|
Ok this is a dumb one, but where can I find the steps I need to go through with the CLI to install a new version of ios for my 871 router? The Cisco website sucks pretty bad and all I can find are tech docs on how to restart the router.
|
#
¿
May 1, 2007 03:34
|
|
|
|
| # ¿ Apr 25, 2024 02:14 |
|
|
I'm gonna be starting my CCNA soon, do you guys have any suggestions as to which books/routers I should be buying for my labs?
|
|
#
¿
Jul 22, 2007 00:40
|
|
|
 I've been trying to come up with a solution to some network latency I have been experiencing recently, especially in regards to torrents. I'm looking for a way to throttle my Bittorent traffic not from my own computer, but over the network. And not really throttle it, but prioritize web traffic, in fact most other traffic over bittorent traffic, so I can browse the internet, play games, etc etc while dynamically throttleing the traffic? I know I can go and buy a router that supports QoS, but are there any OS based solutions that I can impliment between my router and DSL modem? Something that would act like an network fire wall, and as device that supports QoS? And it just so happens that my friend has an extra Cisco PIX 501 laying around his house he is gonna let me borrow. I'm about 3/4 of the way through my CCNA, and I'm wondering if this thing is gonna be completely beyond me...cryptotables and the like already have my brain aching. What I'd like to do is plug the PIX into my network (assuming it works this way) like this: Fa0/0 DSL Modem to internet Fa0/1 Wireless router w/AAA set up (gently caress you wardrivers) Fa0/2 Connects to Linksys BEFSR81 upstairs with 3 computers on it Fa0/3 Mom's Mac Can I do it like that? Or am I doing it wrong? I realize that what I am doing is so beyond what I need, but I really don't care, I need the experience. One other question: Does the PIX support uPnP?
|
|
#
¿
Dec 5, 2007 10:19
|
|
|
Quick question: I recently inherited a used Cisco 7200 router at work, however I'm having a hell of a time getting this thing to save it's config-register after I cleared out the old running config. Basically the thing is not recognizing the straight forward task of seeing that the running config has a config-register of 0x2102, not 0x2142. After saving the config after changing the pw, and then reloading the router, my prompt always says: routername(boot)> If I make any changes to the running config and save them, they appear after a restart, so I'm assuming that it is recognizing that it has the right config register set, even sh version tells me that: Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-BOOT-M), Version 11.3(2)AA, EARLY DEPLOYMENT, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1998 by cisco Systems, Inc. Compiled Mon 02-Mar-98 16:21 by rnapier Image text-base: 0x600088C4, data-base: 0x60466000 ROM: System Bootstrap, Version 11.1(10) [dschwart 10], RELEASE SOFTWARE (fc1) NOTBOOT uptime is 4 minutes System restarted by power-on Running default software cisco 7204 (NPE150) processor with 26624K/6144K bytes of memory. R4700 processor, Implementation 33, Revision 1.0 (512KB Level 2 Cache) Last reset from power-on Bridging software. X.25 software, Version 3.0.0. 1 FastEthernet/IEEE 802.3 interface(s) 125K bytes of non-volatile configuration memory. 1024K bytes of packet SRAM memory. 16384K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 4096K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 What's goin on here?  I mean, I guess nobody wanted it for a reason...
|
|
#
¿
Dec 21, 2008 20:05
|
|
|
I'll give this a try when I get into work tomorrow, thanks
|
|
#
¿
Dec 22, 2008 06:47
|
|
|
Quick question: I've got some Cisco FLASH Intel Series 2+ memory cards that my work had laying around, is there any way I can get these to be read in any PCMCIA slot in a laptop so that I can put a more recent IOS image on them? without having any of my Cisco devices connected to a network?
|
|
#
¿
Jan 6, 2009 15:26
|
|
|
Quick question for Pix 501 series: I recently bought one from a friend, and am able to get into the CLI for the PIX, however anything I type into the console (or read from it) is utter gibberish, eg: Mo»\ÿ[ûM½]×××íµeÅííwo{² õp7ª-\u{{×kÕï©ÿ+««~«« -ki{k}¶å k[¯Ö¯¥å©ÿ c[¿ck®¬m}«dªKc璘+ñ©ÿ«¬Ç¬«mü£¥«íµeÅííwo{² I assume this is some kind of security feature of the Pix that will protect itself in the event that it was ever physically stolen. I have double checked my console settings and everything is right with the console itself. Is there any way I can reset the PIX to it's factory defaults, or disable the gibberish text? Thanks in advance.
|
|
#
¿
Jun 24, 2009 23:02
|
|
|
Putty and Hyperterminal in Windows XP. Putty will only ever output gibberish, but when I go to hyperterminal and fudge with settings I can get maybe 5-10 characters that are immediately recognizable at 9600-8-N-1 and then it returns to gibberish. I've tested the console setting on a Cisco 2500 series router and it works fine, so it's either someone fudged with the console settings on this PIX or there's something wrong with it. I am thinking there is something wrong with it because when I attach an ethernet cable to E1 and try DHCP, it gives me a 169.254.x.x ip address, and when I manually configure for a 192.168.1.x subnet IP, I can ping the 1.1 gateway, but I can't access the PDM page in either Firefox or IE through https://192.168.1.1/startup.html
|
|
#
¿
Jun 24, 2009 23:40
|
|
|
Tried all the console speeds that my computer supports from hyperterminal, same results on all of them. Occasionally I will get 5 or 10 lines of text that I can actually read, but it eventually goes back to strange symbols and whatnot. edit: I'm not too worried, I bought it from a friend for 5 bucks so it's not like it matters if this thing is broken Wicaeed fucked around with this message at 00:42 on Jun 25, 2009 |
|
#
¿
Jun 25, 2009 00:32
|
|
|
Question about Cisco PIX IOS: I eventually got my PIX working, it just magically stopped feeding gibberish one day. However now my problem is that I have no idea what the enable pw for this thing is, will Cisco give out older firmware versions (6.x) for the 501 or am I hosed?
|
|
#
¿
Jul 6, 2009 11:02
|
|
|
Would there be any glaringly obvious configuration reason I get a rejected PW when trying to SSH into a Cisco 5505 who's Username/PW I JUST set, and after I am connected to the ASDM with said username/pw combo AND logged in to console with the same info? SSH session from 10.10.8.3 on interface inside for user "*****" disconnected by SSH server, reason: "Rejected by server" (0x0d) Login denied from 10.10.8.3/53271 to inside:10.10.8.1/ssh for user "*****" Built inbound TCP connection 154 for inside:10.10.8.3/53271 (10.10.8.3/53271) to NP Identity Ifc:10.10.8.1/22 (10.10.8.1/22) User authentication succeeded: Uname: ***** Wicaeed fucked around with this message at 23:59 on Aug 8, 2009 |
|
#
¿
Aug 8, 2009 23:38
|
|
|
I'm looking for some help diagnosing a kind of frustrating issue with a Cisco ASA 5505: I have the router set up to allow VPN access from a restricted set of IPs. Clients who are allowed VPN access can VPN in just fine, but once they are in, the people who are connected through the VPN can only ping two IP addresses, the internal ASA address, and it's external address. Any other IP you try to ping times out. The strange thing is that (based on what syslog is saying) there is not an ACL denying access to the rest of the hosts. For example, this is what Syslog says when I ping from a VPN client to the inside interface: Built inbound ICMP connection for 10.10.8.240/13836 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 (craig) Teardown ICMP connection for faddr 10.10.8.240/32779 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 Built inbound ICMP connection for 10.10.8.240/23779 gaddr 1010.8.1/0 laddr 10.10.8.1/0 (craig) Teardown ICMP connection for faddr 10.10.8.240/32779 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 Built inbound ICMP connection for 10.10.5.1/23779 gaddr 1010.8.1/0 laddr 10.10.8.1/0 (craig) Teardown ICMP connection for faddr 10.10.5.1/32779 gaddr 10.10.8.1/0 laddr 10.10.8.1/0 for 3 successful pings, but when I try to reach a different ip address (10.10.8.12) it says: Built inbound ICMP connection for faddr 10.10.8.240/4620 gaddr 10.10.8.12/0 laddr 10.10.8.12/0 (craig) Teardown UDP connection for 4824 for outside:10.10.8.240/49828 to NP Identity Ifc:255.255.255.25/2223 duration 0:02:01 bytes 72 (craig) Teardown UDB connection for 4821 for outisde: 10.10.8.240/57060 to inside:10.10.8.12/53 duration 0:02:15 bytes 118 (craig) Its the same thing when trying to ping any outside IP address. Based on the fact that an ACL isn't actively denying the request, am I correct in assuming the problem is not being caused by an ACL, or is there something else that can deny traffic like this?
|
|
#
¿
Aug 28, 2009 00:30
|
|
|
Tremblay posted:Have you read this: Awesome, that pointed me in the right direction I had to clear out all of the existing ACL's that were being used for tunneling, once that was done I could ping hosts on both sides of the network  Now to just set it up how I want! Thanks!
|
|
#
¿
Aug 28, 2009 20:22
|
|
|
Got a question for you VPN geniuses: I've recently configured a remote access VPN on a Cisco ASA5505 to assign ip's from a range 10.10.9.0/28 (where the local lan is 10.10.8.0/24) using the IPSEC VPN configuration wizard. Seeing as how it is configured by the wizard, I thought this would work properly and pass traffic between the two networks, however I must have assumed wrong. What happens is this: When I connect with the Cisco VPN client, I receive an IP of 10.10.9.1 and I can ping the lan ip of 10.10.8.1 (and ssh to it). I cannot ping or ssh or otherwise get any connectivity between any other remote lan hosts. I can't figure out if a misconfigured ACL is causing this, or some other configuration error. This is the ONLY VPN configured on this device. When I view the firewall log when I try to ssh to another remote lan host I see this: Built inbound TCP connection 260 for outside: 10.10.9.1/50228 (10.10.9.1/50228) to inside: 10.10.8.12/22 (10.10.8.12/22) followed shortly by: Teardown TCP connection for 259 for outside: 10.10.9.1/50227 to inside: 10.10.8.12/22 duration 0:00:30 bytes 0 SYN Timeout That would indicate to me that traffic is being passed to the remote host, but is not being sent back. Curiously if I SSH into the firewall and try to ping the IP that I am using for the VPN, it times out, and if I 'sh route' I get this: S 10.10.9.4 255.255.255.255 [1/0] via xxx.xxx.xxx.xxx, outside I am utterly confused by this issue, fffffff
|
|
#
¿
Nov 11, 2009 23:01
|
|
|
That is the firewall log saying that the traffic is being sent to 10.10.8.12 on port 22 (ssh), not a subnet mask of /22FatCow posted:Do you have a route in your network pointing 10.10.9.0/28 at your inside IP? No, but it KNOWS about the network because I CAN ping 10.10.8.1 from a VPN client connected with 10.10.9.1 Well we have an entire /24 subnet dedicated to servers, 10.10.8.x. Is having our VPN clients live on a similarly numbered subnet (10.10.9.0/28) really that bad of an idea? \/\/\/\/\/\/\/\/\/ Wicaeed fucked around with this message at 23:33 on Nov 11, 2009 |
|
#
¿
Nov 11, 2009 23:22
|
|
|
jwh posted:The ASA knows, of course, because it's the one handing out 10.10.9.0/28 addresses- but other devices won't know how to reach those addresses, unless it's covered by their default. Yeah, and like I said, 10.10.8.1 is the only IP the VPN client can ping/ssh to, however the ASA can't ping that address back. I'll add that and see if that fixes it. Also, when you initially configure a VPN, what interface does it use (inside/outside)?
|
|
#
¿
Nov 11, 2009 23:44
|
|
|
I'm sure there is documentation about S-NAT (masquerading) VPN client addresses, but I cannot for the life of me find any documentation of this on the Cisco website. Does anyone know where I could find it, or at least a decent explanation of how it works/how to configure it on a Cisco ASA5505?
|
|
#
¿
Dec 8, 2009 22:12
|
|
|
Currently looking at the feature set of the Cisco ASA 5505 vs the ASA5510, specifically the HA options. I'm not readily finding this piece of information: What is the difference between Stateless Active/Standby High Availability on the 5505 Security Plus license, and the Active/Standby High Availability on the Cisco ASA 5510 Security Plus License?
|
|
#
¿
Dec 23, 2009 01:22
|
|
|
Is anyone currently studying for their cert exams using the GNS3 Workbench http://rednectar.net/gns3-workbench? I have it downloaded and installed on an ESXi 5.0 box, however I find myself currently unable to ssh/telnet/vnc in to the machine as it is currently configured. I'm curious to find out if anyone else has this problem, or if it's just me...
|
|
#
¿
Mar 28, 2012 13:18
|
|
|
gently caress you Cisco. Let me download the Windows 8.1 compatible version of the AnyConnect VPN client, I really shouldn't need to have a drat support contract to download this stuff. The fact that our Network Engineers are lazy assholes who can't be bothered to update the AnyConnect version on our ASA for the past four years really isn't my concern.
|
|
#
¿
Nov 20, 2013 11:03
|
|
|
Yeah, except our version was Copywrite 2009  Got a new version from our Network guy today and it works great.
|
|
#
¿
Nov 21, 2013 09:09
|
|
|
Not really a Cisco related question, more general networking: Does anyone use Monoprice as a vendor for Fiber optic cabling? I've been doing quite a bit of ordering of Cat6 & power cables through them, and while it's hard to gently caress that kind of stuff up, I was entertaining the thought of using them for my Fiber optic orders as well. Does anyone have feedback as to their quality? Thanks.
|
|
#
¿
Feb 20, 2014 00:46
|
|
|
Quick question: What technology is required for a server to have a completely redundant link across two separate switches sharing a common core switch or uplink? I'm talking about having a single bonded interface composed of two or more physical links connected to two separate switches, but to other servers in the network you have a single IP. Is this possible with LACP/PortChannel or does it require more advanced technology?
|
|
#
¿
Mar 26, 2014 22:20
|
|
|
Have there been any new releases of switch change tracking software? I used RANCID probably 5 or 6 years ago and it was good enough, but since this I imagine there have to be new players in that field.
|
|
#
¿
Nov 14, 2014 23:11
|
|
|
Anyone here use a Lenovo Thinkpad T540p? I've been having a boatload of issues with our normal Prolific USB-to-Serial adapters and them blue screening my system after about 5 minutes of use.
|
|
#
¿
Dec 2, 2014 23:27
|
|
|
Where's a good point to start learning Cisco UCS? I've just started a new job where they have a small UCS deployment (two chassis + 2 Fabric switches) but it might be growing in the next year. Right now they only other sysadmin knows it somewhat from a management standpoint, but I'd like to take that knowledge one step farther so that we have to stop bringing in consultants to do things.
|
|
#
¿
Aug 21, 2015 22:57
|
|
|
http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-6200-series-fabric-interconnects/data_sheet_c78-675245.html The hell Cisco, you don't offer a 2m TwinAx SFP cable for your UCS? The difference between having to run a 3 foot cable, and then having to jump to a 10 foot cable is retarded for someone who likes to keep a clean rack... /rant off
|
|
#
¿
Aug 26, 2015 21:23
|
|
|
More Cisco UCS/Switching noob questions: What is the difference between something defined as a "fabric" vs a simple switch layout. I've noticed that our really simple UCS install (1 UCS 5108 chassis + 2 6248 fabric interconnects, we're planning on adding a second UCS 5108 chassis) doesn't have any interconnect between the A and B fabric at the interconnect level. In my mind that would mean any traffic trying to talk from one fabric to the other needs to travel all the way up to the uplink switch (which only has a total of 4Gbit) and back down the stack. Reason I ask is that we have a Nimble CS300 attached at the fabric interconnect level, and with Nimble load balancing I think both fabrics are being used by hosts when they talk to the Nimble. Also, can you link two UCS together so that they have a direct path for servers to talk between themselves and not having to go up to the fabric interconnect layer? God I wish I knew more about UCS instead of being rushed into this poo poo...
|
|
#
¿
Sep 8, 2015 21:36
|
|
|
What's everyones recommendation for a free (or otherwise inexpensive) Netflow collector?
|
|
#
¿
Mar 26, 2016 01:35
|
|
|
Can anyone give me a summary of the various UCS management softwares? I walked into my current job know absolutely nothing about Cisco UCS, and feel like I know my way around fairly well, but it seems like we're still doing things wrong (I have VMware hosts running on blades that have 6 40GB vnics with only two 10GB chassis uplinks to our Fabric, for example), we use maybe half the available bandwidth though. UCS Manager is good enough and quite usable, but it tells me absolutely jack about the utilization of the blades/chassis/fabric itself. I managed to hack together a rough bandwidth utilization of our FI uplinks using Zabbix, but I'd like more insight for capacity planning reasons. I know of UCS Central/UCS Director/UCS Performance Manager but I can't really gleam munch information from the Cisco product pages before my eyes glaze over from all the marketing terms. I'm trying to compare everything to VMware's ecosystem since that's what I'm most familiar with. If I'm understanding everything right, it seems like: UCS Manager = vSphere Client (roughly) (control/configuration of hosts) Included with UCS Fabric Interconnects UCS Central = vCenter Server (control/configuration of many hosts separated by location) Additional Purchase (Unknown $) UCS Director = vRealize Automation/vCloud Directory (automation of provisioning/etc) Additional Purchase (Unknown licensing model, probably lots of $$$$) UCS Performance Manager = vRealize Operations (performance metrics of hardware) Additional Purchase (Unknown licensing model/Unknown $) Any tips on decoding the marketing speak?
|
|
#
¿
Apr 23, 2016 05:25
|
|
|
|
| # ¿ Apr 25, 2024 02:14 |
|
|
What's a good getting started point on a UCS Certification? I'm currently looking at the Data Center Unified Computing Implementation class on the Cisco website. A little background: I'm 1.3 years into my current role (8 years overall experience) and we have a small UCS cluster running a production VMware environment (30-ish UCS blades, 3 chassis, 2 FI). In the past, the company has had to outsource simple UCS infrastructure changes (Adding VLANs, creating service profiles) until I got here. I'm comfortable doing potentially non-disruptive changes, but larger things like Firmware updates still kind of frighten me. We actually paid one of our vendors to come on site with a UCS guy and do a firmware update about a year ago, however they were supposed to document the process for us and never did. My boss has tentatively signed off on some Cisco classes for me, and I'm trying to find out where to start. I don't have a CCNA, but am comfortable with Cisco networking & networks in general.
|
|
#
¿
Oct 22, 2016 00:39
|
|