|
Bob Morales posted:It probably wouldn't be the worst gig in the world. yeah ,but it sounds like the position they're interviewing for is a dead-end.
|
# ? Mar 17, 2011 02:42 |
|
|
# ? Apr 18, 2024 04:16 |
|
CrazyLittle posted:yeah ,but it sounds like the position they're interviewing for is a dead-end. Might be. But depending on the company you could work through some more certs and have access to a lot of equipment. Plus if you can be the 'golden boy' at a mom n pop shop you can write your own check and run the show.
|
# ? Mar 17, 2011 02:47 |
|
unfortnately the biggest check you could write would be for $2.19, and you would never have the budget for any equipment, let alone a lab of any kind. Do it live or don't do it at all. Not to say a place like that is worthless, but if you work at one of those places it should be strictly short term.
|
# ? Mar 17, 2011 03:57 |
|
Powercrazy posted:unfortnately the biggest check you could write would be for $2.19, and you would never have the budget for any equipment, let alone a lab of any kind. Do it live or don't do it at all. All of this above. Cut your teeth on mid-market stuff but you'll have the room to grow in large enterprise environments. For reference: my current lab has more 7200VXRs, 3550s and 6500s than I even know what to do with. Even after building out an entire MPLS-provider transit network there is still gear left over that I don't know what to do with. My previous position in consulting was difficult to even get a single spare 3750 to play with, let alone build an entire lab. Bottom line, use your environment wisely.
|
# ? Mar 17, 2011 05:23 |
|
What kind of NPEs do you have in your 7200s? I'm trying to convince my boss to upgrade to NPE-G2s
|
# ? Mar 17, 2011 05:49 |
|
CrazyLittle posted:What kind of NPEs do you have in your 7200s? I'm trying to convince my boss to upgrade to NPE-G2s NPE-300 and 400s in lab and smaller sites, G2s in core site backups, ASR-1002 now in core sites primary.
|
# ? Mar 17, 2011 06:11 |
|
e
CrackTsunami fucked around with this message at 06:29 on Mar 20, 2011 |
# ? Mar 17, 2011 09:46 |
|
Bardlebee posted:They mentioned something about sometimes students will switch out the ports on their switch or something. But, I just don't understand why you WOULDN'T have spanning-tree running. Because you're running TRILL? Because the network is dead simple and architected so you don't see redundant links? ummm, because someone misconfigured something causing an outage, blamed it on spanning tree, so the boss said never run that again?
|
# ? Mar 17, 2011 13:05 |
|
fordan posted:Because you're running TRILL? RBridges still run spanning-tree somewhat (to discover the root bridge on a link), they just don't encapsulate or transmit bpdus (unless they're trying to partition a bridged segment, or trigger a topology change in a bridged segment when they lose appointed forwarder status).
|
# ? Mar 17, 2011 14:55 |
|
Bardlebee posted:Anyone have an idea what the hell? Why they wouldn't use spanning tree? No idea. Other than maybe they want to have a huge headache when some hardware fails. As someone else mentioned, spanning-tree port-fast and switchport port-security violation restrict will solve issues of douche nozzles loving with your switch. Bumping my Q Could someone give me an idea on BE and BC when it comes to setting policy maps? Example: Let's say I have a customer requesting 300mb connection. code:
What I don't understand is why CIR is in bits, but bc and be are in bytes.
|
# ? Mar 17, 2011 15:01 |
|
Zuhzuhzombie!! posted:Why they wouldn't use spanning tree? No idea. Other than maybe they want to have a huge headache when some hardware fails. We suffered a major failure this morning caused by spanning tree. It looks like a PCI-E network card in a server on our HPC network failed somehow and bridged the two separate links on that machine. This caused the links on the switch to start blocking/forwarding the two affected ports (Even though they are in different vlans). This seems to have snowballed out of control to the point when the spanning tree traffic completely took out the CPU of all the switches on this network and the routers too. Unfortunately for us these switches are connected directly into our core router so this took out connectivity for pretty much the whole campus. One switch even had to be restarted to make it work properly again. Oops! Was exciting trying to figure out exactly what was causing our router to not even respond on the supervisor console port...
|
# ? Mar 17, 2011 16:30 |
|
I had a very very similar issue like that. A PoE phone was bad. It worked fine whenever it was on an unpowered 3550 and had it's own power source. When we upgraded everything to 3750s and had all phones powered by PoE, this one phone basically started a spanning tree loop that brought down the entire intranet for our main office. Took a good 5 hours to figure that out.
|
# ? Mar 17, 2011 17:06 |
|
New (?) Switch guide just hit my inbox: http://www.cisco.com/en/US/prod/switches/ps5718/ps708/networking_solutions_products_genericcontent0900aecd805f0955.pdf Everyone loves reading about hardware, right? Enjoy!
|
# ? Mar 17, 2011 19:34 |
|
Zuhzuhzombie!! posted:
I havent worked much off our policy maps for rate limiting but on our end the bc matches the be values. According to the cisco press book, "the cir and bc keywords define the first token bucket. be defines the second token bucket. So I guess when we keep bc and be values the same, we keep a single token bucket since it's a single rate policier? CIR is in bits and bursts are in bytes cause that's just Cisco being Cisco.
|
# ? Mar 17, 2011 20:05 |
|
Zuhzuhzombie!! posted:I had a very very similar issue like that. A PoE phone was bad. It worked fine whenever it was on an unpowered 3550 and had it's own power source. When we upgraded everything to 3750s and had all phones powered by PoE, this one phone basically started a spanning tree loop that brought down the entire intranet for our main office. Whenever you have spanning tree loops you have to figure out where the TC Frames are coming from. Usually this is pretty easy as TC frames are always layer2, which means everything is restricted to one collision domain. the other tip is to always use per-vlan spanning tree, this prevents say a lovely phone form sending TC frames on your primary vlan. The other thing you need to do during a spanning tree loop is to break the loop. That usually involves reloading or at least isolating one of the core switches. Once the loop is broken it hould take around 45 seconds to be up and running again.
|
# ? Mar 17, 2011 20:12 |
|
Quick question, think I know the answer. How fast does STP detect a loop? Is it whatever the hello timer is set to? Customer is introducing a NEtgear 1Gbps switch to their distro switchstack and it's causing a loop, I don't think STP is picking up the loop quick enough and blocking the second uplink; the customer disconnects the second uplink before I can diagnose because it's bringing the network down each time. I'm thinking they need to remove any devices off the netgear switch, introduce the switch long enough for STP to update the topology and then plug everything back in.
|
# ? Mar 18, 2011 12:22 |
|
Well, it should detect the loop before it moves the port into a forwarding state. That's what the listening state is for.
|
# ? Mar 18, 2011 17:26 |
|
They probably have spanning tree turned off as like jwh said traffic will not be forwarded until a loop free topology is confirmed.
|
# ? Mar 18, 2011 20:43 |
|
I know this is sort of an odd question, but I figured I'd give it a shot before experimenting. I am running a simple three layer design network, gateways on a distribution layer with hsrp, and all the other goodies like EIGRP. I have a legacy network that has a PIX for a router, and has a non-standard gateway interface address (192.168.0.2 to a remote network 192.168.1.0/24). The simple part: In order to move the old VLAN/subnet under the new network design, I'm going to create the configurations on the distribution switches to serve out the old gateway address (192.168.1.1) for the existing clients. The head scratcher: Some hosts in other subnets (like 192.168.0.0) use a static persistent route on the hosts to get to the 192.168.1.0 subnet (route 192.168.1.0 gw 192.168.0.2). Can I create a secondary IP address in the same subnet to serve as the legacy gateway address? Here's what I'm thinking: interface VLAN 10 description interface to LAN 1 ip address 192.168.0.3 255.255.255.0 standby 1 ip 192.168.0.1 standby 1 ip 192.168.0.2 secondary If I understand correctly, this will allow HSRP to serve up two gateway addresses on the same subnet, and all traffic will return on the primary address to the local subnet.
|
# ? Mar 18, 2011 21:34 |
|
Powercrazy posted:They probably have spanning tree turned off as like jwh said traffic will not be forwarded until a loop free topology is confirmed. They're using pvst, the main switch shows the current link as part of pvst, and they're both configured the same, with the exception of the secondary switch having a higher cost interface GigabitEthernet0/13 switchport access vlan 5 switchport mode access spanning-tree cost 200000 At this point I'm going to neeed to run a debug spanning-tree event and see what happens when I plug it in.
|
# ? Mar 18, 2011 22:14 |
|
Is there a site I can look up a MD5 password hash from a device? I know the simpler password system is easily decrypted. I have the configuration file and could just reset the router and re-load it, but this would be easier and there'd be no downtime.
|
# ? Mar 20, 2011 03:22 |
|
Bob Morales posted:Is there a site I can look up a MD5 password hash from a device? I know the simpler password system is easily decrypted. For practical purposes, MD5 is not reversable. I was going to write a bunch of stuff about rainbow tables to break hash functions, but really, you're just going to need to do a password recovery on it.
|
# ? Mar 20, 2011 03:53 |
|
fordan posted:For practical purposes, MD5 is not reversable. I was going to write a bunch of stuff about rainbow tables to break hash functions, but really, you're just going to need to do a password recovery on it. I know it's not reversible, I thought there was a site that had a table for it where you could look it up.
|
# ? Mar 20, 2011 04:27 |
|
Bob Morales posted:I know it's not reversible, I thought there was a site that had a table for it where you could look it up. It's salted MD5, so rainbow tables aren't really appropriate (unless someone generated the ~ 2^24 tables for all the possible salts for Cisco's 4 char salted md5 scheme)
|
# ? Mar 20, 2011 06:45 |
|
Yea the md5 on cisco switches/routers for all intents and putposes isn't crackable, sorry.
|
# ? Mar 20, 2011 06:49 |
|
Is there a version of code that will allow etherchannels on 3560G's to be pvlan host ports? It looks like some specific 6500 linecards and code revs will support it, but I'm not sure about a 3560. Any idea?
|
# ? Mar 20, 2011 20:53 |
|
What code version are you running? I'll have a look at a dev switch tomorrow...
|
# ? Mar 21, 2011 00:49 |
|
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1) But I can upgrade to anything if it will support etherchannel pvlans.
|
# ? Mar 21, 2011 14:33 |
|
Bob Morales posted:We have a 'new' Cisco 891 that we're going to use to replace a Linksys RV082. Any tips or warnings? Did they buy the wrong router? This one looks like it's more for a remote user/office to connect to headquarters. http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-519930.html We're the 'main office' and we just need PPTP connectivity for one remote (Windows) user. Currently there is a Linksys router doing this (RV082), but I don't see the ability for this new router to do it in the above datasheet. Should I use another type of VPN or just drop m0n0wall in here using an old PC?
|
# ? Mar 21, 2011 16:07 |
|
That 891 can do all manner of remote VPN. You should be fine. I think without additional licensing, you can do a single SSL-based VPN client. Look up IOS WebVPN.
|
# ? Mar 21, 2011 16:33 |
|
I turned up some additional transit with Cogent the other day, and I hadn't before seen their approach to BGP: You have a /30, and you neighbor with the other end of the /30, which they term the 'A' peer. That peer advertises you a /32 to their route-server, which you ebgp-multihop with, and that gives you the routes you're actually taking from Cogent. It was a neat idea, but I had never before seen that type of design.
|
# ? Mar 21, 2011 16:35 |
|
jwh posted:I turned up some additional transit with Cogent the other day, and I hadn't before seen their approach to BGP: It's because their A-peer doesn't hold full tables (they run a smart core, dumb edge design).
|
# ? Mar 21, 2011 16:41 |
|
That's what I gathered. Kind of interesting.
|
# ? Mar 21, 2011 16:42 |
|
Sounds pretty ghetto to me tbqh. But I suppose that woudl be the way to do it if you have a small rural pop or something. You'd throw a 2811 or even just a MetroE capable switch, like a 3400Metro in the basement with a fiber running to it. Run BGP with the switch that would advertise the route server and then get your routes from the core.
|
# ? Mar 21, 2011 16:55 |
|
Powercrazy posted:Sounds pretty ghetto to me tbqh. But I suppose that woudl be the way to do it if you have a small rural pop or something. You'd throw a 2811 or even just a MetroE capable switch, like a 3400Metro in the basement with a fiber running to it. Run BGP with the switch that would advertise the route server and then get your routes from the core. The Cogent POP next door was a GSR 12008 (E0 LCs) and a 3508 ~ 3 years ago. Don't know if they've upgraded since then. This was a relatively new POP as well.
|
# ? Mar 21, 2011 17:01 |
|
For recent small on-net deployments it's a 7609 for L3, and then a 4900M and ME3400 for L2.
|
# ? Mar 21, 2011 17:04 |
|
We have an ONT from Calix, actually. We're in Western Massachusetts, and our Layer-3 termination on this thing is in Stamford, CT.
|
# ? Mar 21, 2011 19:51 |
|
Powercrazy posted:Whenever you have spanning tree loops you have to figure out where the TC Frames are coming from. Usually this is pretty easy as TC frames are always layer2, which means everything is restricted to one collision domain. Isn't PVST on automatically? Also, we use Calix ONTs for fiber and have somewhat high fail rate with them. We also use Myrio for our IPTV stuff and I hate it.
|
# ? Mar 21, 2011 22:13 |
|
I'm not sure if this is the right thread but I am looking for a router recommendation. At work we are going to be replacing two Cisco 2500 series routers that connect a T1 via serial. We're getting a Time Warner point to point cable line installed so we need 2 routers to handle the traffic between our main office and distribution center. The new line will use a WAN ethernet interface. Most of the machines using the line are simple packing stations with telnet sessions (anywhere from 8-15 total) and 5 workstations that access the line to connect to Exchange/DCs and the Internet. I'm probably over thinking this but what would be a viable replacement to the 2500? We don't really need any special services like DHCP, DNS, VPN, etc, all of which are handled on our Windows servers. For example I was looking at the Cisco 861-K9. The data sheet on Cisco's website specifies that this router is recommended for only 5 users. Granted our point to point line is only going to be 2 Mbps, but this line is crucial and we can't afford to have any downtime. We could also get something like the Cisco RVS4000, but I'm skeptical as to its reliability. Our 2500 routers have been rock solid and we've never really had any problems with them. Not to mention it's a Linksys-Cisco brand, which doesn't strike me as Business-grade even if it has the Cisco Small Business badge. We did however setup a Cisco Small Business wireless AP that works great, so who knows.
|
# ? Mar 21, 2011 23:47 |
|
|
# ? Apr 18, 2024 04:16 |
|
Kerpal posted:Granted our point to point line is only going to be 2 Mbps, but this line is crucial and we can't afford to have any downtime. Buy 3 Cisco 2611 (2x 10BaseT) or 2621 (2x 10/100BaseT) off eBay, keep one on the shelf as a spare. Or hell at the price buy 4 and keep a warm spare at each site.
|
# ? Mar 22, 2011 00:30 |