|
Ahdinko posted:Honestly the wallboard requirements are really "look cool and make it look like things are happening to impress people". The helpdesk guys all get the alerts come into an inbox, none of them are sitting there staring at the telly waiting for a colour to change on a box. I'd like to see something more funtional than anything else when I or the helpdesk guys actually log in to go look at an issue or pull some stats for a query. I worked for a "major" Canadian MSS that was the worst culprit of implementing the world's most useless wallboard for dog and pony show reasons. Every time I walked by the SOC and saw the spinning threat "globe" my eyes rolled in their sockets so hard they left skidmarks.
|
#
?
Nov 10, 2015 14:50
|
|
|
|
| # ? Apr 27, 2024 05:10 |
|
|
Allstream?
|
|
#
?
Nov 10, 2015 16:57
|
|
|
Actually everyone internally who has walked by has been pretty interested and been like oh thats really cool, im awaiting to see what a customer says
|
|
#
?
Nov 10, 2015 17:27
|
|
|
How would you guys lab a qinq test environment? Is there a good virtual solution or should I go get some used gear?
|
|
#
?
Nov 11, 2015 22:29
|
|
|
For something doing all to one bundling you can probably get away with something virtualized. For anything interesting (selective via vlan id and/or other fields) I'd look at actual hardware.
|
|
#
?
Nov 11, 2015 22:45
|
|
|
tortilla_chip posted:For something doing all to one bundling you can probably get away with something virtualized. For anything interesting (selective via vlan id and/or other fields) I'd look at actual hardware. Yeah, I need to test picking out CE-Vlans out of S-Vlans and presenting them on different ports... or picking out multiple S-VLANs from a big trunk and breaking them out, so a "many" trunk to individual ports. Any suggestions on gear that would do it on the cheap?
|
|
#
?
Nov 12, 2015 00:07
|
|
|
In the Cisco portfolio you're looking for anything that supports the EVC/service instance architecture. ME3600x/3800X, ASR920, ASR903, ASR1K, ASR9K should all work... depends on your needs for speeds/feeds.
|
|
#
?
Nov 12, 2015 17:24
|
|
|
SourceFire version 6.0 has been released. As with everything, wait until the first maintenance update to put it into production. You'll also have to add additional RAM to your physical Defense Centers.
|
|
#
?
Nov 12, 2015 22:18
|
|
|
Starting to get EFI clients (Surface Pros) and my option 67 PXE boot has started failing. This article says I need to use "IP Helper Table Entries" to I assume point BIOS computers at one image and EFI at another. Can anyone translate into Cisco for me?
|
|
#
?
Nov 14, 2015 02:43
|
|
|
Ended up doing this with DHCP policies on a 2012 server  http://2pintsoftware.com/whitepaper-using-dhcp-uefi-bios-pxe-booting/
|
|
#
?
Nov 17, 2015 01:17
|
|
|
This is babby's first CCENT question and I hope it's appropriate here. I think I know the answer, but don't know what terminology to use to confirm it, and it seems sorta "foundational" so I'd like to make sure I get it. In short, a router "automatically" knows its local, connected networks, right? For example, say I configure FA0/0 to be 10.0.10.1/24. I configure FA0/1 to be 10.0.20.1/24. I connect a host to FA0/0 and give it 10.0.10.50 and another host onto FA0/1 as 10.0.20.100. Those two hosts can ping one another without any routing table configuration done at all, right? Because routers know any networks that they are directly connected to? Edit: Nevermind, already had this confirmed elsewhere (also by configuring things like I said above and just doing show ip route). Leaving the original post there in case it inspires anyone to write anything I guess! Japanese Dating Sim fucked around with this message at 20:12 on Nov 19, 2015 |
|
#
?
Nov 19, 2015 19:56
|
|
|
The subnet mask tells the device what it should be able to contact without having to go through a gateway. When a request is made to connect to a device in the same subnet, an ARP request is sent to get the MAC address of the destination, and the communication happens at a layer 2 level (that's a really bad explanation and I apologise). If you ping an address you have never pinged before in IOS you will often see the first ping fail as the address isn't in the ARP cache yet. The second ping command will show 100% success.
|
|
#
?
Nov 19, 2015 20:14
|
|
|
Thanks Ants posted:The subnet mask tells the device what it should be able to contact without having to go through a gateway. When a request is made to connect to a device in the same subnet, an ARP request is sent to get the MAC address of the destination, and the communication happens at a layer 2 level (that's a really bad explanation and I apologise). Okay, that brings something up that I might not be clear on then. 10.0.10.0/24 and 10.0.20.0/24 are different subnets (...right?  ), so if those two networks weren't on different interfaces on the same router, you would normally need a default gateway specified, no? But since they are two interfaces on the same router, what's actually happening? Is it still a layer 3 routing operation, just one that's automatically configured by virtue of those networks being connected on a local interface?
|
|
#
?
Nov 19, 2015 20:25
|
|
|
I misread your IPs. 10.0.10.0/24 is 10.0.10.1-10.0.10.255, 10.0.20.0/24 works in the same way. To get packets between those two networks they need to be routed. The routing table on your router knows about those already because they are interfaces on the router and it's directly connected to both. If you had a second router and they only had an address in the 10.0.10.0/24 subnet in common then you would need to tell each router about the other networks available on the connected router. The most basic way to do this is with static routes.
|
|
#
?
Nov 19, 2015 20:33
|
|
|
Thanks Ants posted:I misread your IPs. Okay, got it. Thanks for spending time on something that's extremely basic as far as this goes, I really do appreciate it.
|
|
#
?
Nov 19, 2015 20:51
|
|
|
Are there any issues with deploying Instant Access across a L2 WAN? I have a customer that has a bunch of branch offices with old 2950s and 2960s that converge on a central data center using municipal fiber for backhaul (full gig) where the SVIs reside. I think the farthest run is probably 30-40 miles. They're a small IT department, so switching to a collapsed core with centralized management would be good, I just want to make sure there isn't an issue with the delay.
|
|
#
?
Nov 19, 2015 22:51
|
|
|
Japanese Dating Sim posted:Okay, got it. Thanks for spending time on something that's extremely basic as far as this goes, I really do appreciate it. Not a problem, I need to get off my arse and schedule my exam so answering questions in the meantime helps keep it all fresh.
|
|
#
?
Nov 20, 2015 00:09
|
|
|
Anyone here know anyone in the LA area who would be interested in giving a bid for installation of a buncha Cat6a cables? It's for the entire floor space of an office building, 3 lines per station, and roughly 130 ports to the server room. Also interested in ISP service if anyone has any reccomendations please PM me. Also not sure where's best to post this, is it acceptable to make a thread in SH/SC for this?
|
|
#
?
Nov 21, 2015 00:45
|
|
|
Looking into enterprise wireless access point white papers and I seem to have fallen into a rabbit hole.  
|
|
#
?
Nov 21, 2015 01:28
|
|
|
Panda Time posted:Anyone here know anyone in the LA area who would be interested in giving a bid for installation of a buncha Cat6a cables? It's for the entire floor space of an office building, 3 lines per station, and roughly 130 ports to the server room. Also interested in ISP service if anyone has any reccomendations please PM me. I have been consistently happy with Signal Solutions. They cover LA as well as the Bay. I've used them for a half dozen major projects at this point. Internet access in LA is too fragmented to do a recommendation without an address.
|
|
#
?
Nov 21, 2015 01:53
|
|
|
We use Light Source 1 for our data center wiring jobs in downtown (One Wilshire area) LA. The do solid work.
|
|
#
?
Nov 21, 2015 03:15
|
|
|
Trip report from installing Cisco Prime: holy gently caress who the poo poo created this monstrous mess. Seriously bad. Would not spend a dime on it. Even if it's provided for free after our trial I may not continue using it. I have netflow coming from 3 routers. On two I can look up traffic on the interface we're monitoring, but one comes back 'no data available'. The stats from this router show up in the aggregate info for all three. No loving clue on this. Netflow reports return no data for any router, so I only have the live view available. Cpu and memory stats are gathered for our core switches and two of the routers but not the access switches of the same model or the third router. They are configured identically. And the struggle to even get this far when the entire interface is one of the least intuitive things I've used has been hell. What the gently caress cisco how is this your recommended monitoring solution. Please hire a third party to build this in the future, or better yet get your meraki team on it.
|
|
#
?
Nov 21, 2015 17:18
|
|
|
Can anyone tell me where to find the SNMP OID for a 1941 Port duplex status? I have an annoying issue with a SHDSL modem that occasionally will drop the line to half-duplex and I want to monitor for this.
|
|
#
?
Nov 23, 2015 02:16
|
|
|
http://www.oidview.com/mibs/0/EtherLike-MIB.html Duplex is in there. Are you using an existing NMS of some type or all one off tests?
|
|
#
?
Nov 23, 2015 04:05
|
|
|
falz posted:http://www.oidview.com/mibs/0/EtherLike-MIB.html Thanks, I'm using Solarwinds N-Central. They have a bunch of per port information but no duplex so I'll have to add a custom service to monitor it. Edit: Looks like that one didn't work. frogbert fucked around with this message at 07:07 on Nov 23, 2015 |
|
#
?
Nov 23, 2015 05:42
|
|
|
It should log when it changes duplex. If you're sending to a syslog server you could just scrape that log with a script and alert in some way.
|
|
#
?
Nov 23, 2015 14:37
|
|
|
Are you just checking SNMP status or generating traps?
|
|
#
?
Nov 23, 2015 14:42
|
|
|
I'm not using a syslog server. That's something I might look into but it would be a bit of overkill at this point. I'm just checking the SNMP Status I believe.
|
|
#
?
Nov 23, 2015 23:34
|
|
|
I just polled 1.3.6.1.2.1.10.7.2.1.19 on many vendors in our lab (Cisco IOS,, Juniper EX, Juniper MX, Brocade, Fortinet) and they all responded to it. Unsure what you're doing to test, but try snmpwalk from a cli: snmpwalk -On -v 2c -c <yourcommunity> <router> 1.3.6.1.2.1.10.7.2.1.19 Also I don't think any network is too small for a syslog server. Sync dem clocks while you're at it and you can actually troubleshoot stuff.
|
|
#
?
Nov 24, 2015 01:30
|
|
|
falz posted:I just polled 1.3.6.1.2.1.10.7.2.1.19 on many vendors in our lab (Cisco IOS,, Juniper EX, Juniper MX, Brocade, Fortinet) and they all responded to it. I'll look into it thanks. Any recommendations on syslog server software?
|
|
#
?
Nov 24, 2015 02:41
|
|
|
frogbert posted:I'll look into it thanks. Are you at all familiar with Linux? A little VM running rsyslog is all you need. There are tutorials galore for configuring it on Google.
|
|
#
?
Nov 24, 2015 03:07
|
|
|
frogbert posted:I'll look into it thanks. Solarwinds does provide one for free if you are going with their products (kiwi syslog), but really you can do it on your own with any server with a little bit of effort. Yay something I actually know about! I need to get off my rear end and get my CCENT as well. I read a bunch about something Cisco-exam related changing Nov 30th, is that just the CCNA security or something else in addition?
|
|
#
?
Nov 24, 2015 04:06
|
|
|
notwithoutmyanus posted:I need to get off my rear end and get my CCENT as well. I read a bunch about something Cisco-exam related changing Nov 30th, is that just the CCNA security or something else in addition? 640-554 Implementing Cisco IOS Network Security is retired at the end of this month http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/iins.html Cisco has a list of retired exams and their replacements here: http://www.cisco.com/c/en/us/training-events/training-certifications/exams/retired.html
|
|
#
?
Nov 24, 2015 16:57
|
|
|
frogbert posted:I'll look into it thanks.
|
|
#
?
Nov 25, 2015 06:01
|
|
|
frogbert posted:I'll look into it thanks. Splunk is free for up to 500mb/day of Syslogs, which should be more than enough.
|
|
#
?
Nov 26, 2015 05:11
|
|
|
Just install some flavor of linux or bsd, it will have a syslog server built in. Then use that box for additional monitoring tools. `grep` is a real nice and easy way to search your logs.
|
|
#
?
Nov 26, 2015 19:52
|
|
|
falz posted:Just install some flavor of linux or bsd, it will have a syslog server built in. Then use that box for additional monitoring tools. `grep` is a real nice and easy way to search your logs. Sometimes you want to create dashboards for other people or have alerts/notifications sent out on specific events. 'grep' is nice but it's not going to help you find something you've never seen before. If you do decide to go this route though make sure you're using either rsyslog or syslog-ng. You're better off with ELK or splunk though.
|
|
#
?
Nov 27, 2015 08:54
|
|
|
The only reason I'd go with a plain syslog setup instead of ELK would be if the machine I had to run it was really low-end. My old syslog-ng server was running on an ancient Pentium 4 with 256MB of RAM and handled all my needs without a stutter running a homebrew PHP web interface to browse it, where the same exact load on an ELK setup needed about 6GB of RAM to get the job done. RAM is cheap though and the functionality difference was massive, so there's absolutely no question in my mind that it's worth it.
|
|
#
?
Nov 27, 2015 17:16
|
|
|
Just googled ELK. It looks all nice and pretty and stuff, but seems like way overkill for most folks that want centralized logs.At the most basic level, just take any unix syslog server, listen publicly and tweak the config to log to where you want. If you want alerts, use logwatch of 1000 things that are meant to watch logs and alert in some way (email, pagerduty, etc). If you want a pretty dashboard, ELK does looks nice. ELK shows examples of 'DDOS detection'. This seems like a convoluted way to do that specifically- seems like that should be done using netflow, a port mirror, or a tap, and possibly fastnetmon or snort or something. Also note that the website says "ELK is not really meant for up/down alerting". Anyway, its cool that all of these tools exist. My original point was intended to convey that a linux/bsd box is far more flexible at these things than windows, and has many many more options to do clever things than, say, Windows, which is limited to a few commercial products (which may be ok if they do what you want). Maybe you just need grep or tail since that will show you (but not your PHB) all events sequentially.
|
|
#
?
Nov 27, 2015 18:38
|
|
|
|
| # ? Apr 27, 2024 05:10 |
|
|
It's not just about making it look pretty, it's about classifying, categorizing, and making sense of the data.
|
|
#
?
Nov 27, 2015 23:05
|
|