|
Technically the BE6000/7000/4000 I guess. They’re usually written as BE6K etc.
|
#
?
Oct 7, 2018 15:13
|
|
|
|
| # ? Apr 26, 2024 16:58 |
|
|
10000 'series', although there was only ever a 10008 chassis. Strangely there was also a 10720 which had nothing to do with these, a 2RU box intended for providing connectivity between Ethernet and an OC-48 RPR/SRP ring.
Eletriarnation fucked around with this message at 15:58 on Oct 7, 2018 |
|
#
?
Oct 7, 2018 15:49
|
|
|
The 15454.
|
|
#
?
Oct 9, 2018 13:09
|
|
|
There was the GSR 12000 series. 12008/12012/12016, though I guess those aren't >three zeros, but still a thing v v
|
|
#
?
Oct 10, 2018 05:03
|
|
|
Is there a good resource anyone can recommend for learning EVPN concepts and deployment? I'm a Cisco-background guy if it makes any difference.
|
|
#
?
Oct 10, 2018 23:33
|
|
|
https://cumulusnetworks.com/lp/evpn-data-center-oreilly/
|
|
#
?
Oct 10, 2018 23:36
|
|
|
Thanks, that book is exactly what I needed! The foreword is really correct, Google searches were returning results too complex for me.
|
|
#
?
Oct 11, 2018 19:37
|
|
|
Does anybody know if it’s a good idea to split a 7 AP Aruba Instant cluster across two sites linked via a VPN? Or should I run one cluster per location and manage them separately? There’s not going to be the possibility of roaming from one site to the other, they’re about 20ms apart, and I assume that no actual user traffic would traverse the link. Trying to avoid having to manually sync changes between two instances. Edit: I have answered my own question and it doesn’t seem like IAPs can even be told where to look for a controller - if they can’t see it on the same L2 domain then they don’t want to know. Thanks Ants fucked around with this message at 14:12 on Oct 12, 2018 |
|
#
?
Oct 12, 2018 11:33
|
|
|
yeah don’t extend the LAN past “local”. I’m guessing Aruba uses bonjour or Another broadcast/multicast announcement protocol.
|
|
#
?
Oct 12, 2018 18:09
|
|
|
Thanks Ants posted:Does anybody know if it’s a good idea to split a 7 AP Aruba Instant cluster across two sites linked via a VPN? Or should I run one cluster per location and manage them separately? I have an aruba wireless controller ( i don't use it ). 1) the APs can be configured over layer 3. No worries there. DHCP option or DNS. 2) You can separate two controllers in a single controller across layer 3. I did not do this myself but was assured it is possible. They sync config and APs can be configured to register to either.
|
|
#
?
Oct 12, 2018 23:44
|
|
|
There is no reason why any modern wireless setup would require layer2 adjacency. It's an obsolete concept tbqh.
|
|
#
?
Oct 16, 2018 18:10
|
|
|
I’m happy for them to throw some artificial limitations into Instant because it’s dirt cheap and I can always move to Central or a controller if I’m that fussed about it. Currently this is two sites so managing the tiny number of changes I might need to make in both places isn’t the end of the world. Any more locations and I’ll move up the product range. I have a couple of APs that haven’t been installed yet as they are waiting for the fitout to complete, so I might try pointing them at the current Instant setup with DHCP options and see what happens.
|
|
#
?
Oct 16, 2018 18:34
|
|
|
I'm turning up some new circuits to an ISP, going ot be speaking BGP and taking full tables. Which type of connectivity would you choose, and why? There are also a few other options, but I'm limited to terminating the ISP circuits on the actual routers, not through my "core" switches. There are 4 total 10G links and each of those routers has another 20G port-channel to a different provider. The 10G links are local to the facility, so the odds of something happening ot the physical links are lower then losing the BGP adjacency because of provider maintenance etc. 
|
|
#
?
Oct 18, 2018 15:30
|
|
|
I would just ECMP and not rely on MLAG.
|
|
#
?
Oct 18, 2018 20:50
|
|
|
tortilla_chip posted:I would just ECMP and not rely on MLAG.
|
|
#
?
Oct 18, 2018 20:56
|
|
|
Multipath routing > multipath switching
|
|
#
?
Oct 18, 2018 21:10
|
|
|
I'd prefer #1 just to avoid any MLAG junk, just leave it as a regular port-channel. Also, depending on your business, I actually like port-channel here. For defending against DDoS, I'd rather have a logical 20Gb circuit that's always ~balanced than two 10Gb circuits. Is there a line between your edge routers (iBGP)? If not, then #2 might be better, since an individual upstream switch/router failure doesn't mean one of your routers loses that ISP's routes. Or just set up iBGP so that if Edge1 loses connectivity to ISP1, it can hand the traffic off to Edge2.
|
|
#
?
Oct 18, 2018 21:47
|
|
|
tortilla_chip posted:I would just ECMP and not rely on MLAG. Agreed, but we will only have 2 bgp neighbors, so I'd have to do some kind of ECMP with static routes for each link. Which might not be the worst. With the new routers (MX204's) I'm putting in, I could just have 4 eBGP neighbors for each  madsushi posted:I'd prefer #1 just to avoid any MLAG junk, just leave it as a regular port-channel. madsushi posted:Is there a line between your edge routers (iBGP)? If not, then #2 might be better, since an individual upstream switch/router failure doesn't mean one of your routers loses that ISP's routes. Or just set up iBGP so that if Edge1 loses connectivity to ISP1, it can hand the traffic off to Edge2. The edges aren't ibgp neighbors. They are BGP neighbors with the core switches though and each edge router can handle the full maximum load (40G) by itself, if two routers are up, then each only has to handle 20G max, so a total ISP loss isn't a problem. If the router loses both ISPs it won't be advertising the default anymore, so it won't take any traffic.
|
|
#
?
Oct 19, 2018 16:01
|
|
|
ate poo poo on live tv posted:The edges aren't ibgp neighbors. They are BGP neighbors with the core switches though and each edge router can handle the full maximum load (40G) by itself, if two routers are up, then each only has to handle 20G max, so a total ISP loss isn't a problem. If the router loses both ISPs it won't be advertising the default anymore, so it won't take any traffic. It's more about : ISP1 has a good route to users in Florida, ISP2 has an ~okay route to users in Florida. If Edge1's connection to ISP1 is down, it still gets half the traffic (advertising default to core) but can't take the better route to Florida. Not as important if your transit is ~equal but if your transit is ~equal then why take full tables? Anyway just a thought. A lot of times transit is transit so it's fine either way.
|
|
#
?
Oct 20, 2018 00:51
|
|
|
See and I would have gone for the vPC/SMLT or whatever just to mitigate equipment issues - but yeah each mfr and equipment varies in its ability to balance and direct that traffic. That being said you can still arrange and route the traffic over a disparate topology so I having resilience in your pay isn’t a bad thing.
|
|
#
?
Oct 20, 2018 00:55
|
|
|
Man, these tariffs are going to gently caress everything in tech bad it feels like. Ordered a pair of cat9ks like 3 months ago, still don't have them, don't know if we're going to get them in the October shipment.
|
|
#
?
Oct 20, 2018 01:11
|
|
|
madsushi posted:It's more about : Full tables is important for me because I sometimes have to force traffic to go over one provider or another in order to avoid over-saturation of the link (some of our larger Datacenters will regularly exceed 20Gbs out.)
|
|
#
?
Oct 20, 2018 04:42
|
|
|
I have a 3750G-48TS switch and I’m trying to connect to it using an RJ45 console to usb rollover so I can use Putty. Where can I find the drivers to make this work? The Cisco website is no help. Can’t see any com ports either.
|
|
#
?
Oct 21, 2018 18:55
|
|
|
USB serial drivers come from the manufacturer of the USB cable. They're almost always the same chipset though. There are some Cisco boxes that do have USB natively - asr920 strangely uses a USB a to USB a cable. In those cases Cisco will have a driver.
|
|
#
?
Oct 21, 2018 19:14
|
|
|
Is there any way to do RJ45 to RJ45?
|
|
#
?
Oct 21, 2018 19:26
|
|
|
Unsure what you mean. The rj45 port on the Cisco side speaks rs232 serial, you could wire it using any connector you want as long as the correct pins land on the Z end and it understands rs232. If you want to make it easy, get something like this: https://www.amazon.com/dp/B01AFNBC3K/
|
|
#
?
Oct 21, 2018 19:44
|
|
|
falz posted:Unsure what you mean. The rj45 port on the Cisco side speaks rs232 serial, you could wire it using any connector you want as long as the correct pins land on the Z end and it understands rs232. No that's what I've got, thanks though that makes sense.
|
|
#
?
Oct 21, 2018 19:50
|
|
|
madsushi posted:I'd prefer #1 just to avoid any MLAG junk, just leave it as a regular port-channel. 2 10Gb circuits between the same devices will balance the same as a 2x10 PC unless there's some platform out there which uses different 5-tuple load balancing for PC versus ECMP (I can't think of any). BFD (if your provider will do it, not a bad idea if you know there are L2 switches in the path) may have issues over LACP depending on platforms involved.
|
|
#
?
Oct 22, 2018 01:13
|
|
|
ate poo poo on live tv posted:I'm turning up some new circuits to an ISP, going ot be speaking BGP and taking full tables. Which type of connectivity would you choose, and why? Either option will work, you'll have better failover performance if you channel between the ISP switches as the BGP peers will, theoretically, both always be accessible. That's the way I would do it. The fact that the ISP is using MLAG on the switches is neither here nor there imo, MLAG for layer 2 works fine and you're going to be doing a portchannel either way.
|
|
#
?
Oct 22, 2018 01:36
|
|
|
ragzilla posted:2 10Gb circuits between the same devices will balance the same as a 2x10 PC unless there's some platform out there which uses different 5-tuple load balancing for PC versus ECMP (I can't think of any). BFD (if your provider will do it, not a bad idea if you know there are L2 switches in the path) may have issues over LACP depending on platforms involved. I've seen cases where the upstream ISP won't install multiple routes, so they just send all your traffic down one link (whichever BGP selects) instead.
|
|
#
?
Oct 22, 2018 02:59
|
|
|
DigitalMocking posted:Man, these tariffs are going to gently caress everything in tech bad it feels like. We've recently discovered as a VAR in Canada that if we sell something to a customer in the US, the gear gets hit by the tariff twice. Once when it goes China -> US -> Canada, and once when it goes back into the US. In a trade war, nobody wins.
|
|
#
?
Oct 22, 2018 09:47
|
|
|
That sounds...wrong. Can the stuff not live in a bonded warehouse in the US until it's re-exported to Canada?
|
|
#
?
Oct 22, 2018 19:38
|
|
|
madsushi posted:I've seen cases where the upstream ISP won't install multiple routes, so they just send all your traffic down one link (whichever BGP selects) instead. One of our providers does that. We have two routers and two bgp sessions to them, all inbound comes to a single router.
|
|
#
?
Oct 24, 2018 18:25
|
|
|
ate poo poo on live tv posted:One of our providers does that. We have two routers and two bgp sessions to them, all inbound comes to a single router. My "solution" for that was to send them smaller routes (/25s or /26s) with no-export attached from each router (0/25 from one and 128/25 from the other) to force them to split it. But yeah, it happens.
|
|
#
?
Oct 24, 2018 23:15
|
|
|
Anyone have firmware for a UC 560: UC560-8.6.2.zip? They don't sell them or support them anymore so we can't purchase the entitlement to download the software and I can't find it anywhere. I made a TAC case that was spectacularly unhelpful. Edit: escalated to Entitlements team, all set! Sterling_Archer fucked around with this message at 22:53 on Nov 1, 2018 |
|
#
?
Nov 1, 2018 22:43
|
|
|
I'll ask a question that me and about 5 other people are stuck on. Using Cisco wireless controllers with APs in flexconnect. We want to block all traffic from the flex AP leaving a campus except CAPWAP marked IP Precedence 6. Everything works fine on a AP3802 because CAPWAP management and RADIUS are marked on the AP as IPP 6. On a 3702, everything is marked IPP 6 except the RADIUS packet, they are IPP 0. We are trying to figure out how to get those CAPWAP encapsulated IPP0 RADIUS frames to the WLC while still blocking IPP0. Seems impossible without layer 7 inspection. Edit: I have considered marking all client traffic at IPP 1 so that the RADIUS packet will be the only IPP 0 packet, but I dont think it's possible on the AP config Sepist fucked around with this message at 00:01 on Nov 7, 2018 |
|
#
?
Nov 6, 2018 23:58
|
|
|
Can you not do an edge acl that permits SIP DIP with IPP0 for your RADIUS traffic, and then a permit for IPP6?
|
|
#
?
Nov 7, 2018 00:15
|
|
|
Its inside a CAPWAP tunnel so it shares source and destination with all the junk traffic
|
|
#
?
Nov 7, 2018 00:17
|
|
|
Ouch yeah it looks like the CAPWAP header is encrypted so it's a tunnel policy or nothing. https://tools.ietf.org/html/rfc5415#section-4
|
|
#
?
Nov 7, 2018 00:40
|
|
|
|
| # ? Apr 26, 2024 16:58 |
|
|
Ah I was able to figure it out. Looks like the WLC source radius packets are all CS4 even if AP is CS0, moving the ACL to the data center and only allowing CS4 and CS6 works in my tests. Thanks for looking into it though.
|
|
#
?
Nov 7, 2018 15:52
|
|