|
Here's one of those rare questions for you guys: Can you format/move/use a CF card from a 2851 in a 7206VXR NPE-G2? I'm going to upgrade one of my NPE-G1's to a G2 this weekend and I wanted to prep the CF card in advance with the IOS image and config files ready to go. I just don't have another 7206 chassis laying around to play with. I do have some 2811s and 2851s though. *edit* Looks like it doesn't work. The file systems on the cards are different. CrazyLittle fucked around with this message at 21:53 on Sep 1, 2011 |
# ? Sep 1, 2011 19:02 |
|
|
# ? May 6, 2024 01:58 |
|
CrazyLittle posted:Here's one of those rare questions for you guys: You can format any compatible CF card in IOS, but I don't think you can just move and read files between a VXR and ISR Look up the erase command to format a card. edit: I guess if your goal is to pre-prep the CF card formatting won't help you out
|
# ? Sep 2, 2011 02:25 |
|
My advice: don't get fancy. The time it saves you versus the potential for it to a) not work or even do harm or b) be yet another thing you have to troubleshoot that slows down your execution. Get downtime scheduled and approved. Format it in the router, transfer the software and config to it and go. Shouldn't be down that long, and if their downtime requirements are so stringent they can't let you change software, why can't they afford redundant/test infrastructure? Presumably there's income you're interrupting, to put a finer point on it.
|
# ? Sep 2, 2011 03:09 |
|
bort posted:My advice: don't get fancy. The time it saves you versus the potential for it to a) not work or even do harm or b) be yet another thing you have to troubleshoot that slows down your execution. Get downtime scheduled and approved. Format it in the router, transfer the software and config to it and go. Shouldn't be down that long, and if their downtime requirements are so stringent they can't let you change software, why can't they afford redundant/test infrastructure? Nah, I have the downtime scheduled already, and it's a redundant access point for some customers but not all. There are a couple of DS3s hanging off of it for T1 customers and those are going to go down when the router does. I just wanted to see if I could shortcut a little extra time by having a spare IOS image or the running config already on the card. Hanging out in a colo at midnight on a weekend isn't my idea of a party.
|
# ? Sep 2, 2011 04:45 |
|
So it looks like the datacenter forklift is going to be be ASR9K, ASA5585's and Nexus 7Ks, ya know, so it can mirror our other one that is all Juniper. God I love the government. There is no reason hot-sites should match vendor wise right........
|
# ? Sep 2, 2011 13:38 |
|
Quick problem hopefully. With a pix I did a port redirection but now any traffic not matching the port redirection will not match the non-port redirection xlate, so basically port 80 -> 8080 will work but all other traffic is dropped. NATs: static (inside,outside) tcp EX.TE.RN.AL www 10.50.105.72 8080 netmask 255.255.255.255 static (inside,outside) EX.TE.RN.AL 10.50.105.72 netmask 255.255.255.255 Already cleared connections and xlate, no help. Here's the log: Deny inbound (No xlate) udp src outside:EX.TE.RN.AL/36659 dst outside:EX.TE.RN.AL/161 Security on the outside is 0, inside is 100.
|
# ? Sep 2, 2011 17:35 |
|
Sepist posted:Quick problem hopefully. With a pix I did a port redirection but now any traffic not matching the port redirection will not match the non-port redirection xlate, so basically port 80 -> 8080 will work but all other traffic is dropped. 1) Run it through packet-tracer. 'packet-tracer input interface outside tcp 4.2.2.1 80 EX.TE.RN.AL 80 det' and 'packet-tracer input interface outside tcp 4.2.2.1 31261 EX.TE.RN.AL 3389 det' 2) Am I understanding that all other inbound traffic from the external world is dropped? That's by design, you didn't permit any other translations from the outside world inbound. Since that's udp 161 that's an snmp poll and your PIX/ASA is just dropping it because it's not listening for it. 3) What do you have for (assuming pre-8.3) nat and global statements? jbusbysack fucked around with this message at 17:53 on Sep 2, 2011 |
# ? Sep 2, 2011 17:49 |
|
This is a pix FWSM not an ASA. global (outside) 1 interface nat (inside) 1 10.50.105.0 255.255.255.0 Prior to having the port redirection nat I only had static (inside,outside) EX.TE.RN.AL 10.50.105.72 netmask 255.255.255.255 configured with an outside ACL allowing specific access in. The ACL is still in place but it's being ignored for some reason.
|
# ? Sep 2, 2011 18:50 |
|
Found the certification thread gonna ask there
Syano fucked around with this message at 19:56 on Sep 2, 2011 |
# ? Sep 2, 2011 19:45 |
|
Nevermind just found out you can't have two xlates, gonna move this port redirection to their load balancer to restore the global xlate.
|
# ? Sep 2, 2011 20:22 |
|
Have any of you guys ever used the USB ports on these cisco routers? What're they good for?
|
# ? Sep 2, 2011 20:50 |
|
CrazyLittle posted:Have any of you guys ever used the USB ports on these cisco routers? What're they good for? They are for storage, just like a flash slot.
|
# ? Sep 2, 2011 21:12 |
|
inignot posted:They are for storage, just like a flash slot. Good for charging your bluetooth serialport. Or storage, that works too.
|
# ? Sep 2, 2011 21:16 |
|
CrazyLittle posted:Have any of you guys ever used the USB ports on these cisco routers? What're they good for? Haha. They worked like 4 years ago. Would recognize USB drives etc. I think they are usable for booting now, but originally they were for encryption keys. You would ship the router with an encrypted configuration. Then ship the USB key separately. Boot up the Router with the USB Key, and the config would decrypt and run, and you could join your WAN as a trusted device. Take the USB Key out, and if the router ever rebooted, it would be locked down, unless it got the USB key again.
|
# ? Sep 2, 2011 21:17 |
|
ior posted:Good for charging your bluetooth serialport. Or storage, that works too. Only time I've used it was for charging my phone.
|
# ? Sep 2, 2011 21:45 |
|
I use them to upload iOS'. Just format a USB drive, put the iOS on it, and you're good to go.
|
# ? Sep 2, 2011 22:58 |
|
Zuhzuhzombie!! posted:I use them to upload iOS'. Just format a USB drive, put the iOS on it, and you're good to go. Did you type this on an Apple device?
|
# ? Sep 2, 2011 23:15 |
|
Martytoof posted:Did you type this on an Apple device? He's gotta upgrade his routers to get the good apps man! Sucks that it resets the jailbreak though
|
# ? Sep 3, 2011 00:56 |
|
Zuhzuhzombie!! posted:I use them to upload iOS'. Just format a USB drive, put the iOS on it, and you're good to go. Can you actually boot off of USB drives now? That wasn't supported 4 years ago, and I'm not sure it could be without upgrading ROMMON.
|
# ? Sep 4, 2011 00:54 |
|
Powercrazy posted:Can you actually boot off of USB drives now? yep, does require a specific ROMMON but works very well, either upgrading a CF Flash or testing or using for a rollback or whatever done all of those lots of times
|
# ? Sep 4, 2011 03:59 |
|
CrazyLittle posted:Have any of you guys ever used the USB ports on these cisco routers? What're they good for? It'd be nice if you could use them as a serial interface since laptops don't come with serial ports anymore, and are starting to not come with ethernet ports either.
|
# ? Sep 4, 2011 04:20 |
|
Bob Morales posted:It'd be nice if you could use them as a serial interface since laptops don't come with serial ports anymore, and are starting to not come with ethernet ports either. Many of the newer Cisco devices come with a USB serial port. Have a look at the 1900 for example.
|
# ? Sep 4, 2011 10:20 |
|
Bob Morales posted:It'd be nice if you could use them as a serial interface since laptops don't come with serial ports anymore, and are starting to not come with ethernet ports either.
|
# ? Sep 4, 2011 18:52 |
|
I imagine that everyone in this thread has something like that. Also I don't think that serial connections will ever change from the 9600 baud 8pin serial that we all know and love.
|
# ? Sep 4, 2011 22:24 |
|
Question for you boys Cisco sells 16-port 10gb Ethernet/FCoE or 16-port 10gb/Ethernet/FCoE/Native fiberchannel modules for their Nexus 5500 range. As far as I can tell these modules are exactly the same aside from the native FC support and they actually both cost exactly the same as well. Why would anyone opt for the ethernet/FCoE only card when you can also get native FC support for no extra cost?
|
# ? Sep 6, 2011 01:35 |
|
I'm having trouble remembering where hashing comes into play in a IPSec VPN connection, more so in the process then what its used for. I know its used for integrity and to make sure no one has changed the info... but I forget what MD5 or SHA-1 (Whichever one you choose) hashes in the process. Any ideas? Apparently my google-fu is weak.
|
# ? Sep 6, 2011 04:38 |
|
abigserve posted:Question for you boys Perhaps there is some weird bundling options for the SPS as well. That doesn't make a whole lot of sense as the big push on the 5500's was the unified port with everything on there, why in the poo poo would you want a module that doesn't support FC as well? Maybe some people get uppity about the nature of having FC sitting around as well. poo poo, that's just weird. Now I am curious about this too. Bardlebee posted:I'm having trouble remembering where hashing comes into play in a IPSec VPN connection, more so in the process then what its used for. I know its used for integrity and to make sure no one has changed the info... but I forget what MD5 or SHA-1 (Whichever one you choose) hashes in the process. From: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml The default in Cisco IOS is SHA, which is more secure than MD5. workape fucked around with this message at 05:41 on Sep 6, 2011 |
# ? Sep 6, 2011 05:39 |
|
para posted:I have one of these Belkin USB/serial adapters. It worked great up until I switched to Windows 7 and found out the only drivers Belkin has is for WinXP. Then I found this guys website that has a working driver for it. It would be more convenient to only have to carry a USB cable with me, but the adapter is pretty solid. I use something stupidly generic and Win7 auto detected it.
|
# ? Sep 6, 2011 18:11 |
|
workape posted:Maybe some people get uppity about the nature of having FC sitting around as well. I know this is wrong, asking for bad juju, whatever, but if you want to enforce no new FC purchases, this is how to do it. Also, for the unified piece, they actually want you to go over to the 6000 series boxes. With the 5k's able to do everything now...the landscape is getting really confusing.
|
# ? Sep 6, 2011 18:34 |
|
I'm having a weird issue with a new 2951 I'm setting up. In the past I've configured a bunch of 2851s and have used the NME switch modules and they show up no problem. As some of you may know, the newer 2951 has "sm" ports so to use the NME-16ES-1G module I have to use a sm-nme adapater. When I boot up the 2951 I see the lights on the nme go on and I also can connect cables and get link, but the drat thing isn't showing up anywhere that I can see. For some strange reason it seems to just be creating a gig interface but none of the FE interfaces. quote:Cisco CISCO2951/K9 (revision 1.1) with 2054144K/43008K bytes of memory. anyone have any ideas?
|
# ? Sep 7, 2011 01:06 |
|
Can you send me a show tech?
|
# ? Sep 7, 2011 06:48 |
|
Which iOS are you running? Is the NME-16ES-1G also brand new? Every problem I've run into with this was either an iOS issue or hardware incompatibility.
|
# ? Sep 7, 2011 15:36 |
|
Do we have someone here working at Microsoft as a network engineer? I can't recall if we do.
|
# ? Sep 7, 2011 18:02 |
|
Tremblay posted:Can you send me a show tech? Looking at the show inventory I'm seeing the module and it automatically adds the line "hw-module sm 1" but it only adds an unusable gig interface instead of all the FE interfaces. Zuhzuhzombie!! posted:Which iOS are you running? I bought all of this new but the module could definitely be older. edit: Figured it out, I've never used a switch module like this one. It actually has it's own configuration separate from the router, it runs it's own IOS and everything. To access it form the CLI you have to assign an address to the gi1/0 interface that it creates and then you can access the cli using this command service-module gi1/0 session ElCondemn fucked around with this message at 20:03 on Sep 7, 2011 |
# ? Sep 7, 2011 18:54 |
|
ElCondemn posted:Looking at the show inventory I'm seeing the module and it automatically adds the line "hw-module sm 1" but it only adds an unusable gig interface instead of all the FE interfaces. Gig1/0 is the backplane connection between the switch and the router. I can never keep the PNs straight on which module is which. Those modules run 3750 images so they are quite capable.
|
# ? Sep 7, 2011 20:44 |
|
ElCondemn posted:Looking at the show inventory I'm seeing the module and it automatically adds the line "hw-module sm 1" but it only adds an unusable gig interface instead of all the FE interfaces. Makes sense. We have to do something similar with certain T1 cards.
|
# ? Sep 7, 2011 21:19 |
|
I haven't worked a whole lot with Cisco ASA's, but how does it know in a NAT statement which interface is outside and which is inside? For instance check out this NAT CLI: hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0 hostname(config)# global (outside) 1 209.165.201.1-209.165.201.15 Do you establish the inside and outside interfaces via the CLI like on a router? ip nat inside and ip nat outside for instance.
|
# ? Sep 8, 2011 02:27 |
|
Bardlebee posted:I haven't worked a whole lot with Cisco ASA's, but how does it know in a NAT statement which interface is outside and which is inside? For instance check out this NAT CLI: Those are the 'nameif' names applied to the interface (or sub-int).
|
# ? Sep 8, 2011 02:40 |
|
jbusbysack posted:Those are the 'nameif' names applied to the interface (or sub-int). Oh so I could literally do this to an interface?: Interface 1: nameif stupid Interface 2: nameif butt and the config would be: nat (stupid) 1 (IP ADDRESS) global (butt) 1 (IP ADDRESS) or does it have to be 'inside' and 'outside'?
|
# ? Sep 8, 2011 22:08 |
|
|
# ? May 6, 2024 01:58 |
|
Bardlebee posted:Oh so I could literally do this to an interface?: You can name it whatever you want, but I'm sure TAC gets great humor in going through a 'sh tech' where the interfaces are named 'fart' 'boobies' 'wiener' and 'lmao'. The syntax is below: nat (inside) 1 10.50.50.0 255.255.255.0 [10.50.50.0/24 entering the inside interface is tagged as 1) nat (inside) 2 0.0.0.0 0.0.0.0 [anything entering the inside interface is tagged as statement 2] If the route-table for those two statements above's destinations means that it will egress the outside interface then... global (outside) 1 interface (anything matching tag 1 is then NAT'd to the outside interface's IP) global (outside) 2 1.1.1.1 . You get the idea. jbusbysack fucked around with this message at 22:22 on Sep 8, 2011 |
# ? Sep 8, 2011 22:18 |