|
I am trying to setup NetFlow on a 1700 running Version 12.3(13). I am going from Serial0 nat'd to FE0. I have the communication working except that I am not translating incoming communication from the internet to internal IPs. I am getting: Source-bob.com Dest-My external IP Desired: Source-bob.com Dest-Internal IP of the user
|
#
?
Apr 19, 2007 14:33
|
|
|
|
| # ? Apr 18, 2024 04:35 |
|
|
I'm attempting to build a CCNA lab(edit* lab, not lap!) for this summer. I'm currently a Freshman majoring in CIS, and it's been my goal to have my CCNA by the end of my Freshman summer for some time now. I took a vocational program through my High School which covered the CCNA curriculum, and I actually still have access to the curriculum. Anyway, my question isn't about learning material... it is: Where should I buy my CCNA lab from? I looked on ebay and stuff, but I try to avoid buying things on ebay. What routers/switches do you folks recommend to go with, and why? I'd like to get this lab up and running in around a month, so I'm not in any rush. If anyone has any tips about studying for the CCNA, please feel free to chime in. I plan on buying one of those "CCNA Flash Card" guide things. I just like being able to review possible questions. While in Barnes & Noble I glanced through one and could answer about... 25% of the questions I looked at, so I'm not ridiculously rusty considering I haven't touched this material in around a year. Kudosx fucked around with this message at 06:26 on Apr 20, 2007 |
|
#
?
Apr 19, 2007 14:54
|
|
|
Kudosx, I think Cisco just changed their CCNA course material, although to what extent I'm not sure. I'm sure someone here might be able to fill you in further or rebut what I said.
|
|
#
?
Apr 19, 2007 15:09
|
|
|
Mr. Fossey posted:I am trying to setup NetFlow on a 1700 running Version 12.3(13). I am going from Serial0 nat'd to FE0. I have the communication working except that I am not translating incoming communication from the internet to internal IPs. I'm not sure you can do this as the flow records are generated on packet ingress- before translation. If you want proper flows you may want to look at tapping/span'ing your internal FastEth port to a netflow probe and export flows from that.
|
|
#
?
Apr 19, 2007 15:19
|
|
|
Girdle Wax posted:I'm not sure you can do this as the flow records are generated on packet ingress- before translation. Here's an interesting workaround I dug up: http://www.netup.biz/articles.php?n=10 It involves using policy routing to force traffic to a loopback interface after nat translation, and enabling netflow on the loopback. Sounds pretty clever.
|
|
#
?
Apr 19, 2007 16:10
|
|
|
Drighton posted:I create RMAs for faulty Cisco equipment. If you think your hardware has failed, try these troubleshooting steps to confirm it. I assume this means you work for Cisco? We have a 6509 chassis sitting here with a shipping label on it. It has been here for nine (9) months now. We have tried on 3 seperate occasions to get Cisco to take it off our hands, but they never seem to schedule someone to pick it up. We've gone through all the right steps (we thought?) on the website. This chassis is our old dead-ish one that they shipped us an RMA replacement for after having no idea why it was breaking. Kind sir, how do we get you guys to take it off our hands? It has been sitting there on its pallet for a long time, and has turned in to a table for our cache of 4948's. On a similar note, I have a Sup720 with what is likely a bad flash card on it. How much of a PITA is it going to be to get this thing RMA'd? I have been having a bitch of a time navigating Cisco's website to figure out where I should actually be entering this RMA. I've found at least 2 places. We have a service contract with Cisco.
|
|
#
?
Apr 19, 2007 18:06
|
|
|
LordHop posted:Is there any type of software emulator i can use that pretends to be a cisco box so i can start to learn how to use these things?
|
|
#
?
Apr 19, 2007 18:12
|
|
|
jwh posted:Here's an interesting workaround I dug up: http://www.netup.biz/articles.php?n=10 Probably want to keep on eye on the CPU if you tried that, Cisco states in their 'nat on a stick' docs that nat+pbr may result in packets getting punted to the process switching path.
|
|
#
?
Apr 19, 2007 18:24
|
|
|
I have a cisco 800 series router i recently bought 5 months ago. I am having trouble with interference with my wireless security camera creating interference on the wireless channel. I am having problems finding out how to change the wireless channel by googling. How do I configure the dot11radio interface to change the wireless frequency?
|
|
#
?
Apr 19, 2007 18:28
|
|
|
Funnylink posted:I have a cisco 800 series router i recently bought 5 months ago. I am having trouble with interference with my wireless security camera creating interference on the wireless channel. I am having problems finding out how to change the wireless channel by googling. How do I configure the dot11radio interface to change the wireless frequency? code:code:
|
|
#
?
Apr 19, 2007 18:34
|
|
|
Funnylink posted:I am having trouble with interference with my wireless security camera creating interference on the wireless channel.  code:
|
|
#
?
Apr 19, 2007 20:49
|
|
|
InferiorWang posted:Kudosx, I think Cisco just changed their CCNA course material, although to what extent I'm not sure. I'm sure someone here might be able to fill you in further or rebut what I said. Can someone confirm or deny this (latter preferred  )?
|
|
#
?
Apr 20, 2007 19:34
|
|
|
WangNV posted:I have a piece of stupid software that uses the built-in windows XP FTP shell to connect to an outside server. This means no passive ftp, as XP's shell doesn't support passive mode. I have a PIX 515E running IOS 6.3(5) that does NAT on that network, and has a static address (not pooled) for the machine that does the ftp. To answer my own question, don't hire stupid people to set up your router. The guy who put the thing together years ago enabled ftp fixup on both port 20, and 21. This meant it was try to fixup all the data connections, as well as the auth connection. This obviously was causing problems.
|
|
#
?
Apr 20, 2007 20:51
|
|
|
Sergeant Hobo posted:Can someone confirm or deny this (latter preferred I've been too lazy to touch the ICND portion of the CCNA yet, but the INTRO portion as of Dec 06 was verbatim from the newest version of the Cisco Press books.
|
|
#
?
Apr 21, 2007 01:04
|
|
|
I asked my question 4 days ago and still no answer! Mush Cisco geeks! Mush!
|
|
#
?
Apr 23, 2007 05:25
|
|
|
Sergeant Hobo posted:Can someone confirm or deny this (latter preferred The CCNA changes were pretty much this: Drop IGRP. Drop old switches (1900 say goodbye). Restructure INTRO to be more useful. I'll just be glad when they quit obsessing over ISDN.
|
|
#
?
Apr 23, 2007 06:39
|
|
|
GPF posted:The CCNA changed early last year and the books you find in the stores should be just fine and dandy. The CCNP just recently went through some fairly drastic changes, though. I took both the ICND and INTRO exams and the only reference to ISDN was a small factoid question about how many D and B channels there are. I didn't have to do any coniguration or know any terminology otherwise. IGRP is definitely still on the CCNA outline, as is RIP, single area OSPF, and internal EIGRP.
|
|
#
?
Apr 23, 2007 17:16
|
|
|
SuperJens posted:edit: Also, I have four 1600 routers but have absolutely no use for them. Are they worth anything or should I just chuck them in the dumpster? As the others have said, I will be more than willing to pay for shipping if you want to get one (or more  ) off your hands! Email me if youre interested. mkosmo at gmail dot com.
|
|
#
?
Apr 23, 2007 17:40
|
|
|
H110Hawk posted:I assume this means you work for Cisco? http://cisco.com/en/US/products/hw/routers/ps359/prod_troubleshooting_guide09186a00801c62e8.html http://www.cisco.com/warp/public/708/GPSTools/RMAWebReturns/rma_web_based_returns.html
|
|
#
?
Apr 23, 2007 18:23
|
|
|
I'm wondering if anybody has any advice for DMVPN tunnel monitoring. Because the mGRE tunnels don't ever go down/down (unless the associated physical interface goes down), it's not very practical to simply watch the tunnel interface itself. We've been working around this problem by using syslog to report EIGRP adjacency changes, and then alerting based on this information. Still, I'm wondering if anybody has any ideas, or if they've heard of a snmp mib for IPSec SA's.
|
|
#
?
Apr 23, 2007 18:44
|
|
|
GPF posted:The CCNA changed early last year and the books you find in the stores should be just fine and dandy. The CCNP just recently went through some fairly drastic changes, though. I feel you on ISDN. 
|
|
#
?
Apr 23, 2007 20:23
|
|
|
jwh posted:I'm wondering if anybody has any advice for DMVPN tunnel monitoring. Because the mGRE tunnels don't ever go down/down (unless the associated physical interface goes down), it's not very practical to simply watch the tunnel interface itself. I think you need the objects in CISCO-IPSEC-FLOW-MONITOR-MIB. http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
|
|
#
?
Apr 23, 2007 20:27
|
|
|
Well then what about this? New Two-Track CCNA Curriculum http://www.aiminstitute.org/index.php?option=com_content&task=view&id=224&Itemid=323 The English versions of CCNA-A courses 1 and 2 and CCNA-B courses 1 and 2 will be available in the June-August 2007 timeframe. This is what I'm going to wait for.
|
|
#
?
Apr 23, 2007 23:04
|
|
|
jwh posted:Still, I'm wondering if anybody has any ideas, or if they've heard of a snmp mib for IPSec SA's. You might try these: snmp-server enable traps isakmp policy add snmp-server enable traps isakmp policy delete snmp-server enable traps isakmp tunnel start snmp-server enable traps isakmp tunnel stop snmp-server enable traps ipsec cryptomap add snmp-server enable traps ipsec cryptomap delete snmp-server enable traps ipsec cryptomap attach snmp-server enable traps ipsec cryptomap detach snmp-server enable traps ipsec tunnel start snmp-server enable traps ipsec tunnel stop snmp-server enable traps ipsec too-many-sas
|
|
#
?
Apr 23, 2007 23:23
|
|
|
Just for giggles and learning, I'm trying to daisychain a bunch of 1720's together via T1 WIC cards, and one ADSL WIC. How would I go about writing the routes to make traffic pass through from point A -> B: PC -> [fe0, 1720, t1 wic] -> [t1 wic, 1720, ADSL wic] -> internets
|
|
#
?
Apr 23, 2007 23:47
|
|
|
CrazyLittle posted:How would I go about writing the routes to make traffic pass through from point A -> B: router eigrp 1 no auto-summary network 10.0.0.0 255.0.0.0 Out of curiosity; do you have, or know how to make, a t1 crossover cable?
|
|
#
?
Apr 24, 2007 01:09
|
|
|
I have a pair of Cisco Catalyst 6506 routers that are to terminate both sides of a private-line OC3. I know IOS but CatOS and the relationship between the OC3 FlexWAN module and the supervisor engines is really making me tear my hair out. Does anyone have experience doing VLAN trunking between the IOS FlexWAN modules and the CatOS super2 engines? If you're a consultant, I'm willing to pay for a couple hours time. I know I'm just missing the obvious  My first thought was to put the OC3 interface (POS5/0/0) into the same VLAN as the ethernet ports managed by CatOS. Unfortunately the OC3 interface does not accept switchport commands! If you think you can help I would love a private message or an IM chat.
|
|
#
?
Apr 24, 2007 01:14
|
|
|
fsck posted:I have a pair of Cisco Catalyst 6506 routers that are to terminate both sides of a private-line OC3. I know IOS but CatOS and the relationship between the OC3 FlexWAN module and the supervisor engines is really making me tear my hair out. The FlexWAN isn't a switchport- it's intended to be used as a WAN connection. It's typical use (as a POS interface) you'd just set up IPs on either side and use it as a routed (not switchport) interface. If you need to do VLANs over it you're probably going to have to look at running MPLS/L2VPN/EoMPLS over it. inignot posted:Use 10.whatever on all your interfaces, then enable eigrp per below. jwh posted:I'm wondering if anybody has any advice for DMVPN tunnel monitoring. Because the mGRE tunnels don't ever go down/down (unless the associated physical interface goes down), it's not very practical to simply watch the tunnel interface itself.
|
|
#
?
Apr 24, 2007 01:56
|
|
|
Girdle Wax posted:The FlexWAN isn't a switchport- it's intended to be used as a WAN connection. It's typical use (as a POS interface) you'd just set up IPs on either side and use it as a routed (not switchport) interface. If you need to do VLANs over it you're probably going to have to look at running MPLS/L2VPN/EoMPLS over it. Actually I don't need to do VLAN trunking, specifically. All I really need to do is use the OC3 to connect one side of the network to the other - they are on different octet class-C subnets (i.e. 10.10.10.0 and 10.10.11.0 for sake of example). The hybrid mode of the current switch config is probably what is so heinously confusing to me. Maybe we could do an IM session? AIM/Yahoo!/ICQ: novafsck
|
|
#
?
Apr 24, 2007 02:13
|
|
|
fsck posted:Actually I don't need to do VLAN trunking, specifically. All I really need to do is use the OC3 to connect one side of the network to the other - they are on different octet class-C subnets (i.e. 10.10.10.0 and 10.10.11.0 for sake of example). The hybrid mode of the current switch config is probably what is so heinously confusing to me. Not seeing you on AIM (my contact info is in profile). In any case, the quick version + disclaimer since I've never worked on the 6500 platform- most of my experience is with routers (7200/12k). Your configuration will probably be done on the MSFC rather than the sup (since you mentioned CatOS I'm guessing you're running in hybrid mode). Once connected to the MSFC you should be able to assign addresses to the POS interfaces (conf t, int pos 5/0/0, ip addr 10.10.255.1 255.255.255.252 (on one side) ip addr 10.10.255.2 255.255.255.252 (on the other), and then ping between them. Then it's just a matter of setting up static routes or a a routing protocol like OSPF.
|
|
#
?
Apr 24, 2007 02:25
|
|
|
Girdle Wax posted:Don't forget default-originate on the 1720 with the WAN connection (does EIGRP require an explicit default-originate or is that just OSPF?) Girdle Wax posted:I think the standard response to tunnel monitoring on the c-nsp list these days is: TCL/EEM (if you're running code that supports it).
|
|
#
?
Apr 24, 2007 03:24
|
|
|
inignot posted:Use 10.whatever on all your interfaces, then enable eigrp per below. inignot posted:Out of curiosity; do you have, or know how to make, a t1 crossover cable? Yep - already done. I needed to make one to test the PRI interface on a Adtran that I set up for SIP trunking.
|
|
#
?
Apr 24, 2007 16:14
|
|
|
How do I configure QoS on my Cisco network? Basically I have a Cisco 817 Aeronet router for my gateway, and connected to that I have a 35xx Layer 3 Switch (there are 6 computers and 4 consoles connected to that). I want to prioritize all Bittorrent traffic to lowest priority and all other traffic higher. I'm reading up on Cisco QoS, and various queuing protocols and I think I want to use Priority Queuing, but I'm not sure how to set it up. Any help?
|
|
#
?
Apr 24, 2007 20:51
|
|
|
Powercrazy posted:How do I configure QoS on my Cisco network? That's a big question. Do you need qos on your 3550? Because if you can get away with only doing it on the 817, it's going to be easier. With the switches, you have to think about hardware queues and dscp to cos maps, and which queues are priority queues, and it's just generally not a very fun experience. Anyway, priority queueing should be fine, provided you know which ports are being used for bittorrent. If you can't be sure which ports are being used for bittorrent, you might have to go dig around for the bittorrent PDLM for use with NBAR. You could also classify bittorrent and use cbwfq, as an alternative. Here's a helpful link: http://www.opalsoft.net/qos/WhyQos-2422.htm
|
|
#
?
Apr 24, 2007 21:54
|
|
|
I've got a Cisco 804. I really know nothing about IOS, I googled enough to come up with a config for my home LAN with an ISDN internet connection. My question is: How do I enable the DHCP server?
|
|
#
?
Apr 24, 2007 22:02
|
|
|
jwh posted:That's a big question. Do you need qos on your 3550? Because if you can get away with only doing it on the 817, it's going to be easier. With the switches, you have to think about hardware queues and dscp to cos maps, and which queues are priority queues, and it's just generally not a very fun experience. Yea I was looking around on the Cisco website and finally stumpled upon NBAR. When I get off work I'm going to go home and try it out, and i'll probably post the configs for others edification. Also apparently as of IOS 12.4T the Bittorrent protocol is identified natively. So I'll find out soon.
|
|
#
?
Apr 24, 2007 22:31
|
|
|
InferiorWang posted:Beyond that, any issues you have ran into with it? It's worked fine. I'm running half a dozen vlans; nothing too fancy, but I haven't had any problems either.
|
|
#
?
Apr 24, 2007 22:38
|
|
|
Thermopyle posted:I've got a Cisco 804. I really know nothing about IOS, I googled enough to come up with a config for my home LAN with an ISDN internet connection. Here you go: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.htm That should get you going.
|
|
#
?
Apr 24, 2007 22:51
|
|
|
jwh posted:Here you go: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.htm Rockin. Thanks. I don't know about how it is now, but a couple years ago I tried finding the Cisco documentation on this and it was hellish finding anything on their site.
|
|
#
?
Apr 24, 2007 23:43
|
|
|
|
| # ? Apr 18, 2024 04:35 |
|
|
Well crap. I can't enable NBAR on a Cisco 851W and that is the easiest way to do what I want to do. Now I'm going to have to gently caress with access-lists and things. Sigh.
|
|
#
?
Apr 25, 2007 00:07
|
|