Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«386 »
  • Post
  • Reply
ate shit on live tv
Feb 15, 2004

LBGT United
Did nothing wrong.


I forgot this was a thing. I messed around a little bit with OER long ago. I assume this is a Cisco exclusive feature for now?

Adbot
ADBOT LOVES YOU

adorai
Nov 2, 2002

10/27/04 Never forget

Grimey Drawer

I started playing around with the ansible plugins for ios today and wish I had done this long ago.

abigserve
Sep 13, 2009

this is a better avatar than what I had before


adorai posted:

I started playing around with the ansible plugins for ios today and wish I had done this long ago.

yeah it's nice not having to gently caress around with expect and poo poo

Proteus Jones
Feb 28, 2013



College Slice

abigserve posted:

yeah it's nice not having to gently caress around with expect and poo poo

These last couple posts may be the kick in the pants I need to move over to ansible. I have a whole tool chest of Python scripts I've built (and migrated to 3.x) over the years that rely on pexpect. Since I'm mostly using them in a lab and UAT environments, I haven't really felt the urgency. But since I'm using pexpect, there are huge swaths of code to trap exceptions. It would be nice to not have to deal with that going forward.

abigserve
Sep 13, 2009

this is a better avatar than what I had before


You will need a reasonable amount of custom code still but it's purely logic so it's much more efficient. Ping me on the dms if you need help getting plugins to work because it took me way too long to work out "action" plugins

Methanar
Sep 26, 2013

It always was

Is the internet in general eating poo poo for anyone else right now?

Kazinsal
Dec 13, 2011



The internet in general has always been poo poo, friend.

Methanar
Sep 26, 2013

It always was

Kazinsal posted:

The internet in general has always been poo poo, friend.

There was 25 minutes of something going down at Ashburn Equinix for sure.

Passed for now.

FatCow
Apr 22, 2002
I MAP THE FUCK OUT OF PEOPLE


Is Cisco dumping EHWICs? Seems like every small router that uses them has an EOL date.

ragzilla
Sep 9, 2005
don't ask me, i only work here




FatCow posted:

Is Cisco dumping EHWICs? Seems like every small router that uses them has an EOL date.

NIMs are the future. ISR4k and ENCS both use NIM form factor.

CrazyLittle
Sep 11, 2001







Clapping Larry

ragzilla posted:

NIMs are the future. ISR4k and ENCS both use NIM form factor.

you use a stick to install them.

cisco p/n NIM-ROD

ate shit on live tv
Feb 15, 2004

LBGT United
Did nothing wrong.

Does anyone know the equivalent command for Arista as Juniper's "set default-address-selection?"

The intention is that we are going to be using private addresses for the point to point links between our edge routers and our core-switches, but we will be having public IPs on the core switch loopbacks for NAT. So we'd like it where if we trace-route to that public address, the switch uses that public ip to source the ICMP ttl expires.

e: I think this may do it

pre:
ds1a.nyi(config)#ip icmp source-interface Loopback ?
  <0-1000>  Loopback interface number

ate shit on live tv fucked around with this message at May 4, 2018 around 17:16

FatCow
Apr 22, 2002
I MAP THE FUCK OUT OF PEOPLE


ragzilla posted:

NIMs are the future. ISR4k and ENCS both use NIM form factor.

RIP 56k and reasonably priced T1s.

In other news I need to light a circuit to Bruce, MS. This is going to be fun. Rural? Check. Non-RBOC LEC? Check. Not near a major city? Check.

tortilla_chip
Jun 13, 2007


Indatel can probably deliver.

Thanks Ants
May 21, 2004

I am quite pissed at my fat man avatar.
I am too politically correct to say this out loud though.
I yearn for a reason to exist.
Help.


Fun Shoe

Can Juniper SRX devices just throw packets at each other to test the throughput on a link? ISP is being a pain in the dick about packet loss between two VPLS sites (but only in one direction) and won't lift a finger until I can get to our datacenter and plug a laptop into their CE router directly. If there's a feature built into the SRX like the MikroTik boxes have then I can ask them to run it.

I guess the alternative is to put a NAT rule in at one end to bounce traffic back over the link but then I lose the ability to test one direction at a time.

falz
Jan 29, 2005

01100110 01100001 01101100 01111010


May depend on srx model but

https://www.juniper.net/documentati...g-overview.html

doomisland
Oct 5, 2004



RPM too possibly, though I've never tried it.

Proteus Jones
Feb 28, 2013



College Slice

I know this is the Cisco thread, but is there a pfSense thread? I've been banging my head against the wall trying to get an IPv6 OpenVPN server up and running.

ate shit on live tv
Feb 15, 2004

LBGT United
Did nothing wrong.

Proteus Jones posted:

I know this is the Cisco thread, but is there a pfSense thread? I've been banging my head against the wall trying to get an IPv6 OpenVPN server up and running.

It's just a general networking thread tbqh. Post away.

Proteus Jones
Feb 28, 2013



College Slice

ate poo poo on live tv posted:

It's just a general networking thread tbqh. Post away.

I figured it out. I hosed up a WAN firewall rule, once I corrected it everything started working as expected.

BaseballPCHiker
Jan 16, 2006



Has anyone here ever enabled storm-control in their environment?

Doing some testing in the lab with it and having a hell of a time actually getting it to shut down a port at what appears to be the correct utilization of the interface. If I hard set and interface to have %30 upper and lower it seems like the switch will still go up to %99 CPU before it finally shuts down, taking a couple of minutes to shutdown.

I think I have things setup correctly but just need to figure out the right parameters for traffic.

tortilla_chip
Jun 13, 2007


Depending on the gear it's more of a step function than a reflection of the configured percentage IE 33% is actually 40%.

Thanks Ants
May 21, 2004

I am quite pissed at my fat man avatar.
I am too politically correct to say this out loud though.
I yearn for a reason to exist.
Help.


Fun Shoe

Is there a feature on network switches that would require a connection to start with a DHCP request before data can pass? I've been working with a supplier that has a switch in the basement of our building, and if we pull an IP via DHCP then everything works fine. Statically addressing the same details won't even show an ARP entry for the gateway address.

adorai
Nov 2, 2002

10/27/04 Never forget

Grimey Drawer

Thanks Ants posted:

Is there a feature on network switches that would require a connection to start with a DHCP request before data can pass? I've been working with a supplier that has a switch in the basement of our building, and if we pull an IP via DHCP then everything works fine. Statically addressing the same details won't even show an ARP entry for the gateway address.
ARP inspection paired with DHCP snooping does exactly that.

Matteyo
Jul 19, 2009


Thanks Ants posted:

Is there a feature on network switches that would require a connection to start with a DHCP request before data can pass? I've been working with a supplier that has a switch in the basement of our building, and if we pull an IP via DHCP then everything works fine. Statically addressing the same details won't even show an ARP entry for the gateway address.

The configuration you are talking about is almost always enforced on the host side (force machine to dhcp an address), so that would have to be handled with something like group policies (assuming the operating system is in your administrative domain) in Windows. As far as on the network side - there isn't a quick and easy way to my knowledge. You can do something like 802.1x with VLAN flipping that basically forces the machine/user to authenticate and use DHCP to get access to the network, but probably overkill. I would quadruple check the operating system config with the static configuration. Could be something as rare as a silent host or something as simple as an IP address/mask/gateway misconfiguration. In particular I have seen subnet mask misconfigurations lead to weird issues like this.

Eletriarnation
Apr 6, 2005

People don't appreciate the substance of things...
objects in space.


Pillbug

Thanks Ants posted:

Is there a feature on network switches that would require a connection to start with a DHCP request before data can pass? I've been working with a supplier that has a switch in the basement of our building, and if we pull an IP via DHCP then everything works fine. Statically addressing the same details won't even show an ARP entry for the gateway address.

Sounds like DHCP snooping with IP source guard?

Thanks Ants
May 21, 2004

I am quite pissed at my fat man avatar.
I am too politically correct to say this out loud though.
I yearn for a reason to exist.
Help.


Fun Shoe

It's possible, I'll open a ticket with the ISP and hope they can send it to the right team. For what it's worth, I can get a DHCP lease and then assign the same address statically on the same equipment without releasing the DHCP lease or dropping the physical link, and the gateway doesn't appear in the ARP table of the firewall. Creating a static ARP entry doesn't improve anything.

The ISP have said that they will always issue the same address, but I'm just interested in how they were doing this as I can see there being uses for it elsewhere. The equipment identifies itself as Huawei, and the allocated IP address is the first one out of a /29 range.

Thanks Ants fucked around with this message at May 19, 2018 around 19:24

madsushi
Apr 19, 2009

Baller.

Are you sure you're not dropping the physical link? Changing from DHCP to static will often trigger an automatic flap. Is the MAC address of the client interface the same with both DHCP client and static IP?

Thanks Ants
May 21, 2004

I am quite pissed at my fat man avatar.
I am too politically correct to say this out loud though.
I yearn for a reason to exist.
Help.


Fun Shoe

The MAC is definitely staying the same. Granted I hadn't considered that changing an interface around would do a shut/no shut even if I didn't specifically do that.

I can put a dumb switch in the middle of this to make sure that the physical link stays up when I get a chance. Until then I'll see if the ISP can say what they're doing.

Adbot
ADBOT LOVES YOU

Partycat
Oct 25, 2004

Rule Number Dos:
A lot of you maggot people are gonna see some things that you're not used to seein'. I'm talking about nudies! That's right! Botticelli may show a titty or two and Michelangelo may show a mans willy dong long prong... but you are not, I repeat, you are not to titter !

Plaster Town Cop

BaseballPCHiker posted:

Has anyone here ever enabled storm-control in their environment?

Doing some testing in the lab with it and having a hell of a time actually getting it to shut down a port at what appears to be the correct utilization of the interface. If I hard set and interface to have %30 upper and lower it seems like the switch will still go up to %99 CPU before it finally shuts down, taking a couple of minutes to shutdown.

I think I have things setup correctly but just need to figure out the right parameters for traffic.

It isnít instantaneous- there is an interval to it and traffic is averaged over the interval. You can slam the switch briefly and storm control should stop it eventually if the traffic type is proper for what youíre looking for.

You can set it to filter and or errdisable with auto re enable but I have had gear eventually crash out after the storm control flapped enough to eventually tank it, so my preference is to shut down.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«386 »