|
Ninshack posted:Quick background, although not all may be relevent. We've got around 50 sites connected via frame relay (various circuit sizes depending on office size) with GET VPN for encryption. Pretty much three hub and spoke topologies, one per lata. We don't directly manage the routers or circuits, but are expected to work the provider to make sure they are working properly. Wan accelerators is the answer. What was the question again? Wait, what am I saying, it doesn't matter.
|
# ¿ Feb 24, 2010 05:31 |
|
|
# ¿ Apr 25, 2024 08:13 |
|
J. Elliot Razorledgeball posted:We're looking to implement some type of automatic control for updating firewall rules and that on some of our ASAs, is there any type of API available for retrieving and setting configuration values or do I really need to try and interface with it over SSH and parse that garbage out? I may not be reading deep enough into this but what about changing firewall rules manually is such a bad thing?
|
# ¿ Apr 2, 2010 12:00 |
|
TheHeadSage posted:I guess this is just a sanity check question but here's the situation. Don't forget you'll have to configure trunking on the router and the switch (which boils down to a couple of interface commands) but otherwise yep do that. Having never touched secondary addresses before I can't speak for that method.
|
# ¿ Apr 23, 2010 04:17 |
|
Brb booking a plane to new york
|
# ¿ Jul 14, 2010 00:53 |
|
Stupid question, whats your config register set to? (sh ver; at the bottom). It should be 2102.
|
# ¿ Jul 30, 2010 03:21 |
|
Martytoof posted:I'm toying around with frame relay and I'm having a serious "what the gently caress" moment: Add this; frame-relay map ip 192.168.1.1 100 broadcast You need to set a map so it knows what DLCI to send it down. In fact, it'll actually get send all the way to the other end (192.168.2.1) which will then send it back to the interface. I think that's right, but it's been a while since I did frame-relay.
|
# ¿ Aug 20, 2010 04:21 |
|
inignot posted:Using frame maps is round about in the first place. I've never seen that config used outside of ccie scenarios. NBMA interfaces NBMA interfaces NBMA interfaces I try to block the pain but it is unrelenting
|
# ¿ Aug 22, 2010 23:37 |
|
inignot posted:So, you're saying what here? If I've got frame relay service with pvcs from a hub site to three remotes; I can set that up however I want. I can use physical interfaces, point to multipoint subinterfaces, point to point subinterfaces, or some combination thereof. Any one of those can be made to work based on design choices. Back ten years ago when frame relay was ubiquitous, I only ever saw point to point subinterface implementations used. There's a portion of the CCIE lab that makes you configure frame relay between 3 sites using no subinterfaces. When I was doing my training it required a lot of study to get your head around something that is pointless in the real world. edit; my point being the cisco certs make you learn a decent amount of roundabout stuff. abigserve fucked around with this message at 03:48 on Aug 24, 2010 |
# ¿ Aug 24, 2010 03:39 |
|
CrazyLittle posted:The ASA line is the successor to the PIX line of firewall/security boxes. They all have CLI. A pix can route traffic - we route several DMZ's off our pix using ospf.
|
# ¿ Oct 14, 2010 23:56 |
|
jwh posted:Our DC systems folks are attempting to move to UCS-based chassis and blades within the next six to ten months, in an attempt to consolidate our VM environment. Are they at least buying two 5k's for redundancy?
|
# ¿ Oct 17, 2010 07:12 |
|
inignot posted:'Sup fellas. Did...did you cover your name and number with paper?
|
# ¿ Oct 23, 2010 23:35 |
|
At my old job I believe we had the aging time said to 300 seconds (5 mins). As for sticky mac addresses, they don't age as far as I'm aware - buuut if you don't write the config, the entries will vanish on reboot. Out of curiosity, why do you want to enable this feature?
|
# ¿ Oct 29, 2010 07:57 |
|
Find out the switchport it's connected to and r-span that poo poo rasta.
|
# ¿ Nov 3, 2010 02:18 |
|
InferiorWang posted:tortilla_chip, ip pim sparse-mode. L3 between the 3560 and the 4507, L2 within the school if I'm understanding your question. While the school has multiple vlans, the 3560 core switch is the only device doing L3 at that school. Maybe do a SPAN on a port in the same vlan as the users who want access to the multicast group - in fact, that's probably the next thing I'd do, that'd rule out anything stupid/underlying problems.
|
# ¿ Nov 16, 2010 08:55 |
|
Now it's time for a "gently caress the competition" post HP has the absolute best practice ever in regards to their software releases; if you are running old code, and have to upgrade, occasionally you won't be able to upgrade straight to the latest version. No biggie. Except they don't keep the old versions available on their sight. Brilliant, guys, well done.
|
# ¿ Dec 1, 2010 05:04 |
|
ragzilla posted:PC1 will send out an ARP for PC2's IP address to the Ethernet broadcast address. The switch will receive this frame and flood it out all ports *except the one in which it was received (it's a broadcast!), all hosts on the broadcast domain will see the frame and will respond appropriately (ie everyone except PC2 ignore the request- it's not for one of their IPs, PC2 unicasts an ARP reply to PC1). Fixed that for ya! Also, jwh, I find your interview questions intriguing. You only ask for a minimum of BGP knowledge from your engineers? BGP has gotta be one of the most important thing an engineer knows.
|
# ¿ Dec 29, 2010 09:51 |
|
Is than an outside facing interface? Because if so, it might be more prudent to block isakmp from anyone that ISN'T one of your routers.
|
# ¿ Dec 31, 2010 01:37 |
|
gently caress spanning-tree, MST in particular. The next time we buy hardware the only question I'm asking is "does it do pvst+? It doesn't? gently caress you."
|
# ¿ Jan 28, 2011 06:22 |
|
jwh posted:Yes, exactly this. Works on our network (Which, coincidentally is full 10gig through the backbone and entirely located on one campus)
|
# ¿ Feb 3, 2011 05:32 |
|
Look for (S,G) entries on the receiver facing router, check IGMP group membership tables, if that's all fine check RPF isn't failing (for the group). Finally, if all of those are good, check the multicast TTL on the host, and after that, you'd have to continue on a case-to-case basis.
|
# ¿ Feb 10, 2011 03:07 |
|
jwh posted:Wired 802.1x is so full of hurt. 802.1x...integrated into a billing system, interfacing with packet shapers Yey, look upon yor destiny and despair - the devil is real
|
# ¿ Feb 24, 2011 09:46 |
|
People ask loving spanning-tree questions in Engineering interviews? That's like asking a mechanic if he understands what wheels do.
|
# ¿ Mar 16, 2011 09:49 |
|
I guess my point was more the fact that asking about spanning-tree when interviewing for an engineer position seems to be picking the low fruit - I would've thought (this is all opinion, ofcourse) that something along the lines of "explain the importance of iBGP in the campus" or "list some examples where you might use MPLS VPN's to solve a problem". Obviously this is dependent entirely on the position and I'm only basing this on what I perceive based on my limited experience to be an "engineer" position.
|
# ¿ Mar 16, 2011 14:06 |
|
jwh posted:I want TRILL. Literally the future of networking in just about every space. Bone up on IS-IS...
|
# ¿ Apr 5, 2011 05:46 |
|
Tony Montana posted:You won't get a CCIE. I do not appreciate your viewpoint sir, that dude is obviously quite new to the field and advising him to split his focus between networking and servers is tempting him to be mediocre at both. At the end of the day a CCIE who knows routing and switching is more valuable than a dude who knows most of it + some server stuff. Leave layer 4+ to the server guys, or until after you get your CCIE and you have considered yourself a master of all things networking. I may be biased because I'm going for my CCIE this year and I hate doing server work.
|
# ¿ Apr 13, 2011 13:34 |
|
workape posted:A couple of months, I picked up some books just before Christmas after getting my CCNP in November. If I can keep my current study rate, I may get the company to spring for a CCIE Written bootcamp as a final touch before I go and write the exam. Out of curiosity, how are you studying for the lab? Do you have some practice labs from somewhere or is it your own set up?
|
# ¿ Apr 14, 2011 05:18 |
|
brent78 posted:I need to find a contractor in the Sacramento, CA area that can do some BGP/routing work on some 3800's. Can someone point me in the right direction? I'll do it if you don't mind me doing everything remote <_< (from Australia)
|
# ¿ Apr 15, 2011 05:09 |
|
Defiantly consider Aruba "mobility controllers"...we run around 3000+ clients and about 400 access-points off them and they are fairly unbreakable.
|
# ¿ Apr 17, 2011 08:22 |
|
SlippyFists posted:Hi, I'm not sure if this is the right place to ask this, but I'll try anyways. I'm about halfway through my CCNA course at my local college, but I've been having a bit of trouble with the static routing chapter. I have this assignment where I have to connect four pc's with four seperate routers, and they all must be able to communicate with each other via static routes with next hop addresses. Well, after typing in all the different static routes into each router, and placing ip addresses into the four Pc's, not all Pc's were able to ping eachother. Ping the router interfaces instead of the pc's and that'll tell you if your routing is working correctly. If it is then check your host config.
|
# ¿ Apr 19, 2011 23:00 |
|
Bardlebee posted:EDIT: For my own benefit, what the heck is a "interface port-channel"? A port channel is a grouping of multiple physical links into one logical link, for the purpose of increasing total bandwidth and often providing redundancy. In other words, it makes two physical interfaces look like one. As for the config, where is the interface for vlan 13? You've only got one SVI for vlan 1, so I presume it's routed elsewhere, you should find that and do a show ip route there to start with.
|
# ¿ Apr 26, 2011 23:23 |
|
Do a show standby on the layer 3 switch. Verify that your host is configured to use the standby IP address as the default gateway. Also do a show arp | inc [your hosts ip address]
|
# ¿ Apr 27, 2011 00:43 |
|
Sepist posted:Figured it out, forgot to put in `switchport trunk native vlan 1` This doesn't make any sense unless the two member ports were configured differently and even then it should operate as usual unless you only allowed vlan 13 down one etc. etc. etc. etc.
|
# ¿ Apr 27, 2011 15:02 |
|
jwh posted:tcpdump -lvvns0 -w - | strings | grep blah tshark fully supports all wireshark capture filters though so there's that.
|
# ¿ May 7, 2011 07:27 |
|
jwh posted:Well, just received marching orders to evaluate high density 10gig platforms. I guess our server folks are "doing stuff". Nexus 5596's are what you're after. The 7k is a big loving distribution switch and isn't angled at server connectivity. As mentioned, Layer 3 capability with a card (but why do layer 3 on aggregation switches anyway) and up to 96 ports line-rate 10gbe.
|
# ¿ May 21, 2011 06:53 |
|
Zuhzuhzombie!! posted:Actually we've had more problems with Cogent. Part of our problem last night was that they were NOT advertising a default route to us via BGP so when Level 3 crashed our ASR was left with no where to go. We get partial from XO and Cogent and full with Level 3. It's a common thing for ISP's to not advertise a default route. To be honest, I don't really understand why, when 9/10 times that's really the only route you actually need on your border routers. You can always originate statics but what happens if your bgp adjacency goes south without the link going down?
|
# ¿ May 26, 2011 01:03 |
|
Powercrazy posted:We have switched to 100% Cisco optics because of weird poo poo like that. Yea it's more expensive, but budgetary decisions should be made on a device/capabilities level, and reliability isn't something to compromise on. Really? We use plusoptics (http://www.networkconnectors.com.au/) and never had a single problem. The place I used to work used agilstar and never had any issues either. I guess if you like throwing money away then that's cool!
|
# ¿ Jun 12, 2011 06:55 |
|
routenull0 posted:Most vendors I have worked with will not support an optics issue if it is not OEM branded. Even though most Cisco / Juniper optics are Finasar, if you ever have to RMA them, they will reject them. Does this happen a lot for you guys? In my career I've probably seen like 3 bad optics and each one we've just replaced with the exact same type and it's worked fine.
|
# ¿ Jun 13, 2011 07:01 |
|
Powercrazy posted:Yea I plan on doing that as well, but it seems like there has to be a away to see best path info from various routers, without output filtering. You won't have any idea about which way is preferable to get back into your network from the big wide world from your border routers. EDIT2: nevermind, I was wrong. You could be getting asymmetric routing though still which is probably why you posted in the first place because you're trying to fix it so I'm gonna shut up now! abigserve fucked around with this message at 07:36 on Jun 17, 2011 |
# ¿ Jun 17, 2011 03:58 |
|
greatapoc posted:Had a 7206 crash while configuring an ACL Problem located
|
# ¿ Jun 24, 2011 01:38 |
|
|
# ¿ Apr 25, 2024 08:13 |
|
ragzilla posted:Nah, there's enough base bugs in IOS that you can't blame IPv6 for that one. I know, I just like bagging out ipv6!
|
# ¿ Jun 24, 2011 03:42 |