|
Woof Blitzer posted:Got any resources for this? Unfortunately it's all in-house. My team did this for NSX, and build a bunch of ancillary tools to automate more and more of our NSX management. It's all built in powershell around API calls and json files. I'm currently working on porting some of the tools to docker, which is a really fun project. The networking team has asked us to show them some of our API magic to see how heavily they want to invest in development hours.
|
# ? Mar 28, 2019 00:26 |
|
|
# ? Apr 26, 2024 05:00 |
|
Judge Schnoopy posted:Our Network engineers have to spin up 2 - 6 ASAs a month. Their current method is some Excel file that they copy into flat text, manually change template values for the specific deployment, and then copy it in over step by step into the CLI. it'd be pretty cool if i could script the deployment of new ASAs from copying images to installing and configuring SFR to putting the correct config for the site on there... We rolled out about 35 ASA's that are subject to a hardware defect and it's been hell replacing them. At the point now where I've got about 15 ASA's to configure(all the rest have been sent/replaced) and just installing the SFR image over FTP takes like 2.5 hours by itself. I do the imaging and configuration locally at my desk before sending them out though. I haven't done much digging besides checking out the Ansible docs but I have a hard time understanding how you can script the config part to pull the correct info and stuff.. Would be cool to hear more. Tetramin fucked around with this message at 02:12 on Mar 28, 2019 |
# ? Mar 28, 2019 02:09 |
|
adorai posted:Is there anything I need to know about regarding back-to-back vPC and SVI? This is my first time doing back-to-back VPC or Nexus SVI.
|
# ? Mar 28, 2019 03:59 |
|
Do ASA's not support ZTP/DHCP auto config?
|
# ? Mar 28, 2019 04:42 |
|
adorai posted:A little research led me to the command peer-gateway, which I entered on my 93180 pair under vpc domain 1. This appears to have solved my problem. It is a little wishy-washy as to whether this is best practice or just an unsupported crutch. TAC had us enable that when we were having similar problems with a new build.
|
# ? Mar 28, 2019 04:49 |
|
Woof Blitzer posted:Got any resources for this? https://github.com/colin-mccarthy/ansible_csv
|
# ? Mar 28, 2019 10:56 |
|
adorai posted:A little research led me to the command peer-gateway, which I entered on my 93180 pair under vpc domain 1. This appears to have solved my problem. It is a little wishy-washy as to whether this is best practice or just an unsupported crutch. I have that on all 3 of my vPC pairs. I think I also threw peer-switch on it for good luck as well.
|
# ? Mar 28, 2019 13:06 |
|
abigserve posted:There's an abstract question in there about whether CLI's will ever truly disappear and honestly - I think they will. Maybe not for another 10 years but I fully anticipate a network device be released that only has an API, where the "CLI" is simply a wrapper around API calls (bigswitch I think is already like this for example). The end goal is that the CLI and web interface are both just different frontends to a RESTCONF based API.
|
# ? Mar 28, 2019 16:19 |
|
Does anybody have anything to say about Wi-Fi sensors like the Cape Networks stuff, or Cisco's Aironet Active Sensor? To expand on that vague question - are people seeing any value in it? Do you put them in to troubleshoot issues, or just to prove your networks are working? Thanks Ants fucked around with this message at 21:43 on Mar 28, 2019 |
# ? Mar 28, 2019 21:37 |
|
I would suggest looking at something like Voyance instead. It is infrastructure side but also includes a deployable client for corporate machines to perform synthetic testing and reports on client health. Very impressed with their product Edit: I had to do a vendor analysis of the Cisco device, 7signal, Cape networks, and armis and voyance basically combined everything into a better systen Sepist fucked around with this message at 22:32 on Mar 28, 2019 |
# ? Mar 28, 2019 22:28 |
|
I've got some new ASA 5506-X that I'm getting ready to configure and deploy. Looking at the code releases for them makes me a bit nervous. Their suggested release is 9.10.1 interim, but they also have 9.12.1 code available. Is anyone running these, what version of code are you using?
|
# ? Apr 18, 2019 17:01 |
|
We're still running 9.8(2)38 on our 5516.
|
# ? Apr 18, 2019 17:18 |
|
9.6(3)1 over here
|
# ? Apr 18, 2019 17:25 |
|
9.6(4)3. It's been a while.
|
# ? Apr 18, 2019 17:31 |
|
BaseballPCHiker posted:I've got some new ASA 5506-X that I'm getting ready to configure and deploy. Looking at the code releases for them makes me a bit nervous. Their suggested release is 9.10.1 interim, but they also have 9.12.1 code available. Is anyone running these, what version of code are you using? If you figure out what the gently caress is going on with Cisco version numbering, please let us all know. See thread title.
|
# ? Apr 18, 2019 17:36 |
|
Speaking of Cisco versions and WTF, apparently Unity 11.0 is EOL now and TAC will give you poo poo (like they are currently giving me on the phone please end my suffering) if you open a case on it. I swear that only came out like three years ago.
|
# ? Apr 18, 2019 17:38 |
|
Yeah it’s EOL announced February 2017. Upgrade your poo poo !!!
|
# ? Apr 18, 2019 17:45 |
|
8.6.1 and 10.5 are still supported though, hah. They must really want 11 users on 11.5.
|
# ? Apr 19, 2019 01:54 |
|
less than three posted:8.6.1 and 10.5 are still supported though, hah. Ask your SE to find out what the version lifecycle/release strategy is, for XR the first point releases under a minor are short term to squash the bugs, then when they hit .3/.4 or so it becomes an extended maintenance release with 1 year of of additional bug fixes distributed via SMU/SP, 3 years of security fixes, and 6 years of software support: https://community.cisco.com/t5/service-providers-documents/ios-xr-release-strategy-and-deployment-recommendation/ta-p/3165422 On the ASA side we've tried to stick to 9.8 for a while now, the even minor (9.6, 9.8, 9.10, 9.12) releases for ASA are extended maintenance (22 months of bugfix releases + 12 months of security from FCS) and 1 is released per year in the Spring: https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/bulletin-c25-738209.html Wikipedia says 9.8 FCS'd in May 2017 so I guess I need to find a new release to migrate to this year. I think IOS-XE version numbering is starting to follow a pattern similar to the XR release strategy, except for them it's the first couple of minor releases in a release codename (just based on what releases tend to get gold stars for my platforms). -edit- Yeah, every third release (and recent codenames have been releasing in 3s) is EMR for IOS-XE: https://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/product_bulletin_c25-726436.html coming with 48 months of rebuilds. ragzilla fucked around with this message at 04:17 on Apr 19, 2019 |
# ? Apr 19, 2019 04:14 |
|
Going on a lunch date with our Cisco guy tomorrow. Anybody have any flirting tips, things they like, turn ons, that sort of thing? He seems cute and I don’t want to blow it. E: my stack of PO numbers is coming too
|
# ? Apr 19, 2019 05:28 |
|
less than three posted:8.6.1 and 10.5 are still supported though, hah. Yeah it seems to depend on install base and take - see 12.0 as an example of this. They recently talked about how they want to handle patch and release cadence going forward as well, that they plan to speed up at this point since they’re making cluster upgrades easier. You can tell though they have some big customers who influence things to a point. There are always people who will not want to upgrade or replace anything - the amount of crying about UCM 14 deprecating 15+ year old java computer phones is nutty.
|
# ? Apr 19, 2019 10:18 |
|
Tetramin posted:Going on a lunch date with our Cisco guy tomorrow. Anybody have any flirting tips, things they like, turn ons, that sort of thing? He seems cute and I don’t want to blow it. Make sure to tell them how huge your budget is and keep repeating "no ones ever been fired for buying Cisco"
|
# ? Apr 19, 2019 12:41 |
|
Partycat posted:Yeah it seems to depend on install base and take - see 12.0 as an example of this. Hey dude I’m that guy who complains about replacing 15 year old working phones. Got 200 of em working just fine buddy.
|
# ? Apr 19, 2019 16:27 |
|
Partycat posted:You can tell though they have some big customers who influence things to a point. There are always people who will not want to upgrade or replace anything - the amount of crying about UCM 14 deprecating 15+ year old java computer phones is nutty. I'll be fine until the day they deprecate CIPCs. That little bit of software has saved my rear end more times than I can count.
|
# ? Apr 20, 2019 03:12 |
|
Our call center uses CIPC but we’re migrating them all to Multiline jabber.
|
# ? Apr 20, 2019 04:23 |
|
A purely soft phone call center frightens me for probably illogical reasons.
|
# ? Apr 20, 2019 13:00 |
|
It actually works really really well.
|
# ? Apr 20, 2019 14:37 |
|
If everybody has headsets anyway and only receives inbound calls, or their outbound calls are determined for them, then having the deskphone does seem like an unnecessary expense.
|
# ? Apr 20, 2019 14:42 |
|
Yeah they all have Jabra wireless headsets too. The only time it doesn’t work well is if someone also needs a laptop. CIPC doesn’t work well moving from Ethernet to WiFi.
|
# ? Apr 20, 2019 15:01 |
|
Bigass Moth posted:A purely soft phone call center frightens me for probably illogical reasons. Why? That is how the call center at Vonage was when I left it...in 2006. It isn't exactly cutting edge.
|
# ? Apr 21, 2019 02:38 |
|
GreenNight posted:Our call center uses CIPC but we’re migrating them all to Multiline jabber. we're working on getting ccx in place for the call center at an acquisition, they all use some avaya softphone. im really pushing to upgrade cucm so we can get them multiline jabber when we convert them to cucm rather than deploying IP communicator or some poo poo but i doubt it's gonna happen. we are on 11.5 so most people dont see a need to upgrade
|
# ? Apr 21, 2019 02:45 |
|
I think it’s because I’ve worked with so many computer illiterate people that I would feel more comfortable if they had a physical phone to answer.
|
# ? Apr 21, 2019 02:45 |
|
Tetramin posted:we're working on getting ccx in place for the call center at an acquisition, they all use some avaya softphone. im really pushing to upgrade cucm so we can get them multiline jabber when we convert them to cucm rather than deploying IP communicator or some poo poo but i doubt it's gonna happen. we are on 11.5 so most people dont see a need to upgrade Yeah I don’t recommend IP communicator at all. It hasn’t been upgraded in years.
|
# ? Apr 21, 2019 02:55 |
|
GreenNight posted:Yeah they all have Jabra wireless headsets too. The only time it doesn’t work well is if someone also needs a laptop. CIPC doesn’t work well moving from Ethernet to WiFi. You can specify an artificial device name instead of the adapter name , but then CTI won’t work properly if you need control .
|
# ? Apr 21, 2019 13:23 |
|
Tetramin posted:we're working on getting ccx in place for the call center at an acquisition, they all use some avaya softphone. im really pushing to upgrade cucm so we can get them multiline jabber when we convert them to cucm rather than deploying IP communicator or some poo poo but i doubt it's gonna happen. we are on 11.5 so most people dont see a need to upgrade Multi line works on 11.5 - Jabber 12 shipped with a COP that enables this if you aren’t up on SU . SU6 just came out.
|
# ? Apr 21, 2019 13:24 |
|
Partycat posted:Multi line works on 11.5 - Jabber 12 shipped with a COP that enables this if you aren’t up on SU . SU6 just came out. Oh awesome I’ll look into that. Thanks.
|
# ? Apr 22, 2019 00:44 |
|
Got a user who is trying to do a bunch of video encoding that all goes into an old 3560X, despite the uplink being a two gig fiber port channel I see a ton of output drops on the physical interfaces. No QoS on the line, its all multicast traffic from what I can tell, and its only about 30 Mbps when the video is getting uploaded to the 3560X. Am I wrong that this is probably just an issue with the CPU getting maxed out from bursty type traffic: code:
BaseballPCHiker fucked around with this message at 18:28 on Apr 29, 2019 |
# ? Apr 29, 2019 18:00 |
|
If the multicast traffic is hitting the CPU instead of being forwarded through the ASICs then there could definitely be a bottleneck there. "show processes cpu | exclude 0.00" might give a more accurate answer as to what's eating the CPU up. e: Might be able to get CPU drop reasons from "show controllers cpu-interface" as well. Kazinsal fucked around with this message at 18:49 on Apr 29, 2019 |
# ? Apr 29, 2019 18:44 |
|
IPv6 multicast is definitely a CPU punt on 2960-X platform so, sight unseen, it seems likely to also be true for a 3560
|
# ? Apr 30, 2019 14:25 |
|
|
# ? Apr 26, 2024 05:00 |
|
BaseballPCHiker posted:Got a user who is trying to do a bunch of video encoding that all goes into an old 3560X, despite the uplink being a two gig fiber port channel I see a ton of output drops on the physical interfaces. No QoS on the line, its all multicast traffic from what I can tell, and its only about 30 Mbps when the video is getting uploaded to the 3560X. Bursty traffic + 3k/2k type platforms usually means buffer overruns. If you have mls qos enabled on the device check the show mls qos interface <blah> statistics counters and check for 'output queues dropped'. If you're seeing significant drops in one of those queues (usually queue 2 for untagged DSCP traffic) you can recarve the buffers system wide with mls qos queue-set output 1 buffers 10 70 10 10. Alternatively you could use queue-set output 2 (instead of 1) and change the queue-set for that interface. v6 multicast would only be an issue if it was getting routed by the device, l2 multicast should hardware switch as normal once the path is set up via IGMP (or flood if it's unknown multicast).
|
# ? Apr 30, 2019 16:02 |