|
Thanks for the link. This is pretty much what I was looking for: a line-by-line list of topics to know (somehow I missed this  ). Now, onto books. I figure trying to get something that was released in 2008 would be the safest bet but is it just as safe to get something written in 2007? I only ask because I'm unsure of the timeline regarding the CCNA test updates. I don't want a book that doesn't cover what I need, after all. I was thinking something along the lines of this or is there some real substantive reason to avoid Cisco-sanctioned stuff like this? I'll admit; part of it is that I'm used to my old books still.
|
#
?
Jul 11, 2008 16:51
|
|
|
|
| # ? Apr 26, 2024 19:08 |
|
|
Hey Everyone: I've got a Cisco 2811 connecting via T1 to our VPN concentrator here at the office. The remote site (with the 2811) is having terrible connection speed at the moment. The only hardware at the remote site is 5-10 thin clients and a single pc. I'll be going over there today to install a small pc to run tcpdump to gather traffic, but I wanted to know what else might help in debugging this. I've logged into the router and it doesn't seem like there is much that isn't correct. I can provide any documentation necessary. Thanks : )
|
|
#
?
Jul 11, 2008 17:11
|
|
|
Twlight posted:Hey Everyone: What do you mean you have a 2811 connecting via T1 to your VPN concentrator? Do you mean that the 2811 has an Internet connection via T1, and is establishing a VPN connection back to your VPN concentrator? What does 'show interface' say about the utilization on the 2811 T1 interface? If it's low, and you're still having problems with throughput, it could be a problem with your tunnel configuration. If you see high utilization, you can try enabling the flow cache and top-talkers feature: conf t int se0/0/0 ip route-cache flow int Fa0/0 ip route-cache flow int Fa0/1 ip route-cache flow ip flow-top-talkers top 20 sort-by bytes Use the 'show ip flow top' command to dump the top flows.
|
|
#
?
Jul 11, 2008 18:21
|
|
|
Excuse a newbie question, but I'm new to Cisco. I'm about to start a CCNA and I have the lab pack that they gave me to use. It came with a serial to RJ45 console cable. Do USB to RJ45 console cables exist?
|
|
#
?
Jul 15, 2008 11:29
|
|
|
Anjow posted:Excuse a newbie question, but I'm new to Cisco. I'm about to start a CCNA and I have the lab pack that they gave me to use. It came with a serial to RJ45 console cable. Do USB to RJ45 console cables exist? Not to my knowledge. You'll need a USB to RS232/DB9 converter. Google, they're all over the place and don't cost much.
|
|
#
?
Jul 15, 2008 11:37
|
|
|
heresy posted:Not to my knowledge. You'll need a USB to RS232/DB9 converter. Google, they're all over the place and don't cost much. I have actually got one, not tried it yet. I just thought USB might be easier or something. Mostly out of interest anyway. In the CCNA manual I have it mentions using Tera Term to connect to the switch I have. Is there an equivalent for Mac? It's not a big deal because I do have Bootcamped Windows on there too.
|
|
#
?
Jul 15, 2008 11:44
|
|
|
Anjow posted:I have actually got one, not tried it yet. I just thought USB might be easier or something. Mostly out of interest anyway. On mac you'll want to use minicom or something similar.
|
|
#
?
Jul 15, 2008 14:17
|
|
|
Forgive a virtual repost from 1 page ago but I am having a bear of a time with vendors here and am finding difficult to find the information I need. I have 2 Dell 3548s in a stacked config and I need to uplink these things to a Catalyst 3560G. Those Dells are going to be pretty loaded and I figured I would use the sfp ports to uplink since I didn't want to push 96 ports worth of fast ethernet traffic over a single fast ethernet uplink. My problem is my Dell rep says their sfp transceivers will not work in the Catalyst and vice versa. Is he full of crap or is that pretty much the way it works? Also, if you have any other brilliant solutions to my project I am all ears.
|
|
#
?
Jul 15, 2008 15:24
|
|
|
Syano posted:My problem is my Dell rep says their sfp transceivers will not work in the Catalyst and vice versa. Is he full of crap or is that pretty much the way it works? Also, if you have any other brilliant solutions to my project I am all ears. Buy a Dell SFP, and then buy a Cisco SFP. Multimode. You should be fine.
|
|
#
?
Jul 15, 2008 16:52
|
|
|
jwh posted:Buy a Dell SFP, and then buy a Cisco SFP. Multimode. Thanks for the quick response jwh. Coming from you I will take this suggestion as my preferred route.
|
|
#
?
Jul 15, 2008 16:59
|
|
|
Just as an FYI. The 3560G is a gigabit switch, not FastEthernet. You don't need to use fiber. Those 4 SFP ports are typically for MPLS/BGP or some other type of core routing.
|
|
#
?
Jul 15, 2008 18:03
|
|
|
Yeah I know. My problem is through that the 3560 is acting as the core switch at a branch office for about 8 servers so I needed a simple way to uplink the 96 ports of fast ethernet traffic from the dell 3548s to it. I figured I would use the sfp ports since they were already there not doing anything.
|
|
#
?
Jul 15, 2008 18:56
|
|
|
I managed to get my switch's console on Windows using Tera Term. I couldn't work out what to do with minicom as it was the source that I found (and I'm not too familiar with this sort of stuff), I had a go with ZTerm and couldn't figure out how to get it to connect - I did enter the settings as specified in the manual but nothing happened. I'll just proceed with using Tera Term on Windows unless one of the instructors when I start the course can figure out how to get it going on OS X.
|
|
#
?
Jul 15, 2008 20:06
|
|
|
I'm not sure if this is  or not, but could someone post the Cisco Security Conversion Tool (SCT)? It's free to Cisco Partners and Resellers, but I'm not one of those.  It's located here and here. If it can't be done, ok. I just don't want to mess with the lovely Checkpoint at all.
|
|
#
?
Jul 15, 2008 21:04
|
|
|
Syano posted:My problem is my Dell rep says their sfp transceivers will not work in the Catalyst and vice versa. Is he full of crap or is that pretty much the way it works? The Cisco won't work with the Dell optics in it's default config, until you type in the magic commands "service unsupported-transceiver", "no errdisable detect cause gbic-invalid" and "errdisable recovery cause gbic-invalid" I don't think we have a single Cisco optic anywhere in our network other than the ones we've gotten for free with stuff, and even then the no-name optics we buy from Fluxlight or NHR have better compatibility/failure rates than the Cisco ones.
|
|
#
?
Jul 16, 2008 02:00
|
|
|
Anjow posted:I had a go with ZTerm and couldn't figure out how to get it to connect - I did enter the settings as specified in the manual but nothing happened. I use ZTerm and a Keyspan USA-19HS on OS X all the time. Really, the only setting you have to change in ZTerm is baud rate to 9600, and you should start seeing output.
|
|
#
?
Jul 16, 2008 07:00
|
|
|
markus876 posted:I use ZTerm and a Keyspan USA-19HS on OS X all the time. Really, the only setting you have to change in ZTerm is baud rate to 9600, and you should start seeing output. Could it be anything to do with it having settings for a number to dial and a username/password (which I haven't set yet and didn't enter when I used Tera Term)? Or is there some sort of 'connect' menu item I have to select before it will connect?
|
|
#
?
Jul 16, 2008 07:13
|
|
|
Anjow posted:Could it be anything to do with it having settings for a number to dial and a username/password (which I haven't set yet and didn't enter when I used Tera Term)? Or is there some sort of 'connect' menu item I have to select before it will connect? I just did a test here. I launched ZTerm, choose the Keyspan device to connect to, and then went to the Settings -> Connection menu item, which brings up the connection settings window. I leave everything as is (blank) including phone number, etc., as none of that is useful for this. The only thing I change is the Data Rate from the default of 38400 to 9600, and hit "ok". Come to think about it, there is probably a way to make ZTerm default to 9600 baud, but I never bothered to. Are you sure you have your USB to Serial adapter configured / setup with drivers for OS X? If so, are you sure ZTerm is using it (check in Settings -> Modem Preferences; it should show up in the drop down).
|
|
#
?
Jul 16, 2008 08:11
|
|
|
I've inherited a network made up mostly of Cisco 2950s spread out across two buildings. We have one problem area where anything that is sensitive to packet loss drops connections a lot, and all I'm seeing in Wireshark captures that looks even the slightest bit odd is Spanning Tree traffic. Given that there's absolutely no redundant links between switches on this network, is there any reason not to just throw every port that doesn't link switches together into portfast? Will this actually accomplish anything good?
Mierdaan fucked around with this message at 15:55 on Jul 17, 2008 |
|
#
?
Jul 17, 2008 02:27
|
|
|
Mierdaan posted:I've inherited a network made up mostly of Cisco 2950s spread out across two buildings. We have one problem area where anything that is sensitive to latency drops connections a lot, and all I'm seeing in Wireshark captures that looks even the slightest bit odd is Spanning Tree traffic. Given that there's absolutely no redundant links between switches on this network, is there any reason not to just throw every port that doesn't link switches together into portfast? Will this actually accomplish anything good? Turn off spanning-tree on all ports that are not links to other switches, but you should some some sort of backup links to other switches. spanningtree portfast spanningtree bpdu filter enable
|
|
#
?
Jul 17, 2008 12:31
|
|
|
markus876 posted:I just did a test here. I launched ZTerm, choose the Keyspan device to connect to, and then went to the Settings -> Connection menu item, which brings up the connection settings window. I leave everything as is (blank) including phone number, etc., as none of that is useful for this. The only thing I change is the Data Rate from the default of 38400 to 9600, and hit "ok". I start ZTerm (the device 'usbserial' is already selected from before) and it displayed 'xxxx' on the screen. I go to connection preferences and change from 38400 to 9600, leaving other settings as they are - service name 'Local', 8N1, local echo disabled and Xon/Xoff still checked. I click okay and it returns me to the screen with 'xxxx' on it. I checked in modem preferences and 'usbserial' is selected. The initialise string is 'ATE1 V1^M'. I tried unchecking Xon/Xoff and it has the same effect.
|
|
#
?
Jul 17, 2008 12:47
|
|
|
Anjow posted:I start ZTerm (the device 'usbserial' is already selected from before) and it displayed 'xxxx' on the screen. I go to connection preferences and change from 38400 to 9600, leaving other settings as they are - service name 'Local', 8N1, local echo disabled and Xon/Xoff still checked. I click okay and it returns me to the screen with 'xxxx' on it. I checked in modem preferences and 'usbserial' is selected. The initialise string is 'ATE1 V1^M'. You could have strange cabling between the usb-serial dongle and the Cisco device. Try connecting pin 2 and 3 of your serial port on the usb dongle (with a bent staple or something). If the serial device thingy works, you should see what you're typing on the screen (2 and 3 are send and recieve, which will just echo things back to yourself). If that doesn't work, there might be something wrong with the serial adapter. If that does work, you probably have the wrong console cable.
|
|
#
?
Jul 17, 2008 14:15
|
|
|
jbiel posted:Turn off spanning-tree on all ports that are not links to other switches, but you should some some sort of backup links to other switches. This reminds me of something I saw a couple weeks ago when connecting a link to a 3rd party company. At our side, there is a pair of Cisco 2811 routers and 2960 switches (there are lots of connections to other parties, each on separate handover VLANs). One of them was a straight ethernet connection over a pair of 100Mbit fiber converters. It worked fine when I hooked my laptop up (could ping everything at their end just fine), but it all died when I connected it to the switch. I could see a Cisco 3524 switch at the other side via CDP, but everything else was dead (even ARP to their switch IP). When I had only the 2960 switch connected (with a newly-erased default config and only vlan 1 configured), I could ping stuff across the link, but as soon as I connected something else (a router or my laptop), it went down right away. I did suspect spanning tree had something to do with it, so I set "spanning-tree bpdufilter enable" on the switch port and everything started working as it should. I set it to portfast as well for good measure. Somehow, when the two switches (our 2960 and their 3524) are talking spanning-tree, something happens that causes their switch to block that port (I haven't got the spanning tree output but I know the 2960 said it was forwarding on that port). There is in no way a loop somewhere, there is just this one link. What I'm really wondering is, what kind of settings on their side could cause this? ionn fucked around with this message at 14:34 on Jul 17, 2008 |
|
#
?
Jul 17, 2008 14:31
|
|
|
ionn posted:You could have strange cabling between the usb-serial dongle and the Cisco device. Before I try these suggestions, would it be safe to assume that everything is okay with the serial adapter and the console cable if it works fine on Windows? I don't know but I think I said before that I can get it working just fine using Tera Term in Windows, with exactly the same hardware. Would that then suggest that the problem is with the OS X drivers?
|
|
#
?
Jul 17, 2008 14:43
|
|
|
Anjow posted:Before I try these suggestions, would it be safe to assume that everything is okay with the serial adapter and the console cable if it works fine on Windows? I don't know but I think I said before that I can get it working just fine using Tera Term in Windows, with exactly the same hardware. What you're saying would almost certainly mean the problem is between OS X and the RS-232 adapter, and that is likely a driver issue, or ZTerm not using the right device.
|
|
#
?
Jul 17, 2008 15:26
|
|
|
I suppose I will give up for now. The adapter I have is bollocks, the manufacturer thought it would be wise to include OS X drivers on an 8cm CD when the vast majority of OS X machines would be unable to load such a disc reliably. I'm gonna just wait until I start the course and see if an instructor can figure this out and if not it's not too much of a chore to reboot into Windows. Thanks for all the help.
|
|
#
?
Jul 17, 2008 15:53
|
|
|
ionn posted:What I'm really wondering is, what kind of settings on their side could cause this? Well, when you connected a router or PC to the 2960, was it also in vlan 1? I say this because out of the box, Cisco will set 'no spanning-tree vlan 1'. As to what is causing the providers interface to stop working, I would suspect bpduguard, but that would error disable the port, and the recovery, if it's configured, is 300 seconds by default. Of course they could have tuned those timers down..
|
|
#
?
Jul 17, 2008 16:36
|
|
|
jwh posted:Well, when you connected a router or PC to the 2960, was it also in vlan 1? I say this because out of the box, Cisco will set 'no spanning-tree vlan 1'. The "blank" 2960 (which was just an out-of-the-box spare) was running on vlan 1 and might very well have had that (didn't really look), but the original one had (among other irrelevant stuff): code:With that holddown timer, would any new bpdu frame just reset the timer? I had a ping running for like 15 minutes or so with nothing coming back (while the switch was doing stp now and then), but I have no clue what their timers are set to. I have a couple of spare switches I was going to test this stuff out on, but it seems bpduguard (if I've understood it correctly) pretty much explains it. I'll ask them to disable it, since even if we can just as well have bpdufilter on, it would be silly if a slight misconfiguration (for example, if replacing the switch) would kill the connection just like that.
|
|
#
?
Jul 17, 2008 22:14
|
|
|
ionn posted:I've never came into contact with bpduguard other than seeing it as a config option, is that just some way to make the port allergic to rouge switches connected to it, and have it freak out and shut down upon seeing a bpdu frame? But, looking at your configs, I'm not so sure that's the culprit here- bpdu filter should have prevented the switch from sending a bpdu, which in turn wouldn't have triggered the bpduguard errdisable on the other side. I don't know honestly, it's hard to say- have you asked your upstream provider what they think? They may have some ideas.
|
|
#
?
Jul 17, 2008 22:24
|
|
|
jwh posted:Yeah, that's pretty much what bpduguard does. It's nice for when you want to prevent a switch from accidentally appearing on the network in places you don't anticipate. We tend to run it in combination with portfast on workstation ports. Oh, sorry, those two statements (spanning-tree bpdufilter enable, spanning-tree link-type point-to-point) where what was on the switch after the issue was "resolved" (as in "working, though I'm not really sure why"). Those are the only two lines changed from before when it was not working. bpduguard probably can be useful when you want to really prevent (and punish) users plugging in nonallowed switches, but I've never had any problems with just running spanning-tree portfast. A switching loop would cause some broadcast bursts for a few seconds, but I've never seen that cause anything serious. I'll ask the other side if they run bpduguard, just to get the issue explained, and if they can just take it off. Sure, it works fine as it is, but I can imagine what will happen next time when someone needs to move it to another port or something ionn fucked around with this message at 22:48 on Jul 17, 2008 |
|
#
?
Jul 17, 2008 22:45
|
|
|
ionn posted:Oh, sorry, those two statements (spanning-tree bpdufilter enable, spanning-tree link-type point-to-point) where what was on the switch after the issue was "resolved" (as in "working, though I'm not really sure why"). Those are the only two lines changed from before when it was not working. Bridging loops don't just cause broadcast bursts for a few seconds. They'll peg the CPU's of the affected devices and render them unusable as long as the devices are connected. The ARP tables in CAM will get flooded with repeating entries (on different ports) and become unstable. I've seen a bridging loop bring down an entire corporate office. IIRC, if you configure PortFast on an interface, BPDUGuard is configured on it automatically as well, but if for whatever reason you want to disable BPDUguard, that's where you'll run into problems. As jwh said, bpdufilter keeps the switch from sending or receiving BPDUs on that particular port, so that's probably the bit that made it start working, but I'm not sure why "link-type point-to-point" was configured as this is only pertinent to RPVST+, and they only have PVST+ configured. The spanning tree link type of point-to-point is also set automatically because it's based on the duplex of the port, so the logic of setting that manually is completely beyond me. EDIT: jwh posted:Well, when you connected a router or PC to the 2960, was it also in vlan 1? I say this because out of the box, Cisco will set 'no spanning-tree vlan 1'. Are you sure about that? From my experience, PVST is enabled on all switches by default - I'm not aware of Cisco having spanning tree turned off on a switch out of the box... EDIT2: So, from what I'm getting, those were the settings that you configured on your end to make it work? Then yeah, they may be running BPDUguard on their end. If you set bpdufilter on the interface, then yeah, it should've come up... atticus fucked around with this message at 01:04 on Jul 18, 2008 |
|
#
?
Jul 18, 2008 00:39
|
|
|
atticus posted:Bridging loops don't just cause broadcast bursts for a few seconds. They'll peg the CPU's of the affected devices and render them unusable as long as the devices are connected. The ARP tables in CAM will get flooded with repeating entries (on different ports) and become unstable. I've seen a bridging loop bring down an entire corporate office. IIRC, if you configure PortFast on an interface, BPDUGuard is configured on it automatically as well, but if for whatever reason you want to disable BPDUguard, that's where you'll run into problems. But with portfast while the port is initially in the forwarding state, if it receives any BPDUS it will immediately switch to blocking/learning- thus breaking the forwarding loop very quickly. While portfast and bpduguard go hand in hand bpduguard is not automatically turned on on every portfast port unless you turn on the "spanning-tree portfast bpduguard default" config knob.
|
|
#
?
Jul 18, 2008 00:54
|
|
|
Girdle Wax posted:But with portfast while the port is initially in the forwarding state, if it receives any BPDUS it will immediately switch to blocking/learning- thus breaking the forwarding loop very quickly. While portfast and bpduguard go hand in hand bpduguard is not automatically turned on on every portfast port unless you turn on the "spanning-tree portfast bpduguard default" config knob. Granted, but there's still a chance that the bridging loop could cause an issue in the network to the point where the port transitioning back to a blocking/listening state wouldn't be able to fix things, yeah?
|
|
#
?
Jul 18, 2008 01:08
|
|
|
atticus posted:Granted, but there's still a chance that the bridging loop could cause an issue in the network to the point where the port transitioning back to a blocking/listening state wouldn't be able to fix things, yeah? Only if there were dormant loop undetected in the network that causes it to continue storming, generally once the loop that caused the issue is broken the traffic can only make 1 more pass around the network.
|
|
#
?
Jul 18, 2008 01:29
|
|
|
Girdle Wax posted:Only if there were dormant loop undetected in the network that causes it to continue storming, generally once the loop that caused the issue is broken the traffic can only make 1 more pass around the network. Sure, ARP entries can time out, but you'll also be in a lovely state of affairs if that switch you connect up to a PortFast-enabled port is now the shiny new root bridge in the spanning tree topology... Also assuming here that the layer 2 topology is flat and there's no other VLANs. 
|
|
#
?
Jul 18, 2008 01:40
|
|
|
atticus posted:Are you sure about that? From my experience, PVST is enabled on all switches by default - I'm not aware of Cisco having spanning tree turned off on a switch out of the box... Not sure  I think you're right; I'm not sure where I came up with that.
|
|
#
?
Jul 18, 2008 02:46
|
|
|
Anjow posted:I suppose I will give up for now. The adapter I have is bollocks, the manufacturer thought it would be wise to include OS X drivers on an 8cm CD when the vast majority of OS X machines would be unable to load such a disc reliably. I'm gonna just wait until I start the course and see if an instructor can figure this out and if not it's not too much of a chore to reboot into Windows. You can try screen in OSX as well. screen /dev/tty.Key... I forget the exact model I have but it is a Keyspan as well
|
|
#
?
Jul 18, 2008 03:57
|
|
|
atticus posted:Bridging loops don't just cause broadcast bursts for a few seconds. They'll peg the CPU's of the affected devices and render them unusable as long as the devices are connected. The ARP tables in CAM will get flooded with repeating entries (on different ports) and become unstable. I've seen a bridging loop bring down an entire corporate office. IIRC, if you configure PortFast on an interface, BPDUGuard is configured on it automatically as well, but if for whatever reason you want to disable BPDUguard, that's where you'll run into problems. I've seen a bridging loop kill an entire office, but it took until next day for them to notice. The loop was created sometime during the day, and the network died at 04:00 at night (when the alarm went off becuse everything was unreachable from insane cpu load). It was an Avaya 4621SW IP phone, which has a two port switch in it, and someone plugged the "computer" port on it into the wall. The switches were running spanning tree on all user ports, but it was for some reason disabled on the port-channel between them. In that instance, it only seemed like traffic was slowly increasing along the loop, and it took several hours until anyone noticed. Noone said the network had been abnormally slow the day before. Thinking about it, that seems rather odd, and the network should have been worse off, faster. Then again, the switches already had full MAC tables, and it would then only be broadcast things like ARP flowing around, and that might take a while to build up enough crap in the "ethernet cyclotron". atticus posted:As jwh said, bpdufilter keeps the switch from sending or receiving BPDUs on that particular port, so that's probably the bit that made it start working, but I'm not sure why "link-type point-to-point" was configured as this is only pertinent to RPVST+, and they only have PVST+ configured. The spanning tree link type of point-to-point is also set automatically because it's based on the duplex of the port, so the logic of setting that manually is completely beyond me. Correct, bpdufilter is what fixed it, and without that it didn't work. I added the link-type statement for good measure when I was just mucking about trying to figure it out, but later figured out it was useless. I had portfast on there as well for a while, but removed that (as I'd rather start running spanning-tree proper instead). ionn fucked around with this message at 08:11 on Jul 18, 2008 |
|
#
?
Jul 18, 2008 07:59
|
|
|
How simple of a task is setting up a failover Internet connection on an 1812? We just had a T1 installed, we're currently using a cable modem. It's 10 MB and up 99% of the time, so we'd like to use this as the primary connection. We just have the T1 for our 'just in case' connection. (It's ipflex from AT&T so our voice routes over it as well) Cable Modem ------> |Cisco ____ Our LAN Cisco 2811 --------> |1812 I guess this is what it should end up looking like. I've tested the T1 data circuit with a laptop and it works great.
|
|
#
?
Jul 22, 2008 18:10
|
|
|
|
| # ? Apr 26, 2024 19:08 |
|
|
Bob Morales posted:How simple of a task is setting up a failover Internet connection on an 1812? It's pretty easy. You just have to pick what method fits your needs. What device in that diagram is doing your NAT? That's probably the best place to implement any failover plan as your external IP dictates the return path (unless you've got BGP peers).
|
|
#
?
Jul 22, 2008 18:16
|
|
