|
Martytoof posted:Is 3min 10sec an acceptable reload time for a 2620xm 128D/32F with no startup config? It seems a little slow compared to my 3640s but maybe I'm just being extremely picky. Seems normal to me. I was reloading a 2620xm today with 12.4 adventerprise and I sear it took 10 minutes when watching the #'s go past (not joking). 5 minute seems about average for x600's.
|
# ? Jun 15, 2010 22:57 |
|
|
# ? May 13, 2024 00:15 |
|
Interesting. OK thanks for the info. Guess I'm just impatient
|
# ? Jun 15, 2010 23:45 |
|
I thought this would be appropriate for the thread. Configuring some switches for our new datacenter that will be all 10GbE. In this pic: 6509-V-E, Nexus 5010, ASR 1002, everything is redundant with VSS. Using the 5010's for top of rack aggregation back to the core. I have all this stuff running in the back of my office, no extra A/C. Get's about 82 degrees in there. brent78 fucked around with this message at 23:55 on Jun 15, 2010 |
# ? Jun 15, 2010 23:53 |
|
I hope you have hearing protection. That stack looks louder than it is hot.
|
# ? Jun 16, 2010 00:00 |
|
Pussy Noise posted:I don't think it's an xlate issue, or at least clearing the relevant xlates doesn't change the situation. So why does my FWSM eat my DHCP packets? Why is there nothing at all in logs about any of this? We had problems with FWSMs dropping packets with option-82 information that was fixed in 4.x with the "dhcprelay information trust-all" command. Wouldn't be surprised if they have "features" that cause other DHCP packets to get dropped as well.
|
# ? Jun 16, 2010 06:09 |
|
brent78 posted:I thought this would be appropriate for the thread. Configuring some switches for our new datacenter that will be all 10GbE. In this pic: 6509-V-E, Nexus 5010, ASR 1002, everything is redundant with VSS. Using the 5010's for top of rack aggregation back to the core. I have all this stuff running in the back of my office, no extra A/C. Get's about 82 degrees in there. I remember the days when I could post pictures of the poo poo I was working on
|
# ? Jun 16, 2010 13:32 |
|
^^^ Go back to the private sector, government work is soul crushing. brent78 posted:I thought this would be appropriate for the thread. Configuring some switches for our new datacenter that will be all 10GbE. In this pic: 6509-V-E, Nexus 5010, ASR 1002, everything is redundant with VSS. Using the 5010's for top of rack aggregation back to the core. I have all this stuff running in the back of my office, no extra A/C. Get's about 82 degrees in there.
|
# ? Jun 16, 2010 16:44 |
|
Powercrazy posted:That looks extremely similar to what we might do for our data center. But we were planning on just keeping everything layer2 with cross chassis port channels between Nexus 5020s and the servers. What kind of topology are you going to use? brent78 fucked around with this message at 16:58 on Jun 16, 2010 |
# ? Jun 16, 2010 16:54 |
|
Must be nice have blade chassis with 10G uplinks, lots of ours have individual 1G links which makes it a pain especially since Dell and Cisco went separate ways.
|
# ? Jun 16, 2010 17:43 |
|
Powercrazy posted:Must be nice have blade chassis with 10G uplinks, lots of ours have individual 1G links which makes it a pain especially since Dell and Cisco went separate ways. M6220s are HORRIBLE HORRIBLE HORRIBLE and I feel your pain.
|
# ? Jun 16, 2010 19:44 |
|
Imagine replacing all your Cisco/Dell 3032's with 3560s and what a mess of poo poo that is....
|
# ? Jun 16, 2010 19:59 |
|
Powercrazy posted:^^^ Money is too good
|
# ? Jun 16, 2010 20:14 |
|
Powercrazy posted:Must be nice have blade chassis with 10G uplinks, lots of ours have individual 1G links which makes it a pain especially since Dell and Cisco went separate ways. http://h18000.www1.hp.com/products/blades/components/ethernet/10-10gb-f/index.html
|
# ? Jun 16, 2010 22:29 |
|
Peanutmonger posted:We had problems with FWSMs dropping packets with option-82 information that was fixed in 4.x with the "dhcprelay information trust-all" command. Wouldn't be surprised if they have "features" that cause other DHCP packets to get dropped as well. Thanks for the response. I hate all these features on the FWSM that you can't loving disable or enable or do anything about. In any case, I finally managed to find a consistent log message that correlates with the dropped DHCPOFFER, and it's: code:
I so do not trust this box anymore and am really happy with the way the SRX deployment is panning out, but it looks like the FWSM is not about to let go of its customers without a fight..
|
# ? Jun 16, 2010 22:45 |
|
Haha, our SCCM server suddenly stopped being able to connect to any hosts on a certain network segment this morning, and literally nothing helped short of reloading the FWSM. Die.
|
# ? Jun 17, 2010 04:00 |
|
Not exactly Cisco related (although they'll be terminating in an 1841): is it kosher to wire up a second smart jack using the two unused pairs on an existing cable? I have a customer who is switching from a single T1 to a pair of bonded T1s. The demarc is at the opposite end of the building from the data closet and I'd rather not have to pull another cable through their tiny crawlspace attic.
|
# ? Jun 17, 2010 16:03 |
|
Richard Noggin posted:Not exactly Cisco related (although they'll be terminating in an 1841): is it kosher to wire up a second smart jack using the two unused pairs on an existing cable? I have a customer who is switching from a single T1 to a pair of bonded T1s. The demarc is at the opposite end of the building from the data closet and I'd rather not have to pull another cable through their tiny crawlspace attic. T1 only uses 2 pairs (Blue/Orange) so it'll work just fine.
|
# ? Jun 17, 2010 16:21 |
|
Richard Noggin posted:Not exactly Cisco related (although they'll be terminating in an 1841): is it kosher to wire up a second smart jack using the two unused pairs on an existing cable? I have a customer who is switching from a single T1 to a pair of bonded T1s. The demarc is at the opposite end of the building from the data closet and I'd rather not have to pull another cable through their tiny crawlspace attic. Technically speaking no you shouldnt do this due to danger of crosstalk. Practically speaking though it should be fine.
|
# ? Jun 17, 2010 16:30 |
|
Syano posted:Technically speaking no you shouldnt do this due to danger of crosstalk. Practically speaking though it should be fine. Eh, T1 crosstalk would be rare considering that lots of T1s are installed on 25-50pair riser cable. Two T1 circuits in a single cat5 would be trivial. Crosstalk would be a much bigger problem if they were trying to put two ethernet connections in a single cat5.
|
# ? Jun 17, 2010 16:49 |
|
Syano posted:Technically speaking no you shouldnt do this due to danger of crosstalk. Practically speaking though it should be fine. When your T1 comes from the CO it's bundled into 100+ pair F1 and F2 cables, sitting in the same binder as other T1s, ISDN, Voice and xDSL circuits. Crosstalk isn't an issue.
|
# ? Jun 17, 2010 16:49 |
|
ragzilla posted:When your T1 comes from the CO it's bundled into 100+ pair F1 and F2 cables, sitting in the same binder as other T1s, ISDN, Voice and xDSL circuits. Crosstalk isn't an issue. I haven't ever seen a CO-based T1. In San Francisco they're always running DSL/HDSL to the MPOE, and then using a smart jack to convert it to T1. But yeah, it's coming in over 100+ pair cables from the street, and then 25-50pair cables in the riser closets
|
# ? Jun 17, 2010 16:51 |
|
I understand that. Thats why I said practically speaking it wasnt an issue. However, from the early days of T1s the standard practice was to use shielded cable from from the CPE to CSU because of danger of crosstalk. I used to be a cable jockey for a firm back in the 90s and shielded is all we ever used. quote:When your T1 comes from the CO it's bundled into 100+ pair F1 and F2 cables, sitting in the same binder as other T1s, ISDN, Voice and xDSL circuits. Crosstalk isn't an issue. Syano fucked around with this message at 16:57 on Jun 17, 2010 |
# ? Jun 17, 2010 16:54 |
|
CrazyLittle posted:I haven't ever seen a CO-based T1. In San Francisco they're always running DSL/HDSL to the MPOE, and then using a smart jack to convert it to T1. But yeah, it's coming in over 100+ pair cables from the street, and then 25-50pair cables in the riser closets We're copper rich out here in the midwest so HDSL to SJ T1s are the exception rather than the rule. We even have AT&T sometimes try to bring in new T1s that way instead of dropping it off their OC12 shelf.
|
# ? Jun 17, 2010 16:57 |
|
So I'm pondering something. You can put a Loopback interface on a Layer 2 switch, like a 2960 or whatever. My question is why? If you configure the ip address to overlap with a vlan on the switch it throws an error, and if you have a non-overlapping IP Address then I assume you can't actually get to it with out setting a static route from a router, and even then would the switch respond? What vlan would this Loopback interface be in?
|
# ? Jun 17, 2010 17:00 |
|
I can't think of a good reason for a loopback on a L2 switch. Probably just an IOS holdover.
|
# ? Jun 17, 2010 17:26 |
|
I think on layer 2 only switches you can only have one layer 3 interface.
|
# ? Jun 17, 2010 17:53 |
|
Powercrazy posted:So I'm pondering something. You can put a Loopback interface on a Layer 2 switch, like a 2960 or whatever. Yeah I just booted my 2950 lab stack out of curiosity and it won't let me add a loopback interface so only one L3 interface like inignot said By which I mean, loopback is in the int help list, but it returns a syntax error.
|
# ? Jun 17, 2010 18:09 |
|
Martytoof posted:Yeah I just booted my 2950 lab stack out of curiosity and it won't let me add a loopback interface so only one L3 interface like inignot said depending on what version of code you have 2950s won't let you create them, however a 2960 will. pre:Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 24 WS-C2960G-24TC-L 12.2(35)SE1 C2960-LANBASEK9-M Configuration register is 0xF la2960a-f10-0503#conf t Enter configuration commands, one per line. End with CNTL/Z. la2960a-f10-0503(config)#int lo0 la2960a-f10-0503(config-if)#ip address 1.1.1.1 255.255.255.255 la2960a-f10-0503(config-if)# la2960a-f10-0503#sh ip int bri Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES NVRAM administratively down down Vlan69 10.30.248.201 YES NVRAM up up ~snip~ Loopback0 1.1.1.1 YES manual up up la2960a-f10-0503#
|
# ? Jun 17, 2010 20:04 |
|
I am very new to the cisco IOS: I got my CCENT 6 months ago, so a lot of the information has come and gone out of my head from non-use. I am simply trying to setup NAT so that my router can get information from the internet and share it with its users via DHCP. Very basic. I got DHCP to work, but I am having a hell of a time finding tutorials on setting up NAT. It is a static business IP address that I have, this router will be replacing another router so I have some information from the one implemented currently: code:
code:
code:
|
# ? Jun 18, 2010 17:41 |
|
Basic nat looks like this: ip nat inside source list 102 interface FastEthernet4 overload ip nat inside source static tcp 10.10.10.7 6113 interface FastEthernet4 6113 ip nat inside source static udp 10.10.10.7 6113 interface FastEthernet4 6113 ip nat inside source static tcp 10.10.10.7 6115 interface FastEthernet4 6115 ip nat inside source static tcp 10.10.10.9 6116 interface FastEthernet4 6116 access-list 102 permit ip 10.10.10.0 0.0.0.255 any Obviously you'll want to remove the static bindings if you have a lot of users connecting to the outside and of coruse change the itnerface to whatever your outisde interface is. But using the context help and/or the online cisco documentation should help you. Are you currently connected to the outside world? I don't see a public facing IP address anywhere. http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html Also if you are using SSH, disable telnet as telnet is inherently unsecure. So change: line vty 5 15 transport input telnet ssh to: line vty 5 15 privilege level 15 transport input ssh ate shit on live tv fucked around with this message at 18:07 on Jun 18, 2010 |
# ? Jun 18, 2010 18:04 |
|
Powercrazy posted:Basic nat looks like this: See thats the thing, I don't know how to setup the public IP address I will be connecting to the internet via my faste0, which for these purposes my outside address is 111.111.111.111. When you state public address you are talking about my static IP given to me by my ISP correct? Did I do right by making my inside lan on my VLAN1? The 192.168.2.0, so would it look like this? ip nat inside source list 102 interface Vlan1 overload ip nat inside source static tcp 192.168.2.1 6113 interface Vlan1 6113 access-list 102 permit ip 192.168.2.0 0.0.0.255 any
|
# ? Jun 18, 2010 20:36 |
|
Just throw your public address on the fast0 interface. int fast0 ip address 111.111.111.111 255.255.255.xxx
|
# ? Jun 18, 2010 21:26 |
|
Martytoof posted:Just throw your public address on the fast0 interface. This works as long as you don't have to use any other type of authentication with your ISP (ie PPPoE).
|
# ? Jun 18, 2010 21:29 |
|
Harry Totterbottom posted:This works as long as you don't have to use any other type of authentication with your ISP (ie PPPoE). Oh right. I just assumed for lack of information he wasn't authenticating. Also you'll probably need this to get packets out to your ISP: ip route 0.0.0.0 0.0.0.0 111.111.111.112
|
# ? Jun 18, 2010 21:34 |
|
Bardlebee posted:See thats the thing, I don't know how to setup the public IP address ip nat inside (source) access-list (outside interface). So your inside source is the network described by your access-list in this case 192.168.2.0/24. The interface is your outside interface Fa0. Then when you add the static route that martytoof described you should be ready to go. Ping 8.8.8.8 or whatever so that you can verify connectivity then add your nat commands. You don't need static nat unless you are doing port forwarding. So just the one "ip nat inside source list..." should suffice. http://powercrazy.fishmech.net/stuff/Router.txt That is a complete router config for a Cisco 851W. Obviously it won't all apply to you, but you can see some context for my Nat statements etc.
|
# ? Jun 18, 2010 21:46 |
|
First time I attempted NAT I did it in the SDM, which obviously did not work very well... now that I changed these settings in any case my newly created NVI0 port is administratively down. Should I be concerned with this? Going to test this baby out tonight. Thank you guys ill let you know how it goes. My sh run, in case I missed something... By the way I don't think ill need statics just yet as its basically everyone just sharing internet in my office... 111.111.111.111 = outside 111.111.111.112 = default gateway code:
|
# ? Jun 21, 2010 14:58 |
|
Your ip route command is wrong. Unless, of course, you want to send all requests which are intended for inside the network to outside the network. should be: ip route 0.0.0.0 0.0.0.0 111.111.111.112 That way it will send requests for anything not locally connected to the outside network. EDIT: Also, you don't have any DNS servers set in your DHCP pool. Not really a problem, but unless you've manually set DNS servers on each of your clients you could possibly run into issues. n0tqu1tesane fucked around with this message at 15:12 on Jun 21, 2010 |
# ? Jun 21, 2010 15:08 |
|
ip route is to add routes to remote networks, so unless you are trying to route all traffic destined for 192.168.2.0/24 to 111.111.111.112 I think you want something like this instead: ip route 0.0.0.0 0.0.0.0 111.111.111.112 e: drat it n0tqu1tesane I went to make some tea before I hit submit some kinda jackal fucked around with this message at 15:12 on Jun 21, 2010 |
# ? Jun 21, 2010 15:10 |
|
n0tqu1tesane posted:Your ip route command is wrong. Unless, of course, you want to send all requests which are intended for inside the network to outside the network. Would the DNS be my internal DNS server or the default gateway of the ISP? For example, my DNS Server is also my DC, which is 192.168.2.113. dns-server 192.168.2.113
|
# ? Jun 21, 2010 15:42 |
|
|
# ? May 13, 2024 00:15 |
|
Bardlebee posted:Would the DNS be my internal DNS server or the default gateway of the ISP? For example, my DNS Server is also my DC, which is 192.168.2.113. If you've got an internal DNS server, use that. Otherwise your ISP generally provides some, but it's generally not your default gateway. Google and OpenDNS provide free DNS services as well.
|
# ? Jun 21, 2010 15:51 |