|
adorai posted:What should I be deploying them as instead of SCCP? SIP I would assume.
|
# ? Aug 3, 2012 01:21 |
|
|
# ? Apr 26, 2024 10:55 |
|
madsushi posted:SIP I would assume.
|
# ? Aug 3, 2012 02:57 |
|
So. Got a new 2901 and I have absolutely no idea where it saves the config file. Dir shows only one flash directory and a copy run/start or wr mem doesn't create a file in there.
|
# ? Aug 3, 2012 16:17 |
|
Zuhzuhzombie!! posted:So. Got a new 2901 and I have absolutely no idea where it saves the config file. code:
|
# ? Aug 3, 2012 16:26 |
|
Zuhzuhzombie!! posted:So. Got a new 2901 and I have absolutely no idea where it saves the config file.
|
# ? Aug 3, 2012 16:26 |
|
Zuhzuhzombie!! posted:So. Got a new 2901 and I have absolutely no idea where it saves the config file. also a handy command: dir all-filesystems
|
# ? Aug 3, 2012 16:45 |
|
Nice. Thanks!
|
# ? Aug 3, 2012 17:04 |
|
Well so much for that. My 2620 has 16MB of flash and the IPVOICE IOS image is 24MB.
|
# ? Aug 5, 2012 21:37 |
|
Gap In The Tooth posted:Well so much for that. My 2620 has 16MB of flash and the IPVOICE IOS image is 24MB.
|
# ? Aug 5, 2012 22:39 |
|
DHCP Behavior question. We have a virtual environment and they're having some IP trouble. /24 with no exclusions save for the SVI's IP. Everything else is in the DHCP pool. Basically he wants to ensure that the same IP is given out to the same machine/hostname whenever the lease expires, and wants to make sure that machines/hostnames he removes lose their binding whenever the lease expires. I thought this was already typical DHCP behavior. My desktop machine usually keeps the same IP address across different lease periods, though not always. Could someone point me in the right direction?
|
# ? Aug 6, 2012 15:30 |
|
As far as I know there's no easy way to do this without configuring each IP/MAC address combination. As long as a node is online, it will attempt to keep requesting the same IP it was allocated before (ie, when the lease begins to expire it tries to renew the same address before asking for any available address). If a node goes offline or otherwise allows a lease to completely expire, the address goes back up for grabs and the next time the node makes a DHCP request it will request any available address. So either never turn off any nodes, or statically configure the IP/MAC address mappings. I know places that use a custom DHCP server that allocates IPs based on the client supplied hostname in the DHCP request, but then you need to build a mapping of hostname to IP (reverse DNS works) and need a DHCP server that supports this. I don't know of any that do out of the box. Ninja Rope fucked around with this message at 17:31 on Aug 6, 2012 |
# ? Aug 6, 2012 17:29 |
|
I finally gave in and realized I did not have time to setup our new ASA5515-X's, so I brought in a consultant. So far things are going smoothly. How long would you estimate it would take to replace the existing router with two ASA5515-x's, setup a site to site vpn, and setup SSL vpn? Just curious. What would you guys recommend for my heartbeat switches?
|
# ? Aug 9, 2012 18:33 |
|
Depends on what kind of connections you got through that router? Just ethernet hand off with a public subnet/nat and some ACL's/l2l vpn and ssl? 15 minutes but your consultant will probably bill a few hours. You can just plug a crossover between the 5515X's for failover.
|
# ? Aug 9, 2012 18:50 |
|
Our environment is a bit more complicated and it seems this consultant is rather green... But he is smart and I am happy so far. We have two 5515-x's at Site 1. Another two 5505's at Site 2. Both sites have cable and DSL internet connections, along with a site to site fiber link- handed off via 1gb ethernet. His project is to replace the existing router, install the new ASA's with proper routing/ect for the multiple internet connections/fiber, and setup the VPN. I was thinking this is a couple week project. I had read that a crossover on the 5510's at least causes issues. If the second one comes back up with the crossover disconnected, it causes problems. The general recommendation is a switch. He would like to do two for HA, which I am ok with.
|
# ? Aug 9, 2012 19:38 |
|
I just got a 5545X shipped to my house, but so far I haven't had an opportunity to power it up. The X series look a lot nicer than the previous ones, imo.
|
# ? Aug 9, 2012 20:10 |
|
Zuhzuhzombie!! posted:DHCP Behavior question. It sounds like you want reservations. code:
|
# ? Aug 9, 2012 20:30 |
|
the spyder posted:Our environment is a bit more complicated and it seems this consultant is rather green... But he is smart and I am happy so far. Yes they'll both go into active/active. I've never seen a failover pair suffer from split brain as long as HA is configured right (although I have seen two FWSM's go active/active when the heartbeat was still up), you can have it monitor ports for up/down and have an amount of down port thresholds trigger failover to finely tune it. I think people have more problems in that kind of configuration more than anything else. Sepist fucked around with this message at 00:01 on Aug 10, 2012 |
# ? Aug 9, 2012 23:55 |
|
the spyder posted:Our environment is a bit more complicated and it seems this consultant is rather green... But he is smart and I am happy so far. Is the intention to use both internet connections at each site simultaneously? If so I don't believe that is possible unless there has been a change to the backup ISP feature.
|
# ? Aug 10, 2012 17:25 |
|
Since we're talking ASAs, and I'm about to deploy six of them (three HA active/standby pairs), are there any serious caveats or "gotchas" that I should be aware of? So far I haven't encountered anything too concerning. I wish the logging was better on the ASAs, though.
|
# ? Aug 10, 2012 20:14 |
|
jwh posted:Since we're talking ASAs, and I'm about to deploy six of them (three HA active/standby pairs), are there any serious caveats or "gotchas" that I should be aware of? Gotcha for a bunch of cash count? Get used to everything being an object... other than that and the new NAT setup, it's pretty cut and dry.
|
# ? Aug 10, 2012 21:13 |
|
jwh posted:Since we're talking ASAs, and I'm about to deploy six of them (three HA active/standby pairs), are there any serious caveats or "gotchas" that I should be aware of? What are you missing in the logging? We currently send all syslog info to Splunk, and i haven't found anything to be lacking. The only thing that i have come across that isn't obvious is how some of the inspection maps work and the default times on dropping tcp sessions (found out because some of our nix guys ssh sessions timing out). The usual Cisco caveat of opening a ticket before major maintenance with TAC.
|
# ? Aug 11, 2012 04:31 |
|
CaptainGimpy posted:What are you missing in the logging? We currently send all syslog info to Splunk, and i haven't found anything to be lacking. He might have been talking about the ASA's half-assed netflow implementation, and even if he wasn't it's worth bitching about anyways.
|
# ? Aug 11, 2012 19:19 |
|
Harry Totterbottom posted:It sounds like you want reservations. We've narrowed it down to it being a problem with the Windows team and their domain. I basically made the call to not do anything like this on our end since all it does is create more overhead and more micromanagement for me and my guys. Thanks everyone! And now I have a head scratcher. We have a 2 gigabit port channel/LAG to an MPLS backbone. This carries dozens of customers. Yesterday we had an issue where a customer could only pull Google traffic. Setting the MPLS MTU rating to 1600 from the default of 1500 fixed this problem. No other customer on this setup had this issue and there is nothing special about this customer either. Anyone have any ideas? I know MPLS requires a bit more overhead than Occam/Calix, but every other customer on the same transport works fine without setting the circuit for jumbo frames.
|
# ? Aug 12, 2012 04:03 |
|
Zuhzuhzombie!! posted:We have a 2 gigabit port channel/LAG to an MPLS backbone. This carries dozens of customers. Yesterday we had an issue where a customer could only pull Google traffic. Setting the MPLS MTU rating to 1600 from the default of 1500 fixed this problem. No other customer on this setup had this issue and there is nothing special about this customer either. Generally speaking if you're going to run MPLS on an Ethernet link you need to run higher MTU so the customer can still pass a full size frame.
|
# ? Aug 12, 2012 04:36 |
|
No firewall. I sent a tech out who plugged directly into the ethernet handoff with a laptop. It's just weird that no other MPLS based customer had this problem. We are using VLANs Cisco side and allow which ever VLANs to go out the trunk to transport.
|
# ? Aug 12, 2012 09:23 |
|
Mierdaan posted:He might have been talking about the ASA's half-assed netflow implementation, and even if he wasn't it's worth bitching about anyways. They're calling that an implementation??? We have to span the ports into a cascade to get that info.
|
# ? Aug 13, 2012 00:22 |
|
We may be RMA'ing a fourth ASR today. Four in one year. These things are a loving rip off.
|
# ? Aug 13, 2012 17:04 |
|
Zuhzuhzombie!! posted:We may be RMA'ing a fourth ASR today. Four in one year. These things are a loving rip off. Which ASR? I've got 1001s and 9010s (not running Typhoon LCs though) which have been rock solid since install.
|
# ? Aug 13, 2012 17:16 |
|
Zuhzuhzombie!! posted:We may be RMA'ing a fourth ASR today. Four in one year. These things are a loving rip off.
|
# ? Aug 13, 2012 21:09 |
|
Does anyone know how to enable (and retrieve) verbose logging from APs when they're connected to a WLC? I have several Aironet 1041s that home back to a 2504 WLC. I'm trying to debug a problem with a specific wireless client but the WLC logs only seem to cover actual WLC events, not events on the APs themselves.
|
# ? Aug 13, 2012 22:42 |
|
On the controller CLI, you can run config ap syslog host global <syslog host ip>. This will set all your APs to log to syslog (instead of broadcast, which they do by default).
|
# ? Aug 13, 2012 22:59 |
|
ragzilla posted:Which ASR? I've got 1001s and 9010s (not running Typhoon LCs though) which have been rock solid since install. 1002 Ordered two of them. We've had issues with the card slots going bad and have to keep sending them back. Last night we kept dropping BGP peering with several customers. Happened again at 8 this morning and the error logs show the non swappable supervisor card rebooting itself.
|
# ? Aug 13, 2012 23:00 |
|
It's a little annoying that the management interface configuration is copied across two ASA's in a failover pair. I would have liked to have monitored them individually. How are you supposed to monitor the secondary ASA?
|
# ? Aug 14, 2012 22:37 |
|
jwh posted:It's a little annoying that the management interface configuration is copied across two ASA's in a failover pair. In the failover config you can set secondary interface IPs.
|
# ? Aug 15, 2012 00:43 |
|
Scenario: I have two Nexus 5k switches. Into each switch, I have one port of a two port 10gbe network card in a VMware ESXi box w/ a Cisco Nexus 1k switch running. Can I use VPC to get a 20gbe vpc or not? TAC told a member of my team that it was not possible to use VPC with a Nexus 1k. I think TAC was full of poo poo. Please confirm or deny my opinion.
|
# ? Aug 15, 2012 02:55 |
|
adorai posted:Scenario: TAC full of poo poo: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/guide_c07-556626.html#wp9000369 It's best practice even. You'll want to be running 4.2(1)SV1(4) or greater on the N1KV for LACP offload.
|
# ? Aug 15, 2012 03:39 |
|
Is it true, in this year of our Lord, 2012, that you cannot drop a shell session directly into priv 15 on an ASA? Madness.
|
# ? Aug 15, 2012 23:26 |
|
adorai posted:Scenario: Quite possible! Do something like this on your uplink profile: 'channel-group auto mode active' Then if your upstream 5ks are configured to use vPC and LACP: interface po10 switchport mode trunk vpc 10 Then on your 2 5ks: int eth0/10 switchport mode trunk vpc 10 channel-group 10 mode active Add in other goodies like descriptions, vlan allowed lists, etc. as needed. Note you'll still use hashing to put various network flows on specific 10 gig uplinks but it will be one logical link. edit: I should get some sleep. Doc above me has some other things you should consider mentioned as well such as system vlans, etc.
|
# ? Aug 15, 2012 23:51 |
|
I apologize for this being vague. I am working with someone else on this, and I don't see everything they are seeing. They were unable to add an interface via command line, so I was trying to do it via ASDM. When I try to add another interface to our ASA 5550, ASA 8.2(5)2, I get this error: "You cannot have more than 3 named VLANs in your system." Well, we already have *5* named VLANs that are working just fine. I just want a few more (four, actually). My co-worker is getting an error on the command line as well (I didn't get to see it). Anyone have any idea where we can start looking for a cause of this possible artificial error? Edit: The problem was a mix of permission issue, user error, and ASDM bug. Xenomorph fucked around with this message at 04:12 on Aug 16, 2012 |
# ? Aug 15, 2012 23:57 |
|
|
# ? Apr 26, 2024 10:55 |
|
Hey, speaking of the Nexus, can you game the system and install multiple 60 day trials after they expire? I want to pick up some experience but there's no way I can do it in 60 days since I'm all over the place right now.
|
# ? Aug 15, 2012 23:59 |