|
There's also plenty of unbranded transceivers that used to work in older switches, that don't get recognised in newer ones. Even with the hidden command. Eg a gigabit single mode SFP that works in a 3750 GE port but not in a 3850.
|
#
?
Mar 1, 2019 22:25
|
|
|
|
| # ? Apr 26, 2024 11:57 |
|
|
I've got a very annoying problem that will be resolved with a code upgrade and reboot soon but in the meantime messages are spamming my syslog like crazy. Specifically this message: Local7.Notice x.x.x.x COUNTER: DATE TIME: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor x.x.x.x (VlanX) is up: new adjacency Then the same thing with a is down: Peer Termination received I've tried making a logging discriminator but cant seem to get the drat thing to stop filling up my syslog. I tried this: logging discriminator EIGRPMSG facility drops DUAL severity drops 5 mnemonics drops NBRCHANGE logging console discriminator EIGRPMSG logging monitor discriminator EIGRPMSG logging buffered discriminator EIGRPMSG If I do a show log I dont see the messages anymore but I still see them in my syslog. Do I need to do something else to stop these from getting sent out? EDIT: Added logging host x.x.x.x discriminator EIGRPMSG thinking that would stop it from sending to syslog server but still no luck. BaseballPCHiker fucked around with this message at 17:07 on Mar 11, 2019 |
|
#
?
Mar 11, 2019 16:52
|
|
|
BaseballPCHiker posted:I've got a very annoying problem that will be resolved with a code upgrade and reboot soon but in the meantime messages are spamming my syslog like crazy. I had trouble doing my own discriminator using mnemonics, and had better luck with msg-body instead. I did this for blocking dot1x logs instead: 'logging discriminator AuthFail msg-body drops Authentication failed for client' Although I never tested this on logging to a syslog server, just on the buffer. Couldn't you also just set your syslog server to drop that message? You can also disable logging of neighbour changes and warnings under the eigrp process but you might lose useful information doing that uhhhhahhhhohahhh fucked around with this message at 00:53 on Mar 14, 2019 |
|
#
?
Mar 13, 2019 13:56
|
|
|
I have a kind of stupid and probably simple problem, just don't want to open up a TAC case yet.. I have 7 48 port catalyst's in a flex stack. Every couple of days a few ports randomly die and provide limited connectivity according to windows. Lately I've just been shutting and unshutting the interfaces and it fixes it. sh int status shows that its connected and i can see which MAC address is connected to it.. I really wonder if its a Windows thing since i've been seeing windows 10 set our wireless network to 'unidentified' until the adapter is repaired recently. But has anybody had to play weird interface whack a mole with catalysts? I checked the flex stack status and it all checks out. e: id also like to take a moment to say that iOS would be cooler if you could set config changes and then just apply them rather than the 'instantly apply!!' behavior. We're setting up a new vlan at this site because we need to re-ip them with minimal downtime. Sitting around changing access vlans as the sys admins change the statics on our servers and printers 1 by 1 is loving tedious, since we're not ready to fully cut over to the new vlan I can't just apply them to all access ports. Would be nice to modify the config, and just jump on to apply the config rather than sitting there the entire change period tonight. Tetramin fucked around with this message at 16:59 on Mar 13, 2019 |
|
#
?
Mar 13, 2019 16:54
|
|
|
You could work on the config offline and then tftp the completed thing over to the switch and do configure replace. Does sh int status err-disabled give you anything when these ports are down?
|
|
#
?
Mar 13, 2019 18:04
|
|
|
Tetramin posted:e: id also like to take a moment to say that iOS would be cooler if you could set config changes and then just apply them rather than the 'instantly apply!!' behavior. Have you looked at options like Ansible/NAPALM for making the change, or for the old way, doing a ‘copy <src> running’ to merge configs.
|
|
#
?
Mar 13, 2019 18:07
|
|
|
Our current model desk phones are the 7942g which is 10/100 switch inside. What's the cheapest gig phone that looks similar? 7945?
|
|
#
?
Mar 14, 2019 22:06
|
|
|
GreenNight posted:Our current model desk phones are the 7942g which is 10/100 switch inside. What's the cheapest gig phone that looks similar? 7945? Yeah probably. The 8 series models are more reliable IME but like quadruple the price of the 7945 so I’d go with that on a tight budget.
|
|
#
?
Mar 15, 2019 00:31
|
|
|
We buy all our phones refurbished. Hard to beat a $75 7945.
|
|
#
?
Mar 15, 2019 00:48
|
|
|
Man I wish we could do that for replacements. Our IPT bucket for random replacements and poo poo is 10k, I have like 5 requests for 8811 replacements and a few requesting new 8961s... that’s gonna eat up most of our phone budget and it’s only March.
|
|
#
?
Mar 15, 2019 00:56
|
|
|
We've been getting 7942's for everyone for a long rear end time. We're only getting 7945's for the CAD users now, but that'll be our new default moving forward.
|
|
#
?
Mar 15, 2019 00:58
|
|
|
As I’ve said about a million times they are end of life - UCM 14+ will not support any model that is past end of support dates so you’re doing yourself a disservice. 8811s are $120 or less in bulk, they support ECHDE and are patched and secure. The amount of screaming from people having to go back and replace their old poo poo physically, with that taking time to budget for and actually do, is ever increasing. Totally makes no sense to continue to buy old trash. You can nose down to 7821/41/61 for budget as well though they feel cheaper than the 8800, or roll Jabber. Lots of options that are not penny wise and pound foolish putting yourself in a corner later. Partycat fucked around with this message at 01:09 on Mar 15, 2019 |
|
#
?
Mar 15, 2019 01:05
|
|
|
Don't care if we have to throw out 100 $25 phones whenever we get to UCM 14 in 5 years. Not a problem. We do have Jabber, which we just upgraded tonight to support multiline capabilities for our call center so they can get off the old Cisco softphones.
|
|
#
?
Mar 15, 2019 01:56
|
|
|
Partycat posted:As I’ve said about a million times they are end of life - UCM 14+ will not support any model that is past end of support dates so you’re doing yourself a disservice. This guys environment is still running CAD lol. They’re not getting anywhere close to current for a very very long time. E: I’ve convinced the bosses to get uccx for the 25 person call center at a recent acquisition, which is our only choice to replace their current functionality. Our CTO is loving making GBS threads himself at what were about to pay, but long term I guess it’s cheaper than paying for their PRIs. Tetramin fucked around with this message at 02:04 on Mar 15, 2019 |
|
#
?
Mar 15, 2019 02:01
|
|
|
Uhh when I said CAD I mean like Solidworks and AutoDesk not Client Agent Desktop. We're on UCM 12.1. We have UCCX, Unity, Jabber, Cisco Webex end points, we're a hardcore Cisco shop. Umbrella, Sourcefire, ESA, Meraki, etc etc etc.
|
|
#
?
Mar 15, 2019 02:07
|
|
|
Oh lol. Years dealing with phones makes me associate with Cisco agent desktop, especially because you brought it up while talking about 7942s
|
|
#
?
Mar 15, 2019 02:08
|
|
|
No , we shitcanned that years ago and migrated to Finesse. We use Cisco softphones which we're gonna be migrating to Jabber multiline for our 25 person call center.
|
|
#
?
Mar 15, 2019 02:09
|
|
|
ate poo poo on live tv posted:Yea that's kind of the feeling I get. If you are doing a phone screen for a Network Engineer (senior or not), he should know that OSPF has area's, it uses LSA's to build the Shortest Path Tree, and that it is a common IGP, but by no means the only IGP. If you want to really tech an engineer out, BGP is where you should be focusing. But there is only so much you can do over the phone in the first place. Apologies for the necropost, but tech interview talk is extremely interesting to me. I participate in on average, 1 interview call per week and am usually the routing & switching guy on those calls, and the positions are for various levels of Information Security Engineer for Individual Contributer and Manager roles. The 1st round interview for us isn't primarily in establishing the actual technical knowledge level of the candidate, it's testing for:
Experiencing the candidate's thought process when figuring out an answer that they don't immediately know (such as the prior great example of asking what IP header fields change per layer 3 hop ... an answer of "well, the TTL will change and I guess that might make the checksum need to be recalculated but I'm not positive if that's the case" is a pretty thoughtful answer in our world). Giving the candidate an opportunity to bullshit confidently, vs flat out saying they don't know, vs saying they aren't sure, but going down a trail where they honestly state their level of uncertainty and then explore out loud for the answer. Some other things that we do that I am a little more skeptical of the effectiveness are creating stress in the interview to see how they react, proving them wrong in an answer and seeing how they react (too defensive, too passive, etc), and asking questions about serious edge cases to see if they answer definitively that some edge case that actually exists (TCP simultaneous open) is impossible, vs saying that they are unaware of it. Some of my favorite actual "test their knowledge" questions are:
What is the difference between a BGP community and a BGP confederation? Questions mixing prepends, local prefs, and more specific prefixes and asking which announcement will actually be preferred for traffic. Describe the netflow entries that a router will create as an HTTPS session passes bidirectionally through it. Describe how that behavior changes if the router is performing 1:1000 sampling on the interfaces and the session consists of 100 packets per direction. These are probably pretty inadequate for latter stage interview questions, but they help us weed out some of the total disasters.
|
|
#
?
Mar 15, 2019 03:26
|
|
|
My company bought me a VIRL subscription, but I'm a little lost on how to get started. Is there a good resource for test labs that I can get for free? Should I just build the TSHOOT topology from Cisco (they have it online for free) or do something else? I did have this link already in my bookmarks, so I'll see if it all works: https://gitlab.com/jean-christophe-manciot/gns3--labs-collection Bigass Moth fucked around with this message at 14:18 on Mar 15, 2019 |
|
#
?
Mar 15, 2019 14:09
|
|
|
Ginger Beer Belly posted:These are probably pretty inadequate for latter stage interview questions, but they help us weed out some of the total disasters. What would you consider good latter stage questions for these positions? I'm not a full time network guy so I'm just curious and don't really have a frame of reference. I at least understand everything you asked about in your examples, though I'd probably fail the interview based on my (lack of) depth in several of the areas 
|
|
#
?
Mar 15, 2019 14:28
|
|
|
Bigass Moth posted:My company bought me a VIRL subscription, but I'm a little lost on how to get started. Is there a good resource for test labs that I can get for free? Should I just build the TSHOOT topology from Cisco (they have it online for free) or do something else? Checkout GNS3's site for some ideas as well.
|
|
#
?
Mar 17, 2019 10:41
|
|
|
Docjowles posted:What would you consider good latter stage questions for these positions? I did a FANG round recently, there were definite themes at the onsite. What would be faster transferring a large file from US to EU: TFTP, FTP, or SCP? UDP vs TCP Explain TCP sequence numbers and acknowledgement How does window scaling work? Explain TCP session bandwidth as a function of window size, RTT Cut through vs. store and forward Discuss platform concerns for a distributed DC footprint, how do you interconnect them? Add a customer edge, iterate Packet walk ingress to egress on a modern platform * where are headers processed? * re-encapsulation? * ACLs? * forwarding resolution for a prefix -> NH -> interface. What if ECMP? What if ECMP contains LAGs? How does TCAM work? LPM vs LEM forwarding Cut through vs. store and forward (in relation to packet walk) * if CRC is bad, where do you drop? How would you build a DC fabric and backbone. What do you carry in IGP? NH concerns. iBGP: RR vs confederations, NH-self eBGP in fabric: re-use of private as. allow-as in. Backbone: where do you remove private AS? RSVP-TE: how do you do constraints? Auto-BW oscillation concerns? Link coloring. SRLGs. What prefixes to you include in IGP for iBGP in backbone (loopbacks only is the only thing to scale) What fiber type would you choose for building a data center? Given a magic library, write code to copy a file and upgrade 100 routers.
|
|
#
?
Mar 17, 2019 15:18
|
|
|
Ginger Beer Belly posted:Some of my favorite actual "test their knowledge" questions are:
|
|
#
?
Mar 17, 2019 18:33
|
|
|
adorai posted:On this subject, I think my interviewing strategy is similar, though not identical to yours. I don't find a lot of utility in looking for specific pieces of knowledge. Obviously there is some base level of knowledge a candidate should have, commensurate with their experience, but not knowing some specific piece of trivia is not really a bid deal, especially if it is the kind of thing an experienced candidate can figure out in a short amount of time using google. When I interview someone, I try to vet what they said they know to weed out bullshitters, I try to gauge their thought process, and determine if I think they can figure things out and learn independently. None of this is specific to networking, but any IT position we are interviewing for. It's extremely tempting, especially early in one's career, to try to see if the candidate has learned the same lessons we have, or has come to the same conclusions that we have, or even to egotistically turn the interview into an opportunity to boost our own ego by asking the candidate to recite facts that we've picked up, or lessons that we've learned, resulting in broadcasting to our peers on the interview how smart and experienced we are, without helpfully contributing to the evaluation of the candidate. The most illuminating questions that I ask tend to be of the "tell me of a problem you've solved that you're the most proud of, and then let us ask you to dig deeper into details about it" sort. You both get to assess the passion of the individual, as well as let them demonstrate their expertise in what they find important, rather than what the interview team is looking for. With this, you can tell if someone is an expert in anything at all, and potentially just not aligned with your particular area, vs being someone that simply has no depth at all.
|
|
#
?
Mar 18, 2019 05:02
|
|
|
Great. https://www.bleepingcomputer.com/news/security/cisco-fixes-high-severity-vulnerabilities-in-ip-phone-77800-8800/
|
|
#
?
Mar 21, 2019 18:44
|
|
|
Seems like it would require you to not segregate your phones from the rest of your network for that to be expoitable
|
|
#
?
Mar 21, 2019 21:51
|
|
|
Internal vectors are a thing a lot of places neglect. These phones also run remote over TLS, and with firmware for broadsoft and similar platforms so if you don’t turn that web server off it could be anywhere. Unfortunately too much info comes from that web server instead of from the registrar so a lot of things depend on it being enabled. Lame.
|
|
#
?
Mar 22, 2019 00:01
|
|
|
Cisco announced the new 802.11ax APs https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access-points/datasheet-c78-741988.html https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access-points/datasheet-c78-741989.html Interesting that the lower model with 4x4 radios supports UL-OFDMA but the 8x8 will probably need a software update in the future Also unrelated but it looks like 802.11be is a contender for the next wireless protocol after ax. It operates in the millimeter band and may potentially be the first full-duplex wireless standard. Also does 30gbps
|
|
#
?
Mar 22, 2019 18:18
|
|
|
But how many cancers per second?
|
|
#
?
Mar 22, 2019 19:52
|
|
|
GreenNight posted:But how many cancers per second? 42 Also turns out the 9117 is using a draft chipset that wont be upgradeable, so it will never support UL-OFDMA. That product is basically a non starter. Surprised Cisco disclosed that info to me
|
|
#
?
Mar 22, 2019 20:19
|
|
|
I'm installing around 60 Meraki MR52's and 33's in a few weeks when I'm back from vacation. Joy!
|
|
#
?
Mar 22, 2019 20:24
|
|
|
Using a 5500 wireless controller. Trying to move a network from Vlan 1 to 10, have the switchports trunked with a native vlan of 10. The wireless clients can't get DHCP addresses. They do show 'auth: no' for each client but forgetting and rejoining the network doesn't work. We are using flexconnect to define each SSID's vlan. I've read about defining a new interface where you can set DHCP servers, but i thought flexconnect overrides the interface settings? Obviously the flexconnect vlan tagging is changed from 1 to 10, and I set the VLAN settings in advanced like this: (we use centralized DHCP, and the guest VLAN and VoIP vlan work fine). I really think I should define an interface for this new vlan but I'm getting pushback so I can't try creating it.  Anybody have any idea?
|
|
#
?
Mar 23, 2019 03:57
|
|
|
Tetramin posted:Using a 5500 wireless controller. Trying to move a network from Vlan 1 to 10, have the switchports trunked with a native vlan of 10. The wireless clients can't get DHCP addresses. They do show 'auth: no' for each client but forgetting and rejoining the network doesn't work. We are using flexconnect to define each SSID's vlan. I've read about defining a new interface where you can set DHCP servers, but i thought flexconnect overrides the interface settings? Obviously the flexconnect vlan tagging is changed from 1 to 10, and I set the VLAN settings in advanced like this: Does your new vlan and dhcp server actually share the same broadcast domain? If not you'll need to set up dhcp helper to relay the dhcp packets.
|
|
#
?
Mar 23, 2019 05:15
|
|
|
Tetramin posted:Using a 5500 wireless controller. Trying to move a network from Vlan 1 to 10, have the switchports trunked with a native vlan of 10. The wireless clients can't get DHCP addresses. They do show 'auth: no' for each client but forgetting and rejoining the network doesn't work. We are using flexconnect to define each SSID's vlan. I've read about defining a new interface where you can set DHCP servers, but i thought flexconnect overrides the interface settings? Obviously the flexconnect vlan tagging is changed from 1 to 10, and I set the VLAN settings in advanced like this: if 10 is the native, why are you telling it to tag?
|
|
#
?
Mar 23, 2019 05:44
|
|
|
If I'm reading that right, your DHCP central switched at the WLC? What does VLAN tagging have to do with that? That screenshot looks like the VLAN tag command that is AP specific, which is for setting the dot1q tag for the AP management subnet. If you're moving a central switched WLAN to a new VLAN, you have to update the interface VLAN identifier that it maps to under Controller > Interfaces
|
|
#
?
Mar 23, 2019 13:04
|
|
|
Yeah I'm struggling to figure out where that screencap is from. If you're making a Flexconnect ssid it doesn't technically need an interface on the WLC, the management one can be set fine from what I remember. You set the native vlan on the switch port and under the Flexconnect tab on the AP for it's IP, then set the Flexconnect vlan for the ssids for the AP (or with a Flexconnect group). That VLAN needs to be on the switch the AP is on and have access to wherever your DHCP is of course
uhhhhahhhhohahhh fucked around with this message at 14:51 on Mar 23, 2019 |
|
#
?
Mar 23, 2019 14:49
|
|
|
The screencap is from clicking on an AP > Advanced > Vlan Tagging, but it has nothing to do with central DHCP processing. The AP VLAN tagging feature is only used if you want to tag the flexconnect AP Management interface instead of using the native vlan.
|
|
#
?
Mar 23, 2019 15:07
|
|
|
We have ip helper on the router pointing to centralized DHCP. adorai posted:if 10 is the native, why are you telling it to tag? So yeah I think you nailed it here. I got a TAC person to help out and they changed the tagging in flex connect back to 1, and it started working. If the trunked switch ports have a native vlan specified you really just set the tagging to 1? The TAC engineer seemed extremely confused that this worked so I still don’t really have a clear answer. E: yeah I’ve always just changed the vlan tagging in flex connect. The screenshot was from the Advanced page and I only set it as a test when things weren’t working to see if it helped. Tetramin fucked around with this message at 22:45 on Mar 23, 2019 |
|
#
?
Mar 23, 2019 22:43
|
|
|
Tetramin posted:We have ip helper on the router pointing to centralized DHCP. For a trunk, the native vlan is untagged. All other VLANs carried by the trunk get tagged. If you're not using other VLANs, then why have it as a trunk?
|
|
#
?
Mar 24, 2019 00:02
|
|
|
|
| # ? Apr 26, 2024 11:57 |
|
|
Proteus Jones posted:For a trunk, the native vlan is untagged. All other VLANs carried by the trunk get tagged. If you're not using other VLANs, then why have it as a trunk? I am using seperate vlans for both voice and guest WiFi... so yeah that’s why. Thanks for the info though that makes sense. I’m surprised the Cisco engineer was so confused.
|
|
#
?
Mar 24, 2019 02:41
|
|