|
I'm having a difficult time understanding what the 6120 series boxes actually do that isn't covered by other Nexus product. Is it just the embedded manager?
|
#
?
Jul 5, 2011 19:37
|
|
|
|
| # ? Apr 24, 2024 19:55 |
|
|
jwh posted:I'm having a difficult time understanding what the 6120 series boxes actually do that isn't covered by other Nexus product. Is it just the embedded manager? That's all I've gotten from my team who've been trying to sell us on Nexus. Embedded manager, and I guess moving your FC stuff down to the agg switches instead of plugging it all into distribution.
|
|
#
?
Jul 5, 2011 19:39
|
|
|
jwh posted:I'm having a difficult time understanding what the 6120 series boxes actually do that isn't covered by other Nexus product. Is it just the embedded manager? The Nexus 6120 is their converged networking switch (data and storage over one cable). We are migrating to the UCS platform over the next few months. I will be getting rid of 80% of our cables, FC switches, Nexus 5020's, and all attached FEX's. Of course, we get to do that because we're 95% virtualized and our whole environment will be UCS boxes... I'll let you know how this pans out in reality.
|
|
#
?
Jul 5, 2011 23:53
|
|
|
routenull0 posted:Yeah I heard that there are many quality of life changes in the NX-OS and IOS-XR line. I believe one of them has already started the "commit 10" idea that Juniper uses to rollback the configuration in a set number of minutes instead of the ole trusty "reload in 10" My knowledge of NX-OS barely extends beyond knowing it exists, but XR has a "commit confirmed [<#sec>|minutes <#min>]" command where you can commit the configuration changes for anywhere from 30 seconds to 5 minutes - at any time during that, you can do a regular "commit" to make things permanent. I can't conclusively say it's not true and I'm no expert on the 7600 platform, but I haven't heard any indications of an XR release for it. If it did happen it would almost certainly work like the 12000, where many older/lower-end modules are unsupported because they don't have the proper architecture to run XR - you can't very well use a distributed operating system that runs on all linecards if some of your linecards are little more than switching ASICs tied to ports.
|
|
#
?
Jul 6, 2011 13:58
|
|
|
"Software version is so extracting the whole bundle" Mentioned something about microcode? WTF does this mean and why is my 3750's CPU maxing out? One of my co workers rolled out IPservices 122-58.SE1 as a bug fix last night and only one stack is having issues. Sadly, this is our master stack for this office. Other stacks on the floor for different departments are running fine. The only difference between master stack and the others is that the master stack is an older 3750. Co worker had to delete the old iOS out of flash before he could upload 122-58.SE1. Did so, reloaded. Had no issues until we had some departments running backups this morning. That's when we saw the CPU freaking out. CPU did not spike until 6am this morning. IP Input was causing the issue at %67 alone. EDIT NVM Thinking that maybe that iOS was corrupted when transferring via TFTP. Zuhzuhzombie!! fucked around with this message at 16:15 on Jul 8, 2011 |
|
#
?
Jul 8, 2011 15:29
|
|
|
Zuhzuhzombie!! posted:
IP Input means that many packets are being process switched instead of fast switched. You should check the log file, also check the CEF is enabled, and that all the interfaces came up as expected, trunking, duplex, etc. It's always important to verify before and after when you do code upgrades.
|
|
#
?
Jul 8, 2011 19:09
|
|
|
Powercrazy posted:This is most certainly not the case, as before IOS loads and the device boots it will do a checksum on the image, and crash to rommon if the embedded checksum doesn't match the computed checksum. All that came back solid. Trunks came up, interfaces came up, etc. No errors on duplex mismatches. There's a point in the reload where it's unpacking ucode/Microcode or something, and it hung there for maybe 10 minutes before it resumed loading. IP cef is on according to summary. CPU is running dandy right now. However, if our PC support guys run a backup the CPU spikes to 99% every time. Zuhzuhzombie!! fucked around with this message at 20:48 on Jul 8, 2011 |
|
#
?
Jul 8, 2011 20:07
|
|
|
Also getting this error. front_end/ (directory) extracting front_end/fe_type_1 (34760 bytes) extracting front_end/fe_type_2 (78520 bytes) extracting front_end/fe_type_3 (78520 bytes) extracting front_end/fe_type_4 (78520 bytes) extracting front_end/front_end_ucode_info (172 bytes) extracting ucode_info (76 bytes) % Error: unable to microcode file from: flash:/microcode_update/front_end/fe_type_2 % Error: to: flash:/front_end_ucode_cache/ucode.1
|
|
#
?
Jul 8, 2011 23:59
|
|
|
Zuhzuhzombie!! posted:Also getting this error. Open a TAC case. This switch has Fast Ethernet ports? The error is IOS trying to patch the microcode that runs on the NIC controller, and failing.
|
|
#
?
Jul 9, 2011 00:51
|
|
|
Tremblay posted:Open a TAC case. This switch has Fast Ethernet ports? The error is IOS trying to patch the microcode that runs on the NIC controller, and failing. Think the Switch has some memory errors. loving thing completely poo poo the bed on me just now.
|
|
#
?
Jul 9, 2011 03:18
|
|
|
Anyone else going to be at Cisco Live next week?
|
|
#
?
Jul 9, 2011 05:54
|
|
|
Powercrazy posted:As far as roll-backs and commits... If they implemented roll-backs and commits wouldn't you have less incentive to buy CiscoWorks? Kind of silly, but maybe the reality of the situation.
|
|
#
?
Jul 10, 2011 16:49
|
|
|
elite burrito posted:If they implemented roll-backs and commits wouldn't you have less incentive to buy CiscoWorks? Not really, Ciscoworks cant save you as a commit / rollback would be able to.
|
|
#
?
Jul 10, 2011 20:06
|
|
|
Zuhzuhzombie!! posted:Think the Switch has some memory errors. loving thing completely poo poo the bed on me just now. Maybe it's haunted by evil spirits. Sprinkle some holy water on it.
|
|
#
?
Jul 11, 2011 17:11
|
|
|
Does anyone actually use Ciscoworks?
|
|
#
?
Jul 11, 2011 17:38
|
|
|
Tried to roll back to ipservicesk9 53. TFTP'd it. Boot statement. Reload. ROMMON. Boot statement still pointed to 53, but the flash was completely empty.
|
|
#
?
Jul 11, 2011 17:50
|
|
|
Anyone ever get a Windows 2008 NPS Radius server to authenticate PEAP for a 2100 WLAN controller? I feel like I'm just running around in circles on this.
|
|
#
?
Jul 11, 2011 20:03
|
|
|
Zuhzuhzombie!! posted:Tried to roll back to ipservicesk9 53. TFTP'd it. Boot statement. Reload. ROMMON. Boot statement still pointed to 53, but the flash was completely empty. You didn't verify the ios before you reloaded? Welp. Anyway I'd suggest you just RMA the switch, memory issues and unexpected microcode upgrade failures = just dump it on to TAC.
|
|
#
?
Jul 11, 2011 20:15
|
|
|
Harry Totterbottom posted:Anyone ever get a Windows 2008 NPS Radius server to authenticate PEAP for a 2100 WLAN controller? I feel like I'm just running around in circles on this. What isn't working?
|
|
#
?
Jul 11, 2011 20:18
|
|
|
jwh posted:What isn't working? Clients are unable to authenticate onto the wireless network. The WLAN controller is able to use Radius to authenticate ssh login without a problem. It looks like it might be on the NPS side, I'm continuing to get "An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors." It is grabbing the Connection Request Policy, but the Network Policy Name is blank. It is reading the Authentication type as PEAP, but it's still firing off reason code 23. Everything that I've found so far has either been generic or abandoned.
|
|
#
?
Jul 11, 2011 21:16
|
|
|
Is NPS configured to respond appropriately to PEAP? I know in ACS, you have to more or less explicitly define the EAP types that authentication server will support.
|
|
#
?
Jul 11, 2011 21:29
|
|
|
jwh posted:Is NPS configured to respond appropriately to PEAP? Yes, It's setup for Microsoft: Protected EAP (PEAP). It is setup to do EAP || CHAP || MS-CHAPv1 for the authentication method as well. I've tried it with and without alternative authentication methods as well as adding and removing various PEAP authentication options (EAP-MSCHAP v2 && Smart Card or other certificates). I was able to get wireless authentication working fine with an ACS, but the price was too high even for the vm appliance version to bring into production.
|
|
#
?
Jul 11, 2011 21:43
|
|
|
Powercrazy posted:You didn't verify the ios before you reloaded? Welp. Yes, it was verified that it was there. TAC's going through the show tech now. What they've found that's strange is that, according to them, the flash file structure looks like we decompressed a .tar image for the install. We've only used .bin for as long as I've been here.
|
|
#
?
Jul 11, 2011 21:44
|
|
|
Powercrazy posted:Does anyone actually use Ciscoworks?
|
|
#
?
Jul 11, 2011 22:10
|
|
|
Harry Totterbottom posted:Clients are unable to authenticate onto the wireless network. The WLAN controller is able to use Radius to authenticate ssh login without a problem. Check the server certificate in the EAP settings on the NPS. Zuhzuhzombie!! posted:TAC's going through the show tech now. What they've found that's strange is that, according to them, the flash file structure looks like we decompressed a .tar image for the install. Would you mind sending me the TAC SRN? Really curious about this one. ior fucked around with this message at 22:39 on Jul 11, 2011 |
|
#
?
Jul 11, 2011 22:36
|
|
|
eMail? Gonna do a WebX install so they can watch for themselves. They said the !oo! I was seeing also was a symptom of memory issues.
|
|
#
?
Jul 12, 2011 16:50
|
|
|
ior posted:Check the server certificate in the EAP settings on the NPS. Thanks man this put me on the right track. I had been using the main CA cert on the NPS box and flipped it over to a PEAP issued one I had setup, made some changes to the SSID settings on my laptop and it looks like it's working.
|
|
#
?
Jul 12, 2011 18:21
|
|
|
Zuhzuhzombie!! posted:eMail? daniel@fnutt.net Harry Totterbottom posted:Thanks man this put me on the right track. I had been using the main CA cert on the NPS box and flipped it over to a PEAP issued one I had setup, made some changes to the SSID settings on my laptop and it looks like it's working. Great  Trying to interpret the NPS logs is hell on earth.
|
|
#
?
Jul 12, 2011 18:47
|
|
|
I am almost half way through the CBT Nuggets for CCNA: Security and I am a bit unimpressed by its difficulty. Perhaps its because I already knew more about ACL's and VPN connections then the CCNA taught, but a lot of this stuff seems straight forward. Hopefully it will be a quick and easy test.
|
|
#
?
Jul 13, 2011 17:20
|
|
|
Any recommendations on QoS testing software? I need to check the jitter on a P2P Wireless connection to determine if it's feasible to run VOIP traffic over it. Bandwidth wise things look great in iperf, buf I just want to verify that this is going to work right before relocating everything from the main office to the Data Center.
|
|
#
?
Jul 13, 2011 17:58
|
|
|
Harry Totterbottom posted:Any recommendations on QoS testing software? I need to check the jitter on a P2P Wireless connection to determine if it's feasible to run VOIP traffic over it. Bandwidth wise things look great in iperf, buf I just want to verify that this is going to work right before relocating everything from the main office to the Data Center. Ixia IxChariot is totally awesome and really expensive. On the cheap side: ip sla (in IOS) Qcheck http://www.ixchariot.com/products/datasheets/qcheck.html
|
|
#
?
Jul 13, 2011 18:10
|
|
|
Harry Totterbottom posted:Any recommendations on QoS testing software? I need to check the jitter on a P2P Wireless connection to determine if it's feasible to run VOIP traffic over it. Bandwidth wise things look great in iperf, buf I just want to verify that this is going to work right before relocating everything from the main office to the Data Center. IP SLA is an easy way to do it. Have you built your QoS policies or are you just going to send traffic across the link without a policy?
|
|
#
?
Jul 13, 2011 18:37
|
|
|
I used to like the Viola networks NetAlly agents, but they've since been bought by Fluke, and I'm not sure what happened to the software.
|
|
#
?
Jul 13, 2011 19:18
|
|
|
When talking VPN's, what type of VPN's are out there? I know of the following: Frame Relay IPSec ....That's it. What other ones am I forgetting?
|
|
#
?
Jul 13, 2011 20:04
|
|
|
There's MPLS Layer 2 and 3 VPNs, I believe. On an unrelated note... code:
|
|
#
?
Jul 13, 2011 20:11
|
|
|
Bardlebee posted:When talking VPN's, what type of VPN's are out there? I know of the following: SSL MPLS EVN
|
|
#
?
Jul 13, 2011 20:12
|
|
|
So helpin out some guys transport side with some Cisco stuff. They want to do some testings with their DACs via serial. So... they need a 2550. Got it setup, copied over the config they wanted, setup the IPs they wanted. Can't telnet into it. No CDP neigh either but this is an old switch so may not support it. Can ping across just fine. 2550 just kills any telnet session that gets opened. It does not have a dedicated eth int. Has some kind of module plugged into a port labeled AUI (_NOT_ AUX). There's a Serial 0 and Serial 1. Serial 1 has something in it. It has a standard RJ45 Console and AUX jack. There's a third Serial like interface but I do not recall what it was labeled, I just know it's not serial or AUX. Here's how my virtual lines are provisioned. line con 0 transport input telnet line 1 16 no exec no exec-banner exec-timeout 0 0 no vacant-message transport input all stopbits 1 flowcontrol software line aux 0 no exec no exec-banner password 7 135445415F5952 transport input telnet line vty 0 no exec no exec-banner exec-timeout 0 0 password 7 08701E1D5D4C53 login transport preferred telnet line vty 1 3 no exec no exec-banner exec-timeout 0 0 password 7 08701E1D5D4C53 login transport preferred telnet transport input telnet line vty 4 exec-timeout 0 0 password 7 040A59555B741A login transport preferred telnet transport input telnet line vty 5 15 password 7 040A59555B741A login Just got a junky password in there at the moment. Regardless, no idea what's killing the connection.
|
|
#
?
Jul 13, 2011 20:34
|
|
|
Please paste a full sanitized config
|
|
#
?
Jul 13, 2011 21:53
|
|
|
is transport input telnet even valid on a console line? 
|
|
#
?
Jul 13, 2011 22:09
|
|
|
|
| # ? Apr 24, 2024 19:55 |
|
|
Current configuration: ! ! No configuration change since last restart ! version 11.2 service tcp-keepalives-in service timestamps debug datetime msec service password-encryption no service udp-small-servers service tcp-small-servers ! hostname CorrTest ! ! no ip domain-lookup ip host titan1 2001 192.168.4.54 ip host titan2 2002 192.168.4.54 ip host titan3 2003 192.168.4.54 ip host titan4 2004 192.168.4.54 ip host titan5 2005 192.168.4.54 x25 routing x29 inviteclear-time 6 ! x29 profile noecho 2:0 3:2 x29 profile potomac 2:0 clock timezone CDT -6 clock summer-time CDT recurring ! interface Ethernet0 ip address 192.168.4.54 255.255.255.0 no ip route-cache no ip mroute-cache no mop enabled ! interface Serial0 no ip address no ip directed-broadcast encapsulation x25 ietf no ip mroute-cache bandwidth 19 x25 ltc 2 x25 htc 8 x25 win 7 x25 wout 7 x25 nvc 8 clockrate 19200 lapb T1 4000 lapb T4 20 lapb N2 10 ! interface Serial1 no ip address no logging event subif-link-status shutdown ! ip default-gateway ##.##.##.## logging source-interface Ethernet0 logging 192.168.148.55 ! snmp-server community angreal RO 50 snmp-server community meekruw RW 50 snmp-server trap-source Ethernet0 snmp-server trap-authentication x25 route 33333 interface Serial0 x25 route 44444 interface Serial0 x25 route 55555 interface Serial0 x25 route 66666 interface Serial0 x25 route 77777 interface Serial0 x25 route 88888 interface Serial0 ! translate tcp 172.16.200.145 x25 8888 profile potomac translate tcp 172.16.200.145 port 1111 stream x25 8888 profile potomac quiet ! line con 0 transport input telnet line 1 16 no exec no exec-banner exec-timeout 0 0 no vacant-message transport input all stopbits 1 flowcontrol software line aux 0 no exec no exec-banner password 7 135445415F5952 transport input telnet line vty 0 no exec no exec-banner exec-timeout 0 0 password 7 08701E1D5D4C53 login transport preferred telnet line vty 1 3 no exec no exec-banner exec-timeout 0 0 password 7 08701E1D5D4C53 login transport preferred telnet transport input telnet line vty 4 exec-timeout 0 0 password 7 040A59555B741A login transport preferred telnet transport input telnet line vty 5 15 password 7 040A59555B741A login ! ntp clock-period 17179806 ntp source Ethernet0 ntp server 192.168.155.56 end
|
|
#
?
Jul 13, 2011 22:11
|
|