|
Yeah, on switches, and routers that use switching modules, build everything on VLANs instead of assigning IPs direct to interfaces. It gives you way more flexibility that way anyways.
|
| # ? Aug 26, 2010 20:43 |
|
|
|
| # ? May 25, 2013 16:43 |
|
|
Harry Totterbottom posted:For a switch you need to put the ip address on the VLAN. drat, I knew I was missing something. Oh CCENT, I took you so long ago.
|
| # ? Aug 26, 2010 20:49 |
|
|
CrazyLittle posted:Yeah, on switches, and routers that use switching modules, build everything on VLANs instead of assigning IPs direct to interfaces. It gives you way more flexibility that way anyways. But, but, I can't use 'ip ospf network point-to-point' to skip DR/BDR election on PtP Ethernet lins if I use SVIs!
|
| # ? Aug 26, 2010 20:51 |
|
|
Fair enough, I've got no problems doing everything at the CLI, I prefer it really (because it makes me feel super-l33t!). Okay, so forget the web interface. If I wanted to access the switch over telnet, what would I do? Or any other way of managing it remotely so I don't have to walk the arduous 50 feet over to the server room?
|
| # ? Aug 26, 2010 21:08 |
|
|
Router(config)#line vty 0 4 Router(config-line)#login Router(config-line)#password cisco I believe. Also, may want to not make the pass cisco.... can a secret cisco be used so its not clear text? Or am I thinking of the wrong syntax here? EDIT: By the way, figured out my own login problem.... I wasn't using the right IP address.... sigh...
|
| # ? Aug 26, 2010 21:12 |
|
|
Bardlebee posted:Router(config)#line vty 0 4 You can't put secret on a line iirc, secret is only for enable, and for user accounts, lines can only be type 7 encrypted. Which you turn on by setting the "service password-encryption" option. But type 7 is reversible encryption so we usually end up doing (this is from memory, so I may have the AAA authentication/authorization reversed): code:
|
| # ? Aug 26, 2010 21:17 |
|
|
Right, I get enabling telnet on the switch, but then how would I go about connecting to the switch remotely then? Don't I need it's IP address?
|
| # ? Aug 26, 2010 21:27 |
|
|
int vlan 1 ip address <something> <netmask> no shut line vty 0 4 password cisco login Then you telnet to <something>, assuming the port you're coming in on can somehow reach vlan 1. edit: If it's ssh then you need to configure other stuff as per ragzilla's post, also need to set the switch's domain name, generate crypto keys, etc. Though it doesn't bode well for my CCNA that I can't categorically rattle off the list of tasks not having the cli in front of me 
Martytoof fucked around with this message at Aug 26, 2010 around 21:41 |
| # ? Aug 26, 2010 21:37 |
|
|
Tsaven Nava posted:Right, I get enabling telnet on the switch, but then how would I go about connecting to the switch remotely then? Don't I need it's IP address? Yes.
|
| # ? Aug 26, 2010 21:38 |
|
|
Martytoof posted:edit: If it's ssh then you need to configure other stuff as per ragzilla's post, also need to set the switch's domain name, generate crypto keys, etc. Though it doesn't bode well for my CCNA that I can't categorically rattle off the list of tasks not having the cli in front of me The only thing you missed because it's obvious is hostname, hostname and domainname are the prereqs for crypto key generate, which is the prereq for setting transport input ssh. Then just setting up users/AAA.
|
| # ? Aug 27, 2010 00:10 |
|
|
ragzilla posted:You can't put secret on a line iirc, secret is only for enable, and for user accounts, lines can only be type 7 encrypted. Which you turn on by setting the "service password-encryption" option. But type 7 is reversible encryption so we usually end up doing (this is from memory, so I may have the AAA authentication/authorization reversed): to run ssh you also 1. need a crypto ios image & 2. crypto key gen rsa
|
| # ? Aug 27, 2010 00:25 |
|
|
I'm looking at earning a couple of certifications over the next few months. Thus far I've earned the CCNA and the CCNA Voice. I'm working on CCNA Security now, but I'm beginning to think that I'll need a small practice lab before I can progress a whole lot further. Someone I work with said that when they set their practice lab up, they used a 2611XM and a 3550 switch. It looks like I can get a 2611XM for about $176 and a 3550 for about $165, so that's not too bad. Are there better options though? My budget is around $350.
|
| # ? Aug 27, 2010 02:36 |
|
|
WT Wally posted:I'm looking at earning a couple of certifications over the next few months. Thus far I've earned the CCNA and the CCNA Voice. I'm working on CCNA Security now, but I'm beginning to think that I'll need a small practice lab before I can progress a whole lot further. Someone I work with said that when they set their practice lab up, they used a 2611XM and a 3550 switch. The 3550 is definitely worth getting for the MLS experience. On the router front, I'd probably try to find some lower end 2600s (not XMs), at least 3 of them. One with a 4-8 port serial port NM, and the other 2 with serial NMs, set up the multi-port as a frame relay router, then add more nodes as you can afford to and want to to simulate more sites.
|
| # ? Aug 27, 2010 02:40 |
|
|
I definitely want a 3550. Haven't tried MLS yet.
|
| # ? Aug 27, 2010 02:47 |
|
|
Martytoof posted:I definitely want a 3550. Haven't tried MLS yet. Just don't get too attached to the non terrible QoS/policing (wrr-queue) in the 3550, they crippled it in 3560/3750 and above (srr-queue).
|
| # ? Aug 27, 2010 03:04 |
|
|
I can't imagine that would actually affect a lab environment, right? Unless you just mean from a purely theoretical standpoint.
|
| # ? Aug 27, 2010 05:50 |
|
|
I assume this product won't let me do CLI since it has a "cool" GUI right?: http://www.cisco.com/en/US/products/ps10003/index.html Anyone ever use these?
|
| # ? Aug 27, 2010 13:28 |
|
|
Bardlebee posted:I assume this product won't let me do CLI since it's a linksys product right? Right. Also I like how it's a gigabit switch but "The switch supports up to 48 connected devices with a maximum speed of 200 Mbps per port.", that's just tragic, skimping on the fabric so much you can only do 200mbit/port.
|
| # ? Aug 27, 2010 14:23 |
|
|
ragzilla posted:Right. I think they're referring to the fact that most of the ports on that switch are 10/100 full duplex which equals 200mbit/port!!!!!!
|
| # ? Aug 27, 2010 14:26 |
|
|
ragzilla posted:Right. Well, I don't need a gig switch for my office. It's not that large. And honestly and sadly this is all that my clinic will spend on, at least I have tested the boundaries on it. Sad but true. I think next switch I purchase will be a Cisco through Ebay that has a CLI, because IOS is much better and I want the practice. EDIT: I am so getting a new job after this final semester of school and my CCNA 
|
| # ? Aug 27, 2010 14:26 |
|
|
Bardlebee posted:Well, I don't need a gig switch for my office. It's not that large. And honestly and sadly this is all that my clinic will spend on, at least I have tested the boundaries on it. I don't know how much I can stress, ask your cisco vendors about referb kit. It's cheaper than new and comes with warranty. You'll still have to pay for your smartnet, but the equipment cost savings will allow you to reduce the initial buy in. Just make sure you add your smartnet subscriptions to your budget forecast for the next year.
|
| # ? Aug 27, 2010 15:35 |
|
|
Harry Totterbottom posted:I don't know how much I can stress, ask your cisco vendors about referb kit. It's cheaper than new and comes with warranty. You'll still have to pay for your smartnet, but the equipment cost savings will allow you to reduce the initial buy in. Just make sure you add your smartnet subscriptions to your budget forecast for the next year. Heh, I will have to remember this next time we order a switch. Unfortunately we purchased these. Ah well. Thank you for the info.
|
| # ? Aug 27, 2010 15:40 |
|
|
Martytoof posted:int vlan 1 Also you need to set an enable password.
|
| # ? Aug 28, 2010 01:25 |
|
|
Bardlebee posted:I assume this product won't let me do CLI since it has a "cool" GUI right?: I had some similar looking Linksys switches and this worked on them: http://homecommunity.cisco.com/t5/S...mode/m-p/109959 Those aren't the same model, but it's worth a shot. The CLI on the ones I had was a little off from real IOS, and their feature set is spotty at best, but it's better than dealing with the web front-end.
|
| # ? Aug 28, 2010 23:43 |
|
|
I get quite a few IP conflicts in the mornings here, is this normal for a router?:code:
|
| # ? Aug 30, 2010 18:38 |
|
|
Do you actually have any address conflicts on the network, or is this just what the router is reporting? I think this is a byproduct of not having a database agent configured on the router. edit: Googling reveals that Cisco recommends disabling DHCP address conflict reporting if you don't have a database agent configured: http://www.cisco.com/en/US/docs/ios...de/1cddhcp.html
|
| # ? Aug 30, 2010 19:34 |
|
|
Martytoof posted:Do you actually have any address conflicts on the network, or is this just what the router is reporting? I think this is a byproduct of not having a database agent configured on the router. I have been getting these reports on my router for about a month now, only about 5-6 of them a day. I had no one complain until today, though she still had internet access and network access microsoft was kind enough to prompt her that she had an IP conflict. I imagine she had a conflict which was rectified by the router and Microsoft did not see it. In any case, thank you I guess I will have to see what a database agent is as I am unfamiliar with that term.
|
| # ? Aug 30, 2010 19:43 |
|
|
I've never actually come across one since we always used a Microsoft DHCP server so I have no practical advice beyond what I googled, but good luck! edit: Maybe do a random sampling to see what the router thinks certain lease times are and then compare that to what Windows says. See if there are any discrepancies that would explain the computer not re-requesting a lease.
|
| # ? Aug 30, 2010 19:53 |
|
|
Martytoof posted:I've never actually come across one since we always used a Microsoft DHCP server so I have no practical advice beyond what I googled, but good luck! Is it best practice to use a server based DHCP? I am sorta new at administration.
|
| # ? Aug 30, 2010 20:29 |
|
|
Bardlebee posted:Is it best practice to use a server based DHCP? I am sorta new at administration. If you're running a windows workgroup or domain, then having DHCP and DNS and AD tied together makes network management a lot simpler.
|
| # ? Aug 30, 2010 20:36 |
|
|
Bardlebee posted:Is it best practice to use a server based DHCP? I am sorta new at administration. Yes, IOS DHCP sucks. If you want to put your DHCP server in a different subnet than the workstations look into the 'ip helper-address' interface command to forward DHCP requests.
|
| # ? Aug 30, 2010 21:01 |
|
|
let's not get carried away - it could be worse. It could be Belkin dhcp
|
| # ? Aug 30, 2010 21:04 |
|
|
CrazyLittle posted:let's not get carried away - it could be worse. It could be Belkin dhcp <insert IPv6 evangelism, ignoring that RA and DHCPv6 both fall short currently and need to be deployed simultaneously to get a fully working dynamic environment>
|
| # ? Aug 30, 2010 21:14 |
|
|
IOS DHCP is great for a small office or at home, once you get into a few hundred users though, you should change to something better.
|
| # ? Aug 30, 2010 21:39 |
|
|
ragzilla posted:<insert IPv6 evangelism, ignoring that RA and DHCPv6 both fall short currently and need to be deployed simultaneously to get a fully working dynamic environment> I'm holding out for IPv12. By then, they'll have made things worse.
|
| # ? Aug 31, 2010 02:30 |
|
|
What's the operable differences between the Catalyst 2950 switches, and the 2948? We need another 48-port switch for our network at work, but our usage is seriously minor and in reality we could probably get away with an non-managed switch, but I'm a control freak and I like having the option. Currently we have 2x 48pt 2950 switches, and 1x 24pt 2960 as a cheap top-of-rack option. Looking at ebay, used 2950 switches go for about $120, but 2948Gs are all over the place for about $60. Any reason not to get a 2948? All we need is a bunch of 10/100s and a couple gbit uplinks (even a single gbit uplink is fine)
|
| # ? Aug 31, 2010 19:56 |
|
|
2950 is 10/100 2948 is 10/100/1000 2:1 oversubscribed and no jumbo frames... oh also Runs CatOS so unless you want to learn an obsolete, terrible cli, get a 2950 or 2960. If you can find a 2948G, I think those run IOS, but they probably aren't as cheap.
|
| # ? Aug 31, 2010 21:45 |
|
|
So, I replaced a switch that was basically a netgear 4 port switch between my router and the connection to our T1 line. So basically the switch was there for no purpose served, until I saw these messages when I connected my router and my T1 line together. I get this collision message over and over every second. *Sep 7 17:47:16.619: %PQ3_TSEC-5-LATECOLL: PQ3/FE(0), Late collision *Sep 7 17:47:20.475: %PQ3_TSEC-5-LATECOLL: PQ3/FE(0), Late collision also I get a duplex mis match.... *Sep 7 17:50:15.331: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0 (not full duplex), with SouthTexas FastEthernet0/0 (full duplex). Should I be concerned?
|
| # ? Sep 7, 2010 17:38 |
|
|
Oh Cisco I  your complete inability to auto-negotiate duplex.(Set your port speed and duplex for both ends of that network segment)
|
| # ? Sep 7, 2010 17:57 |
|
|
|
| # ? May 25, 2013 16:43 |
|
|
CrazyLittle posted:Oh Cisco I Problem is that the other end is a Cisco router owned by my ISP, so that is a no go. Is there a way I can figure out what the port speed and duplex is of this guy without being able to access the CLI?
|
| # ? Sep 8, 2010 02:03 |
|
