|
marshviperX posted:Quick question. I have an 851w for home use. I'm trying to get DHCP and NAT configured, but most places I look online say to do it via SDM. I know what do to in the SDM to get everything up and running, but I can't get the SDM going for the life of me. I posted a question earlier in the thread regarding Java issues when loading the program, but the fixes mentioned here or on Google have been fruitless. I'm just fed up with it and to the point where I'd just like to do it via CLI, but my Google-fu must be weak as I can't find much help out there that is easily understandable. DHCP: ip dhcp pool DHCP network 192.158.0.0 255.255.255.0 domain-name foo.com default-router 192.168.0.1 dns-server 192.168.0.1 lease 7 ip dhcp excluded-address 192.168.0.1 ip dhcp excluded-address 192.168.0.0 ip dhcp excluded-address 192.168.0.255 Nat: On the outside interface (internet side) Int fast 0/0 ip nat outside On the inside interface (LAN side) Int fast 0/1 ip nat inside Create a ACL to match for NAT access-list 105 remark ###################################################* access-list 105 remark # NAT ACL # access-list 105 remark *################################################### access-list 105 permit ip 192.168.0.0 0.0.0.255 any Create nat rule ip nat inside source list 105 interface FastEthernet0/0 overload If you need the router to do DNS: ip dns server ip name-server x.x.x.x -------------- In your case, you will need to swap fast 0/0 with fast 4 and fast 0/1 with vlan1 if you have a 85X or 87x ISR
|
#
¿
Apr 3, 2010 04:25
|
|
|
|
| # ¿ Apr 28, 2024 13:01 |
|
|
Ninja Rope posted:I'm trying to throttle bandwidth on a switch port in order to somewhat simulate bandwidth restricted clients (ie, users on a DSL line). I'm not exactly sure what settings I should use for the policed rate and burst. Would a DSL line even have a "burst" ability? And how would that relate to the policed rate? what switch? try these 2 for a start http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swqos.html#wp1253412 http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml
|
|
#
¿
Jan 7, 2011 10:36
|
|
|
Syano posted:Generally speaking 5mb/s up and down, give or take a meg. Let me ask this while we are at it. Is it possible to have multiple VPNs open to the same subnet. In other words you have 2 sites, siteA and siteB. SiteA has two internet connections. SiteB has two internet connections. Is it possible to open VPNs accross both connections from siteA to both connections at SiteB? yes as long as you have 2 unique subnets in both sites and your routing gear can support it. Trivial to do with Cisco ISR gear
|
|
#
¿
Jan 12, 2011 15:23
|
|
|
Bardlebee posted:So what your saying is, as long as Site A has a subnet of say 192.168.2.0 and Site B has a subnet of 192.168.1.0 it should be ok? 2 per site you may also be able to fudge a PBR solution but don't quote me on that Or go the whole hog and make a DMVPN as been suggested
|
|
#
¿
Jan 13, 2011 17:00
|
|
|
thiscommercialsucks posted:Martytoof: I just re-read your original post and remembered that I've had similar problems with 2600 and 3600 images before. Like exactly the same problems; can't make serial connections, can't telnet into routers, poo poo like that. I think I ended up using images for 7200 routers and it cleared it up. I just remember that 2600 worked like poo poo. Keep in mind, I was running it on Windows. agreed, managed to get 30ish 7200 routers running on Windows 7 64Bit before it crashed. I think a Core i7/i5 CPU also helped, the CPU load when they had all booted was <10% which was nice. Yet had issues with 2600,3600 and 3700 routers
|
|
#
¿
Jan 31, 2011 09:17
|
|
|
Bardlebee posted:
MAC in the ARP cache will be the MAC last L3 boundary VVV that too, mate time for a new CCNA book I think nzspambot fucked around with this message at 22:28 on Jan 31, 2011 |
|
#
¿
Jan 31, 2011 22:14
|
|
|
ragzilla posted:Usually when systems folks ask for a multi-datacenter spanning L2 it's because they have some application that's written and optimized for local connectivity. IE it consumes ridiculous amounts of bandwidth. vmotion! 
|
|
#
¿
Feb 2, 2011 21:37
|
|
|
Powercrazy posted:How can I do per-vrf outside destination nat on a 6500 w/sup720? I've done something like this before BUT it was on an ISR.... trick was to use the NVI interface and ip nat enable not nat inside or nat ouside. Don't know if this helps at all but it worked for me between 2 VRFs and NATting http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html
|
|
#
¿
May 25, 2011 09:26
|
|
|
Powercrazy posted:Also don't use an RPS. If you want redundant power supplies, either stack the 3750's and have redundant links, or use a 4948. or buy a 3750X
|
|
#
¿
May 27, 2011 07:15
|
|
|
Bardlebee posted:I can't seem to get VTP to distribute my VLAN's across my virtual switches. I have done the following to the switches: Step A) Do you have a trunk between switches ruro posted:I'm getting a million overruns on one side of a 10gbps link, yeaaaah lots of drops on the input queue, either drop the wrr-queue or tune it some more
|
|
#
¿
Jun 6, 2011 04:42
|
|
|
I know this is a Cisco thread but is anyone interested in a Juniper thread?
|
|
#
¿
Jun 8, 2011 08:35
|
|
|
Boogeyman posted:Output of sh int g0/43 trunk: from memory VTP is carried on VLAN1, you've pruned it out of your trunk, so maybe try adding it back in
|
|
#
¿
Jun 9, 2011 08:17
|
|
|
ruro posted:Pretty sure you don't need to allow vlan1, it should just get sent regardless, like CDP. cisco sayz By default, VLANs 2 through 1000 are pruning eligible. VTP pruning does not prune traffic from pruning-ineligible VLANs. VLAN 1 is always pruning ineligible; traffic from VLAN 1 cannot be pruned so maybe its already allowed. so try: http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml#topic3 edit: this is what I remembered: quote:All switchports must be members of a VLAN, and, by default, it is VLAN 1. Because VLAN 1 was selected as the default VLAN for all switchports, it was also chosen to handle special traffic such as VLAN Trunking Protocol (VTP) advertisements, CDP, Port Aggregation Protocol (PAgP), or Link Aggregation Control Protocol messages (LACP). By default, in-band management interfaces such as sc0 are members of VLAN 1. nzspambot fucked around with this message at 09:07 on Jun 9, 2011 |
|
#
¿
Jun 9, 2011 09:03
|
|
|
JTAC grrrr does anyone have real world experience with branch SRX and zones? How do I differentiate traffic external to a zone which is not in a zone but heading into a zone? edit: WWW --> [ZONE (ge-0/0/0)] Is it possible to zone that traffic or do I have to just use a ingress FW filter? nzspambot fucked around with this message at 09:10 on Jun 17, 2011 |
|
#
¿
Jun 17, 2011 08:59
|
|
|
routenull0 posted:I turn off zones on the Juniper SRX and just use standard FW Filters. really? but the zones are statefull vs FW which are stateless, plus you can pipe it into IDP and UTM Anyway the untrust zone is the default "ouside" zone which is gone and in it's place is the BORDER zone. The way I look at it you define zones and then define traffic between zones but how do you define traffic which not in a zone ie the internet? seem I can't unless I'm missing something.
|
|
#
¿
Jun 17, 2011 18:44
|
|
|
routenull0 posted:I always do my firewalling on a standalone piece of gear, never on the edge router, I guess if that's all I had to do both, then I wouldn't remove it. well you raise a point which occurred to me. I might just use it as a router and be done with it TBH as there is a another SRX involved which can do what I need. But the was I see it is when defining a security policy on a zone you have to do from-zone <zone> to-zone <zone> where the from zone is undefined. I think maybe they are not meant to be a right-on-the-edge-device even tho they are a combo J/SSG upgrade. So yes I think best is to use it as a router with no knobs and use filters to protect the BGP interface and if needed I can zone from it into the INTERNAL part of it. thanks anyway edit: where the gently caress is Sup2T. Anyone want bets on when it comes out? Duke Nukem took what 10 years?
|
|
#
¿
Jun 18, 2011 05:31
|
|
|
Powercrazy posted:Pre-stage your configs, then copy/paste them in. Whenever I do config changes on live infrastructure, I never have a problem because I pre-stage. I disagree set interface interface-range <foo> show vlans show ethernet-switching interfaces show ethernet-switching table not to mention rename interface <foo> to <faa> as for your prestage, how do you commit check and show | compare ? How do you roll back?
|
|
#
¿
Jul 5, 2011 08:07
|
|
|
Powercrazy posted:Can you actually boot off of USB drives now? yep, does require a specific ROMMON but works very well, either upgrading a CF Flash or testing or using for a rollback or whatever done all of those lots of times
|
|
#
¿
Sep 4, 2011 03:59
|
|
|
Martytoof posted:I love the little videos that Cisco managers do for the website to show off products, but it's terribly obvious why each and every manager at Cisco didn't go into acting as a career. oh I love those, there are some terrible terrible ones which makes me wonder wtf they were thinking when they allowed them through On topic: Random question, leaking a route between virtual routers in juniper land, how do I handle the next hop? If I leak say 10.1.1.0/27 the next hop is in another inet table which means it won't work. I'm not being lazy here Ill figure it out tomorrow but was just wondering. When I did it in Cisco land (static routes) you just set the next-hop and VRF. I'm also leaking using OSPF which mayyyy not work. The other thing is I need to leak a discard route which also dons't seem to be right after a glance as the static route placed in the table is set to be discarded. Probably not explaining this very well 
|
|
#
¿
Feb 7, 2012 06:12
|
|
Each cisco UCS 5100 chassis comes with four --" *paws at chassis trying to not break eye contact with camera, trying to point at power supplies* "-- up to four redundant power supplies. 
|
Ninja Rope posted:I ran into some stupid next-hop bug on EX 4200's that caused them to refuse to forward the traffic even though the config was correct. I had to update to JunOS 11.1 to fix it. If you get stuck I can try and find my notes but I remember seeing a bunch of j-net posts on how to leak routes between VRF's and you can probably Google those easily. this would be on a SRX, I need 11.1+ for ST endpoints in a VR anyway. But almost there I think looks like static routes might have to work for me. And leak the interface route as well. Zuhzuhzombie!! posted:CEF is turned off, etc. Sadistic nzspambot fucked around with this message at 20:29 on Feb 8, 2012 |
|
#
¿
Feb 8, 2012 20:27
|
|
|
tortilla_chip posted:Is the SVI involved in any NAT or high touch type features? Disabling CEF tends to be a fix for bugs. or disabled for debugging and forgotten about
|
|
#
¿
Feb 8, 2012 23:59
|
|
|
Ahh Telstra not filtering it's customers, fun stuffquote:
|
|
#
¿
Feb 24, 2012 02:30
|
|
|
routenull0 posted:NANOG has been hilarious about this today. AUSNOG had some good stuff as well
|
|
#
¿
Feb 24, 2012 03:37
|
|
|
Juniper or Brocade These are ment to be good http://www.brocade.com/products/all/switches/product-details/icx-6610-switch/specifications.page BUT you have to buy licences  to enable 10GDunno about buffers as well  edit: buffers be quote:Greater buffering capabilities: With an 8 MB packet buffer, the Brocade ICX 6610 nzspambot fucked around with this message at 06:25 on Mar 7, 2012 |
|
#
¿
Mar 7, 2012 06:19
|
|
|
lol internet. posted:Trying to use GNS3 for cisco testing. I can't seem to use the crypto command, any reason why? That images doesn't support crypto you'll need to search the  for something with a k8/k9 in it eg:c3640-js-mz.122-1.bin = no crypto c3640-jk9s-mz.122-1.bin = crypto use http://tools.cisco.com/ITDIT/CFN/Dispatch?showAllSoftware=true to find what you need to "find edit: IP PLUS c3640-is-mz.122-1.bin = what you have IP PLUS IPSEC 3DES c3640-ik9s-mz.122-1.bin = what you need nzspambot fucked around with this message at 07:54 on Mar 15, 2012 |
|
#
¿
Mar 15, 2012 07:52
|
|
|
Anjow posted:What are the requirements for CompactFlash cards to work in Cisco devices? I'm specifically talking about a Sup720 in a 7606, I've got a 4GB Kingston card, formatted as FAT16, formatted in the supervisor in that chassis. I put an IOS image on it with my PC, it shows up fine on my PC, but I stick it in the supervisor and the card shows as empty! I then format the card in the supervisor again, stick it back in my PC and the IOS image is still there. I don't know how this could be happening. IME (based on ISR work) 4GB is pushing it. If you dir flash does it report a 4GB size? I used to find 4GB would report -3GB size What I used to do was use a Linux distro and partition it to a 512MB or 1GB size And the Sup720 maybe picky about what CF works
|
|
#
¿
Apr 19, 2012 10:17
|
|
|
buffers, buffers buffers Seem my colleagues at my old/new job thought a 3750-X stack would be a-ok for a EMC iSCSI (10Gb). Seems not (not surprised at all) I've tuned the buffers etc but now it's time to look at new switches I know ideally it would be a 4948 or a N5K but I don't know if budget will stretch. Any other alternatives? I thought brocade had a switch with 240+mb of buffers but cannot figure out which one it was. Dell have a nice one but at 31K might be a bit high. Suggestions? And I wasted a couple of hours troubleshooting a issue then looked at the docs and found that that vlan was never going to work for testing 
|
|
#
¿
Aug 19, 2012 07:56
|
|
|
Powercrazy posted:Nexus and 4900E's aren't super pricy, if you can't afford those, then I'm not really sure what you will be able to afford. well a small company located in the South Pacific tends not to get the best price on gear. Not to mention that the budget for the project won't cover this since it was speced wrong so the cost will fall onto us. Which is why I'm interested in things which aren't Cisco since we're between a rock and hard place. And it may be the case that it will be cheaper if we just change the EMC SPs to 1Gb down from 10Gb since the DR SAN has only 1GB and performs better than the Prod SAN edit: For example a 4948 10Gb switch is our buy 13.5K + tax NZD Add some optics and times by 2 will be up-towards 30K NZD before any special pricing. nzspambot fucked around with this message at 02:22 on Aug 20, 2012 |
|
#
¿
Aug 20, 2012 02:14
|
|
|
an option, I wonder how much EMC will want for a licence.
|
|
#
¿
Aug 20, 2012 21:30
|
|
|
Ninja Rope posted:I'm sure jwh is being somewhat sarcastic, but the security and file access semantics are very different between nfs and iscsi. Just so you're aware. yeah I know, it was an option I was thinking about anyway but it dons't sort out the overall issue of the switch not performing.
|
|
#
¿
Aug 21, 2012 00:48
|
|
|
CaptainGimpy posted:nope and nope I have a 5510 (8.4) with two different OSPF processes (10 and 20)
|
|
#
¿
Sep 7, 2012 08:28
|
|
|
CaptainGimpy posted:Right, the question was more than two. Two is the max. right, I should learn to read 
|
|
#
¿
Sep 7, 2012 22:45
|
|
|
jwh posted:http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/command/reference/cli1.html#wp2144505 that's a very good doc to read. FYI a couple of pages ago I had the same issues with a 3750-X stack, no amount of tinking can really fix the issue with these switches. The only thing which really worked for me was to look at which queue had the largest amount of traffic and make that have the most buffers. Even then I still see drops. The boss found a Dell switch which has more buffers for a lot cheaper inc HBAs
|
|
#
¿
Sep 26, 2012 03:21
|
|
|
ior posted:Correct, 20Gbps realworld throughput and you can stack up to 8 of them for 128Gbps of performance Do you have a link on the stacking info? I came up empty on google and cisco.com
|
|
#
¿
Jan 11, 2013 09:23
|
|
|
Jelmylicious posted:It is a new feature in ASA 9.0, and cisco calls it clustering, so that should help you in your google adventures. Here are a few links: ahhhh asa 9.0 nice thanks for that!
|
|
#
¿
Jan 11, 2013 10:20
|
|
|
Does anyone have any info on the 3850 Catalyst Switches yet?
|
|
#
¿
Jan 21, 2013 07:41
|
|
|
falz posted:The most info I've seen so far is here: Yep that's what piqued my intrest bloody NDAs
|
|
#
¿
Jan 22, 2013 07:24
|
|
|
teh z0rg posted:Does anyone have a Palo Alto PA-200? how much did one of those cost you (with any licences etc)
|
|
#
¿
May 20, 2013 04:34
|
|
|
has anyone got IPv6 over lt interfaces in Junos working? All I can find is the encap of Ethernet doens't work for IPv6 so use Frame-Replay which of course doesn't work as wellcode:
|
|
#
¿
Jun 12, 2013 04:10
|
|
|
|
| # ¿ Apr 28, 2024 13:01 |
|
|
don't worry I found the stupid error code:
|
|
#
¿
Jun 12, 2013 20:56
|
|