|
ragzilla posted:Is this a compliance thing? It's compliance thing, but it's also triggering on other, useful things, like SSH. In addition, the client likes to keep silly insecure things like "web access" available for Reasons, even if they don't make any sense to me.
|
# ? Jan 23, 2018 15:21 |
|
|
# ? Mar 29, 2024 14:39 |
|
What does the web access even look like on IOS? I presume it's loving terrible like most of Cisco's other attempts at a web UI.
|
# ? Jan 23, 2018 17:57 |
|
Thanks Ants posted:it's loving terrible
|
# ? Jan 23, 2018 19:25 |
|
I've never seen a Cisco web UI that isn't predicated on java 6.
|
# ? Jan 23, 2018 19:30 |
|
A lot of the Telepresence stuff has web UIs that are pretty easy to look at and use.
|
# ? Jan 23, 2018 19:34 |
|
MF_James posted:
|
# ? Jan 23, 2018 19:48 |
|
Hypnobeard posted:It's compliance thing, but it's also triggering on other, useful things, like SSH. In addition, the client likes to keep silly insecure things like "web access" available for Reasons, even if they don't make any sense to me. Ssh uses keys not certificates, which can be (re)generated using (conf mode) code:
|
# ? Jan 24, 2018 02:11 |
|
Thanks Ants posted:What does the web access even look like on IOS? I presume it's loving terrible like most of Cisco's other attempts at a web UI. It's basically an ad for their add-on (pay us more money) UI. Does anyone buy that? Here's a screenshot of what happens when you log in with an admin account to a Catalyst 4500...
|
# ? Jan 24, 2018 03:59 |
|
ragzilla posted:Ssh uses keys not certificates, which can be (re)generated using (conf mode) Not sure about zeroizing, but you can safely generate a new SSH key over ssh.
|
# ? Jan 24, 2018 20:05 |
|
ragzilla posted:Don’t do this over ssh, because, reasons. I don’t know if this will also fix https but it might. Because of this I have a script that enables telnet on vty 0 when someone forgets to generate the key but deploys a switch with SSH set for input. I've never had it cut me off changing the key while connected or changing line input but I'm sure it does.
|
# ? Jan 25, 2018 00:31 |
|
Hey nerds I'm back to ask for another book recommendation. Is there a better OSPF book than this ancient tome? https://www.amazon.com/OSPF-Anatomy-Internet-Routing-Protocol/dp/0201634724 I've been super impressed with the BGP books of similar vintage so the age doesn't scare me off. Just want to make sure no one has bothered to write something better in the intervening 20 () years
|
# ? Jan 25, 2018 03:17 |
|
OSPF and ISIS by Jeff Doyle
|
# ? Jan 25, 2018 03:24 |
|
Docjowles posted:Hey nerds I'm back to ask for another book recommendation. Is there a better OSPF book than this ancient tome? https://www.amazon.com/OSPF-Anatomy-Internet-Routing-Protocol/dp/0201634724 Publisher: Addison-Wesley Professional; 1 edition (February 12, 1998)
|
# ? Jan 25, 2018 03:25 |
|
Methanar posted:Publisher: Addison-Wesley Professional; 1 edition (February 12, 1998) For IPv4 OSPF hasn't changed since 1998. There were some updates rolled into the spec around 2008 or 2009, and I'm almost certain the only changes were to accommodate IPv6.
|
# ? Jan 25, 2018 03:31 |
|
If you want the nitty gritty, the Moy book is good. If you want more practical, I've always liked Routing TCP/IP: https://www.amazon.com/Routing-TCP-IP-1-2nd/dp/1587052024 Covers the IGPs: RIP, OSPF v2 and v3, IS-IS, and more general stuff (route maps). I have a copy of this and it's good. e: looks like the same author (Doyle) as the "OSPF and IS-IS" book recommended above. madsushi fucked around with this message at 04:04 on Jan 25, 2018 |
# ? Jan 25, 2018 03:53 |
|
+1 for Routing TCP/IP. We have a copy of that book in the office that people reference daily. I'm seriously thinking about fabricating up a little stand and spotlight for it.
|
# ? Jan 25, 2018 04:04 |
|
Thanks as always, goons
|
# ? Jan 25, 2018 04:24 |
|
Holy poo poo I need some help here. I have a loving old rear end Brocade switch (running FW 7.0.0) that a co-worker did not save the config on like a year ago when he configured it, well it finally lost power and lost the configuration for a port that's the trunk port off of our firewall, he didn't document his config nor does he remember how he did it. I've mostly got it correct, but I can't for the life of me figure out how to turn the port into a trunk port or at least ciscos version of a trunk port. Is dual-mode Brocade speak for trunk port? It seems like it is, but I'm not entirely sure. Their actual trunk command seems more like Cisco's port-channel group, though I'm having issues finding documentation on this old OS version, there's a bunch of poo poo I'm finding that is not actually applicable because the commands just do not exist. MF_James fucked around with this message at 21:31 on Jan 25, 2018 |
# ? Jan 25, 2018 21:27 |
|
switchport mode trunk? Is this a FastIron or something else?
|
# ? Jan 25, 2018 21:57 |
|
Thanks Ants posted:switchport mode trunk? Is this a FastIron or something else? Just figured it out, dual-mode is trunk mode, it's an FCX648S, which runs fastiron, I think, it's v7.0.0, so seems somewhat old. I'm not sure according to the login it does run fastiron, but half of the commands I found documented online are totally different in the switch, it's awful, but I was right, dual-mode = cisco trunk mode and trunk mode is actually port-channels, loving dumb. Half of the commands on the switch are straight ripped from IOS, the rest are differently named or named the same but do different stuff.
|
# ? Jan 25, 2018 22:12 |
|
dual-mode 123 is basically the equivalent of switchport trunk native vlan 123. It tells the port to treat untagged frames as belonging to vlan 123.
|
# ? Jan 25, 2018 22:30 |
|
If in doubt, smash the tab key and the question mark and fluff your way through
|
# ? Jan 25, 2018 22:50 |
|
Thanks Ants posted:If in doubt, smash the tab key and the question mark and fluff your way through That's what I did. Docjowles posted:dual-mode 123 is basically the equivalent of switchport trunk native vlan 123. It tells the port to treat untagged frames as belonging to vlan 123. Yeah. The REALLY annoying thing is that you cannot dual-mode a port without tagging a VLAN on it first, I didn't think about it at first, but I was like Ok that's fine, weird, but fine. #tag int e 1/1/1 --- Connection lost ---- fuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuck Yeah so doing that on my only connection into the environment was a bad idea. Thankfully just had them boot the switch and I configured the only other open port, but it's just a weird thing, you have to tag a VLAN on the port, then you can dual-mode (trunk) the port and it'll be happy again.
|
# ? Jan 26, 2018 00:44 |
|
MF_James posted:brocade is trash lmao Agreed
|
# ? Jan 26, 2018 01:58 |
|
Trying to figure out which product is with which company now is like following the ball under some cups. I think Qualcomm bought them and then instantly sold off a load of the product ranges to companies that more or less denied knowledge of the products existing and decided that was now their internal IP. It's like a clown running through a minefield.
|
# ? Jan 26, 2018 02:55 |
|
I have mixed feelings about Junos ELS. Standardizing things across the board is great, but loving change.
|
# ? Jan 26, 2018 04:16 |
|
Thanks Ants posted:Trying to figure out which product is with which company now is like following the ball under some cups. I think Qualcomm bought them and then instantly sold off a load of the product ranges to companies that more or less denied knowledge of the products existing and decided that was now their internal IP. It's like a clown running through a minefield. It's not super hard. If it pushes IP packets it's Extreme, if it pushes FC frames it's Broadcom. If it runs in a VM it's irrelevant since AT&T killed the public versions.
|
# ? Jan 28, 2018 19:07 |
|
Cross-post, not a question but ya'll will find it relevant: I've just checked our main edge ASA 5555-X's and they're running fuckin 9.5
|
# ? Jan 30, 2018 01:51 |
|
^^ Thanks for posting, sucks to be my engineers ^^FatCow posted:Mine are 10U, but they need to be one screw (1/2") off from the proper boundaries in order for the holes in the rails to line up. After a month of back and forth and 2 trips to our office by a TAC escalation manager (RTP, NC supremacy) Cisco accepted that we understand EIA racks and that their rails are incorrectly designed. They are stamping new rails for the ASR 9006 and we're getting a few dozen next week. If you actually want your ASRs to rack properly you're going to need one of the new rails. PM me and I'll give you enough info for your sales team to find the TAC case. ed: We've been running 9.6.3(8) on our 5555-Xs with no problems. We'll likely patch tonight to (20). FatCow fucked around with this message at 02:52 on Jan 30, 2018 |
# ? Jan 30, 2018 02:26 |
|
Lmao how the gently caress is making rails a challenge.
|
# ? Jan 30, 2018 03:23 |
|
A dimwit (me) who really should know better entered this into a 2960S's remote console session while in conf t: The site's primary router was connected to port 2 code:
I am a Cisco nubcake.
|
# ? Jan 30, 2018 12:51 |
|
reload in blah Commit confirm is superior
|
# ? Jan 30, 2018 12:52 |
|
Thanks Ants posted:reload in blah pro-tip
|
# ? Jan 30, 2018 13:05 |
|
Jamsta posted:A dimwit (me) who really should know better entered this into a 2960S's remote console session while in conf t: I've probably told this story before but in my last job I worked with FortiGate firewalls a lot, much more than I did with Cisco gear. With the FortiOS CLI if you type "show" or "sh" in configuration context it will output the current config for whatever node you're editing. Anyway one day we were having issues with internet at the office so I SSH'd to the 2911, enter "conf t", "int gi0/0" and then suddenly muscle memory kicks in and I instinctively enter "sh" to try and show the current interface config. Down goes the inside interface and everyone's internet drops out along with my SSH session. I brought it back up in ~5 minutes via console but it was still embarrassing as hell. Pile Of Garbage fucked around with this message at 14:30 on Jan 30, 2018 |
# ? Jan 30, 2018 14:27 |
|
Yuuuuup I've done that
|
# ? Jan 30, 2018 16:11 |
|
That and the inadvertent right click inside a PuTTY session.
|
# ? Jan 30, 2018 16:22 |
|
It's why I always switch Putty to right-click-menu.
|
# ? Jan 30, 2018 16:29 |
|
It's funniest when you accidentally paste passwords into IRC.
|
# ? Jan 30, 2018 16:29 |
|
Middle-click paste is the correct
|
# ? Jan 30, 2018 16:29 |
|
|
# ? Mar 29, 2024 14:39 |
|
cheese-cube posted:It's funniest when you accidentally paste passwords into IRC. Good old Hunter2
|
# ? Jan 30, 2018 22:58 |