|
Anyone attending Cisco Live in Orlando? e: And like beer?
|
# ? Jun 23, 2013 14:50 |
|
|
# ? May 12, 2024 13:41 |
|
tortilla_chip posted:Anyone attending Cisco Live in Orlando? I wish
|
# ? Jun 23, 2013 15:50 |
|
Haydez posted:The place, a bank, I started working at (8 years ago) was using 1.25.0.0/16 as the internal address scheme. For a 160 employee place. Got that fixed fast at least. At my first job they decided to assign addresses within the 100.0.0.0/8 space. I got out of there within a year. It turns out they went out of business not long after. At my current job I am lucky we have a sane IP address scheme. We have a bunch of small sites (less than 100 hosts) and they each get a /21, then we break them up into 8 /24's for each VLAN.
|
# ? Jun 23, 2013 18:39 |
|
My place used to be a relatively flat network with public IP addresses. A few years ago they switched to private addressing and since they had to renumber everything anyways, took the time and effort to plan out a logical, scalable addressing system. Thank god they did, makes everything so much easier and consistent. We broke up 10.0.0.0/8 as: Each datacentre has a /14 Branch sites have two /14s, each branch has a /24 from each of the two /14s. It's convenient because you know which datacentre based on the 2nd octet, and which branch site based on the 3rd. Last octet is standardised, so for example .34 will be the same machine at each branch.
|
# ? Jun 23, 2013 20:02 |
|
bort posted:You guys use 10.1 10.10 and 10.100 also? Fancy that! This sort of thing happens to me all the time . But still my director doesn't understand why I want IPv6 so much.
|
# ? Jun 23, 2013 22:00 |
|
I inherited the design of our network, but we use a /24 at each branch for standard branch data (10.1.x.0/24), a /24 for weird stuff (10.2.x.0/24), and a third /24 for voice (10.3.x.0/24). It is somewhat backwards from a routing standpoint, but works well for access lists.
|
# ? Jun 23, 2013 23:03 |
|
Buffer posted:Are there any limitations imposed based on the size of the peer-link when you configure a Nexus for virtual port-channel? I keep seeing 2x10GE but it's unclear if this is per 20GE VPC or if some kind of magic happens. Not really. The control traffic that goes over the peer link will fit more than comfortably in a single 10 gig pipe. Beyond that you're adding for redundancy and bandwidth of your data traffic. If you think you'll have a lot of traffic going from one of your 5ks to the other feel free to use 4 links or more for your peer-link. Regarding your second question, you don't need to have multiple peer links for vPC even if you planned on having 40 port-channels. 1 should be sufficient. The only caveat is you need to make sure any VLAN on a vPC port-channel is carried over the peer-link. That said I think you're still going to be limited to 16 interfaces per port-channel with 8 active at any time. Don't think you can have 21 members in a given channel-group.
|
# ? Jun 23, 2013 23:34 |
|
1000101 posted:Not really. The control traffic that goes over the peer link will fit more than comfortably in a single 10 gig pipe. Beyond that you're adding for redundancy and bandwidth of your data traffic. If you think you'll have a lot of traffic going from one of your 5ks to the other feel free to use 4 links or more for your peer-link. Can you clarify this? The only traffic traversing the 5ks will be from one VPC to another. Am I really OK with just 2 10GE links for redundancy and can expect those vpcs to roughly perform like they were real port channels? I guess what has me a little leery is that it seems a bit too good to be true. My instinct is that I should size the peer link for the amount of cross-traffic that could occur without VPC. 1000101 posted:That said I think you're still going to be limited to 16 interfaces per port-channel with 8 active at any time. Don't think you can have 21 members in a given channel-group. It'd be 15 separate virtual port channels each with 1-2 interfaces per switch for a total of 21 used interfaces - to start with anyway.
|
# ? Jun 24, 2013 00:01 |
|
I have a very simple RIP question, and I just want to make sure I'm doing things right. For my hypothetical scenario that I've been playing around with in my lab, I have 3 routers making up 3 networks, 192.68.1.0, .2.0, and .3.0, all /24. In reality I'm just console'd into Router1, but pretend there are client PCs plugged into the switch getting DHCP addresses. To set up RIP, as I understood it, I needed to add the broadcast networks for each router. That is to say, it should suffice for Router1 to say "hey, I know all about the 192.168.1.0 network", therefore I could run network 192.168.1.0 on it, Router2 can say "hey, I know the .2.0 network" (network 192.168.2.0), and then Router3 knows the .3.0 network (network 192.168.3.0). When I did that, nothing routed. Eventually, when playing around, I added network 192.168.1.0 to Router2 and network 192.168.2.0 to Router3 and things started working. My question is - to set up RIP on a router, do you need to define ALL physically connected networks? Not just the one you want it to be broadcasting for? edit-- that's a bunch of wordy mess. What I thought would work: code:
code:
Count Thrashula fucked around with this message at 00:40 on Jun 24, 2013 |
# ? Jun 24, 2013 00:37 |
|
ruro posted:This sort of thing happens to me all the time . But still my director doesn't understand why I want IPv6 so much. IPv6 will be great 50 years from now when it's fully implemented and is the only thing everyone knows. But in the mean time we have sysadmins and developers who can barely handle a 32 bit IPv4 addressing scheme.
|
# ? Jun 24, 2013 00:57 |
|
QPZIL posted:I have a very simple RIP question, and I just want to make sure I'm doing things right. The network command tells RIP which interfaces it should advertise RIP out of (any interfaces that are within that network range), not which networks to advertise to other RIP enabled routers. This is the case with RIP/OSPF/EIGRP whereas BGP it is the command to list which networks to advertise as your own. Typically you would do network 0.0.0.0 to enable it on all interfaces and put passive-interface on by default, then manually choose which interfaces you want dynamic routing protocols enabled on by removing passive-interface for them individually. Sepist fucked around with this message at 01:20 on Jun 24, 2013 |
# ? Jun 24, 2013 01:15 |
|
Sepist posted:The network command tells RIP which interfaces it should advertise RIP out of (any interfaces that are within that network range), not which networks to advertise to other RIP enabled routers. This is the case with RIP/OSPF/EIGRP whereas BGP it is the command to list which networks to advertise as your own. Ahh, that makes sense. Thanks.
|
# ? Jun 24, 2013 01:26 |
|
Buffer posted:Can you clarify this? The only traffic traversing the 5ks will be from one VPC to another. Am I really OK with just 2 10GE links for redundancy and can expect those vpcs to roughly perform like they were real port channels? I guess what has me a little leery is that it seems a bit too good to be true. My instinct is that I should size the peer link for the amount of cross-traffic that could occur without VPC. In a perfect world you shouldn't have a whole lot of traffic going over your vPC peer link. If every device connected to my 5k is using vPC then as long as everything is healthy you shouldn't see much of anything going over that link. However if there's a failure (say one of your downstream vPC connected devices loses one leg of it's vPC) then you might see some data traffic going over the peer link. In my lab environment I have a pair of Nexus 5ks acting like my "core" and the only traffic I see going over the peer link is non-VPC stuff. i.e. it's plugged into 1 5k but not the other and it happens to be talking to a device on the other. quote:It'd be 15 separate virtual port channels each with 1-2 interfaces per switch for a total of 21 used interfaces - to start with anyway. Ah should be fine then!
|
# ? Jun 24, 2013 01:27 |
|
1000101 posted:In a perfect world you shouldn't have a whole lot of traffic going over your vPC peer link. If every device connected to my 5k is using vPC then as long as everything is healthy you shouldn't see much of anything going over that link. However if there's a failure (say one of your downstream vPC connected devices loses one leg of it's vPC) then you might see some data traffic going over the peer link. Awesome. Thanks a lot. I should definitely be good to go with dual-5ks then.
|
# ? Jun 24, 2013 03:32 |
|
Has anyone done OR is it even possible to do a native IPv6 GRE tunnel? I can do IPv6 over a IPv4 tunnel but cannot do one with a source/dest of an IPv6 address, complains about address family must be the same source. It was with a gr-0/0/0.0 IPv4 and a gr-0/0/0.1 as an IPv6 In Junos as well
|
# ? Jun 24, 2013 04:56 |
|
nzspambot posted:Has anyone done OR is it even possible to do a native IPv6 GRE tunnel? I haven't done it but as far I know it should be exactly like setting up a GRE IPv4 tunnel except you'll use "tunnel mode gre ipv6" and "ipv6 addr" on the Tunnel interface configuration. I'll try and look into it tomorrow if I have a chance.
|
# ? Jun 24, 2013 05:04 |
|
Dumb VLAN question. We have a pc and printer on .3.x addresses. Port 4 of the managed switch is set with the PVID for VLAN 3 (our .3.x addresses). If I set port 4 to be tagged for VLAN 3, machines plugged into the other ports on the managed switch can still ping the PC, but not the printer. If I untag the port, they can ping both the PC and the printer (and ultimately print to the printer). How is the traffic getting to them if it's not tagged with that VLAN? And why would it only affect the printer and not the PC? code:
|
# ? Jun 24, 2013 18:36 |
|
Gonna ask the obvious question here: is the printer manually configured? And if so, is it on the correct subnet?
|
# ? Jun 24, 2013 20:19 |
|
DeNofa posted:I haven't done it but as far I know it should be exactly like setting up a GRE IPv4 tunnel except you'll use "tunnel mode gre ipv6" and "ipv6 addr" on the Tunnel interface configuration. I'll try and look into it tomorrow if I have a chance. ahh interesting; let me try that magic command edit: hang on those are cisco commands; this is junos nzspambot fucked around with this message at 22:23 on Jun 24, 2013 |
# ? Jun 24, 2013 21:44 |
|
nzspambot posted:ahh interesting; let me try that magic command Whoops! Sorry. Sounded like you were saying you needed for Cisco as well as junos. Can't help you there
|
# ? Jun 24, 2013 23:47 |
|
psydude posted:Gonna ask the obvious question here: is the printer manually configured? And if so, is it on the correct subnet? Yes. All devices are statically addressed
|
# ? Jun 25, 2013 00:07 |
|
DeNofa posted:Whoops! Sorry. Sounded like you were saying you needed for Cisco as well as junos. Can't help you there all good! Cisco I know I can do this this is the error btw code:
|
# ? Jun 25, 2013 00:59 |
|
nzspambot posted:all good! Cisco I know I can do this Where is the ipv6 assigned at? I don't see it on gr-0/0/0.0 in that config.
|
# ? Jun 25, 2013 01:33 |
|
that is irrelevant as a inet6 address or lack thereof isn't the cause of the error edit: proof: code:
nzspambot fucked around with this message at 04:05 on Jun 25, 2013 |
# ? Jun 25, 2013 04:03 |
|
nzspambot posted:that is irrelevant as a inet6 address or lack thereof isn't the cause of the error Right, my fault for asking for additional info to possibly help out the guy asking for help. H.R. Paperstacks fucked around with this message at 12:18 on Jun 25, 2013 |
# ? Jun 25, 2013 12:16 |
|
Bob Morales posted:Dumb VLAN question. We have a pc and printer on .3.x addresses. Port 4 of the managed switch is set with the PVID for VLAN 3 (our .3.x addresses). Typically you would tag an interface or a port-channel when you plug in two managed switches together. When you "tag" a port, you are adding a 802.1Q header to each Ethernet frame. It's up to the end device if it supports VLAN tagging or not. In your case, the PC understands VLAN tagging but the printer is probably discarding the Ethernet frames. The correct way to plug in the unmanaged switch would be to make sure that the port is untagged, and that "spanning-tree portfast" is NOT enabled on the port. You want the normal spanning tree operations to take place. Also before plugging the switch in, you should know what your spanning tree root bridge priority are set to for the VLAN. You don't want a lovely Dlink switch becoming the root bridge for the VLAN. Here's an example of two managed switches connected to each other: On the switches above, you will configure port #1 on both switches to be a trunk port. On a Cisco switch, if you just have "switchport mode trunk" it will tag all VLANs over the trunk port. You can control this by using "switchport mode trunk allowed vlan". On other vendors such as Force10, you would go into each vlan interface and define what ports are tagged (i.e. trunks) and what ports are untagged (i.e. hosts). When PC1 wants to communicate to PC2, Switch 1 will add a 802.1Q header for VLAN 200 to every Ethernet frame that leaves port #1, then Switch #2 will strip it off before the frames arrive to port #15. In your example, the fact that everything works when the port is untagged goes back to how switches/ARP work in the first place. Pretend for a moment that it is 1995 and you are using hubs for everything. Physically, this is your topology: Both PC1 and PC2 physically share the same "wire". When PC1 wants to transmit data to PC2, it will perform an ARP request to find out what the MAC address of PC2 is. After this is completed, it will start sending frames to PC2's MAC address but since they all share the same wire, every other device plugged in will also get the frame as well. Switches improve this behavior by only forwarding frames only to the source and destination ports except for broadcasts (FF:FF:FF:FF:FF:FF). Logically, you are still on the same "wire" but switches keep a record of what MAC addresses are associated to each port so it doesn't forward frames to every port. When you perform an ARP request, it will be forwarded to every port in the VLAN (including trunk ports). Going back to your example, the managed switch will forward the ARP request on port 4 and the unmanaged switch will flood it to all of its ports. Both the PC and the printer will reply back to the ARP request with its MAC address. If you log into your managed switch, take a look at the mac-address table. You will see that the MAC addresses for both the PC and the printer will be associated with port #5. On the unamanged switch, it will still maintain its own arp cache and will know the MAC address for the PC on port #3, the printer on port #4, and source MAC on port #1. Once both switches know the source/destination MAC addresses it can forward Ethernet frames to either the PC or the printer.
|
# ? Jun 25, 2013 15:50 |
|
One of my colleagues threw out the rack mount kits for four 6500 chassis... :facepalm:. When asked how we were going to rack them without the rack kits he suggested we just put them on a shelf .
|
# ? Jun 27, 2013 00:43 |
|
I'm pretty sure you can put them on a shelf, or just set them on the floor or whatever. IIRC the bracket we use in the two post racks is basically a cantilevered shelf.
|
# ? Jun 27, 2013 01:21 |
|
Partycat posted:I'm pretty sure you can put them on a shelf, or just set them on the floor or whatever. IIRC the bracket we use in the two post racks is basically a cantilevered shelf. Oh for sure, but we have racks and use the rack mounts for all our other 6500s so I was bewildered as to why you would throw the rack mount kit away.
|
# ? Jun 27, 2013 01:46 |
|
Anybody else loving the wonderfully non-functional 15.0.2(SE2+)? Lets see, 15.0.2(SE2) has a memory leak (on 2960Ss) where if you have too many devices requesting DHCP you lose console access until reboot. 15.02(SE3) has a TACACS bug (on 3560/3750s) that kills all access, yaaaaayyyyy for summer deployment ie, busiest time of the year for me.
|
# ? Jun 27, 2013 01:54 |
|
Fatal posted:Anybody else loving the wonderfully non-functional 15.0.2(SE2+)? Lets see, 15.0.2(SE2) has a memory leak (on 2960Ss) where if you have too many devices requesting DHCP you lose console access until reboot. 15.02(SE3) has a TACACS bug (on 3560/3750s) that kills all access, yaaaaayyyyy for summer deployment ie, busiest time of the year for me. You're the first person I've seen using 15.x on access switches - everyone else I know is sitting pretty on 12.x for the time being. Generally if it's a .0. release I won't touch it.
|
# ? Jun 27, 2013 02:13 |
|
I've only used 15.X on our routers. Switches are still running 12.
|
# ? Jun 27, 2013 02:38 |
|
Fatal posted:Anybody else loving the wonderfully non-functional 15.0.2(SE2+)? Lets see, 15.0.2(SE2) has a memory leak (on 2960Ss) where if you have too many devices requesting DHCP you lose console access until reboot. 15.02(SE3) has a TACACS bug (on 3560/3750s) that kills all access, yaaaaayyyyy for summer deployment ie, busiest time of the year for me. We just upgraded our 3560s to 12.2.55(SE7) and TACACS single-connection causes the CPU to spike to 100%, losing console and SSH connectivity until you reboot. Damned if you do, damned if you don't.
|
# ? Jun 27, 2013 02:49 |
|
ruro posted:You're the first person I've seen using 15.x on access switches - everyone else I know is sitting pretty on 12.x for the time being. Generally if it's a .0. release I won't touch it.
|
# ? Jun 27, 2013 04:20 |
This is not strictly speaking a Cisco question. Is there any in-between when it comes to networking work? I did positions where you work at 100% all day, then dread your upcoming week as on-call where you have to take 25 hours of calls in the middle of the night in addition to normal work. Then I moved to enterprise where I got payed a lot more, but twiddle my thumbs all day. Its incredibly boring and I have little sense of fulfillment, but none of the crazy stress from before. What sort of industry can you build/design/fix most of the day from 8-5, then go home with little/no on-call or stress. Is that a pipe dream? The stress from the former was too much for me to keep a healthy lifestyle, but I felt incredibly satisfied by what I did (well, not the pay but that's because the company was poo poo). I'd like to get that feeling back, I feel like my skills are slipping everyday because I only get to do something challenging every couple months. Advice?
|
|
# ? Jun 27, 2013 04:52 |
|
Mugaaz posted:This is not strictly speaking a Cisco question. Is there any in-between when it comes to networking work? I did positions where you work at 100% all day, then dread your upcoming week as on-call where you have to take 25 hours of calls in the middle of the night in addition to normal work. Then I moved to enterprise where I got payed a lot more, but twiddle my thumbs all day. Its incredibly boring and I have little sense of fulfillment, but none of the crazy stress from before. What sort of industry can you build/design/fix most of the day from 8-5, then go home with little/no on-call or stress. Is that a pipe dream? The stress from the former was too much for me to keep a healthy lifestyle, but I felt incredibly satisfied by what I did (well, not the pay but that's because the company was poo poo). I'd like to get that feeling back, I feel like my skills are slipping everyday because I only get to do something challenging every couple months. Advice? Good grief how many calls?! I guess I'm fortunate to have only ever worked on relatively stable networks. Right now I'm in a role that's an amalgamation of L3 support and network design/engineering which is sounds like what you want. I get the occasional call from L2 but most of the time it's 8-5 (well, 7-4 for me huzzah no end-user interaction). So what you want is definitely out there, and personally once I finish fixing or adding all the value I can I tend to move on.
|
# ? Jun 27, 2013 05:02 |
ruro posted:Good grief how many calls?! I guess I'm fortunate to have only ever worked on relatively stable networks. What sector are you in? My last on-call experience was so bad I can't stress it enough. The worst thing was leaving work at 5, getting called while I'm in the parking lot, and being on the phone continuously besides some bursts of sleep until Sunday afternoon. I remember having to take the on-call phone into that bathroom multiple times. At least they let you come in as late as you needed to get some sleep when called during the night. Mugaaz fucked around with this message at 05:20 on Jun 27, 2013 |
|
# ? Jun 27, 2013 05:18 |
|
Mugaaz posted:What sector are you in?
|
# ? Jun 27, 2013 05:24 |
|
TAC it up!! Working in TAC really isn't that bad. At least from my experience, as long as you're getting your work done and your managers aren't getting a ton of complaints from your customers, you can definitely do 8-5 days. Depending on your technology team, you may have to work one or two weekend days a month, but they're usually slow as most customers don't want to break/fix stuff on weekends. Plus you get to learn a ton and see every problem imaginable from all sort of networks, and then some problems you can't imagine as well.
|
# ? Jun 27, 2013 12:10 |
|
|
# ? May 12, 2024 13:41 |
|
Fatal posted:Anybody else loving the wonderfully non-functional 15.0.2(SE2+)? Lets see, 15.0.2(SE2) has a memory leak (on 2960Ss) where if you have too many devices requesting DHCP you lose console access until reboot. 15.02(SE3) has a TACACS bug (on 3560/3750s) that kills all access, yaaaaayyyyy for summer deployment ie, busiest time of the year for me. Actually yes. That memory leak bug impacts the 3750. We're not using DHCP server, only snooping, but the "access manager" vacuums up our memory and you lose console/SSH access. SNMP still works, so if you're going to be dealing with these things, I'd suggest enabling SNMP restarts so you don't have to go to it to power cycle.
|
# ? Jun 27, 2013 12:31 |