|
Syano posted:Generally speaking 5mb/s up and down, give or take a meg. Let me ask this while we are at it. Is it possible to have multiple VPNs open to the same subnet. In other words you have 2 sites, siteA and siteB. SiteA has two internet connections. SiteB has two internet connections. Is it possible to open VPNs accross both connections from siteA to both connections at SiteB? yes as long as you have 2 unique subnets in both sites and your routing gear can support it. Trivial to do with Cisco ISR gear
|
# ? Jan 12, 2011 15:23 |
|
|
# ? Mar 29, 2024 00:29 |
|
jgbaker posted:yes as long as you have 2 unique subnets in both sites and your routing gear can support it. Trivial to do with Cisco ISR gear So what your saying is, as long as Site A has a subnet of say 192.168.2.0 and Site B has a subnet of 192.168.1.0 it should be ok? Or are you saying you need two subnets per location?
|
# ? Jan 12, 2011 15:41 |
|
Bardlebee posted:Can you guys recommend me a cheap router that has the Cisco IOS on it that I can use for my home router? I would like to setup NAT at home and practice there as well. I know there are sims, but I would like to set it up at home too. You don't need to buy something as expensive as a new 800/1800. I use a 1720 with a WIC-1ADSL as a combination modem/router at my place, and if you already have a modem that makes you happy and just want a router you'd be just fine with a 2611 or 1721 as far as I know, which you can get for $50 or less. I haven't actually used a 2600 except in a lab full of much louder things, but as far as I know they're pretty quiet, and I can vouch that the 1700's slow 30mm-ish fan is literally silent. Just make sure that if you want any specific/exotic features that you check them against the supplied code version on the Software Advisor on Cisco's website, and if you get a 1700 (except the 1760, which is just unnecessary) make sure you buy a power brick because they don't have an internal PSU like the 2600s. Eletriarnation fucked around with this message at 17:26 on Jan 12, 2011 |
# ? Jan 12, 2011 17:20 |
|
Eletriarnation posted:You don't need to buy something as expensive as a new 800/1800. I use a 1720 with a WIC-1ADSL as a combination modem/router at my place, and if you already have a modem that makes you happy and just want a router you'd be just fine with a 2611 or 1721 as far as I know, which you can get for $50 or less. The problem with a 1720/1721 is that its CPU isn't fast enough to be useful for home routing an internet connection like a cablemodem, and you can't get a second ethernet interface unless you hunt down a wic-4esw. Also, 26## routers are not compatible with wic-1adsl. Only 26##-XM routers are. If you're going to get one of these strictly for lab practice, you might as well just use the sims.
|
# ? Jan 12, 2011 17:25 |
|
CrazyLittle posted:The problem with a 1720/1721 is that its CPU isn't fast enough to be useful for home routing an internet connection like a cablemodem, and you can't get a second ethernet interface unless you hunt down a wic-4esw. Also, 26## routers are not compatible with wic-1adsl. Only 26##-XM routers are. I'm not sure about that, but as I said my 6mbit ADSL connection seems to be able to perform at max speed with no issues. I'm at class right now, but when I get home I'll max it out and let you know what my reported CPU usage is. Also, the point of recommending the 1721 and not the 1720 is that it does have a second FastE interface. I didn't know about the 26xx not supporting ADSL, but that's definitely in the list of features I would check for any model/code version - I clearly remember checking it when I made the decision to buy the 1720. Eletriarnation fucked around with this message at 17:44 on Jan 12, 2011 |
# ? Jan 12, 2011 17:28 |
|
Are there any sims for a switch network? I found sims for routers, but nothing with switches.
|
# ? Jan 12, 2011 17:53 |
|
Eletriarnation posted:I'm not sure about that, but as I said my 6mbit ADSL connection seems to be able to perform at max speed with no issues. I'm at class right now, but when I get home I'll max it out and let you know what my reported CPU usage is. 17## series routers only have 1 FE port built in. You can add a wic-1E to most of them, but that card's pretty worthless in any real-world practical applications. List of router interfaces by model#: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/isr.pdf Router throughput speed: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf WIC compatibility list*: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routermodxref.pdf *wic-1ADSL, I think you're right on this one actually. I'll test it on a 2611 I have at work. It could just be that the 2611 I have doesn't have 12.2 or 12.3 on it: http://www.cisco.com/en/US/tech/tk175/tk15/technologies_q_and_a_item09186a0080093bff.shtml quote:WIC-1ADSL Platforms Supported
|
# ? Jan 12, 2011 17:55 |
|
CrazyLittle posted:17## series routers only have 1 FE port built in. You can add a wic-1E to most of them, but that card's pretty worthless in any real-world practical applications. Interesting, I must have imagined it based on the difference between the 26x0/26x1. Sorry, my mistake. OK, if you want two Ethernet interfaces, buy a 2611 instead of a 1720/2610 not only because yes, a 10Base-T WIC does suck, but also because why would you pay more for a WIC and a slower router when you could just get two FastE lines built in? That said, here's a summary of my decidedly unscientific router test: First off, I fired up the eight most seeded torrents on linuxtracker, plus three more that I can seed myself for a total of eleven torrents. Knowing that I only have around 700KBps of bandwidth (due to the ADSL limitations) I rate-limited each to 100KB download so that one wouldn't dominate. Finally, I fired up WoW and logged in at Stormwind, which is probably the busiest area on my high population server. Six of the torrents have hit the full 100KBps, and a couple more are creeping along, and WoW while not as responsive as it should be is playable and stable. Here's a "show proc cpu hist" on my 1721: code:
When I hopefully move up to a 15Mb down/2 up connection next year, I'm sure I'll be in the market for a more powerful device. EDIT: Bonus shot of what happens when I turn OFF all those torrents: code:
Eletriarnation fucked around with this message at 18:15 on Jan 12, 2011 |
# ? Jan 12, 2011 18:10 |
|
I have been under the impression that when you have two devices in the same layer (switch to a switch or router to router) you use a cross over cable. In fact is it not in the CCNA that you would use a cross over cable to connect them? Of course, barring the fact that you can connect serial to serial on a router, this has been the norm. I have been told in the past that you can connect straight through to switch to switch and it will auto-sense. I guess what I am asking is it best practice to use a cross over or a straight through? Additionally, if I see this in the CCNA I assume I would answer cross-over.
|
# ? Jan 12, 2011 19:05 |
|
Syano posted:Generally speaking 5mb/s up and down, give or take a meg. Let me ask this while we are at it. Is it possible to have multiple VPNs open to the same subnet. In other words you have 2 sites, siteA and siteB. SiteA has two internet connections. SiteB has two internet connections. Is it possible to open VPNs accross both connections from siteA to both connections at SiteB? DMVPN dual hub design. Find the DMVPN design guide.
|
# ? Jan 12, 2011 19:21 |
|
jwh posted:DMVPN dual hub design. Find the DMVPN design guide. Found the design guide. Mind = blown. In all seriousness this is cool stuff and also answers my question I had on the last page. Since it is all DMVPN that rules out the ASA platform
|
# ? Jan 12, 2011 19:52 |
|
Bardlebee posted:I have been under the impression that when you have two devices in the same layer (switch to a switch or router to router) you use a cross over cable. In fact is it not in the CCNA that you would use a cross over cable to connect them? Of course, barring the fact that you can connect serial to serial on a router, this has been the norm. The CCNA will tell you: Switch to router or host: straight through. Switch to switch, or router/host to router/host: crossover. Auto-MDIX is an optional part of the Gigabit standard, making it likely that a gigabit connection with anything will work with either, but as far as I am aware the vast majority of 100/10 connections will not auto-crossover.
|
# ? Jan 12, 2011 22:19 |
|
Do you guys find the ONS 15454 platform to be flaky as gently caress? We've got a couple out and about, and between chassis randomly blowing up (literally... one caught fire as it was powered up), cards being flaky and not coming up, and poo poo like that. I just set up an ONS in a lab with a couple OC12 cards and a couple DS3 cards, and half the chassis slots don't work. I suspect it's a TCC2P card on that side not working, but I don't know if that's how they work, 1 TCC2P per side? I'm going to gently caress with it more tomorrow. I guess they do well enough once we get them going, but holy poo poo, until they're racked and pushing traffic, we don't know what's going to happen with them.
|
# ? Jan 13, 2011 03:21 |
|
Panthrax posted:Do you guys find the ONS 15454 platform to be flaky as gently caress? We've got a couple out and about, and between chassis randomly blowing up (literally... one caught fire as it was powered up), cards being flaky and not coming up, and poo poo like that. I just set up an ONS in a lab with a couple OC12 cards and a couple DS3 cards, and half the chassis slots don't work. I suspect it's a TCC2P card on that side not working, but I don't know if that's how they work, 1 TCC2P per side? I'm going to gently caress with it more tomorrow. I guess they do well enough once we get them going, but holy poo poo, until they're racked and pushing traffic, we don't know what's going to happen with them. I think I've lost... 1 15454 card? In a network of about 12. In 6-7 years. The TCCs are the controllers (sups to use switch terminology), they're management only and don't do any traffic forwarding. XCs are cross connect cards (let you build circuits from port to port). Do you have the cards in the right slots (match up the card icons, with the slot icons) ?
|
# ? Jan 13, 2011 03:24 |
|
falz posted:In his case OSPF seems somewhat useless without a way to tunnel it since ASA's can't do GRE/VTI/whatever. Yup. IOS gives you a poo poo ton more options when it comes to VPN and routing. I do like the ASA SSLVPN implementation more than the IOS one though. WebVPN can just go suck a dick. I just have a hard time figuring out why people use it.
|
# ? Jan 13, 2011 05:15 |
|
Panthrax posted:Do you guys find the ONS 15454 platform to be flaky as gently caress? We've got a couple out and about, and between chassis randomly blowing up (literally... one caught fire as it was powered up), cards being flaky and not coming up, and poo poo like that. I just set up an ONS in a lab with a couple OC12 cards and a couple DS3 cards, and half the chassis slots don't work. I suspect it's a TCC2P card on that side not working, but I don't know if that's how they work, 1 TCC2P per side? I'm going to gently caress with it more tomorrow. I guess they do well enough once we get them going, but holy poo poo, until they're racked and pushing traffic, we don't know what's going to happen with them. The one that caught fire, was it the first one the guy wired up? Not all DC devices are actually -48VDC some are +48VDC and red is "negative." Find a new supplier. I think I've lost 2 DS3 cards and a fan tray in 2 years on ~9 chassis, both switched to protect and bitched at me till I replaced the card. FatCow fucked around with this message at 05:32 on Jan 13, 2011 |
# ? Jan 13, 2011 05:29 |
|
Tremblay posted:WebVPN can just go suck a dick. I just have a hard time figuring out why people use it.
|
# ? Jan 13, 2011 14:54 |
|
Bardlebee posted:So what your saying is, as long as Site A has a subnet of say 192.168.2.0 and Site B has a subnet of 192.168.1.0 it should be ok? 2 per site you may also be able to fudge a PBR solution but don't quote me on that Or go the whole hog and make a DMVPN as been suggested
|
# ? Jan 13, 2011 17:00 |
|
jgbaker posted:
DMVPN is really the correct answer for my scenario. I spent all of last nite pouring over the DMVPN design document and it really is fantastic. A dual hub and spoke design is really a fantastic and cost effective answer to highly available WAN links
|
# ? Jan 13, 2011 17:07 |
|
We're doing some pilot testing of a dual hub DMVPN design (we run single hubs currently, but two total = 1 x each coastal datacenter) that will use a 1841 handling a commodity broadband circuit and a standby 881G handling a 3G cellular link. We figure if we cram a little Steelhead behind the pair it should perform pretty well, and if it does, we may start pulling our branch sites out of our very expensive MPLS environment. The cost savings are huge, really- commodity broadband with 3G backup is a hell of a lot less expensive than what we're getting T1 port + access for in most of our locations.
|
# ? Jan 13, 2011 18:05 |
|
how does the site with the dual hubs handle default gateway routing? Is that what youre going to be using the steelhead for?
|
# ? Jan 13, 2011 18:15 |
|
Is there a command to activate VTP beyond vtp mode [server|client|transparent]? EDIT: I guess there is no 'disable' of VTP so VTP is always on, so it stands to reason there is no command to activate it. Very peculiar. I have everything right on all switches but the updates aren't pushing out. My server switch is on revision 1 and the others are revision 0. I have all of them with the same domain name, there is no password, and they are all on version 2. Do I need to apply an ip address to the switches?
|
# ? Jan 13, 2011 18:17 |
|
Syano posted:how does the site with the dual hubs handle default gateway routing? Is that what youre going to be using the steelhead for? Mostly we just HSRP the 1841 and the 881G together on the LAN side, and then set appropriate metrics to prefer the primary DMVPN tunnels for return traffic. The steelhead is just for caching / tcp voodoo'ing.
|
# ? Jan 13, 2011 19:11 |
|
Bardlebee posted:Is there a command to activate VTP beyond vtp mode [server|client|transparent]? EDIT: I guess there is no 'disable' of VTP so VTP is always on, so it stands to reason there is no command to activate it. Very peculiar. I've never used a cisco switch that does not have an IP assigned to it, I mean being managed by an IP address is the whole point right? You're right that VTP doesn't really turn off, the best you can do is set it to transparent mode so it ignores the VTP info and just blindly passes them on. Assuming you have your switches set to client mode they should pick up any revisions that are in the same domain with a higher revision number. I guess you could enable VTP debugging and see what is going on? Edit: STP instead of VTP? Guess who's been messing around with RPVST recently! Badgerpoo fucked around with this message at 21:48 on Jan 13, 2011 |
# ? Jan 13, 2011 19:36 |
|
Turn on VTP debugging and ensure that the links between switches are trunks.
|
# ? Jan 13, 2011 20:49 |
|
jbusbysack posted:links between switches are trunks. Ah, rookie mistake. Thanks guys!
|
# ? Jan 13, 2011 21:35 |
|
Bardlebee posted:Is there a command to activate VTP beyond vtp mode [server|client|transparent]? EDIT: I guess there is no 'disable' of VTP so VTP is always on, so it stands to reason there is no command to activate it. Very peculiar. Hey man, me and you seem to be about on the same track. I am studying to take my icnd2 test and funny enough have been working on vtp today as well. You can debug VTP using the following "debug sw-vlan vtp events" & "debug sw-vlan vtp events packets."
|
# ? Jan 13, 2011 21:35 |
|
Jmdg posted:Hey man, me and you seem to be about on the same track. I am studying to take my icnd2 test and funny enough have been working on vtp today as well. I guess the worst part is, is that "Trunking" is in the acronym itself.
|
# ? Jan 13, 2011 22:10 |
|
Has anyone ever run into a MPLS architecture with no P routers? I am looking at a design scenario where the PEs would be chained together on a DWDM ring.
tortilla_chip fucked around with this message at 17:58 on Jan 14, 2011 |
# ? Jan 14, 2011 16:41 |
|
You can do that, sure.
|
# ? Jan 14, 2011 17:29 |
|
Does anyone know a cheap cisco switch anything really I'll take a 2950/2960 that supports IGMP snooping? preferably ~200 dollars? 16 ports and gigabit? Or where I can find a list of cheap switches that do support it? The netgear at work we have for WDS does not support it and the hard drive has a max R/W of 58/MB throughput and max IOPS of less than 100 I think.
|
# ? Jan 14, 2011 23:25 |
|
Corvettefisher posted:Does anyone know a cheap cisco switch anything really I'll take a 2950/2960 that supports IGMP snooping? preferably ~200 dollars? 16 ports and gigabit? Or where I can find a list of cheap switches that do support it? The netgear at work we have for WDS does not support it and the hard drive has a max R/W of 58/MB throughput and max IOPS of less than 100 I think. If you can find a 2960, it should work. Most all switches support IGMP snooping anymore, but the feature you will need for a standalone switch is an IGMP querier unless you have an upstream router or other L3 device that can query for you. (Going by memory, so refresh me if I'm wrong.) A 2950 probably won't work, and 2955s are made for industrial apps and are usually 10/100 from my experience. Cisco Multicast Feature Matrix
|
# ? Jan 15, 2011 00:10 |
|
BelDin posted:If you can find a 2960, it should work. Most all switches support IGMP snooping anymore, but the feature you will need for a standalone switch is an IGMP querier unless you have an upstream router or other L3 device that can query for you. (Going by memory, so refresh me if I'm wrong.) Thanks for the help, my switch is a netgear L2/L1( http://www.newegg.com/Product/Product.aspx?Item=N82E16833122057 ) device that I don't believe supports, or if it does it only multicasts at 3MB/s, It should be doing much higher than that, I'll look into some settings on my WDS server for problems
|
# ? Jan 15, 2011 00:25 |
|
Corvettefisher posted:Does anyone know a cheap cisco switch anything really I'll take a 2950/2960 that supports IGMP snooping? preferably ~200 dollars? 16 ports and gigabit? Or where I can find a list of cheap switches that do support it? The netgear at work we have for WDS does not support it and the hard drive has a max R/W of 58/MB throughput and max IOPS of less than 100 I think. How many ports of gigabit? The 2950G or 2950T are 24 port 10/100 + 2 GbE. And they support IGMP snooping.
|
# ? Jan 15, 2011 01:04 |
|
Cheapest gig Cisco to do it is probably a 2970G.
|
# ? Jan 15, 2011 19:14 |
|
Panthrax posted:Do you guys find the ONS 15454 platform to be flaky as gently caress? We've got a couple out and about, and between chassis randomly blowing up (literally... one caught fire as it was powered up), cards being flaky and not coming up, and poo poo like that. I just set up an ONS in a lab with a couple OC12 cards and a couple DS3 cards, and half the chassis slots don't work. I suspect it's a TCC2P card on that side not working, but I don't know if that's how they work, 1 TCC2P per side? I'm going to gently caress with it more tomorrow. I guess they do well enough once we get them going, but holy poo poo, until they're racked and pushing traffic, we don't know what's going to happen with them. The TCCs are completely independent of each other. The active one handles all control decisions, while the standby does literally nothing. You may also have some bad chassis's, as those have been around for a long time as well. Once you finally get some ONS stuff that is good, it will last for years.
|
# ? Jan 16, 2011 09:20 |
|
Yeah, I guess I'm just kind of whining. We've got 6 of them deployed right now that have been pretty solid for the last couple years doing all kinds of hosed up muxing/demuxing for our poo poo. I guess I'm just kind of annoyed that I had to spend half of last week with XO with a couple DS3 outages and an OC12 outage due to failed hardware on their side. I guess we just need to test the gently caress out of everything before we send it out because until it's actually in production, we don't know what we're going to get.
|
# ? Jan 17, 2011 04:26 |
|
I've got some strange latency problems with some switches and was hoping someone in this thread could point me in the right direction. I'm not too hot on Cisco stuff or switching in general so apologies if I get any terminology wrong or miss out any information. I have two 3750s in a cluster. All of my 25 servers are patched into these two switches. The servers that have dual NICs are patched into both switches, with HP NIC teaming for Windows set up. Each 3750 has an uplink to a cluster of 4 x 3550s. All of my desktop PCs are patched into these. If I ping one server from another server, I see latency of between 50ms to 100ms. However, if i ping a server plugged into the 3750 from a desktop PC plugged into the 3550, I see <1ms latency. I have telnetted onto the 3750 switch itself and pinged various servers; less than 1ms latency, however I do get a little bit of packet loss. Any ideas what is possibly going on here? Not really sure how to start with this.
|
# ? Jan 17, 2011 12:31 |
|
gallop w/a boner posted:I have two 3750s in a cluster. quote:The servers that have dual NICs are patched into both switches, with HP NIC teaming for Windows set up. quote:Each 3750 has an uplink to a cluster of 4 x 3550s. My first guess is that there is a problem between the two 3750s.
|
# ? Jan 17, 2011 13:16 |
|
|
# ? Mar 29, 2024 00:29 |
|
Badgerpoo posted:How are these two switches linked? Are they in a stack or connected with a gigabit connection? They are in a stack, connected with a proprietary looking cable. quote:
Yes, exactly. quote:
Each 3750 is patched into a gigabit port on a C3550-12T (the model that has 10 x gigabit and 2 GBIC ports). The C3550-12T is in a stack with the 48 port C3550s. gallop w/a boner fucked around with this message at 13:36 on Jan 17, 2011 |
# ? Jan 17, 2011 13:34 |