|
Powercrazy posted:Well crap. I can't enable NBAR on a Cisco 851W and that is the easiest way to do what I want to do. Now I'm going to have to gently caress with access-lists and things. Sigh. Here's some PQ stuffs, should help you figure out if you can do it or not. code:
|
# ? Apr 25, 2007 02:17 |
|
|
# ? Apr 19, 2024 11:53 |
|
Powercrazy posted:Well crap. I can't enable NBAR on a Cisco 851W and that is the easiest way to do what I want to do. Now I'm going to have to gently caress with access-lists and things. Sigh. Use a BT client that supports TOS configuration on outgoing packets, set them to a classification you know nothing else in your network uses and setup a class-map to match the TOS into a class and a policy-map to queue it behind other priority traffic. You shouldn't need to do anything on the 35XX as I doubt you're congesting it's switch fabric with your BT traffic. If you really want to be lazy with the switch though, look into autoqos (and make sure you change the default TOS to queue map so that the value you use for your BT traffic isn't landing in a priority queue). Keep in mind this is only good for outbound traffic. You queue/shape/police/drop outbound. You really only mark inbound. There's no point dropping a packet once it's already on the wire.
|
# ? Apr 25, 2007 02:25 |
|
Korensky posted:Keep in mind this is only good for outbound traffic. You queue/shape/police/drop outbound. You really only mark inbound. There's no point dropping a packet once it's already on the wire. This is a key point to QOS that is often missed. It only works in the direction of transmit, so for the most part QOS is only usable within enterprise networks where QOS policies can be applied end to end.
|
# ? Apr 25, 2007 02:55 |
|
Korensky posted:Use a BT client that supports TOS configuration on outgoing packets, set them to a classification you know nothing else in your network uses and setup a class-map to match the TOS into a class and a policy-map to queue it behind other priority traffic. Well there are 4 of us on the network, so I'd rather everything be self contained in the router rather than configuring each computer individually. Also the only thing that messes up online games (in my case, I think) are outgoing packets from BT. Since we are on a residential connection I don't think we are saturating our downlaod, but I'm sure that we are using a significant amount of upload. I'll try messing with the router and stuff tomorrow. Thanks for the help so far.
|
# ? Apr 25, 2007 07:07 |
|
Korensky posted:Keep in mind this is only good for outbound traffic. You queue/shape/police/drop outbound. You really only mark inbound. There's no point dropping a packet once it's already on the wire. Yeah I always found it wierd when folks talked about inbound QoS (with TCP sliding windows or something) on an interface. Only so much can come in on the pipe, classify it inbound, mark it up/mark it down/dump it/ take action on it outbound. PQ is cool, but you can also start dumping packets (why I increase the queue size) if a higher priority queue is active past the timeout of the lesser traffic's queue. Class Based Weighted Fair Queueing is where it's at in my opinion. 256 classes/levels as opposed to 4 queues with PQ. Can get it to play with 802.1q tags as well as the TCP stuff, for handing off to a switch. (e.g. time sensitive traffic comes in on UDP 5000, gets put in a high preference queue for transmission on the router's inside interface, but also gets an 802.1q COS tag of 5, which the switch is trusting, recognizes it and queues it up accordingly as it travels through the layer 2 network from switch to switch) Korensky posted:Use a BT client that supports TOS configuration on outgoing packets, set them to a classification you know nothing else in your network uses and setup a class-map to match the TOS into a class and a policy-map to queue it behind other priority traffic. I guess there's a few ways to skin this cat so to speak. If I just wanted to be quick about it, I would mark up all traffic that I knew had a destination port > TCP 1024 that was NOT BT, say YOUR GAME or something that sticks to TCP 17000 for example (medium queue mebbe), then mark the rest down... all traffic with a destination TCP port >1024 to the low queue (what BT app isnt running TCP 5000+), and let web traffic and other things you want to get preference on high, medium or just default to normal. Grats! \/\/\/\/ Herv fucked around with this message at 13:37 on Apr 25, 2007 |
# ? Apr 25, 2007 12:12 |
|
I finally spent the time to get my CCNA yesterday
|
# ? Apr 25, 2007 13:05 |
|
Paul Boz_ posted:I finally spent the time to get my CCNA yesterday Congratulations! How was the test? I've been thinking about trying to go do the CCNA sometime this summer.
|
# ? Apr 25, 2007 15:22 |
|
Anyone running an IPV6 backbone yet? I'm building a new service provider core at the moment and thinking of getting an allocation and turning it on just for the hell of it. There's no requirement for it yet - but at least I guess our products boys can have some fun with it.
|
# ? Apr 26, 2007 09:45 |
|
Korensky posted:Anyone running an IPV6 backbone yet? I'm building a new service provider core at the moment and thinking of getting an allocation and turning it on just for the hell of it. There's no requirement for it yet - but at least I guess our products boys can have some fun with it. Yup. It's where all the cool network engineers hang out now. Pain to find providers that support it cleanly though and watch out for the type 0 routing header problem that everyone's freaking on. (Also join the ipv6-ops@lists.cluenet.de nanog-equiv mailing list)
|
# ? Apr 26, 2007 20:42 |
|
jwh posted:Congratulations! How was the test? I've been thinking about trying to go do the CCNA sometime this summer. I know you know your poo poo when it comes to Cisco routing and switching so I'm sure you could pass it with minimal effort. Get Todd Lamlee's CCNA book, which is published by Sybex, and read it from cover to cover. Get to the point where you can answer the practice questions correctly and take the test. Keep in mind that the CCNA is the base, most newbie of the Cisco certs and that a lot of what you probably know isn't even aplicable or on the test at all. It's definitely worth it, I got the cert two days ago and got a raise yesterday unknown posted:Yup. It's where all the cool network engineers hang out now. Can you recommend any other industry mailing lists similar to these? I love stuff like this Paul Boz_ fucked around with this message at 13:57 on Apr 27, 2007 |
# ? Apr 27, 2007 13:32 |
|
Paul Boz_ posted:I finally spent the time to get my CCNA yesterday The only logical explanation I can think of is that theyre much more common in the US. Is this the case?
|
# ? Apr 27, 2007 16:03 |
|
EiZei posted:Did they actually ask you about arcane technologies like ISDN and Frame Relay over there as well? Those are almost extinct here in Finland yet the Cisco materials feature them heavily. Though I haven't touched Cisco material in around 6 months...... the last I looked, it still covered ISDN/Frame Relay quite a bit. I've also never seen ISDN/Frame Relay actually put into use.
|
# ? Apr 27, 2007 16:35 |
|
EiZei posted:The only logical explanation I can think of is that theyre much more common in the US. Is this the case? It certainly wasn't a heavy focal point on my exam, I had two or three virtual labs, a lot of questions on VTP, STP, OSI layers, routing protocols and a few on subnetting. If you get thrown a question on frame relay or ISDN, I wouldn't expect it to go very in-depth
|
# ? Apr 27, 2007 16:40 |
|
Frame-relay is still very much alive and well. Even in MPLS environments, frame-relay is a very common access method for low-speed (<DS1) leased lines. I just labbed l2tpv3, and it blew my mind. Topology is CER1-Ser1/0 <-> Ser1/0 PE1 Ser2/0 <-> Ser2/0 PE2 Ser1/0 <-> Ser1/0 CER2 code:
jwh fucked around with this message at 17:38 on Apr 27, 2007 |
# ? Apr 27, 2007 17:01 |
|
Got a friend who runs the CCNA boot camps for BOSON and he told me the latest revision of the CCNA took out most of the ISDN stuff and that it's much easier in general. Definitely study up though JWH, he constantly tells me about people coming in who have worked on the equipment for like 10+ years and totally bombing the test, like only 1 or 2 correct answers. I just passed my BCMSN exam a week or two ago and there were at least 2 questions that were just flat out wrong. Cisco exams have to be the worst tests ever, from questions that are glaringly wrong to off the wall poo poo that isn't mentioned anywhere in any of the material. Who writes these?
|
# ? Apr 27, 2007 17:12 |
|
I didn't get any ISDN poo poo on either of my tests, but had quite a few frame relay questions. I agree that Cisco exams are indeed bullshit, but their justification is that in the real world you may have to pull some archaic factoid out of your rear end so they make sure you can.
|
# ? Apr 27, 2007 17:22 |
|
Paul Boz_ posted:I didn't get any ISDN poo poo on either of my tests, but had quite a few frame relay questions. It could be worse, DECnet and Apollo were pretty scary as well. I actually had ISDN back in 97! Using a Brouter. So JWH will you be using the L2TP instead of GRE now for routing over tunnels? Not sure about the details, haven't played with it yet, although that's what I am gleaning.
|
# ? Apr 27, 2007 17:56 |
|
so I've got a whole stack of 2610 routers and zilch for documentation. where can I find stuff like how to access their console and stuff? I'm not really a cisco guy so I apologize for such a basic and stupid question.
|
# ? Apr 27, 2007 21:16 |
|
karttoon posted:Definitely study up though JWH, he constantly tells me about people coming in who have worked on the equipment for like 10+ years and totally bombing the test, like only 1 or 2 correct answers. Yeah, Cisco really seems to love meaningless IOS and abbreviation trivia. It's like you can't be a network engineer if you have to resort to pushing '?' now and then.
|
# ? Apr 27, 2007 21:29 |
|
coconono posted:so I've got a whole stack of 2610 routers and zilch for documentation. where can I find stuff like how to access their console and stuff? You'll want one of the blue cisco console cables, or just build a 8P8C/RJ45 rollover cable. Console is 9600/8/N/1 by default. Use hyperterm for lack of a better option. Here's the 2600 quick-start guide, and some other stuff, although most of the time, your best bet is just typing 'cisco blah blah blah' into google. http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/index.htm Herv posted:So JWH will you be using the L2TP instead of GRE now for routing over tunnels? Not sure about the details, haven't played with it yet, although that's what I am gleaning. No plans to replace our GRE and mGRE tunnels with anything, since they're supported on lower-end ISRs, and really flexible. Plus they're easy to secure with IPSec. I mostly just wanted to see how l2tpv3 worked, and whether I could use it for anything. Layer-2 transport over an IP backbone is really neat. It's like ATM CES without the ATM!
|
# ? Apr 27, 2007 21:43 |
|
jwh posted:pseudowire-class pw1 Also what's CER and PE
|
# ? Apr 27, 2007 23:13 |
|
sirchode posted:Mind explaining these two to me real quick? I've never seen them before and can't seem to find information in my books here Sure thing. CER and PE are just names I used to denote Customer Edge Router and Provider Edge routers. In reality, they're just dynamips instances of 7200 routers with a 12.4 ios, and the names don't really matter. the 'xconnect' command under an interface (could also be a sub-interface, like an ethernet dot1q interface) creates a layer-2 cross connect using l2tpv3 encapsulation to remote router 10.0.0.2 (the loopback IP of PE2) virtual-circuit ID 1, and pseudo-wire class 'pw1'. The same thing is set up in reverse on PE2, only it uses the IP address of PE1's loopback. So when CER1 sends a frame over it's serial interface, the PE1 router grabs it, stuffs it into a l2tpv3 packet, and shoots it over to PE2, who then strips the original frame back out and sticks it on the serial interface to CER2. Same thing happens in the other direction, too. CER1 and CER2 think they're directly connected at layer-2, and have no idea they're actually being carried over an intermediary IP backbone. If you look at the IP addresses on CER1 and CER2, they're both numbered in a single /30, but topologically, they're physically disconnected, and that shouldn't work. I thought it was pretty cool stuff. edit: here's the doc I basically copied: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gtl2tpv3.htm jwh fucked around with this message at 00:05 on Apr 28, 2007 |
# ? Apr 28, 2007 00:01 |
|
jwh posted:I thought it was pretty cool stuff. What kind of equipment did you lab this with? I've never heard of pseudowire so I'm wondering if I'm just too nub to have known about it or if it's a relatively new thing (ie., introduced in a new IOS version)
|
# ? Apr 28, 2007 00:31 |
|
sirchode posted:Thank you, that is indeed pretty awesome. We've got some offices on the other side of the country and I'm imagining having them set up as VLANs managed by our switches and routers over here in the CO, it's a very cool prospect. 12.0(23)S apparently. Pretty recent still. From what I understand it's mostly intended in an MPLS backbone but they also added support for 'regular' IP backbones (much like VRF-lite).
|
# ? Apr 28, 2007 04:02 |
|
Yeah, the lab was really just four dynamips instances of a 7200, running a 12.4 IOS image. You can check out dynagen, which is a front-end for dynamips, here: http://www.dynagen.org/. You'll need to provide either a 7200 or 3600 IOS image. l2tpv3 is kind of the bastard step-son of a real MPLS pseudowire, since it doesn't require an MPLS environment. When you configure the xconnect, there's an option to use either l2tpv3 or mpls as the carrier protocol. I imagine that if you use MPLS, it just becomes label-switched natively, as opposed to packet-switched in l2ptv3 packets. I don't honestly know. VRF-lite to VRF analogy sounds right. I think the only major downside of l2ptv3 is that there isn't multipoint support, which means you'd have to go to something like VPLS (AToM) if you wanted more than one site all plugged in together.
|
# ? Apr 28, 2007 04:51 |
|
sirchode posted:We've got some offices on the other side of the country and I'm imagining having them set up as VLANs managed by our switches and routers over here in the CO, it's a very cool prospect. Think through the implications of a cross country broadcast domain before doing this.
|
# ? Apr 28, 2007 05:27 |
|
Agreed. L2VPNs are incredibly flexible but their abuse by people who could achieve much more elegant solutions to problems is pretty common. Just because you can do something - doesn't mean you should.
|
# ? Apr 28, 2007 05:36 |
|
probably not the right place to ask but what the hey the cisco vpn client - can someone convince me that this is not a flaming piece of crud? on my linux box it typically hardlocks my machine. sometimes I am lucky and it just brings down all other network interfaces (this is also not so useful because my server is in a cupboard with no easy keyboard/mouse access) on my windows box tends to kill all other network connections. Then, dns lookup and internet surfing is terrifically slow (I suspect it is going through the vpn) I've been told this 'kill all other network connections' behavioiur is by design. ok, I am not very much a fan of this. Can someone recommend alternative pieces of software, hacks, configuration changes or whatever that could allow me to connect to my work vpn without causing immense headache?
|
# ? Apr 28, 2007 10:35 |
|
adante posted:probably not the right place to ask but what the hey The 'kill all connections' is controlled by the VPN server, you'd have to have the person that configures the VPN concentrator/firewall enable split tunneling and then it would only route traffic intended for the remote network over the VPN tunnel.
|
# ? Apr 28, 2007 15:26 |
My short Cisco question: I bought some old 2600 series routers. They are missing the faceplates on the back (like the person had some expansion modules in them and took them out before selling the routers to me). So now I have these big square holes in the back of my routers that allow a huge collection of dust and cat hair and the like. Does anyone know where I can pick up the little faceplates that go on the back? jwh posted:Console is 9600/8/N/1 by default. Use hyperterm for lack of a better option. I always use Hyperterm and didn't know that there were better options. What do you guys recommend instead of Hyperterminal?
|
|
# ? Apr 28, 2007 19:06 |
|
IBM posted:My short Cisco question: I bought some old 2600 series routers. They are missing the faceplates on the back (like the person had some expansion modules in them and took them out before selling the routers to me). WIC BLANK slot covers: $12 http://www.comstarinc.com/cisco_2600_parts.html
|
# ? Apr 28, 2007 19:39 |
|
IBM posted:I always use Hyperterm and didn't know that there were better options. What do you guys recommend instead of Hyperterminal? Secure CRT. Once you have experienced the glory of the simultaneous cut+paste feature you'll regard hyperterminal as the neaderthal grade application that it truely is.
|
# ? Apr 28, 2007 20:22 |
Paul Boz_ posted:WIC BLANK slot covers: $12 http://www.comstarinc.com/cisco_2600_parts.html Thanks for the link! But drat, $12 bucks for that little piece of steel that is barely stronger than aluminum foil? inignot posted:Secure CRT.
|
|
# ? Apr 28, 2007 21:10 |
|
IBM posted:Thanks for the link! But drat, $12 bucks for that little piece of steel that is barely stronger than aluminum foil? I'm sure you can find them cheaper somewhere, now that you know what they're called.
|
# ? Apr 28, 2007 21:46 |
|
Sorry for the double post but I thought I'd share this. I cross posted in the coupons forum of SA mart but it's probably the most pertinant here: This book, ISBN number 1-58720-189-5, lists as $30 on Cisco Press website and has a release date of May 7th. I just snagged it on Amazon.com for $19.99, however. CLICK HERE
|
# ? Apr 29, 2007 13:39 |
|
H110Hawk posted:I assume this means you work for Cisco? Sorry for taking so long to reply, I lost the thread and only just found it. I'll have to bookmark this for any further questions. About the 6509: There is usually a prepaid FedEx/UPS shipping label included with the RMA so you can just package the faulty chassis in the same box it was shipped, slap the label on it, then call the courier to pick it up. If it didn't have a label, try going to https://www.cisco.com/go/logistics and entering the RMA number and it should guide you through to a printable label. The third and probably best option is to get ahold of asset recovery (asset-recovery@cisco.com), tell them of your predicament, and they should be able to help you out. I'm surprised they haven't been hounding you for the last 9 months. Be sure to include the service request number (9 digits, starting with 605 or 604) and the RMA number (usually 8 digits starting with an 8). Concerning the sup: Send an email to TAC@cisco.com, explain the problem in more than just a few words, include the chassis serial number for entitlement verification (Processor Board ID in Show Version output), list any troubleshooting you've performed (or just make it up I guess), then shipping and site contact information. Unless its obvious, state what part you need. In this case, do you just need to replace the flash card, or is the slot on the sup not taking them? That should be enough for any engineer that I work with to send out the replacement without question. Unless you want to talk with someone, then include as little information as possible and we'll all hate you for it For a supervisor you would usually need to move over any RAM or flash to the replacement. But you can have certain OS's preloaded onto it before it ships, which would require that we order the extra mem and flash. Keep in mind that its against federal regulations to ship encrypted software so if you see a 'k9' anywhere in the IOS filename then your out of luck. Edit: I should add that the most PITA you'll have is most likely in opening the ticket. Unless the engineer is an rear end, once you get to him/her its smooth sailing save for any entitlement issues. Edit 2: A brief story. I got a case the other day, customer couldn't power on her router (FYI, don't use 'boot' to describe power failure). She wanted to replace the WICs and the router for this. This is a no-no. I try to explain to her why the WICs would not in any way kill her router, and even had her try to boot the router without the WICs to prove it. Needless to say, a few back and forth emails ensue until she hits me with this gem: quote:I cannot power on the router. This is definitely not a power failure. She contacted her account manager and whined, I explained the situation to him, and he says hell no and I ship her the router only a day later. Yep, she wasted a whole day on those WICs she didn't need. Drighton fucked around with this message at 16:53 on Apr 29, 2007 |
# ? Apr 29, 2007 16:45 |
|
Paul Boz_ posted:I didn't get any ISDN poo poo on either of my tests, but had quite a few frame relay questions. I'm confused. Is there one test for the 640-801 Cisco CCNA cert, or two? Thanks. And they're going to change everything in May/June correct?
|
# ? Apr 29, 2007 16:58 |
|
Paul Boz_ posted:Can you recommend any other industry mailing lists similar to these? I love stuff like this c-nsp (and the related ilk), there's a couple of irc channels that have a few good people hanging out. Most lists are based on a specific topic rather than general topics. There's a couple of other general chat lists, but effectively they have a membership fee attached to them. Check out LOPSA.org (a spinoff of Usenix/SAGE) - it's heavier into the systems based stuff rather than networking, but some of the original systems people hang out there. Nothing like complaining about Sendmail and then having Eric Allman answer you personally telling you that you're full of poo poo and to listen to the other guy that answered you already. To keep the networking theme going in this thread: - Neatest trick I learned recently for service providers: Anycast your default route.
|
# ? Apr 29, 2007 18:20 |
|
Weissbier posted:I'm confused. Is there one test for the 640-801 Cisco CCNA cert, or two? Thanks. There is a one test route (640-801) and a two test route (640-821 & 640-811) for getting the CCNA. In the end you get the same cert regardless of which path you followed. You can read more about it at http://www.cisco.com.
|
# ? Apr 29, 2007 18:25 |
|
|
# ? Apr 19, 2024 11:53 |
|
Ok this is a dumb one, but where can I find the steps I need to go through with the CLI to install a new version of ios for my 871 router? The Cisco website sucks pretty bad and all I can find are tech docs on how to restart the router.
|
# ? May 1, 2007 03:34 |