|
CrazyLittle posted:Technically, single mode optics would have too high of a transmission power for really short distances so it might work or might not, and if it does then you're lucky. LX/LR transceivers can be safely used on short patches. It's only ER/ZR/ZX that have a minimum distance. ragzilla fucked around with this message at 13:20 on Jan 28, 2016 |
#
?
Jan 28, 2016 02:50
|
|
|
|
| # ? Apr 18, 2024 01:31 |
|
|
Partycat posted:You only want to use the "uninstall" button, especially with Prime Collaboration Assurance, or "Prime rear end" as we have been calling it. The partner's lab we looked at made it look slick when you click through all the charts and graphs at the Cisco recommended unable-to-actually-see-what-it-is speed, but it pretty much garbage. What I give it, is if you have no LMS or if you are deploying your own infra into someone else's environs, you can use it a quick network monitor. The licensing model is just the razor blades on the sundae of that thing. Probably going to demo Collaboration Provisioning Standard which looks more reasonable. Is it really that bad? I'd been thinking of spinning up the Prime Collab vms at work to try them out...
|
|
#
?
Jan 28, 2016 02:55
|
|
|
Any of you guys have a good recommendation on a SOHO firewall/IPS for cheap? I have a 300 meg link at home and although I can get a great discount on Palos and Ciscos, the lower end appliances don't offer enough throughput. I'm looking at some of the Fortinet bundles, but I was wondering if there was anything cheaper/better in the sub-$500 price range. e: Right now I'm running a ERL, which is fine for basic firewalling, but I have two roommates and a growing number of Internet of Things Things that need a bit more nannying. psydude fucked around with this message at 03:01 on Jan 28, 2016 |
|
#
?
Jan 28, 2016 02:57
|
|
|
Panda Time posted:Now that we have a few 10G pipes, I'm hoping to get the company to buy a 10G SSD server and switch(s) at some point in the next year or two.. Cisco SG350XG 24 actually seems to be less expensive than the Juniper EX4500 for full 10G. You could also try getting a EX4300-32F with a 8x10G expansion module card which allows you to have 12 x 10G ports, last time I remember it being as pricey as a EX4500 on its own though after factoring in you'll need to buy copper/fibre SFPs for all the 1G ports as well. Sprechensiesexy posted:I never use the GUI personally. We just have a tool that will vomit out ready to use configs and the CLI is quite nice once you get the hang of it. Same, but most firewall administrators I run into are proficient in using GUI's only, so they always get a shock when moving to an SRX. Still waiting for commit confirmed support in a SRX chassis cluster 
hanyolo fucked around with this message at 03:41 on Jan 28, 2016 |
|
#
?
Jan 28, 2016 03:39
|
|
|
psydude posted:e: Right now I'm running a ERL, which is fine for basic firewalling, but I have two roommates and a growing number of Internet of Things Things that need a bit more nannying.
|
|
#
?
Jan 28, 2016 04:18
|
|
|
ragzilla posted:LX/LR transceivers can be safely used on short patches. It's only ER/ZR/LX that have a minimum distance. Ah you're right. It's been a long day.
|
|
#
?
Jan 28, 2016 05:29
|
|
|
Anybody here work with a Cisco blade server chassis? We're getting tired of HP royally loving us when it comes to firmware updates. We bought 3 super beefy servers for our HP chassis environment only to learn (after they were delivered, and after having HP come on site to scope the upgrade project) that the new firmware is incompatible with our old hardware. Meaning we either replace everything in the chassis or don't upgrade at all. Their idea of blade chassis seems to be "Buy it all at once and replace everything at once, no upgrades after 5 years." I'm wondering if Cisco has the same bullshit tactics with their blade server firmware or if they continue firmware support on older servers. I'm looking for anybody that's had to upgrade one of these or add new blades and how that experience went.
|
|
#
?
Jan 28, 2016 16:12
|
|
|
adorai posted:What does an ERL NOT do that you want it to? Outside of web filtering and DMVPN, I can't think of a single thing I would want to do at home that I couldn't do on an ERL. I'd like some IPS/blacklisted domain functionality. e: I guess I could set up snort and blacklisting as VMs on my lab box, but it would be nice to have a unified interface.
|
|
#
?
Jan 28, 2016 17:21
|
|
|
psydude posted:I'd like some IPS/blacklisted domain functionality. Edgerouters will do that, but it would be shunted to CPU instead of accelerated through the IP offloading hardware. You can also run VyOS which is the FOSS fork of Vyatta (which EdgeOS is the Ubiquiti fork) on commodity server(s) / VMs
|
|
#
?
Jan 28, 2016 17:58
|
|
|
Judge Schnoopy posted:Anybody here work with a Cisco blade server chassis? Cisco absolutely does. What encosures and HP blades were you using? Anything recently modern shouldn't be this horrible with the C7000's and BL460c Gen7's through G9's, everything should be interopable. Here's a link that tells you what's what with the HP boxes: http://h20564.www2.hp.com/hpsc/doc/public/display?docId=mmr_kc-0100204-12 I can't find one with teh cisco boxes, but I've had bad experiences with the cisco UCS boxes back when they were newer. Firmware updates for the enclosures required all the blades in the enclosure to be rebooted, which I find highly unacceptable. Don't know if thats still the case with UCS though.
|
|
#
?
Jan 28, 2016 18:33
|
|
|
nitrogen posted:Cisco absolutely does. We have a C7000 with a mix of G1 through G7. We're replacing the G1s with G9s. They cannot co-exist on the same environment thanks to firmware min/max levels, so we cannot migrate the servers. We also have an HP-UX integrity blade that is not compatible with the newer firmware and that's the core of our environment. We clearly explained on multiple occasions all of these details to HP when they were on site to make sure the upgrade was smooth, which is a really unacceptable waste of loving time when we have to return the hardware for incompatibility. Our 3 options are: smaller HP chassis for virtual environment, but HP has done everything they can to ensure we don't trust them anymore. Individual servers, which will suck balls. Cisco chassis, which is expensive and I have no idea if they're going to gently caress us over in the same way down the road when it comes time to upgrade servers.
|
|
#
?
Jan 28, 2016 18:59
|
|
|
Dude. The G1's came out in 2007. You're lucky they are still supported at all, as they were EOL'd sometime in 2012. You're super lucky that HP supported all that range of hardware at all. So yeah, 10 year old firmware expecting to run G9's without any changes is ludecrous.  Seriously, though. If you want some more G7 blades, I'm getting rid of a pantload at work. Maybe we could work out a deal to get them to you cheap.
|
|
#
?
Jan 28, 2016 19:16
|
|
|
nitrogen posted:Dude. Nah my company won't even go for HP refurbished G8s (which was HP's best solution). And yes, the G1s are old. We brought HP on site and had them look at our current environment, our upgrade plans, and asked "Will this work?" We gave their solution engineers everything they asked for and they came back with "Yep sure G9s are great you can totally stick 'em in there with the G1s and migrate your servers over!" That's my biggest issue with this. We put our budget proposals in based on HP confirming we could use these things. If HP came back and said "After due diligence it looks like firmware is going to cause a problem and your core server won't run on any of the new OA versions, so you should plan on migrating that out of the chassis before upgrading anything else" that's OK, because we can put in for budgeting to do that. So in comparison we're looking at Cisco. If I bought a chassis in 2007 with 3 servers, could I put 3 new servers in this year without ditching everything else? Or does the fabric manager firmware prevent newer and older hardware mixed together? If the latter is the case I'm guessing we're just a tiny bit too small for a blade chassis and we'll look at rack servers instead.
|
|
#
?
Jan 28, 2016 20:03
|
|
|
Judge Schnoopy posted:Nah my company won't even go for HP refurbished G8s (which was HP's best solution). Is this a virtualized environment where you are just shuffling around VMs? Any way to get a few used g7 blades as temp hosts while you complete the shuffle? If not, you don't have any other normal servers that can run this load during the shuffle?
|
|
#
?
Jan 28, 2016 20:13
|
|
|
You can definitely mix newer and older models of UCS-B blades in the same chassis. There may be some cutoff when they're simply too ancient, but at my last job we had several generations all coexisting side by side in one chassis with no issues. You do sometimes need to upgrade firmware to get it to properly detect newer models. But IIRC you didn't have to reboot all of the older blades. Just update UCS Manager and the Fabric Interconnects, which incurs no downtime. Could be wrong about that though, it's been a little while.
|
|
#
?
Jan 28, 2016 21:45
|
|
|
Judge Schnoopy posted:Anybody here work with a Cisco blade server chassis? A word of warning, not sure if it's a regional thing (APAC) or our VAR's fault but we are seeing extremely high failure rates with our UCS B200 M3 blades. Last year we purchased 24 of the blades and we have experienced failure rates >20%. It's always the same issue: blade starts reporting a large amount of uncorrectable ECC errors on a single DIMM then the ESXi hypervisor PSODs and eventually the blade just dies completely. Each affected blade had to be replaced in its entirety. Honestly I'm amazed that Cisco haven't issued a product recall as there's obviously a batch of blades which are faulty. I'm really not sure if anyone else has experienced the same issue. Apart from that they're pretty good I guess. Just make sure your VAR has lots of spare parts in stock.
|
|
#
?
Jan 29, 2016 00:42
|
|
|
mythicknight posted:Is it really that bad? Well then, try them out, it doesn't cost anything to demo it. The assurance package, in the "advanced" configuration, is licensed on devices or endpoints, and that's where all the "Features" are, but most of the reporting and monitoring is what you get from jRTMT and built in reporting anyways. With my deployment, I wasted the whole trial period with TAC trying to get around reports that said "No Data" for some reason, or the system's inability to handle certificates properly, causing it to crash and restart constantly. I ended up in an argument with a "Developer" that I could not understand (due to volume and his kid crying in the background) telling me that some random database table had too many rows and that is why the problem occurred. If you're going to try it don't even try to touch the switch topology stuff without adding your entire network into it, as it will misunderstand hearing MACs over uplinks from devices it is not aware of as entire duplicated sets of endpoints and equipment with discovery processes running. I am gearing up to try collab provisioning, but I am not too hopeful. The "import" steps for voicemail and under Quick User/Phone Add already seem to do what this is going to wrapper, but with an audit trail. There are only so many instances where template-and-forget-it work, without further intervention anyways, so it may not be exactly the savior it sounds like. collab deployment I don't get the point of, if you're not dealing with multiple clusters or a field of applications. I saw some shots of APIC-EM the other day and it looks to be basically the same ol' poo poo again, just a new interface to display information you already have, or that doesn't need displayed in a graph/chart format anyways (relatively static stuff). I don't know why they continue to produce half rear end or broken wrappers to things instead of improving the interfaces on the products themselves that they have. APIC is surrounded with "cloud" and "sdn" but even given this .... ? "cisco.com posted:The APIC-EM delivers SDN to the Enterprise to the WAN, Campus and Access networks. Partycat fucked around with this message at 15:09 on Jan 30, 2016 |
|
#
?
Jan 30, 2016 15:07
|
|
|
nitrogen posted:
Something went wrong here. The only time you have to reboot your blades is if you're updating firmware on the blades themselves. Fabric Interconnect/IOM updates are generally non-disruptive. The enclosures themselves don't actually have any firmware to update. edit for clarity: Anything before UCSM 1.4 was not worth touching (so maybe your experience comes from here?). Since UCSM 1.4 I pretty much hope to never touch another blade vendor again. quote:You can definitely mix newer and older models of UCS-B blades in the same chassis. There may be some cutoff when they're simply too ancient, but at my last job we had several generations all coexisting side by side in one chassis with no issues. You do sometimes need to upgrade firmware to get it to properly detect newer models. But IIRC you didn't have to reboot all of the older blades. Just update UCS Manager and the Fabric Interconnects, which incurs no downtime. Could be wrong about that though, it's been a little while. This is pretty much spot on.
|
|
#
?
Jan 31, 2016 11:33
|
|
|
UCS is one of Cisco's better offerings right now. Plus they're typically willing to heavily discount them for our customers who are using them to deploy ISE or Prime, so there's that.
|
|
#
?
Jan 31, 2016 12:48
|
|
|
Anyone have a recommendation on a relatively inexpensive (sub-$300, if possible) fiber microscope, and a similarly inexpensive VFL, both exclusively for use with single mode with both LC and ST connectors? For the scope, this seems to fit our needs, but I can't find any reviews. For a VFL, I'm looking at this guy and will just use a LC/SC patch to account for the different ferrule sizes.
|
|
#
?
Feb 1, 2016 21:08
|
|
|
Richard Noggin posted:Anyone have a recommendation on a relatively inexpensive (sub-$300, if possible) fiber microscope, and a similarly inexpensive VFL, both exclusively for use with single mode with both LC and ST connectors? For the scope, this seems to fit our needs, but I can't find any reviews. For a VFL, I'm looking at this guy and will just use a LC/SC patch to account for the different ferrule sizes. I've used scopes like that before and they've worked pretty well (looks similar to the Ideal scope we had in an older kit), but who polishes their own fiber in TYOOL 2016? Just grab a cletop (and/or one click cleaners) and save yourself from possibly lasing your eyeball when you scope a live fiber.
|
|
#
?
Feb 2, 2016 01:28
|
|
|
It's not for polishing, but rather visual inspection of the ends for cleanliness after using one clicks, etc.
|
|
#
?
Feb 2, 2016 14:45
|
|
|
Richard Noggin posted:Anyone have a recommendation on a relatively inexpensive (sub-$300, if possible) fiber microscope, and a similarly inexpensive VFL, both exclusively for use with single mode with both LC and ST connectors? For the scope, this seems to fit our needs, but I can't find any reviews. For a VFL, I'm looking at this guy and will just use a LC/SC patch to account for the different ferrule sizes. Yeah the FIS F1-VS200U is $100 and works pretty well. We have that VFL as well - it is a laser and seems considerably brighter than the corning one. I am not sure what sort of IR protection is required with it (minimal it appears, or none) but I still don't care for it to be beamed into my eye. That's the cheapest thing I've seen and it does CW and pulse I believe so it can be used with one of those fiber-bending locator things. Depends what you're trying to do with it. I believe the FIS scope has both adapter plates - it just connects to the ferrule for the SC/ST stuff, and some of them have an insert for the LC to hold the connector, others don't. Note that on duplex connectors you will have to take them apart to use the scope. The scope is pretty common re-label so you'll find it in a number of places, it's only $105 at FIS so I would not pay that price for it.
|
|
#
?
Feb 2, 2016 21:11
|
|
|
Not unless the VFL can do 250/300/1k/2k Hz, those are the only frequencies I've seen bend meters detect. Usually only see that in a 'real' source.
ragzilla fucked around with this message at 14:58 on Feb 3, 2016 |
|
#
?
Feb 2, 2016 21:15
|
|
|
Partycat posted:Yeah the FIS F1-VS200U is $100 and works pretty well. We have that VFL as well - it is a laser and seems considerably brighter than the corning one. I am not sure what sort of IR protection is required with it (minimal it appears, or none) but I still don't care for it to be beamed into my eye. That's the cheapest thing I've seen and it does CW and pulse I believe so it can be used with one of those fiber-bending locator things. Thanks!
|
|
#
?
Feb 3, 2016 14:55
|
|
|
I just got Scott Empson to sign my book. Unfortunately he deadpan refused to touch my todd lammle book.
|
|
#
?
Feb 4, 2016 19:40
|
|
|
Methanar posted:I just got Scott Empson to sign my book. Unfortunately he deadpan refused to touch my todd lammle book. what's the rest of the command he wrote?!? Spoke with Cisco solution engineer guys today about the blade servers. They say they have plenty of clients running first generation servers with current generation servers at 0 risk of firmware compatibility. Also the fact that they move on to the next generation when they have to, instead of doing a yearly refresh, is exactly what I'm looking for in a long-term upgradable environment. I just really loving hope the numbers come back within our budget so I can get my company out of lovely HP blade hardware instead of them going further down that god-forsaken rabbit hole. Judge Schnoopy fucked around with this message at 19:55 on Feb 4, 2016 |
|
#
?
Feb 4, 2016 19:53
|
|
|
Judge Schnoopy posted:what's the rest of the command he wrote?!? The most important one. 
|
|
#
?
Feb 4, 2016 20:12
|
|
|
Methanar posted:I just got Scott Empson to sign my book. Unfortunately he deadpan refused to touch my todd lammle book. Scott was my instructor in school. The guy is awesome.
|
|
#
?
Feb 4, 2016 20:40
|
|
|
ChubbyThePhat posted:Scott was my instructor in school. The guy is awesome. Yeah, the guy gets around for sure.
|
|
#
?
Feb 4, 2016 21:15
|
|
|
It's time for me to do some firewall shopping. Right now I have a Juniper SRX210 that's woefully underspecced for the work it needs to do these days. I'm not really tied to a vendor and was curious what recommendations people have these days. Ideally, I need something that can do the following: * ~100Mbps of IPsec traffic at the low end while not killing the device * NGFW stuff would be nice but not a hard requirement * a good remote access VPN client I have looked at a bigger Juniper SRX, Fortigate and a Cisco ASA w/Firepower. I feel like Palo Atlo will be out of my price range. Any suggestions? I don't want to contact a VAR yet because gently caress getting a million phone calls back.
|
|
#
?
Feb 4, 2016 21:45
|
|
|
I guess to move a license from one Procurve switch to another I'm supposed to register on my.procurve.com, but that exact site doesn't seem to exist anymore. It sends me to HP Enterprise and I made an account there but I see no indication on where I'm supposed to manage these licenses. Any ideas? Edit: Nevermind, they have a company info form that they made look skippable, but if you skip it, it dumps you to a different part of than site than if you fill it out. Zero VGS fucked around with this message at 22:58 on Feb 4, 2016 |
|
#
?
Feb 4, 2016 22:50
|
|
|
Number19 posted:It's time for me to do some firewall shopping. Right now I have a Juniper SRX210 that's woefully underspecced for the work it needs to do these days. I'm not really tied to a vendor and was curious what recommendations people have these days. Ideally, I need something that can do the following: I did this dance recently and settled on Fortigate because I wanted something point-and-click and 5.4 actually looks usable. I picked a 50E because it's only for a 20Mbps line and was dirt cheap, you might want something with a bit more poke for 100Mbps. There aren't really any good firewalls, just pick one that pisses you off the least. Thanks Ants fucked around with this message at 22:56 on Feb 4, 2016 |
|
#
?
Feb 4, 2016 22:54
|
|
|
Thanks Ants posted:I did this dance recently and settled on Fortigate because I wanted something point-and-click and 5.4 actually looks usable. I picked a 50E because it's only for a 20Mbps line and was dirt cheap, you might want something with a bit more poke for 100Mbps. I'm a one-man shop so something I don't have to spend half my life supervising would be very nice. I'll do some more research on the Fortinets. I'm probably going to oversize the thing to a large degree since I have a strong feeling I'm going to get a request for a much larger WAN circuit in the next year or so.
|
|
#
?
Feb 4, 2016 22:59
|
|
|
It sounds like you're in the same position I am in. I have a full-time job already and take care of IT for a friends company for mainly historical reasons. Day to day support is done by an MSP, I just help out with strategy and new stuff. So I needed something I can talk someone else through setting up. I'll let you know if it's not crap when it arrives, the E range of Fortigates are quite new.
|
|
#
?
Feb 4, 2016 23:03
|
|
|
Thanks Ants posted:It sounds like you're in the same position I am in. I have a full-time job already and take care of IT for a friends company for mainly historical reasons. Day to day support is done by an MSP, I just help out with strategy and new stuff. So I needed something I can talk someone else through setting up. I'm probably considering a 240D or a 300D depending on my budget, if only because I don't trust published numbers at all and I'd rather have enough headroom to turn everything on and not have the box running out of resources.
|
|
#
?
Feb 4, 2016 23:20
|
|
|
Thanks Ants posted:I did this dance recently and settled on Fortigate because I wanted something point-and-click and 5.4 actually looks usable. I picked a 50E because it's only for a 20Mbps line and was dirt cheap, you might want something with a bit more poke for 100Mbps. I went through the same thing last year updating our aging Cisco ASA line and settled on the 600c for corp and 60d boxes for remote offices/users. Been nothing but happy with them so far for the most part. Speeds have been fine, no complaints on VPN access up until El Capitan poo poo the bed, but since we don't support macs <TM> that hasn't been a problem. (its been a problem)
|
|
#
?
Feb 4, 2016 23:38
|
|
|
Fortigates are great IMO, but make sure you take frequent backups of your configs. I had some terrible experience with 200Bs corrupting their flash storage. I'd sent one back four times because each RMA would die within a month or so. I guess I'm just terrified of that happening again now. If anything, make sure you're offloading your logging to a syslog box and not writing logs to internal storage to maximize write life. That said I have two 200Bs and two 60Ds at home that I love. I was thinking about swapping everything out with VyOS boxes, but I'm really happy with FortiOS so I'll hang out with what I have.
|
|
#
?
Feb 4, 2016 23:54
|
|
|
Martytoof posted:backups of your configs
|
|
#
?
Feb 5, 2016 00:58
|
|
|
|
| # ? Apr 18, 2024 01:31 |
|
|
In UCS training at Cisco this week. Our teacher has SEVEN CCIEs. Just...how.
|
|
#
?
Feb 5, 2016 01:04
|
|
