RADIUS clients configured in NPS for each of the ASAs. Site A's ASA can authenticate just fine when I do a "test aaa auth...". Site B's comes back with ERROR: Authentication Server not responding: No error

Here's the relevant config from Site B:
code:
aaa-server vpn protocol radius
aaa-server vpn (outside) host 192.168.1.2
 key *****
Now, my understanding is that since the VPN tunnel is bound to the outside interface, that's what the source interface should be for the aaa-server command. Am I wrong in thinking that given the above config that the auth should go over the tunnel? Windows Firewall is disabled on the NPS server.

I contacted TAC, and they were able to get this working. Since the request comes from the public IP on Site B, I had to add that to my crypto map ACL (and a mirrored one on the other side).

code:

access-list outside_2_cryptomap line 2 extended permit ip host SiteBPublicIP 192.168.1.0 255.255.255.0

Then, in the NPS config on the server I had to again specify Site B's public IP as a RADIUS client. Before, I had Site B's inside IP as the client. Now everything is peachy.

# ? Jul 15, 2010 15:15

CISADMIN PRIVILEGE: Aug 15, 2004; optimized multichannel
campaigns to drive
demand and increase
brand engagement
across web, mobile,
and social touchpoints,
bitch!

I have couple ASA 5505 questions before I make the call between it and a Sonicwall. TZ 200 or 210.

Background.
We're redoing our internet connections from a T1 with business cable as a backup (manual failover through a solution I through together a couple of years back when our T1 died for almost 24 hours.) For cost and changes in how we do things reasons I want to replace the T1 with a 15/5 business cable connection and have a DSL backup. I'm looking for an appliance with firewall and dual WAN interfaces for failover or even better load balancing.

If the Cable/ADSL doesn't seem to work I'm going to go to 10 Meg fiber, but considering our usage it doesn't seem like something we really need.

As far as internet usage We have 20 office users using web based and apps, as well as building guests using wired and wireless access. We have an Exchange Server and SBS RWW server but those are the only applications that we host which need to be accessed from the outside world.

In the small business router thread the ASA 5505 was pretty strongly recommended, but googling around I can't find too much about how the Dual WAN actually works except that it appears to be a licensed feature. For budgeting reason I'd like to keep whatever solution I buy over $1000CDN (because then it becomes a capital asset and for some reason that all works better with the accounting) and under $1500. I've also budgeted for about 5 hours of consulting on top of the hardware.

If I buy a 5505 with Security+ does that mean I get the Active/Standby feature?
Is there an annual Renewal fee on the license?
When Cisco talks about the number of users does that refer to the number of users who are behind the firewall or is that the number of VPN clients?
The one feature which the sonicwall TZ 200/210 appear to have that cisco lacks is load balancing between ISPs. In
the real world does this make a big difference?
If so what are the other advantages of the Cisco which make it better?

If you happen to be on Vancouver Island and have above average skills in this area PM me.

# ? Jul 15, 2010 21:17

Harry Totterbottom: Dec 19, 2008

If I buy a 5505 with Security+ does that mean I get the Active/Standby feature?
Is there an annual Renewal fee on the license?
Smartnet support (includes updates) is annual, the license isn't
When Cisco talks about the number of users does that refer to the number of users who are behind the firewall or is that the number of VPN clients?
I believe this is the number of users that pass through the device, so printers won't count against the number but I could be wrong since I have unlimited on all of mine and don't pay attention
The one feature which the sonicwall TZ 200/210 appear to have that cisco lacks is load balancing between ISPs.
Haven't played with this so not sure
In
the real world does this make a big difference?
If so what are the other advantages of the Cisco which make it better?
Only being able to compare between asa's and juniper netscreens, I have to say I prefer the ASA. It's probably equal parts fan-boy and feature set. I like the anyconnect VPN client because most end users can get it up and running following simple instructions (go to this site, click download, run program, enter server name, enter un\pw).

[/quote]

# ? Jul 15, 2010 21:46

Syano: Jul 13, 2005

User count for an ASA is actually the arp table entries. Any IP enabled device on the subnet that tries to talk through the ASA will consume a license, including printers.

# ? Jul 15, 2010 22:52

CISADMIN PRIVILEGE: Aug 15, 2004; optimized multichannel
campaigns to drive
demand and increase
brand engagement
across web, mobile,
and social touchpoints,
bitch!

Syano posted:

User count for an ASA is actually the arp table entries. Any IP enabled device on the subnet that tries to talk through the ASA will consume a license, including printers.

I guess this a moot point anyway since the Security plus seems to be unlimited.

# ? Jul 15, 2010 23:04

Richard Noggin: Jun 6, 2005; Redneck By Default

bob arctor posted:

If I buy a 5505 with Security+ does that mean I get the Active/Standby feature?

Yes, and configuration is pretty easy. It does not do load balancing, however.

# ? Jul 16, 2010 13:41

Bardlebee: Feb 24, 2009; Im Blind.

So, I am back.

I tested my tunnel VPN on the GUI and it complained about a NAT issue, I had it fix it by itself and it fixed it for the most part. Now the VPN is showing as up, however when I test it again it complains about the MTU size. I think this is the last hurdle I have.... how do I specify the MTU size in a VPN tunnel? Is that possible?

# ? Jul 16, 2010 14:43

Frozen Sabre: May 11, 2006

Bardlebee posted:

So, I am back.

I tested my tunnel VPN on the GUI and it complained about a NAT issue, I had it fix it by itself and it fixed it for the most part. Now the VPN is showing as up, however when I test it again it complains about the MTU size. I think this is the last hurdle I have.... how do I specify the MTU size in a VPN tunnel? Is that possible?

On the Cisco end this can be done using:

code:

ip mtu <MTU>

This should be run on the actual tunnel interface (ie. t0), and actually specifies the MTU for that tunnel. This can be tweaked to match the MTU on the remote end, but from memory 1440 is the max you should set it to in order to leave room for protocol header data.

In conjunction the following command is used to handle any possible fragmentation issues:

code:

ip tcp adjust-mss <MTU> **1460 is common on cisco stuff

This should be done on the tunnel source interface (ie. fa0/1 etc.)

What this does is adjust the frame size before it's encrypted such that it won't breach the 1500 cap when all of the extra encryption headers are tacked on, which will then prevent fragmentation issues.

# ? Jul 16, 2010 15:33

thiscommercialsucks: Jun 13, 2009; by T. Mascis

I think that 1476 is for GRE tunnels (20 byte extra IP header and a 4 byte GRE header.) If you're using IPSec it gets a little more complicated due to the different options.

edit: you're using IPSec ESP, so subtract another 40 bytes for 1436.

edit: oh boy let me look this up real quick it has been a couple of months :negative:

edit: welp try ip mtu 1400 on the tunnel0 interface (your GRE tunnel) and that should cover any IPSec ESP configurations. What type of WAN interface are you on again?

thiscommercialsucks fucked around with this message at 17:00 on Jul 16, 2010

# ? Jul 16, 2010 16:16

ate shit on live tv: Feb 15, 2004; by Azathoth

Does anyone know of any good documentation for tclsh or just tcl in general?

I want to make some simple scripts just to play around with it, but its almost impossible to find any examples or command documentation. The feature seems extremely powerful, but I've no idea how to use it.

# ? Jul 20, 2010 15:13

para: Nov 30, 2006

Powercrazy posted:

Does anyone know of any good documentation for tclsh or just tcl in general?

I want to make some simple scripts just to play around with it, but its almost impossible to find any examples or command documentation. The feature seems extremely powerful, but I've no idea how to use it.

http://blog.ioshints.info/2010/07/b...=IOS+hints+Feed
He makes it sound like this book is a good starting point if you're new to tcl.

# ? Jul 20, 2010 17:23

inignot: Sep 1, 2003; WWBCD?

You planning on running tcl scripts on a router or on some unix box? I know how to do about this much tcl on a router:

code:

foreach ip {
1.1.1.1
1.1.1.2
1.1.1.3
} { ping $ip}

You can enter 'tclsh' on a router to get into the tcl interpreter (the prompt will change to reflect this). Paste in something like above and hit enter and it will run the script to ping sweep a set of addresses. Just remember to exit out of the tcl interpreter when you are done. That ping command could be just about any router command, "sh ip bgp vpnv4 all | inc $ip" or "sh arp | inc $ip" or "sh ip int brief | ex $ip".

# ? Jul 20, 2010 20:31

ate shit on live tv: Feb 15, 2004; by Azathoth

It'll be a router, but I'm just trying to figure out the syntax. Also is there a way I can make and save scripts on the router, or would I need to make them in a unix environment and then transfer them over to the router?

# ? Jul 20, 2010 20:37

inignot: Sep 1, 2003; WWBCD?

I actually have no idea if there's a way to store them in a router config or on flash or whatever. My scripts are so minimalist that I write them in notepad and paste them into the command line when I need to run them.

For scripts that I have running against routers on a regular basis I keep them on a unix box and run them with cron. But I use expect for that. Well...rather I use autoexpect to record my command line interactions with a router and them clumsily edit the resulting expect script.

# ? Jul 20, 2010 20:53

ate shit on live tv: Feb 15, 2004; by Azathoth

You are not alone in your ignorance. Apparently no one on the internet except one guy whose blog alludes to all the cool stuff you can do in TCL even knows it exists.

Even the Cisco documentation expects youto be familiar with writing and running your own TCL programs

# ? Jul 20, 2010 20:57

tortilla_chip: Jun 13, 2007; k-partite

http://blog.ine.com/tag/tcl/

It looks like you can store them as a macro (toward the bottom of the article).

# ? Jul 20, 2010 21:12

Xenomorph: Jun 13, 2001

I have a pile of GBIC adapters for our Fiber.

TRENDnet TEG-MGBSX
Finisar FTRJ8524P2BNV
Cisco GLC-SX-MM
3Com 3CSFP91

The TRENDnet and Finisar work fine in our Qlogic SANbox fiber switch, but none of them work in a Cisco 2960 I am setting up.

We have over a dozen other Cisco 2960s in production, all with fiber connections. My plan was to unplug the fiber connection on each to write down the model numbers on each GBIC that are currently functional.

I've read that some Cisco GBIC adapters only work on Cisco, 3Com only on 3Com, etc. I didn't handle the initial purchases of any of our existing equipment, so I don't know what parts were ordered.

Aren't these things "standard"?

Edit, our Cisco guru said the "Cisco GLC-SX-MM" is what we should use for our Cisco 2960s. No lights come on with I plug it into our 2960, and a blinking "error" light is what flashes on our Qlogic fiber switch. It would suck if a $300 part is bad.

If our other switches all have the Cisco GLC-SX-MM, then I will just order a new one I guess.

Xenomorph fucked around with this message at 15:41 on Jul 21, 2010

# ? Jul 21, 2010 15:35

Bardlebee: Feb 24, 2009; Im Blind.

I think I am pretty close to getting this VPN up and running. I can actually ping the other network, however I keep getting the same error every minute or so on my router:

*Jul 21 12:40:39.510: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=222.222.222.222, prot=50, spi=0xB279DC52(2994330706), srcaddr=444.444.444.444

I think it may be one of my other VPN's because it does not match the outside address that is coming from the VPN I am trying to setup, so I think I can ignore this message until I actually set that VPN up.

However I still get the MTU message when setting up the VPN from Cisco SDM, here is a maybe-not-so-helpful image of my error:

Click here for the full 1280x800 image.

I did the crypto command under fa0, however I still get the message when testing the VPN. I don't know if I should be worried about this or not.

# ? Jul 21, 2010 16:17

tortilla_chip: Jun 13, 2007; k-partite

You can try:

service unsupported-transceiver

Note that this disables DOM (may or may not be an issue for you). There are a few good threads on optics on C-NSP/NANOG. The gist being the Cisco optics are manufactured by the same few companies and then just have Cisco serial numbers applied in the firmware. You can get non-Cisco optics for a tenth the price on memorydealers.com

# ? Jul 21, 2010 18:31

Tremblay: Oct 8, 2002; More dog whistles than a Petco

bob arctor posted:

I have couple ASA 5505 questions before I make the call between it and a Sonicwall. TZ 200 or 210.

Background.
We're redoing our internet connections from a T1 with business cable as a backup (manual failover through a solution I through together a couple of years back when our T1 died for almost 24 hours.) For cost and changes in how we do things reasons I want to replace the T1 with a 15/5 business cable connection and have a DSL backup. I'm looking for an appliance with firewall and dual WAN interfaces for failover or even better load balancing.

If the Cable/ADSL doesn't seem to work I'm going to go to 10 Meg fiber, but considering our usage it doesn't seem like something we really need.

As far as internet usage We have 20 office users using web based and apps, as well as building guests using wired and wireless access. We have an Exchange Server and SBS RWW server but those are the only applications that we host which need to be accessed from the outside world.

In the small business router thread the ASA 5505 was pretty strongly recommended, but googling around I can't find too much about how the Dual WAN actually works except that it appears to be a licensed feature. For budgeting reason I'd like to keep whatever solution I buy over $1000CDN (because then it becomes a capital asset and for some reason that all works better with the accounting) and under $1500. I've also budgeted for about 5 hours of consulting on top of the hardware.

If I buy a 5505 with Security+ does that mean I get the Active/Standby feature?

Is there an annual Renewal fee on the license?

When Cisco talks about the number of users does that refer to the number of users who are behind the firewall or is that the number of VPN clients?

The one feature which the sonicwall TZ 200/210 appear to have that cisco lacks is load balancing between ISPs. In
the real world does this make a big difference?

If so what are the other advantages of the Cisco which make it better?

If you happen to be on Vancouver Island and have above average skills in this area PM me.

Dual WAN doesn't support load balancing. If your primary gateway drops off the face of the 'net then ASA will use your second connection. Depends, there is a host license limit for connections through the box. SSL and IPSEC nodes are also licensed separately.

Make sure you get a new one that ships with extra RAM (required for 8.3+).

# ? Jul 21, 2010 19:49

Bardlebee: Feb 24, 2009; Im Blind.

tortilla_chip posted:

You can try:

service unsupported-transceiver

Note that this disables DOM (may or may not be an issue for you). There are a few good threads on optics on C-NSP/NANOG. The gist being the Cisco optics are manufactured by the same few companies and then just have Cisco serial numbers applied in the firmware. You can get non-Cisco optics for a tenth the price on memorydealers.com

Are you talking Optics as in fiber? Because we use nothing of the sort.

# ? Jul 21, 2010 20:33

jbusbysack: Sep 6, 2002; i heart syd

Bardlebee posted:

Are you talking Optics as in fiber? Because we use nothing of the sort.

He's referencing the post above yours.

On a side note Cisco TAC will get upset and it's about 50/50 whether they refuse to carry on with a TAC case if a 'sh tech' displays unsupported optics are installed in the system. Just forewarning.

# ? Jul 21, 2010 20:58

inignot: Sep 1, 2003; WWBCD?

This is about all I see for TCL docs:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_script_tcl_ps10591_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl_ps10591_TSD_Products_Configuration_Guide_Chapter.html

# ? Jul 21, 2010 21:42

Partycat: Oct 25, 2004

Xenomorph posted:

Edit, our Cisco guru said the "Cisco GLC-SX-MM" is what we should use for our Cisco 2960s. No lights come on with I plug it into our 2960

It won't light up unless it is on and linked on anything I've used, unless you're staring into it to see if it "lights up".

show inventory from the CLI should show it present as a pluggable in the system if it sees it there. This is also assuming that you know it works, we've had several with no light output but never right out of the box.

ex:

switch>sh inv
NAME: "1", DESCR: "WS-C3750G-48PS"
PID: WS-C3750G-48PS-S , VID: V05 , SN: FOCSHIT

NAME: "GigabitEthernet1/0/49", DESCR: "1000BaseSX SFP"
PID: , VID: , SN: H11CASH

The 'unsupported' option sounds neat but, for the TAC reason mentioned above, we haven't yet done that, until we get into a good position with our deployment where we won't want to call TAC for issues they would case.

Loving this new software though, can't see the log buffer unless enabled (?) ...

Partycat fucked around with this message at 22:01 on Jul 21, 2010

# ? Jul 21, 2010 21:59

Adbot: ADBOT LOVES YOU

# ? May 10, 2024 20:41

R1CH: Apr 7, 2002; The Ron Jeremy of the coding world

Anyone have any ideas on how to make the DHCP server on my 871W respond faster? I tried reducing ip dhcp ping packets and timeout to really low values. Whenever I plug in a network cable, Windows sits at Acquiring IP address for so long it actually times out and assigns an automatic private IP, then the DHCP IP is assigned about 5 second later. I'm guessing the DHCP server is waiting for an authoritative DHCP server to respond first, is there any way I can tell it that it's the authoritative server?

# ? Jul 22, 2010 00:27

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›431 »