|
Can anyone recommend an unmanaged completely passthrough demarcation box?
|
#
?
Jul 23, 2015 21:07
|
|
|
|
| # ? Apr 24, 2024 04:53 |
|
|
Are you looking for a media converter or something? Most NIDs could be configured to do this too but they seem like a waste of money for this application.
|
|
#
?
Jul 23, 2015 21:59
|
|
|
Normally the point of a demarc is that your service provider can monitor it to be able to manage the circuit effectively. An unmanaged one being supplied by yourself sort of defeats the purpose of it.
|
|
#
?
Jul 23, 2015 22:05
|
|
|
Thanks Ants posted:Normally the point of a demarc is that your service provider can monitor it to be able to manage the circuit effectively. An unmanaged one being supplied by yourself sort of defeats the purpose of it. We just want a physical device that will mark the end of our responsibilities.
|
|
#
?
Jul 23, 2015 22:30
|
|
|
That's given to you by the service provider though, and they get to decide what is their problem and what is yours. Whether this is an NTE or just a dumb socket on a wall. Are you a service provider looking for equipment to deploy or something?
|
|
#
?
Jul 23, 2015 22:34
|
|
|
Zuhzuhzombie!! posted:We just want a physical device that will mark the end of our responsibilities. What type of media?
|
|
#
?
Jul 24, 2015 00:27
|
|
|
Thanks Ants posted:That's given to you by the service provider though, and they get to decide what is their problem and what is yours. Whether this is an NTE or just a dumb socket on a wall. We're building managed services for companies/schools/colleges/universities. Sometimes we get a direct DIA, sometimes we hang off of their network, and it is the latter case where a demarc might be a good idea. Some copper, some fiber.
|
|
#
?
Jul 24, 2015 00:30
|
|
|
Why would you want that to be unmanaged then? You lose your best way to push back on SLA credits.
|
|
#
?
Jul 24, 2015 01:40
|
|
|
Can I get a quick recommendation on where to begin with scripting config changes on cisco switches? I want to help the network team get started on some cutting-edge concepts like SSH, standardization, and automation. I have tried googling starting guides and such, but I'm still looking for a simple place to begin. - Assume an environment of 100+ cisco switches, all fairly new 2960, 3850, and 4500x models. - Cisco Prime and ACS are available, if either of those tools have some good hand-holding config deployment capabilities - Say we want to update the ip helper-address on every switch due to deploying a new DHCP server, what tool/scripting language would you use to deploy? Any advice would be welcome, thanks in advance.
|
|
#
?
Jul 24, 2015 04:29
|
|
|
i would use the scripts included in RANCID.
|
|
#
?
Jul 24, 2015 04:31
|
|
|
RANCID looks promising, thanks for that. I could probably make that work, but the old networking guy who only uses Windows will want to know what the Win native alternative is. Have fun with Cygwin I guess. We do roll Cisco Prime which is web-based GUI so perhaps leveraging that is the best bet. The user community and documentation seems a bit sparse, I don't see too many people working with it.
|
|
#
?
Jul 24, 2015 04:54
|
|
|
What version of Prime Infrastructure? LMS 4.2 is the best still imo for that stuff, but if you have PI 2.x you can make it work. Might as well just learn that if you'd paid for it  quote:- Say we want to update the ip helper-address on every switch due to deploying a new DHCP server, what tool/scripting language would you use to deploy? This is exactly what the NetConfig feature of LMS/Prime does. Create a job with a set of commands, pick what devices to deploy it to.
|
|
#
?
Jul 24, 2015 05:25
|
|
|
CPI 2.x, and that sounds awesome. We have the thing, just need to use it to the fullest extent. Thanks for the tip.
Malcolm fucked around with this message at 08:05 on Jul 24, 2015 |
|
#
?
Jul 24, 2015 06:07
|
|
|
Yeah Prime is pretty decent at it, you can push out config changes to devices based on site, device type, etc. You can also make template configurations aswell Have a read here: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/user/guide/prime_infra_ug/create_temps.html
|
|
#
?
Jul 24, 2015 10:33
|
|
|
I've got a Cisco RV130W SMB router at home running firmware version 1.0.1.3 and I'd like to upgrade it to 1.0.2.7 which was released yesterday. However it appears that the "Administration > Firmware/Language Upgrade" section in the device's web interface is missing. I haven't had to do a firmware upgrade of the device since getting it in October, 2014 so I'm unsure when this issue arose. Tried Googling but no luck, has anyone encountered this issue before with Cisco SMB routers?
|
|
#
?
Jul 25, 2015 10:17
|
|
|
I'm still new to voice but I was asked to change the time between beginning to place a call and getting a timeout beep if that makes sense. Like if you press the buttons too slowly. Is that possible and what is it called?
|
|
#
?
Jul 28, 2015 03:22
|
|
|
Bigass Moth posted:I'm still new to voice but I was asked to change the time between beginning to place a call and getting a timeout beep if that makes sense. Like if you press the buttons too slowly. Is that possible and what is it called? In Polycom world, it's digit map timeout.
|
|
#
?
Jul 28, 2015 03:25
|
|
|
Inter-digit timeout, but I believe it is t302 timer in Cisco world lemme look. E:yeah. System -> service parameters. Select the CallManager service. Search T302 timer. This may not apply to all phones, enbloc and sip devices may get their own dial rules. You also may have overlapping dial patterns so it is waiting for a match when you should route when correct. Many systems also are set up to terminate dialing with a #. Partycat fucked around with this message at 03:33 on Jul 28, 2015 |
|
#
?
Jul 28, 2015 03:28
|
|
|
Thanks I'll look for that!
|
|
#
?
Jul 28, 2015 03:34
|
|
|
Malcolm posted:Can I get a quick recommendation on where to begin with scripting config changes on cisco switches? I use a combination of net::ssh::expect and ansible. You should definitely use rancid if you can (I don't know anything about cisco prime but it sounds great), but sometimes the rancid scripts can't do exactly what you need, or have issues accessing things like daughter cards or something only accessible through a console switch or whatever. Net::ssh::expect is pretty much fully scriptable interactive SSH, so it can do whatever you can do given some time and effort. Generally I use it for scripts that need to react to a given state, or I'll write scripts that perform basic troubleshooting for an issue that may come up while someone else is on call. So, I guess what I'm saying is that ideally you should not have to script SSH sessions but it is an option that you should be aware of.
|
|
#
?
Jul 28, 2015 05:35
|
|
|
Partycat posted:Inter-digit timeout, but I believe it is t302 timer in Cisco world lemme look. From what I remember there's 3 places you have to change it to apply everywhere. I'll look tomorrow, because I remember going on a crusade to change it.
|
|
#
?
Jul 28, 2015 05:42
|
|
|
I have an site to site VPN where one of the peers got moved from one provider to another, with a new public address. I updated everything on its peer, but for some reason it's failing Phase I with the message that there was no valid SA payload found and no valid tunnel group found on one side, while the other side is getting an invalid cookie message. I went so far as to delete the existing profiles and groups and use the wizard to rebuild them, to no success. I also tried adding the isakmp identity address command as mentioned in the support forums. Any ideas?
|
|
#
?
Jul 28, 2015 15:25
|
|
|
You got anything like I do? ACL on the outside interface which only permits certain outside IP's to pass through GRE/IPSEC/whatever? Repeatedly a new line comes in or something, I change the peer IP, completely forget about my ACL and spend the next 20 minutes scratching my head.
|
|
#
?
Jul 28, 2015 15:30
|
|
|
Anyone know any good online resources for anycast, BGP/DNS? Just looking to brush up and make sure that how I think it works is how it actually works. Real-world IPv6 setup would be cool too. Just a normal google search is surprisingly sparse, except for one cisco command reference paper.
|
|
#
?
Jul 28, 2015 16:24
|
|
|
Powercrazy posted:Anyone know any good online resources for anycast, BGP/DNS? Just looking to brush up and make sure that how I think it works is how it actually works. Real-world IPv6 setup would be cool too. Just a normal google search is surprisingly sparse, except for one cisco command reference paper. Anycast DNS is pretty straightforward. You have your DNS server participate in your IGP (we use OSPF), then put the anycast address on as a loopback adapter. The servers look just like another router with a path to the DNS server as far as the IGP is concerned. Here's a bad drawing I made to explain it to a coworker one time; 
|
|
#
?
Jul 28, 2015 16:50
|
|
|
That's the trivial view of it. But what about public anycast services? What do they look like? Any reserved addresses, what would the peering look like, fail over scenarios? Best-practices for all these things?
|
|
#
?
Jul 28, 2015 17:32
|
|
|
There are quite a few *NOG presentations of the DNS roots, which are any cast. https://www.nanog.org/meetings/nanog34/presentations/karrenberg.pdf
|
|
#
?
Jul 28, 2015 17:37
|
|
|
psydude posted:I have an site to site VPN where one of the peers got moved from one provider to another, with a new public address. I updated everything on its peer, but for some reason it's failing Phase I with the message that there was no valid SA payload found and no valid tunnel group found on one side, while the other side is getting an invalid cookie message. I went so far as to delete the existing profiles and groups and use the wizard to rebuild them, to no success. I also tried adding the isakmp identity address command as mentioned in the support forums. Any ideas? I had this happen on an older ASA (or possibly PIX, same OS) and it only came back up after rebooting the side that got the new IP. Tried all of the the clear crypto commands, nothing would make it work. Wizard not used here, just changing the config lines that had the old vs new IP in it.
|
|
#
?
Jul 28, 2015 17:44
|
|
|
Powercrazy posted:That's the trivial view of it. But what about public anycast services? What do they look like? Any reserved addresses, what would the peering look like, fail over scenarios? Best-practices for all these things? Pretty much the same considerations as an internal deployment, make sure you source queries from a dedicated interface not in the anycast block. In the public case you're burning a full /24 or two for a single IP out of each block unless you have your own backbone to transport the rest of the traffic where it needs to go inside your infrastructure. It typically ends up with 2 levels of anycast being involved- the first being your internal anycast to ensure availability within the site, the second being your BGP anycast where your providers will route traffic to the closest exit in their network. If you're connecting with transit providers connect in as many places as practical, and/or use BGP communities to control spread of your anycast block announcement so that one-off peering you have with say Tata over in Europe doesn't pull all Tata and Tata customer traffic worldwide to that single POP.
|
|
#
?
Jul 28, 2015 17:58
|
|
|
psydude posted:I have an site to site VPN where one of the peers got moved from one provider to another, with a new public address. I updated everything on its peer, but for some reason it's failing Phase I with the message that there was no valid SA payload found and no valid tunnel group found on one side, while the other side is getting an invalid cookie message. I went so far as to delete the existing profiles and groups and use the wizard to rebuild them, to no success. I also tried adding the isakmp identity address command as mentioned in the support forums. Any ideas? What are the endpoints? If the one that moved is an ASA, and the new provider was set up under a different nameif, I'd make sure isakmp is turned on for the new interface.
|
|
#
?
Jul 29, 2015 02:56
|
|
|
"I need to know which if any of these switches are stacked, which if any are trunked, and how many are in each stack" *Oh, everything is stacked. Four stacks of four switches, 11 stacks of 3, so I just need fifteen total configs and IP addresses!* "Okay, here you go!" Hey Zuh, Bobby Joe actually needed 40 configs. Those are all individual switches. "Bobby Joe, WTF, you told me those switches were stacked." *They are stacked. I stacked them all together on top of each other in a rack the other day.* 
|
|
#
?
Aug 3, 2015 16:34
|
|
|
Anyone here going to the F5 agility conference in DC this week?
|
|
#
?
Aug 3, 2015 17:21
|
|
|
Zuhzuhzombie!! posted:"I need to know which if any of these switches are stacked, which if any are trunked, and how many are in each stack" I can beat that. I told our trial hire guy to order 3 2960s. 1 to be standalone, the other two to be stacked. He ordered, 1 2960. But made sure to order the stack cable. He has a valid CCIE...
|
|
#
?
Aug 3, 2015 18:14
|
|
|
Slickdrac posted:I can beat that. I told our trial hire guy to order 3 2960s. 1 to be standalone, the other two to be stacked. I can beat that. In my last job we had a new hire who apparently had their CCNA. A router at one of our customer's branch offices went down so we asked the new hire to load a config onto a spare 877 so we could swap it in at the site. He spent 15 minutes trying to plug the serial cable into the DB-9 monitor port on his computer.
|
|
#
?
Aug 3, 2015 21:41
|
|
|
I'm not a network guy, I barely remember a little bit from school 12 or 13 years ago, but this is bad right?code:
|
|
#
?
Aug 4, 2015 00:35
|
|
|
ragzilla posted:If you're connecting with transit providers connect in as many places as practical, and/or use BGP communities to control spread of your anycast block announcement so that one-off peering you have with say Tata over in Europe doesn't pull all Tata and Tata customer traffic worldwide to that single POP. Then they'll hand it to the another global carrier they peer with in Europe and they'll leak it all over the world* *If this is with v6 (you should be setting up v6) then HE will leak it all over the world
|
|
#
?
Aug 4, 2015 03:36
|
|
|
cheese-cube posted:DB-9 monitor port
|
|
#
?
Aug 5, 2015 02:08
|
|
|
skipdogg posted:I'm not a network guy, I barely remember a little bit from school 12 or 13 years ago, but this is bad right? I don't recall seeing that boot string before, but, yeah if the flash is shot... You could probably boot it from some other image but with no config. Time to call AT&T since it's their problem, and make sure they follow their SLA.
|
|
#
?
Aug 5, 2015 02:09
|
|
|
I didn't catch that the first time round, makes it even better.
|
|
#
?
Aug 5, 2015 03:28
|
|
|
|
| # ? Apr 24, 2024 04:53 |
|
|
cheese-cube posted:I can beat that. In my last job we had a new hire who apparently had their CCNA. A router at one of our customer's branch offices went down so we asked the new hire to load a config onto a spare 877 so we could swap it in at the site. He spent 15 minutes trying to plug the serial cable into the DB-9 monitor port on his computer. Well he's a Cisco Certified Network Associate, not Cisco Certified Monitor Associate!
|
|
#
?
Aug 5, 2015 04:50
|
|
