|
jwh posted:...similar enough to IOS to make you feel comfortable, but different enough to irritate the poo poo out of you. e: What's almost worse is having another vendor fix an annoying kink in their IOSsy product and then having to go back and do it the stupid old Cisco way. bort fucked around with this message at 01:12 on Oct 2, 2012 |
# ¿ Oct 2, 2012 01:08 |
|
|
# ¿ Apr 26, 2024 19:14 |
|
This may seem from left-field, but do you have Fast SSID change enabled on the controller? That fixed a whole slew of issues I was having with IOS clients.
|
# ¿ Oct 2, 2012 19:24 |
|
Zuhzuhzombie!! posted:Folks using iPads like they're going out of style.
|
# ¿ Oct 3, 2012 18:08 |
|
Ninja Rope posted:What about the F5 boxes with the cotton candy colored glowing logo on the front? Always makes me hungry. CaptainGimpy posted:Those lights coupled with some other devices hurt to look at. bort fucked around with this message at 11:45 on Oct 10, 2012 |
# ¿ Oct 10, 2012 11:31 |
|
Powercrazy posted:Can you give an example? When I was learning VLANs I had no problem understanding tagged/untagged/native vlans, though it did take me a little while to remember which was which. Force10 has a nice VLAN setup. They're an interface configuration without any flat layer 2 configuration. You add physical interfaces/channels to it, tagged or untagged. You can set portmode hybrid on a interface/channel to get it to pass untagged/tagged like a Cisco trunk does. The real thing about FTOS is that a static port channel is configured in the port channel interface configuration (using channel-member). An LACP port channel is configured on the physical interface -- similar to how Cisco does a channel-group statement -- adding the interface to an LACP instance, I guess, conceptually. e: I really like the idea of named VLANs. bort fucked around with this message at 00:48 on Oct 13, 2012 |
# ¿ Oct 13, 2012 00:45 |
|
Kaluza-Klein posted:If I want to get a used cisco switch for the house can some one suggest some models to look for? I don't know my cisco models. bort fucked around with this message at 16:15 on Nov 15, 2012 |
# ¿ Nov 15, 2012 16:07 |
|
Again, depends what you're using it for. The 2950T is end of sale and if I were using it for IOS training, I'd get a model that's still supported. If I were actually wiring my house with a $100 switch for some reason, and I needed 24 ports in one place also for some reason, I'd buy the one with the gig ports. e: powercrazy has a point about the 3550, too. It might be a better training device, since learning layer three is really important bort fucked around with this message at 16:33 on Nov 15, 2012 |
# ¿ Nov 15, 2012 16:24 |
|
I love Solarwinds NCM, Windows or not. If you can afford Solarwinds' stuff, it's easy to work with and produces great diffs for configuration management and audit. Good multivendor option, too. I'm wrangling Cisco Prime right now to try and migrate off of WCS. They have me in a series of tangled dependencies that's really making me consider looking at another wireless vendor. Need v7 to get off of WISMs and on to 5500s, need MSEs to replace my aging locators and v7 obsoletes them, need Prime to run MSEs. Nothing's broken and I'm out six figures for the privilege of replacing my EOL chassis switches.
|
# ¿ Dec 4, 2012 01:24 |
|
Langolas posted:Try having bugs in the export scripts for WCS that you have to uninstall and install different versions to try to get a proper exportable migration file to move to NCS.
|
# ¿ Dec 4, 2012 19:13 |
|
Force10 switches default to having spanning tree disabled globally. Why they'll allow you to configure portfast on an interface without it being enabled, I'm not terribly sure. I won't bore you with details of how I discovered this...
|
# ¿ Dec 14, 2012 03:50 |
|
Sort of answered above. I just got done with upgrading my whole kit and caboodle: WCS to Prime, adding MSEs and getting rid of 2710 locators and upgrading from 6 to 7. Took me all weekend but it was fun. bort fucked around with this message at 22:21 on Dec 18, 2012 |
# ¿ Dec 18, 2012 22:18 |
|
jwh posted:...to be able to transparently decrypt all of the SSL moving through the box from your user population
|
# ¿ Jan 11, 2013 17:47 |
|
Does software update work for you guys using Prime Infrastructure? 1.3 is out, as well as an update for my MSE virtual appliance. The MSE release notes say to use Prime software update but it doesn't detect those updates. I also can't download the tarball for the MSE upgrade, just OVA files.
|
# ¿ Feb 27, 2013 22:55 |
|
When you finally do upgrade, in the top right corner, hover over your login name and click Switch to Classic Theme. They tried to make it all lifecycle-y and hid every useful function in different menus. Classic Theme is reskinned WCS.
|
# ¿ Feb 27, 2013 23:39 |
|
How prevalent is the problem of microbursting? I've heard it blamed for a few errors in my infrastructure, but that always turned out to be something else. However, with the growth of 10G networking I could see situations where it'd occur. Is it a characteristic of app traffic or just volume? We use Riverbed Cascade for netflow, but I don't think it'd make sense as a solution without a prior investment in Steelheads. Leveraging them for traffic analysis is rewarding, e: but we're in the same boat as everyone else when the traffic doesn't cross one. Bluecobra, I'm jealous of your solution. bort fucked around with this message at 02:27 on Mar 2, 2013 |
# ¿ Mar 2, 2013 02:24 |
|
Zuhzuhzombie!! posted:Don't buy an ASR1002. There's a serious bug either software or hardware the fucks with the line cards. We've had to RMA them multiple times and it looks like this is also the source of the sonet problems we've been having. A 32-bit counter bug in a timer rebooted our spine switches one night. I got the dubious honor of having my infrastructure generate a field alert. Finally got the maintenance window to upgrade the software, and encountered an unpublished bug where our VLANs won't route. To fix it, either shut/unshut the VLAN interface or occasionally, we get to remove and reconfigure the VLAN interface entirely! Really sweet low-impact workaround.
|
# ¿ Mar 28, 2013 21:27 |
|
Speaking of H-REAP/FlexConnect, does anyone have a problem where the remote APs will occasionally get the local controller's VLAN number for an SSID in their VLAN mappings? This is a problem that occurs maybe once every three months and has persisted through three version upgrades. I'm attacking it by running a weekly scheduled task on Prime to apply a template to the remote APs, but I'm wondering if it's a bug that's fixed after 7.0 somewhere. I'm pinned right now because of 4400 WLCs in my deployment.
|
# ¿ Apr 7, 2013 15:38 |
|
ior posted:Do you have multiple controllers? Are the flexconnect SSIDs configured exactly the same on all controllers (even the WLAN ID number)?
|
# ¿ Apr 8, 2013 18:08 |
|
The controller firmware will be the longest part, but if you want to get fancy and you're not afraid to use the CLI, you can preload the image on your APs. This means when your controller boots up the new software, your APs reset and it's done. http://www.my80211.com/home/2011/2/20/wlc-predownload-the-image-to-the-access-points-from-the-cont.html
|
# ¿ Apr 16, 2013 21:56 |
|
Jedi425 posted:gently caress yes. I'm studying for my CCNP Firewall right now, and that poo poo is stupid. e: speaking of which bort fucked around with this message at 23:02 on Apr 23, 2013 |
# ¿ Apr 23, 2013 22:55 |
|
Hope you either like syntax or ASDM.
|
# ¿ Apr 23, 2013 23:00 |
|
Ninja Rope posted:Give them all your logs for all your users and let them filter out what information they don't want? Pass.
|
# ¿ Apr 25, 2013 22:42 |
|
If you're a scrub and have to do RJ45 patching, I really like Ortronic's EZPatch thingy. I wish I were old enough to have learned cable lacing. It looks amazing. e: Powercrazy posted:I came across neatpatch, but don't see anything particularly special about it. It is nice to have some names though. 1 e.g. the horrible choice between making your own cables or using standard lengths and having some stretched tight and some with too much slack e2: if you have the budget to spend on optics, fiber inhibits less airflow and gives off less heat. Another great thing to look for is reversible airflow in top-of-rack switches. bort fucked around with this message at 19:54 on Apr 30, 2013 |
# ¿ Apr 30, 2013 19:43 |
|
Ninja Rope posted:There are a lot of bullshit ways to represent an IP address and if you do anything other than dotted decimal then I hate you. I will accept network byte order uint32_t's in hex as well, but not if I have to type them anywhere.
|
# ¿ Apr 30, 2013 21:14 |
|
I've yet to see a PDU setup that I really, really like. It's always some decision of what I'm okay with giving up. Bluecobra, your two-color power cable suggestion is the best thing.
|
# ¿ May 4, 2013 00:55 |
|
Is there a WCS/NCS/Prime-sized tool that manages ASAs? Even smaller or CLI-based would be nice. I'd love a pushable central config with some allowances, just to keep my core rules in synch and be able to change them all at once. I know there's CiscoWorks but even loading demos makes me instantly and continuously frustrated, never mind the extra cost. They really need to beat Checkpoint and Palo Alto on centralized config, but I have no hope that Cisco will.
|
# ¿ May 10, 2013 00:39 |
|
routenull0 posted:Since they are matching up 1:1, something is feeding it bullshit. Nothing physical layer? Won't autonegotiate is pretty strange.
|
# ¿ May 15, 2013 00:21 |
|
The switch interface output said that direction was unsupported, so I imagine it just drops it -- but that did move the problem and underscore the need for a span. e: jwh posted:Use ether channel to increase the number of FIFO queues. bort fucked around with this message at 00:52 on May 15, 2013 |
# ¿ May 15, 2013 00:49 |
|
I still think a 5515 should be able to handle a Nessus scan as well as the traffic sizes in the slices you've posted, unless inspection configured to act against it or manically log when it happens. ninja edit: you're not vulnerable to Nessus scanning, I guess. real edit: routenull0 posted:Not attempting to be insulting here either, but have you changed the sw1 --> asa-gi0/0 cable? bort fucked around with this message at 01:00 on May 15, 2013 |
# ¿ May 15, 2013 00:56 |
|
Failover interfaces are negotiated at gig, right? No Active/Active, standby looks normal? e: just thinking that maybe failover/ARP table magic could be sending extra traffic to the active firewall interface. not seeing any bugs that touch this bort fucked around with this message at 01:29 on May 15, 2013 |
# ¿ May 15, 2013 01:18 |
|
Always with the mysteries, ASA.
|
# ¿ May 15, 2013 01:32 |
|
jwh posted:So there you have it!
|
# ¿ May 15, 2013 13:16 |
|
I think you need to allow larger packet sizes for both. I have used "fixup protocol dns maximum-length 4096", but I think there's a newer command where you allow larger packets in the inspection clauses. Otherwise the ASA drops the UDP query and the requester retransmits using TCP.
|
# ¿ May 15, 2013 15:58 |
|
mezoth posted:This is basically the response TAC gave me for my 5540 overrun problems (constant 3-5% overrun with a max of 250meg traffic on a 1gig interface). In short, the ASA interfaces are pieces of junk. Thanks for letting me know this still happens on the newer line of ASAs, however! you could all have misconfigured firewalls e: what I did all day was look at SmartNet costs. ee: psydude posted:Might have been linked a while back, but apparently Cisco is opening up EIGRP for multi-vendor support. gently caress you cisco bort fucked around with this message at 00:43 on May 16, 2013 |
# ¿ May 16, 2013 00:32 |
|
routenull0 posted:I had this exact conversation with a friend that runs a 100% Cisco shop. When it comes to firewalls, so many other things are in play; inspection, NAT, etc but the last two issues we've seen in this thread haven't even hit those area's yet. It is either under sizing gear for the requirement (which I doubt, jwh is a smart dude) or Cisco being shady on the capabilities of the ASA. If you look at the ASA datasheet, there is *zero* about pps throughput, buffer depth, or anything near what the two have run into. You go looking at datasheets and get stuck with the assumption that X fits the role, but once deployed, it cannot keep up and Cisco's response is 'buy bigger'. Force10 blew away the Cisco performance myth for me, though. Cisco gear does have limitations, maybe we're just finally seeing lovely hardware Oz behind the curtain. Nebulis01 posted:I'm looking for a book P.S. 8.4 NAT isn't that bad. But gently caress you already Cisco.
|
# ¿ May 16, 2013 00:49 |
|
quote:sales engineers edit: and want to agree with you on F5. Those are stand-up guys, 2003 Cisco-era support people.
|
# ¿ May 16, 2013 01:33 |
|
You wanna sell me something? The words are: "let us put it in a lab for you."
|
# ¿ May 16, 2013 01:43 |
|
There's an F5 guy in Russia who I'd seriously pony up $1,000 to if I ever met him IRL. He not only took me through the failure I was experiencing but probable failures the next morning under production load, and basically saved me and my boss at a critical time. I've wasted countless hours in fruitless support queues in my career, but this one that mattered totally saved my rear end. Why that guy in particular?
|
# ¿ May 16, 2013 02:06 |
|
We had one of our Force10 S50s fail. Dell shipped us a replacement switch. I guess that's why they're cheaper than SmartNet.
|
# ¿ May 16, 2013 22:46 |
|
|
# ¿ Apr 26, 2024 19:14 |
|
Bluecobra posted:Did you send this picture to your sales rep? I think the support quality is sharply declining and they don't have a handle on how to fix it. They've sold so much equipment so quickly into so many environments that they're now struggling to keep up with their customers. As much poo poo as I've given Cisco's support on price and declining quality, they've certainly never shipped me a disgusting switch that hadn't been reset. e: the other thing I said yesterday is that Force10 is something of an anomaly for Dell. Where most of their offerings are aimed at the meat of the bell curve in performance/engineering/use case, Force10 was a weird niche player offering high performance to some big data centers. I don't think Dell is prepared to handle support for those kinds of players, and everyone keeps saying they're shedding original Force10 people who might salvage that. I'm a little bearish on 'em too, in other words. Still very nice gear, it's just you gotta be prepared to fix it or to muscle support and the dev process around. bort fucked around with this message at 17:04 on May 18, 2013 |
# ¿ May 18, 2013 16:55 |