|
Is there some wizard or guide where I can look and discover what model router I need to support a specific set of interfaces? Cisco Feature Navigator is useless in this regard. If not, what do I need to handle 2x Ethernet, 1x T1, and 1x G.DMT ADSL? I'm looking for a home router (the T1 interface is for testing T1 routers I bring home from work) that I can also learn IOS with, so the cheaper the better. It'll be a fairly simple configuration on the software side (pppoe on the DSL, NAT, and simple routing between the other 3 interfaces), it's just the number of interfaces that make things complicated.
|
#
¿
May 23, 2007 17:13
|
|
|
|
| # ¿ Apr 26, 2024 14:40 |
|
|
ok, possibly real dumb one. Is there any way I can "bridge" a T1 to Ethernet with any Cisco devices? I have an 1841, a pair of 2600s, and countless 1700s available; obviously I'd like to use the smallest one possible. The reason is that for what I do around my office, having a Linux/BSD box running as the firewall/router just seems more flexible and is certainly more familiar to me. All I want is to plug my T1 in to Serial0/0, plug my homebrewed PC/router in to FE0/0, set my T1 WAN IP on the PC/router's eth0, and have it work. The Cisco should be transparent as far as the PC is concerned. Can this be done and how hard is it?
|
|
#
¿
Nov 29, 2007 01:20
|
|
|
I'm fighting with linking a Linux box running FreeSWAN to a PIX and it's making me want to kill things.... Relevant bit of PIX config, let me know if there's more you need to see. code:code:code:
|
|
#
¿
May 6, 2008 16:34
|
|
|
inignot posted:I think your DH group in isakmp is mismatched. As I recall group 1 is 768 bits, and group 2 is 1024 bits. Try changing the pix thusly: Thanks, but that didn't change anything except the default group listed in the error on the debug output. It'd be useful if the PIX would say what it didn't like about the connection rather than just listing the rule that I already know from the config file. On the FreeSWAN side it just tells me that the other end didn't accept anything.
|
|
#
¿
May 6, 2008 21:14
|
|
|
I would like to set up a test environment in my office where I can simulate all the different WAN link types a customer may have. What I currently have is an 1841 with a single T1 card and a /27 block of IPs. I also have an assortment of 2600s. I'd like to be able to host within my office the following link types: Ethernet Static IP (easy) Ethernet DHCP (easy) Ethernet PPPoE (unknown, should be fairly easy) T1 Cisco HDLC Static IP (easy) T1 Std. HDLC Static IP (unknown) T1 PPP Static IP (easy) T1 ANSI Frame Relay Static IP (unknown) ADSL PPPoE ATM Encap ADSL DHCP ATM Encap ADSL Static IP ATM Encap DOCSIS DHCP DOCSIS Static IP The different T1 encapsulations I assume should all be supported and if I can't run PPPoE off the Cisco I know I can host it from one of my BSD boxes. What I'm really interested in is whether I can get cards to allow any of my boxes to be the host end of either ADSL or DOCSIS systems so that I can test modems and integrated devices without having to use my customers or my own home connections as guinea pigs. I'm not looking to host a usable system for distribution, just something that I can run 25 feet of Cat5 or RG6 respectively out of over to my office and plug an off-the-shelf modem in to.
|
|
#
¿
Jun 10, 2008 18:47
|
|
|
I'll be getting either a 2948 or 2980 later this week (whichever becomes available) as a temporary switch for my home LAN until I can afford the gig unit I'm eyeing. Is there anything I should know about either of these? They're both EOL/EOS from Cisco and have two GBIC slots, so aside from the different number of ports I can't tell if either of them are worth trying to get over the other. I usually don't bother with Cisco for switching unless I need something Cisco-specific like prestandard PoE, but these are cheap as dirt for a bunch of 10/100 ports.
|
|
#
¿
Jun 29, 2008 20:02
|
|
|
The 2948 will be around $50, don't know yet on the 2980 but if it's over $100 I won't bother. It seems they both run CatOS, and I've been told that the IOS-based switches are preferable, but at the price if I even just use them as dumb switches they seem like a good deal.
|
|
#
¿
Jun 29, 2008 22:12
|
|
|
Ninja Rope posted:M@, if he's around, can (probably) do you better than $50 for a 2948. Keep in mind, though, that they're going to be loud. My network "core" is going to be in a closet off of my garage, so noise won't matter. If the 2980 doesn't end up fitting my price or ends up not available, I'll see if I can find M@ for some 2948 numbers.
|
|
#
¿
Jun 30, 2008 01:21
|
|
|
Wizzle posted:Is it possible to make an Ethernet connection participate in a Multilink interface? I'm just talking out of my rear end here, but if you can establish a PPP-like connection over it you may be able to add it to the multilink group. PPPoE and PPTP both appear the same as straight PPP on Linux boxes and I have seen people use MLPPP over PPPoE before. I have no idea whether Cisco treats it the same way or if one can use two different types of PPP links in one multilink bundle.
|
|
#
¿
Oct 8, 2008 14:23
|
|
|
jwh posted:In that case, MLPPP is probably not going to work- MLPPP fragments need to be reassembled by the same next-hop to function correctly. If I'm interpreting the first post on this topic correctly, the T1s are direct point-to-point, so the next hop is the other side. If the fiber is treated the same way (basically if a broadcast packet would make it to the other side) one could establish PPPoE over it and in theory MLPPP should work. If the fiber is routed, a PPTP link could be used instead of PPPoE. I know MLPPP is supported on "virtual" PPP links like PPPoE and PPTP, the question is whether the devices on each end can support putting different types of PPP links all in the same MLPPP bundle.
|
|
#
¿
Oct 10, 2008 16:52
|
|
|
CrazyLittle posted:No. All the connections in a bundle pretty much need to be the same media because the packets have to arrive in the same order or else you'll get a ton of errors on the line. I tried doing a DSL+T1 MLPPP bundle once and it ran slower than a single T1. Two DSL lines in a bundle is very nice though. Good to know. I've only ever run MLPPP on T1s, so I've never had to dive in to the specifics.
|
|
#
¿
Oct 10, 2008 17:33
|
|
|
Lowen SoDium posted:Does anyone know how to set that on IOS's DHCP server, or have any other explanation for what the problem is? option 2 hex ffff.aba0 That's assuming CST is also correct for this location. Otherwise, look here for the hex code.
|
|
#
¿
Oct 13, 2008 21:32
|
|
|
Lowen SoDium posted:That didn't fix the time, or show the time zone on the web interface. I'm not familiar with Cisco phones on the "Skinny" firmware that's the default on CCM, but I have a few 7940s on SIP firmware, a 7941 on SIP, and a variety of Linksys and Polycom phones all getting their time information from DHCP and using that option to set their time zone. My DHCP server isn't a Cisco, but according to the docs I've found that is how to set it and at least the value is correct. IIRC the time zone can also be set in the config file the phones download, so check the CM's configuration.
|
|
#
¿
Oct 13, 2008 21:50
|
|
|
coconono posted:do you(or anyone else here for that matter), know of a free tftp server alternative to Solarwinds? I'm having the same problem where I try to copy something over and their tftp server shuts down. Seconding tftpd32. That's my primary Windows TFTP server, all my tech laptops are loaded with it for recovering retarded Aastra phones. I'm indifferent between tftpd-hpa and atftpd on Linux.
|
|
#
¿
Dec 22, 2008 20:38
|
|
|
I'm throwing an 1841 I have laying around in to my home network for a while so I can become more familiar with IOS and so I can test T1 gear at home. I know how to get it going with NAT and set up the port forwards I need, but I can't seem to find good information on what if any VoIP helper features it may have. Anyone who's familiar with SIP based VoIP systems knows they do not get along very well with NAT. Right now I'm alternating between an Edgemarc 200EW and an Edgemarc 4500, both of which are Linux-based NAT routers with explicit SIP proxy features to work around the NAT issue. Does Cisco offer anything similar in IOS so I can keep using my home phone without too much trouble?
|
|
#
¿
Jan 17, 2009 20:06
|
|
|
Powercrazy posted:Obviously that is a little excessive. Since the ARP is coming from the internet I can't actually stop it at the source, but I figure I can at least stop my router from processing all the requests. But I'm not sure how to do it. I want to receive one arp from my cable modem which we will assume is 20.20.20.20 but I want to block all others. How long of a time period is that sample for? Cable networks tend to have a lot of ARP traffic going around. I just did 'tcpdump -i eth1 arp' on my router and captured 90 ARP packets in one minute on a low traffic node. At that rate I'd hit your number in about 28 days. As for "unrelated" subnets, you'll see ARP traffic for every subnet configured on your node as the headend sends them out. I know my local cable company runs every subnet as a /24, so from that I can see at least 14 unique subnets in that one minute of captured traffic. Short answer: what you're seeing looks perfectly normal to me.
|
|
#
¿
Feb 4, 2009 15:01
|
|
|
It seems I can no longer access Software Advisor or Upgrade Planner from my CCO login, can someone tell me what the latest IOS I can run that has SIP capabilities would be?code:edit: nevermind, by just randomly throwing an IOS image at it I've determined I can run anything ever released for 1841s. wolrah fucked around with this message at 07:36 on Feb 28, 2009 |
|
#
¿
Feb 28, 2009 06:51
|
|
|
jwh posted:Yeah, as you've already discovered, you have a very stock 1841, and it should run any image you can find. That's what I ended up doing, I'm running the most loaded out 12.4T Cisco listed, i think advsecurity or something like that. I'm used to 2600s, where I actually have to look at the hardware specs and sometimes play the "flash this and see if I need to recover from rommon" game. Having a box that's specced up enough that I don't have to think is a new experience.
|
|
#
¿
Mar 3, 2009 07:00
|
|
|
Lowen SoDium posted:The setting is there. The are 7941G. I have not ever seen a 7941 nonG except for the 7941GE. Either way, these phones are supposed to support the handset and the codec. As far as I know and as far as Cisco's site says the 7941 does NOT support wideband. That's for the 79x2 and 79x5 models as well as the Polycom IP7000 (er..I mean Cisco 7937G  ) only.
|
|
#
¿
Apr 8, 2009 21:56
|
|
|
Lowen SoDium posted:This page, as well as several others, say that the 7941G is supposed to use G722 by default on newer version of call manager and that the 7941G can do wideband if you buy the wideband handset. Interesting. I've given up on trying to use any Cisco phones from the current hardware generation on a non-CCM SIP environment (normal Cisco/Microsoft style "standards-based" SIP stack, so many quirks that only Asterisk can handle it by emulating a CM system), so I have a total of one 7941 and it hasn't been removed from storage in months, I was just going by Cisco's main page for each of the various phone models. The 7941 page does not at all mention HD, the 7942 and 7945 pages do. If the 7941 does support wideband though, what's the point of the 7942?
|
|
#
¿
Apr 12, 2009 23:46
|
|
|
routenull0 posted:Exactly why I fall back on the belief my title can be whatever they want it to be as long as my paycheck is the amount I desire. Hah, that's some real truth right there. My official titles through the time I've been at my current job: Support Technician Sr. Support Technician (we hired another person) Network Specialist LAN/WAN Specialist Communications Specialist CIO My responsibilities really haven't changed significantly, nor has the wide variety of poo poo I end up doing, but every time I got a raise my boss insisted I have a title change. Somewhere around here I have a small batch of business cards with "Guy who gets poo poo done" in the title field since I jokingly replied to a message asking for my title and the person ordering the cards obviously just hit Forward without reading it.
|
|
#
¿
May 29, 2009 22:04
|
|
|
Tony Montana posted:You went from Support Tech to CIO and you still do support? <10 employees, like I said my boss just wants me to have a new title with every raise and I just say "sure" because honestly what do I care?
|
|
#
¿
May 30, 2009 05:50
|
|
|
Wonderfully comforting when Cisco.com goes down and the entire Cisco-owned /24 it's in disappears from BGP. I know they're hosted by Akamai, but it kinda feels like if I called AT&T and got "The number you have dialed has been disconnected."
|
|
#
¿
Aug 4, 2009 15:18
|
|
|
Syano posted:Thanks for the advice gang. I think I am going to go ahead and pull the trigger on 2 48 port POE models. You never know when the boss man is going to walk in and tell me he wants IP phones. I don't know if Cisco still makes any models only supporting prestandard, but make sure your switches of choice support 802.3af PoE if you don't want to be stuck to only Cisco gear. I have a few customers out there who can't upgrade from their old 7940s up to something supporting modern HD codecs since they cheaped out and bought older switches.
|
|
#
¿
Jan 6, 2010 22:40
|
|
|
Isn't it a bit of a sad look at the world of Ethernet that in 2010, 15 years after the introduction of autonegotiation and 12 years after the ambiguities that allowed Cisco and a few others to be in spec but incompatible were closed up, somehow this is still even a topic worth discussing? How do vendors still get away with failing to properly implement an incredibly simple spec?
|
|
#
¿
Jan 13, 2010 01:34
|
|
|
Powercrazy posted:Just out of curiosity is there anyway to make Cisco Routers and Switches run a non-standard TCP/IP stack? i.e. is it possible to turn 127,239-254/8 into usable ip addresses? Obviously if I wanted any hosts to be able to access these routers they would have to be running nonstandard stacks as well. But I was thinking of just messing with stuff like that in my little lab as just something to mess around with. Just curious, what purpose would this serve that normal private address ranges wouldn't? With almost 17.9 million addresses available in the three official private ranges and another 65k in the APIPA range that you technically could use without problems, I'm having trouble coming up with any reason to do this other than a very absurd and time-wasting form of security through obscurity. Of course this did lead me to wonder why an entire /8 is reserved for localhost. That seems like an incredible waste, though I guess it does make it easy to prevent idiots from using it without knowing since all network gear can filter on just the first few bits of the address field. That plus the lack of concern about address exhaustion when it was first assigned is pretty much the only reason I can think of to burn 16m IP addresses for computers talking to themselves. vvv Ah, well then, carry on. I can never complain about someone doing something just to see it work. vvv wolrah fucked around with this message at 08:06 on Mar 3, 2010 |
|
#
¿
Mar 2, 2010 22:53
|
|
|
It's looking like I'll be hunting for a new job soon and I have some random Cisco gear sitting around, so I'm wondering what kind of things I can set up to help train for various Cisco certs to pad my resume with. I have: 2x 1841, each with a T1 WIC. I think one has 128M RAM and the other has 256M, but I could be mistaken. One of them has the latest IOS it would run as of September '09, the other is unknown. 1x 2600, no idea which sub-model but it has one onboard 10/100 ethernet, 2 T1 WICs, and I have an ISDN NM for it somewhere. IOS 12.3(24) 1x Catalyst 2900XL 12 port 10/100 I also have a working GNS3 setup on a box with two NICs and two RS-232 serial links and a spare network interface on my pfSense router. Is this enough hardware/software to properly train for any of Cisco's certs? If not, any suggestions for configurations I can build with this that would be worthwhile to learn?
|
|
#
¿
Mar 26, 2010 23:07
|
|
|
Mulloy posted:I'm not sure where to put this question, but it's the best place I could find since there are basically no other threads close. Here is the Asterisk thread which sort of became the general VoIP thread. As for your question, for the Cisco phones the best information I've found is at the VoIP-Info wiki if you're not using a Cisco Call Manager setup, otherwise Cisco's docs and this thread would probably be most useful. On the Polycom side, you'll want the Admin Guide for whatever firmware release you're running. Start from the config files Polycom provides with the firmware image and modify as you see fit. There's also a config file management guide in their documentation which describes how to set up the config server. If you have more questions on the Polycom end of things head over to the thread linked earlier.
|
|
#
¿
Jul 13, 2010 02:12
|
|
|
Bardlebee posted:Humor me. Silly question. IOS supports up to 8 servers in this field (http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_dhc1.html#wp1012172). I use three in my home LAN (ISC DHCPd though) for internal+caching backed up by both google and 4.2.2.2. It's impossible for me to have internet access but not DNS.
|
|
#
¿
Sep 16, 2010 03:10
|
|
|
Is Cisco's SSL VPN using a standard VPN protocol of any sort? I ask because I have an IP phone which supports connecting to a SSL VPN and I'd like to screw around with that feature, but I don't believe any of my Cisco hardware is capable of running it. (plus I think I recall it being a licensed feature, and no way I'm paying just to mess around with something) I'm hoping there's a Linux or FreeBSD implementation and I just don't have the right terms to search with.
|
|
#
¿
Oct 14, 2010 22:16
|
|
|
Bardlebee posted:What do you mean by 'standard' SSL VPN? I was under the impression SSL was the standard? SSL provides a standard method for encryption and authentication, but it's nowhere near all you'd need for a normal VPN tunnel. The completely clientless feature of Cisco SSL VPN seems to be a web interface to a variety of services, that does run on standard HTTPS, but what the Java port forwarding thing and the full AnyConnect tunnel client use is what I'm interested in.
|
|
#
¿
Oct 15, 2010 00:28
|
|
|
HydroPimp posted:This is less of a short Cisco question and more of a I'm using cisco (linksys) products and need to know if something is possible. This one's old, but in case you're still looking for a solution there are two ways to get close, but I don't think you can do exactly what you want without a wire. In both cases, you'll need to start by ensuring both networks are on different subnets so everything knows where it needs to send traffic destined for one end or the other. Option 1 is a VPN. IPsec is likely the easiest way, and should be built in to DD-WRT. Match most settings on both ends, configure the local and remote networks as appropriate, and set up Dynamic DNS names if you have dynamic IPs at either location. This will be limited by the upload speed at the source site, so it's likely that HD video won't work and even normal Xvids might be too much depending on your connection. Option 2 is a wireless link. You'll need two additional bridge-capable wireless devices (Ubiquiti Bullet or many DD-WRT compatible devices will do it) on top of any exiting wireless and preferably two directional antennas (though you can get away with omnidirectional if they're close enough, you may interfere with your normal wireless). Set up the wireless bridge as appropriate so computers on either end could talk to each other, then enable VLANs on the main routers and configure a port on each as a separate network. Both devices should use the same subnet here. Connect this port to the bridge at each end and see if the routers can ping each other. If they can ping successfully, configure a static route on each saying that the opposite router's IP on the bridge connection is the gateway for the opposite router's LAN. In theory at this point with either option you should be able to freely pass traffic between the networks, but computers at the other location will NOT show up when browsing the local network on either end and Homegroup features will likely not work, as both are designed to work within a local network and do not cross routers. You can still use the \\IP\share\ format to access shares across the link and stream content, it just won't be 100% automatic. If the full auto-detection and homegroup features are what you desire, you need a wire or a more complicated wireless bridging solution. Either way would likely require abandoning DHCP at one end since it would cross the link and whoever had the faster-responding router would end up with all the computers using his internet connection.
|
|
#
¿
Feb 24, 2011 20:49
|
|
|
jwh posted:I've always found it slightly hilarious that for digital applications people still seem to care about cable quality. Like buying HDMI cables that are extremely expensive. Basically a higher quality (note: NOT necessarily more expensive, I mean truly objectively higher quality) cable will typically be more resistant to interference and thus allow longer runs or runs through interference-rich areas, but once you hit the point of "working" there's no improvement. The only application where the average consumer ever might need to think about cable quality is a long DVI/HDMI run for a 1080p+ home theater, conference room, etc. Beyond 10-15 feet those signals can get pretty picky. Otherwise, if it meets spec it's good.
|
|
#
¿
Apr 5, 2011 18:05
|
|
|
ragzilla posted:iirc polycoms look at opt 66 and 150. If you have an opt 66 make sure it is an ASCII option on your DHCP server. The Polycom's will not honor option 66 if it's configured as an IP. By default the current models all look at option 160 first, then 66. Older phones and early BootROM revisions of the newer speakerphones use 66 and possibly 150. I can only confirm 150's use by Cisco phones.
|
|
#
¿
Apr 6, 2011 06:53
|
|
|
Powercrazy posted:Now for my question for anyone with experience with non-cisco ip phones. I'm using some old POS Nortel phones, and I want to use the dataport on the phone, but have the PC that is attached to that be in a different vlan than the voice vlan. The switch may not be involved in the decision. I've never used a Nortel phone, but on Polycoms they support both CDP from the switch and special DHCP options where the phone does DHCP on the data VLAN, gets the correct info from that, then restarts its networking on the correct VLAN. Linksys phones either do it manually or via CDP on some models. A quick Google brings up this, indicating Nortel phones do it via LLDP wolrah fucked around with this message at 18:03 on Jun 15, 2011 |
|
#
¿
Jun 15, 2011 18:01
|
|
|
Powercrazy posted:That is easily defeatable by changing your mac-address to match the phone's (which is conveniently stamped on the phone). This also gains you access to the "Voice VLAN" if configured on quite a few switches. Every one I've bothered to take a look at does it based on the first six of the phone's MAC. Set your computer to 00:04:F2:xx:xx:xx (Polycom) or 00:13:C4:xx:xx:xx (Cisco 79x0) and magically you're a phone.
|
|
#
¿
Mar 15, 2012 19:01
|
|
|
CrazyLittle posted:I do wonder why offices would bother setting up a voice vlan if regular traffic isn't blocked on that VLAN as well. A lot of phones use TFTP to autoconfigure from a machine set in DHCP option 66. This is also used for PXE booting PCs. If you can't or don't feel like setting up your boot server to handle both or different DHCP options for different devices, just put them on their own VLAN and problem solved. Same thing if the customer has a data router they can't or won't give up but which does not handle voice well, a voice VLAN makes it really easy to add a second router for voice without having to change anything on the existing network. If you're thinking about it from that side of things, it's just making your life easier and the security aspect might not even come up. Also if someone's on your voice network they can still capture credentials from a config file (either sniffing during a phone boot or just pretending to be a phone themselves and requesting them from the server) since while most phones support config encryption it's generally a real pain to set up and doesn't work with most config management systems. Now they can register to your PBX as one of your phones and look just like any other internal caller.
|
|
#
¿
Mar 15, 2012 20:01
|
|
|
Boner Buffet posted:even though it's a small business switch and i can't expect much, the configuration interface for the cisco 300 series was designed by someone about to die from an OD of heroin. Oh goodie. I have one of those (SF300-24P) coming in for a customer tomorrow. They lost their only PoE switch capable of both Prestandard and 802.3af and this was the most desirable (read: cheapest) replacement option. At least they don't use any managed switch features, it's just there for the PoE, so I should only have to deal with it if I need to remote reboot them. Is it just the same old SRW224G4P interface or did they somehow make it worse after the Cisco rebranding?
|
|
#
¿
Mar 17, 2012 01:40
|
|
|
Zuhzuhzombie!! posted:Implement port security and scratch out the MAC address label? :P Obviously tongue-in-cheek, but if anyone takes it seriously unfortunately the MAC is used for autoconfiguration on every VoIP phone I've ever touched, so scratching it out just makes the admins' lives harder. Also, device status menus are almost always wide open for anyone to push a few buttons and have the MAC show up on the display. Polycoms and IIRC Snoms even display it as part of the boot process. MAC-based security is pretty much universally a stupid idea. I'm actually not sure what the right answer is, since the attacks made famous by the Pwn Plug recently seem like they'll work anywhere one can gain physical access to a port used by a trusted device. Martytoof's auto-shutdown idea would work, but obviously would make for a hell of a headache when machines need to be rebooted.
|
|
#
¿
Mar 19, 2012 19:48
|
|
|
|
| # ¿ Apr 26, 2024 14:40 |
|
|
Partycat posted:Cisco 300 stuff... Thanks for the info. It got delayed and finally came in yesterday, but my boss wanted to get it out to the customer ASAP so I only got the chance to upgrade the firmware (it still had a 2010 firmware which did not support Prestandard PoE) and set up SNMP. I haven't touched the CLI but the web UI, as lovely as it is, is leaps and bounds beyond the old Linksys SRW line this thing apparently descends from. I discovered also that if you change the password as prompted to on first login, but then don't save the change (I wasn't expecting that based on previous SRW experience), upgrading the firmware results in an inaccessible device which you then have to factory reset.
|
|
#
¿
Mar 20, 2012 20:56
|
|