|
DigitalMocking posted:100% marketing bullshit. Not often you get a strong consensus, thanks.
|
#
?
Mar 16, 2017 23:38
|
|
|
|
| # ? Apr 23, 2024 22:11 |
|
|
Kazinsal posted:Any CUCM/UCXN wizards here know if it's possible to build some kind of CTI route point/DN/Unity call handler combination that'll just ringback forever? Looking for something to use to blackhole pesky cold callers. do this. do it now. https://www.theregister.co.uk/2016/04/29/it_helpdesk_creates_oh_hold_hell/
|
|
#
?
Mar 17, 2017 02:48
|
|
|
Thanks Ants posted:Not often you get a strong consensus, thanks. I mean there's some real difference in the new services offered but the delivered product to you is bits on a wire. It's just more flexible from the provider network operator's side.
|
|
#
?
Mar 17, 2017 02:49
|
|
|
CrazyLittle posted:do this. do it now. Oh god yes, and report back how long they stayed on hold listening.
|
|
#
?
Mar 17, 2017 02:50
|
|
|
CrazyLittle posted:do this. do it now. One of our PMs actually has the extension 5666. He's the bane of my existence so it's appropriate.
|
|
#
?
Mar 17, 2017 05:21
|
|
|
CrazyLittle posted:I mean there's some real difference in the new services offered but the delivered product to you is bits on a wire. It's just more flexible from the provider network operator's side. It's cool. I get that there are new technologies, I just didn't know whether we were talking about something new, or existing ideas bundled together for marketing purposes.
|
|
#
?
Mar 17, 2017 08:34
|
|
|
Kazinsal posted:Any CUCM/UCXN wizards here know if it's possible to build some kind of CTI route point/DN/Unity call handler combination that'll just ringback forever? Looking for something to use to blackhole pesky cold callers. You would be better off just blocking the individual numbers on the gateway or in CUCM as blocked route patterns. If you want to put them into the endless loop you could just create a Unity call director that swaps between 2-3 numbers forever.
|
|
#
?
Mar 17, 2017 14:54
|
|
|
Re: SDWAN, I'm an IP engineer for a SP and there are a couple vendors so far providing a legit SP geared solution that does more than just throw an overlay up to abstract transport. They're still maturing and probably will be for a while. My opinion on current state is that the best use cases so far are more about leveraging cheaper underlying transport like cable/dsl (and things like wireless backup) for diversity and better uptime at a lot less less cost/complexity than business class transport and BGP multi-homing. Whether that's useful or cost effective depends a lot on your needs/requirements. I would definitely not buy in to much hype without knowing exactly what's offered and doing research.
|
|
#
?
Mar 18, 2017 17:08
|
|
|
The other use case I've seen here in Australia is customer controlled ability to turn up and down bandwidth on circuits for periods without new contracts etc and the billing is handled automatically.
|
|
#
?
Mar 18, 2017 23:56
|
|
|
rattrap posted:Re: SDWAN, I'm an IP engineer for a SP and there are a couple vendors so far providing a legit SP geared solution that does more than just throw an overlay up to abstract transport. They're still maturing and probably will be for a while. Thanks. My vague understanding of it was sort of in line with the replies here - where it refers to something specific and not just a bunch of marketing buzzwords then the use case seems to be delivering services regardless of connectivity. So somebody proposing a multi-site VPLS over dedicated fibre circuits with different countries involved and then breaking out connectivity to the Internet from a central location seems to me to be something straight out of the 1990s and stretching the definition of 'software defined'.
|
|
#
?
Mar 20, 2017 11:24
|
|
|
Thanks Ants posted:Thanks. My vague understanding of it was sort of in line with the replies here - where it refers to something specific and not just a bunch of marketing buzzwords then the use case seems to be delivering services regardless of connectivity. So somebody proposing a multi-site VPLS over dedicated fibre circuits with different countries involved and then breaking out connectivity to the Internet from a central location seems to me to be something straight out of the 1990s and stretching the definition of 'software defined'. Ya, if that's it, sounds like bullshit. I'm not sure about 90s, maybe more like 00s for real VPLS, but it's definitely not SDN. At minimum, I think of software defined as having a central orchestration layer/controller and being capable of defining rules/policy that can affect traffic flow based on real time network and traffic state. What we're looking at has an orchestration layer, overlay network concepts with pretty robust error handling/dynamic traffic steering and a pretty wide array of potential routing rules/policy that can be managed down to per site level. Not that we're using it all, yet.
|
|
#
?
Mar 21, 2017 00:58
|
|
|
I have a Cisco ASA 5510 with a primary and secondary internet connections configured and connected. Should I be able to pass packets on the secondary connection to devices in my network (assuming they are setup correctly) even while I'm using the primary internet connection? I thought this worked in the past but I'm not able to do it at the moment. The gateway device for the secondary connection is up.
|
|
#
?
Mar 21, 2017 15:22
|
|
|
tadashi posted:I have a Cisco ASA 5510 with a primary and secondary internet connections configured and connected. Should I be able to pass packets on the secondary connection to devices in my network (assuming they are setup correctly) even while I'm using the primary internet connection? I thought this worked in the past but I'm not able to do it at the moment. The gateway device for the secondary connection is up. How is your routing set up? If you only want to hit some specific subsets over the secondary, just slap a static route on there for them and specify the secondary interface.
|
|
#
?
Mar 21, 2017 18:43
|
|
|
Jedi425 posted:How is your routing set up? If you only want to hit some specific subsets over the secondary, just slap a static route on there for them and specify the secondary interface. This is a good idea since I just want to test the packet flow through the secondary connection. Thanks.
|
|
#
?
Mar 21, 2017 19:22
|
|
|
Kazinsal posted:Any CUCM/UCXN wizards here know if it's possible to build some kind of CTI route point/DN/Unity call handler combination that'll just ringback forever? Looking for something to use to blackhole pesky cold callers. Not really, no. You can record ring back into a call handler greeting and have it loop, then use the translation pattern's "route next hop by calling party number" option to route all those calls into a part with a !/blank translation to that call handler. You would be better off playing a SIT or rejecting the call instead. In some instances, playing ring back when the call is completed may not be lawful. Blocking calls in the UCM sucks. In the IOS router you can use mapping and reject it too but feh.
|
|
#
?
Mar 22, 2017 22:16
|
|
|
tadashi posted:This is a good idea since I just want to test the packet flow through the secondary connection. Thanks. Don't forget to change the routing in the other direction as well unless you're using NAT because you're gonna get asymmetric routing otherwise.
|
|
#
?
Mar 23, 2017 03:16
|
|
|
tadashi posted:This is a good idea since I just want to test the packet flow through the secondary connection. Thanks. Also while you're there, throw some tracked routes in if you're wanting to use this as a backup line for your ASA. I like to do this method on ASA's that don't have dynamic routes from the ISP. route outside 0.0.0.0 0.0.0.0 isp1gatewayIP 1 track 1 route outside 0.0.0.0 128.0.0.0 isp1gatewayIP 2 track 2 route outside 128.0.0.0 128.0.0.0 isp1gatewayIP 3 track 3 route outsidesecondary 0.0.0.0 0.0.0.0 isp2gatewayIP 200 sla monitor 1 type echo protocol ipIcmpEcho 8.8.8.8 interface outside sla monitor schedule 1 life forever start-time now sla monitor 2 type echo protocol ipIcmpEcho 4.2.2.2 interface outside sla monitor schedule 2 life forever start-time now sla monitor 3 type echo protocol ipIcmpEcho isp1gatewayIP interface outside sla monitor schedule 3 life forever start-time now track 1 rtr 1 reachability track 2 rtr 2 reachability track 3 rtr 3 reachability
|
|
#
?
Mar 27, 2017 09:52
|
|
|
Anyone use ansible to manage arista/junos devices? I've done some work and even pushed some configs, but I'm not 100% clear on how to push a config based on an existing configuration. For example lets say I had a redistribution list that looked like this: pre:set protocols ospf export BGP-to-OSPF set policy-options policy-statement BGP-to-OSPF term AWS from protocol bgp set policy-options policy-statement BGP-to-OSPF term AWS from policy ALL-AWS-ROUTES set policy-options policy-statement BGP-to-OSPF term AWS then metric 20 set policy-options policy-statement BGP-to-OSPF term AWS then external type 2 set policy-options policy-statement BGP-to-OSPF term AWS then accept set policy-options policy-statement BGP-to-OSPF term OFFICES from protocol bgp set policy-options policy-statement BGP-to-OSPF term OFFICES from policy offices set policy-options policy-statement BGP-to-OSPF term OFFICES then metric 120 set policy-options policy-statement BGP-to-OSPF term OFFICES then external type 2 set policy-options policy-statement BGP-to-OSPF term OFFICES then accept What if I want to create a script to toggle the two metrics. i.e. if I ran the playbook right now it would find that AWS had metric 20 and Offices had metric 120, so after it ran AWS would have metric 120 and offices 20. Then if I ran it again, it would toggle back to what you see here. The piece I'm missing is how to examine the configuration it pulls and the swap the two numbers. pre:Work:playbooks $ cat get_config_login.pb.yaml
---
- name: Get config from Junos Lab devices
hosts: junos-lab
connection: local
gather_facts: no
roles:
- Juniper.junos
tasks:
- name: Get Junos Config
junos_get_config:
host: "{{ inventory_hostname }}"
dest: "{{ inventory_hostname }}.conf"
filter: policy-options
format: xml
I feel like this should be fairly straight forward, but seeing how someone else did it would be beneficial.
|
|
#
?
Mar 27, 2017 15:30
|
|
|
Ansible is idempotent so you should just be able to pass in the metric variables you want using the same script to deploy. The new values will overwrite the old.
|
|
#
?
Mar 27, 2017 16:02
|
|
|
Holy poo poo now Extreme have bought Brocade's networking division off of Broadcom. Edit: Sorry, datacenter networking. Thanks Ants fucked around with this message at 01:13 on Mar 30, 2017 |
|
#
?
Mar 30, 2017 01:11
|
|
|
Ahdinko posted:Also while you're there, throw some tracked routes in if you're wanting to use this as a backup line for your ASA. I like to do this method on ASA's that don't have dynamic routes from the ISP. Keep in mind that SLA responders don't work on the ASA if it's in multicontext mode.
|
|
#
?
Mar 30, 2017 03:42
|
|
|
Thanks Ants posted:Holy poo poo now Extreme have bought Brocade's networking division off of Broadcom. Yeah, that's three acquisitions in less than a year. I think they've identified a market that may be underserved and shifting their strategy. It looks like they're looking to have a unified solution (core, access and edge). As far as I know, all three of these acquisitions also included the engineering teams. Very interested to see where this all goes.
|
|
#
?
Mar 30, 2017 03:53
|
|
|
Does that include the vyatta stuff?
|
|
#
?
Mar 30, 2017 03:54
|
|
|
adorai posted:Does that include the vyatta stuff? I think that turned into the vRouter at Brocade. And since they had been positioning that as a Data Center router it probably was included.
|
|
#
?
Mar 30, 2017 04:01
|
|
|
psydude posted:Keep in mind that SLA responders don't work on the ASA if it's in multicontext mode. Thats a helpful tip, thanks. I guess I just hadn't noticed until now since all of our ASA's big enough to warrant running in multicontext have big 1Gb circuits on them that do OSPF or BGP peering.
|
|
#
?
Mar 30, 2017 11:51
|
|
|
I'm aware that I'm not the target market for them, but lol @ Meraki switch prices.
|
|
#
?
Mar 30, 2017 12:33
|
|
|
If you have an ASA read this: http://blogs.cisco.com/security/urgent-proactive-customer-notification-asa
|
|
#
?
Mar 30, 2017 22:16
|
|
|
inignot posted:If you have an ASA read this: lol
|
|
#
?
Mar 30, 2017 22:22
|
|
|
God damnit.
|
|
#
?
Mar 30, 2017 22:21
|
|
|
GreenNight posted:God damnit. Great. Wonderful. At least we have all the automation we used the last time we had to reboot or patch thousands of ASAs.
|
|
#
?
Mar 30, 2017 22:54
|
|
|
GreenNight posted:God damnit.
|
|
#
?
Mar 30, 2017 22:54
|
|
|
inignot posted:If you have an ASA read this: For once I'm happy that we're not at up to date code. These are the versions affected: 9.1(7.8) 9.2(4.15) 9.4(3.5) 9.4(4) 9.5(3) 9.6(2.1) 9.7(1)
|
|
#
?
Mar 31, 2017 06:04
|
|
|
I'm still waiting on my stack of routers from Cisco that has that bad timing part.
|
|
#
?
Mar 31, 2017 12:41
|
|
|
GreenNight posted:I'm still waiting on my stack of routers from Cisco that has that bad timing part. I haven't gotten anything but an automated response as of yet though for our pile, though we did have one fail in the manner described and got it RMAd the normal way  I'll laugh if they are half replaced by the time they actually send me poo poo.
|
|
#
?
Mar 31, 2017 16:13
|
|
|
This happened to us on Monday back before they made the bug public. It was pretty concerning watching them all fail not instantly, but in succession in the span of a couple of hours. I'm glad I thought to sanity check the network aspect from console because I was afraid it would end in a call to US-CERT.
|
|
#
?
Mar 31, 2017 23:43
|
|
|
At least this new ASA bug doesn't brick the box. On the other hand, it only seems to affect ASAs that are affected by the loving clock bug 
|
|
#
?
Apr 1, 2017 06:24
|
|
|
Is ISE a worthwhile product to look in to? I'm a sole admin, 25ish cisco network devices spread over 6 locations. Network administration is typically outsourced per hour and I'm trying to cut costs by doing more management myself, allowing for critical hardware upgrades to be purchased. Roughly 120 end points. Is ISE crazy overpriced, is it as lovely as Prime Infrastructure, or is this a good way to go?
|
|
#
?
Apr 1, 2017 14:57
|
|
|
Judge Schnoopy posted:Is ISE a worthwhile product to look in to? I'm a sole admin, 25ish cisco network devices spread over 6 locations. Network administration is typically outsourced per hour and I'm trying to cut costs by doing more management myself, allowing for critical hardware upgrades to be purchased. Roughly 120 end points. I love ISE, but for only 120 endpoints it's probably massive overkill. I wouldn't recommend it until you have a few thousand endpoints or you absolutely need some functionality in it that nothing else can provide. The common things like using it as your RADIUS server for 802.1x and the subsequent dynamic VLAN assignment can be done even by a Windows server running NPS. Also the ASA bug ID calls out the 5500-X but it definitely can affect the previous platform too.
|
|
#
?
Apr 1, 2017 15:55
|
|
|
ISE was going to cost me $50k or so. I went with Aruba Clearpass instead, it was only $11k. Professional services to implement were roughly the same.
|
|
#
?
Apr 1, 2017 16:23
|
|
|
|
| # ? Apr 23, 2024 22:11 |
|
|
If you get the VM version and a couple of 100 count licenses it'll cost you less than 10 grand. But I agree it might be overkill for less than 1000 endpoints.
|
|
#
?
Apr 1, 2017 19:41
|
|