|
In the vein of the OS X, Windows, and Linux "short questions" threads I've caught myself thinking on several occasions "I'd love to ask this stupid little 6500 config question but its not worth a whole thread". So after bouncing it off jwh and Dr. Fred here it is, the "Cisco Short/Stupid Questions Thread." Guidelines:
StabbinHobo fucked around with this message at 22:13 on May 29, 2016 |
# ? Apr 15, 2007 03:13 |
|
|
# ? Oct 15, 2024 07:02 |
|
The Doco site is also pretty handy to keep bookmarked (and is about the only thing you have access to for reference in your CCIE lab exam) -- http://www.cisco.com/univercd/ It's a pain to navigate, but all the content is there (provided you know where to look) and it doesn't require a login.
|
# ? Apr 15, 2007 03:36 |
|
I create RMAs for faulty Cisco equipment. If you think your hardware has failed, try these troubleshooting steps to confirm it. • Reseat/Reset/Power cycle - physically pull the part out and put it back in or power on and off. Certain errors (coil for instance) will disappear after this. • Move the faulty part to a different slot or chassis - if the part comes up, obviously the problem lies elsewhere. • Check your IOS - sometimes is just this simple, make sure the IOS supports the product and upgrade if necessary. • Use a spare - not everyone has them, but they can save your rear end and is pretty much the end all of troubleshooting. If the spare comes up then obviously there is a problem with the part that was replaced. • Orange/Amber and Red LEDs = failure. When you open a case with Cisco for a RMA, if you want fast results incude this information, because we're going to ask you for it anyways. • Serial number(s) - for entitlement. Usually 11 characters long and starts with three letters. Some are numeric (Pixes usually start with an 8 or a 4). • Part/model number (if you know it) - we can get part numbers from the serial number, or possibly (though not always) from a description of the part, but these aren't always correct. If you provide the part number then it eliminates the guessing and possibility of error. • Description of the problem. This does not mean "Hardware Failure", "Part has failed", "Need RMA", etc. Include the symptoms and the troubleshooting you've performed. If you have orange/amber or red LEDs, include this fact. • If you have error messages or diagnostics that blatantly states "Part has failed", capture the text and include it in the case. Not absolutely necessary, but it seals the deal. • Where you want the replacement shipped and a site contact with phone number Hope this helps
|
# ? Apr 15, 2007 05:17 |
|
Does anyone have any experience configuring multiple SSID's using different security protocols on a Cisco 1130 Aironet Access Point?
|
# ? Apr 15, 2007 06:56 |
|
I "inherited" a bunch of great Cisco equipment (two 3560's, two 3550's) through contracts that were cancelled, so what are my options for upgrading the IOS on these and getting real Cisco support? I'm guessing I have to pay for something now? edit: Also, I have four 1600 routers but have absolutely no use for them. Are they worth anything or should I just chuck them in the dumpster? SuperJens fucked around with this message at 07:06 on Apr 15, 2007 |
# ? Apr 15, 2007 07:03 |
|
SuperJens posted:I "inherited" a bunch of great Cisco equipment (two 3560's, two 3550's) through contracts that were cancelled, so what are my options for upgrading the IOS on these and getting real Cisco support? I'm guessing I have to pay for something now? Switch images tend to be fairly robust, compared to the router images. I wouldn't worry with upgrading unless you're missing specific features, or are running into problems. In the case of the 3560's, those are very new, and probably have a reasonably current image anyhow. They're also very nice switches. The only thing you might want to check is whether you have the Standard Multilayer Image (SMI) or Enhanced Multilayer Image (EMI). There's layer-3 stuff in the EMI that isn't in the SMI. If you do want to get them under maintenance, you'll have to buy a smartnet contract, which is going to be more money than you'll want to spend, more than likely. 1600's aren't worth very much, sadly.
|
# ? Apr 15, 2007 07:34 |
|
SuperJens posted:I "inherited" a bunch of great Cisco equipment (two 3560's, two 3550's) through contracts that were cancelled, so what are my options for upgrading the IOS on these and getting real Cisco support? I'm guessing I have to pay for something now? you can send them to me no really.
|
# ? Apr 15, 2007 07:47 |
|
langer34 posted:Does anyone have any experience configuring multiple SSID's using different security protocols on a Cisco 1130 Aironet Access Point? Yes. (This is handwritten and might have some errors!) code:
|
# ? Apr 15, 2007 13:53 |
|
jwh posted:The only thing you might want to check is whether you have the Standard Multilayer Image (SMI) or Enhanced Multilayer Image (EMI). There's layer-3 stuff in the EMI that isn't in the SMI. Unfortunately Cisco has abandoned the easily understood EMI vs SMI classification and moved to a router IOS like feature classification system of IP base vs IP services vs IP security vs etc. It's substantially more confusing. http://www.cisco.com/en/US/products/hw/switches/ps5023/prod_release_note09186a008077459b.html#wp754685 jwh posted:1600's aren't worth very much, sadly. True, but I'd suggest keeping them around for lab testing or study purposes.
|
# ? Apr 15, 2007 14:36 |
|
SuperJens posted:edit: Also, I have four 1600 routers but have absolutely no use for them. Are they worth anything or should I just chuck them in the dumpster? I'll paypal you some money to cover shipping costs to send one to me if you're just going to trash them.
|
# ? Apr 15, 2007 15:02 |
|
Can anyone tell me where I can find a CCNA exam location? I do not want a boot camp. I just want to take the test.
|
# ? Apr 16, 2007 16:15 |
|
I'm looking at a 2960G as the "backbone" for an iScsi HA cluster. What sort of configuration considerations should I have as far as VLANs go? Also, should I keep it isolated from the rest of the network, just have it connect via uplink, or have other non clustered servers on the switch as well? I'm worried about bandwidth issues on the switch. http://www.cdwg.com/shop/products/default.aspx?EDC=850884
|
# ? Apr 16, 2007 16:31 |
|
Can anyone point me in the direction or explain how IOS version numbers work? A while back, this vulnerability came out - http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml 12.0T is listed as vulnerable, as is 12.1T. Output from show ver on a router here shows: code:
|
# ? Apr 16, 2007 16:47 |
|
SuperJens posted:I "inherited" a bunch of great Cisco equipment (two 3560's, two 3550's) through contracts that were cancelled, so what are my options for upgrading the IOS on these and getting real Cisco support? I'm guessing I have to pay for something now? Depending on the models on 3560 and 3550 you have, Smartnet list puts you at between $500 and $1000 per chassis per year for Smartnet support. That's a hell of a lot of money to pay to get IOS updates, so unless you need to get IOS to bug fix, I wouldn't even bother.
|
# ? Apr 16, 2007 17:02 |
|
NinjaPablo posted:When I called Cisco, they said it wasn't vulnerable. I guess all the stuff in ()s in the version confuses me. I have a feeling the difference lies in the 12.1T vs the 12.1T2 image, of which you are running the latter and I can only assume is more current. amishpurple posted:I'll paypal you some money to cover shipping costs to send one to me if you're just going to trash them. No kidding. I have jack-squat for experience with Cisco equiptment because I have never been at an office that uses the stuff. If I could send you some cash for shipping and a few beers so I had a router to give myself a crash course in, I would love you forever.
|
# ? Apr 16, 2007 17:11 |
|
InferiorWang posted:I'm looking at a 2960G as the "backbone" for an iScsi HA cluster. What sort of configuration considerations should I have as far as VLANs go?
|
# ? Apr 16, 2007 17:13 |
|
I've got a pretty new 3570 that's just decided to reboot itself on a random basis. Whats the best logging option to capture exactly whats going on so I can either a) resolve it or b) return it?
|
# ? Apr 16, 2007 17:17 |
|
brent78 posted:I second this question. I'm also looking at 2960G to connect 3 SAN shelves (each with dual gigabit in a portchannel) to 12 servers. I'm worried about the backplane bandwidth. What's on the backend that the switches will be connecting to?
|
# ? Apr 16, 2007 17:20 |
|
Daddyo posted:I've got a pretty new 3570 that's just decided to reboot itself on a random basis. Whats the best logging option to capture exactly whats going on so I can either a) resolve it or b) return it? Console connection logging through Hyperterminal? Thats typically what we do in the Lab. It should also save a crash log to the bootflash.
|
# ? Apr 16, 2007 17:31 |
|
InferiorWang posted:I'm looking at a 2960G as the "backbone" for an iScsi HA cluster. What sort of configuration considerations should I have as far as VLANs go? Also, should I keep it isolated from the rest of the network, just have it connect via uplink, or have other non clustered servers on the switch as well? I'm worried about bandwidth issues on the switch. All of the 2960G family has a 32 gbps switching fabric, while the non "G" has 16. • 16 Gbps switching fabric (Catalyst 2960-8TC, Catalyst 2960-24TT, Catalyst 2960-24TC, Catalyst 2960-48TT, Catalyst 2960-48TC) • 32 Gbps switching fabric (Catalyst 2960G-8TC, Catalyst 2960G-24TC, Catalyst 2960G-48TC) Doesn't look like the 2960 family can switch layer-3, although I could be looking at it wrong. Here's a datasheet: http://www.cisco.com/en/US/products/ps6406/products_data_sheet0900aecd80322c0c.html Daddyo posted:I've got a pretty new 3570 that's just decided to reboot itself on a random basis. Whats the best logging option to capture exactly whats going on so I can either a) resolve it or b) return it? When you do a 'sh ver', what does the "System returned to ROM by" say? That's usually the first place I go, when something is rebooting, ie., power-on versus bus error. Do you have a service contract on the device?
|
# ? Apr 16, 2007 19:29 |
|
inignot posted:Unfortunately Cisco has abandoned the easily understood EMI vs SMI classification and moved to a router IOS like feature classification system of IP base vs IP services vs IP security vs etc. It's substantially more confusing. inignot posted:True, but I'd suggest keeping them around for lab testing or study purposes. I'm curious what WICs are in the 1600s- A WIC-1DSU-T1 is probably worth more than the 1600 itself.
|
# ? Apr 16, 2007 19:42 |
|
jwh posted:
Does that mean I'm going to have issues VLANing with QoS?
|
# ? Apr 16, 2007 20:34 |
|
InferiorWang posted:Does that mean I'm going to have issues VLANing with QoS? If the 2960G doesn't do layer-3 switching, it means that you can't switch between VLANs on the 2960G. In other words, no inter-vlan routing (layer-3 switching) on the platform. You can carry multiple VLANs just fine, but they'll need to terminate elsewhere (ie., somewhere else you have 'int vlan5, ip address 1.2.3.4'). As for QoS, the 2960 has what appears to be pretty fancy stuff, like four hardware queues per-port, your usual policing controls, and dscp manipulation. Like I said, I don't have a 2960 here to poke at, but it doesn't look like it's a layer-3 switch, based on the data sheet.
|
# ? Apr 16, 2007 20:46 |
|
I don't think I'll be doing any VLAN switching. The only QoS stuff I'm worried about is the cluster heart beat, and the cluster won't span past the device anyway. Thanks for the heads up though jwh.
|
# ? Apr 16, 2007 20:57 |
|
Welp if you are talking about 802.1q QoS when you mention "VLAN QoS" then yes, those bits are turned on/off (CoS= Class of Service) in a layer 2 802.1q frame header I believe. Somewhere there if it's not the header, been a long time since I read about it. 5 bits total to turn on and off abouts. You can just set a manual CoS on all traffic coming in on a switchport or start just picking out traffic by trusting the bit(s) as it as set by the endpoint device. There's a few options to play with. Edit: Here's the simple config example you would slap on a switchport interface: code:
Herv fucked around with this message at 21:52 on Apr 16, 2007 |
# ? Apr 16, 2007 21:21 |
|
NinjaPablo posted:Can anyone point me in the direction or explain how IOS version numbers work? For your example of 12.1(3r)T2: 12.1- Major release. (3r)- 3rd maintenance release, r'th rebuild (starts at a) T- Consolidated Technology release train (there are typically several trains of IOS available depending on platform, where you get different features, S trains (service providers) have different features than say an E train which is enterprise feature set). 2- Release rebuild counter, in this case this is the second rebuild of 12.1(3r)T -edit- found a better one http://www.cisco.com/warp/customer/620/1.html -/edit- ragzilla fucked around with this message at 22:06 on Apr 16, 2007 |
# ? Apr 16, 2007 22:01 |
|
I'm curious what kind of failure rates people are seeing with Cisco CF cards and ISR motherboards. We just lost another field 1841 today to a bad 64Mb CF card, bringing our twelve-month total up to four. And last week, we burned out two WIC-2MFT-T1's to a posessed HWIC slot in a 2811. On the whole, our failure rates are still well below 5% of our deployed base, but I get clammy hands when thinking about how new our field routers are (130 or so ISRs), and what might be coming down the road.
|
# ? Apr 17, 2007 16:00 |
|
jwh posted:I'm curious what kind of failure rates people are seeing with Cisco CF cards and ISR motherboards. http://www.cisco.com/en/US/products/hw/routers/ps282/products_field_notice09186a00804a7abf.shtml
|
# ? Apr 17, 2007 16:01 |
|
Catalyst question: Is there a way to get a list of all VLANs showing me which switch is acting as spantree root for each one? I've got hundreds of VLANs so going through each one individually isn't very desirable and I'd like to be able to see at a glance which ones need to be fixed
|
# ? Apr 17, 2007 16:46 |
|
sirchode posted:Catalyst question: Is there a way to get a list of all VLANs showing me which switch is acting as spantree root for each one? I've got hundreds of VLANs so going through each one individually isn't very desirable and I'd like to be able to see at a glance which ones need to be fixed # show spanning-tree detail | inc (is executing the|Current root|We are) gets the mac address of the root bridge, up to you to map mac addr->switch (tested on 3750, might need some changes for other platforms).
|
# ? Apr 17, 2007 16:56 |
|
Girdle Wax posted:# show spanning-tree detail | inc (is executing the|Current root|We are) Please hold, your call is important to us Edit 2: Okay I'm not following you here. My routers (7507s/12.3(15a)) aren't letting me do a sh spanning-tree detail, I've got sh spanning-tree root and sh spanning-tree root address but both return blank lines. The switch is a 5500 by the way (should have specified, sorry) Google isn't much help either, I'm wondering if I'm just out of luck on this one sirchode fucked around with this message at 17:16 on Apr 17, 2007 |
# ? Apr 17, 2007 17:05 |
|
I have a cisco 1800 series router, currently in a pickle. Here is the outside interface: interface FastEthernet0/1 ip address xx.xx.xx.xx 255.255.255.248 ip access-group 111 in ip inspect myfw out ip nat outside ip virtual-reassembly no ip mroute-cache duplex auto speed auto no cdp enable crypto map SDM_CMAP_1 ! Now I have a pool of outside IP addresses available to me. How do I use them on the router? I need to set them up for a new server with ports 80 and 443 open. I currently have my mail server with ports 80 and 443 using the ip address from the above interface. How do I add two more outside ip addresses, or since I have the masking down it should know? Here is the complete config some info change to protect the innocent. grouter#show config Using 6582 out of 196600 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname grouter ! boot-start-marker boot-end-marker ! no logging buffered ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local aaa session-id common ip subnet-zero ip cef ! ! ip inspect name mtfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 3600 ip inspect name myfw udp timeout 3600 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip dhcp excluded-address 192.168.192.2 ip dhcp excluded-address 192.168.192.50 ip dhcp excluded-address 192.168.192.237 ! ! ip ips po max-events 100 ip domain name somename.com ip name-server xx.xx.xx.xx ip name-server 192.168.192.2 no ftp-server write-enable ! ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des group 2 ! crypto isakmp client configuration group somename key asldkfasljdflasdjflaskjdflaj dns 192.168.192.2 64.65.208.6 pool SDM_POOL_1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$ ip address 192.168.192.254 255.255.255.0 secondary ip address 10.10.10.1 255.255.255.0 ip access-group 122 out ip nat inside ip virtual-reassembly no ip mroute-cache duplex auto speed auto no cdp enable hold-queue 32 in ! interface FastEthernet0/1 ip address xx.xx.xx.xx 255.255.255.248 ip access-group 111 in ip inspect myfw out ip nat outside ip virtual-reassembly no ip mroute-cache duplex auto speed auto no cdp enable crypto map SDM_CMAP_1 ! ip local pool SDM_POOL_1 192.168.191.100 192.168.191.125 ip classless ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx ip http server ip http authentication local no ip http secure-server ip nat inside source static tcp 192.168.192.50 443 interface FastEthernet0/1 443 ip nat inside source static tcp 192.168.192.50 22 interface FastEthernet0/1 22 ip nat inside source static tcp 192.168.192.50 80 interface FastEthernet0/1 80 ip nat inside source static tcp 192.168.192.2 25 interface FastEthernet0/1 25 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload ! ! access-list 102 remark SDM_ACL Category=16 access-list 102 deny ip any host 192.168.191.100 access-list 102 deny ip any host 192.168.191.101 access-list 102 deny ip any host 192.168.191.102 access-list 102 deny ip any host 192.168.191.103 access-list 102 deny ip any host 192.168.191.104 access-list 102 deny ip any host 192.168.191.105 access-list 102 deny ip any host 192.168.191.106 access-list 102 deny ip any host 192.168.191.107 access-list 102 deny ip any host 192.168.191.108 access-list 102 deny ip any host 192.168.191.109 access-list 102 deny ip any host 192.168.191.110 access-list 102 deny ip any host 192.168.191.111 access-list 102 deny ip any host 192.168.191.112 access-list 102 deny ip any host 192.168.191.113 access-list 102 deny ip any host 192.168.191.114 access-list 102 deny ip any host 192.168.191.115 access-list 102 deny ip any host 192.168.191.116 access-list 102 deny ip any host 192.168.191.117 access-list 102 deny ip any host 192.168.191.118 access-list 102 deny ip any host 192.168.191.119 access-list 102 deny ip any host 192.168.191.120 access-list 102 deny ip any host 192.168.191.121 access-list 102 deny ip any host 192.168.191.122 access-list 102 deny ip any host 192.168.191.123 access-list 102 deny ip any host 192.168.191.124 access-list 102 deny ip any host 192.168.191.125 access-list 102 permit tcp host 192.168.192.50 any eq smtp access-list 102 deny tcp 192.168.192.0 0.0.0.255 any eq smtp access-list 102 permit ip 192.168.192.0 0.0.0.255 any access-list 111 permit tcp any any eq smtp access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq 22 access-list 111 permit tcp any any eq 443 access-list 111 permit tcp any any eq telnet access-list 111 permit ip any host xx.xx.xx.xx access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq 10000 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 deny ip any any access-list 122 deny tcp any any eq telnet access-list 122 permit ip any any no cdp run route-map SDM_RMAP_1 permit 1 match ip address 102 ! ! ! control-plane ! ! line con 0 exec-timeout 120 0 line aux 0 line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! end
|
# ? Apr 17, 2007 18:37 |
|
WalaWala posted:I need to set them up for a new server with ports 80 and 443 open. I currently have my mail server with ports 80 and 443 using the ip address from the above interface. How do I add two more outside ip addresses, or since I have the masking down it should know? The IP Nat Inside Source command allows you to forward to an IP of an external interface, or to an other IP address. Let's say the host you're setting up is 192.168.192.51 and the IP address you want to use from the pool is 200.1.1.45 use these commands: ip nat inside source static tcp 192.168.192.51 80 200.1.1.45 80 extendable ip nat inside source static tcp 192.168.192.51 443 200.1.1.45 443 extendable that should allow you to "extend" a port forward to another external IP address
|
# ? Apr 17, 2007 19:00 |
|
sirchode posted:Edit: misunderstood you sh spanning-tree is only going to work on catalyst platforms like the 5500. I've never done IRB in routing platforms but there may be some spanning tree info on the 7500s in show bridging / show irb
|
# ? Apr 18, 2007 03:04 |
|
I have a piece of stupid software that uses the built-in windows XP FTP shell to connect to an outside server. This means no passive ftp, as XP's shell doesn't support passive mode. I have a PIX 515E running IOS 6.3(5) that does NAT on that network, and has a static address (not pooled) for the machine that does the ftp. FTP fixup is turned on for ports 20 and 21. The ftp client connects fine, but file transfers fail, or download at a whopping 1.7k a sec. (Even when the host is in the DMZ outside the firewall and thus on the same 100 BASE-T network). Can anybody else think of what might be causing this? Passive FTP connections work great, but the software won't do it. I've tried configuring reverse DNS records like they (cisco) say, but I still get nothing. What gives? WangNV fucked around with this message at 04:59 on Apr 18, 2007 |
# ? Apr 18, 2007 04:57 |
|
jwh posted:Like I said, I don't have a 2960 here to poke at, but it doesn't look like it's a layer-3 switch, based on the data sheet. I have a 2960g here and confirm that it does not support any of the EMI images / layer-3 functionality.
|
# ? Apr 18, 2007 05:51 |
|
I am totally new to Cisco gear, but I managed to pick up a brand new 7912G for £28, looking at this guide: http://www.voip-info.org/wiki/view/Cisco+7905%252F7912+IP+Phones It says I need a service contact to be able to download the latest firmware for it. Where can I buy these service contracts from, and what's the part number I'm after? Cisco's CCO site is less than helpful.
|
# ? Apr 18, 2007 14:00 |
|
Is there any type of software emulator i can use that pretends to be a cisco box so i can start to learn how to use these things?
|
# ? Apr 18, 2007 15:45 |
|
markus876 posted:I have a 2960g here and confirm that it does not support any of the EMI images / layer-3 functionality. Beyond that, any issues you have ran into with it?
|
# ? Apr 18, 2007 16:32 |
|
|
# ? Oct 15, 2024 07:02 |
|
LordHop posted:Is there any type of software emulator i can use that pretends to be a cisco box so i can start to learn how to use these things? There's dynamips, which you can google for, except it requires you supply your own IOS image. Alternatively, there's the Boson NetSim demo. Without an IOS image, your best bet is to buy some cheap hardware. You could also buy a 3600 series router, which can be had for about two-hundred dollars, and then steal it's IOS image for use with dynamips. You can occasionally find a real bargain on ebay. Caged posted:It says I need a service contact to be able to download the latest firmware for it. Where can I buy these service contracts from, and what's the part number I'm after? Cisco's CCO site is less than helpful.
|
# ? Apr 18, 2007 16:38 |