Re: [c-nsp] Serial Terminal Servers
All of my CAB-OCTAL-ASYNC cables land in a panel like this: http://www.amazon.com/dp/B000HZI348/ From there, I connect to Cisco router consoles (and things wired like them) with regular UTP patch cords. Connecting to the DE-9 port on a server can be accomplished with: - a modern Cisco console cable plus a rollover adapter - a modern Cisco console cable with the end chopped off and re-crimped upside-down (rollover) - an old-school Cisco DE-9F -- 8P8C adapter plus a UTP patch cord I'm sure that the DB-25 cable can be adapted to whatever you want, but it's big and clunky. I wouldn't buy it if I was attaching to anything other than 8-packs of external modems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Dual SPAN port support on C2960-X
I don't have that exact switch, but... switch#show inv | inc NAME NAME: 1, DESCR: WS-C2960X-48TS-L NAME: 2, DESCR: WS-C2960X-48TS-L switch#show version | inc image file System image file is flash:c2960x-universalk9-mz.150-2.EX4.bin switch#show mon ses all Session 1 - Type : Local Session Source Ports : Both : Po4-5 Destination Ports : Gi1/0/14 Encapsulation : Native Ingress : Disabled Session 2 - Type : Local Session Source Ports : Both : Po1 Destination Ports : Gi1/0/48 Encapsulation : Native Ingress : Disabled switch#conf t Enter configuration commands, one per line. End with CNTL/Z. switch(config)#monitor session ? 1-68 SPAN session number switch(config)# What's been your experience with Ethernet taps that leads you to specify actually works? I've generally had good experiences. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus Layer 2 Multicast and IGMP querier
On Fri, Mar 20, 2015 at 2:12 AM, Stoward, Matt matt.stow...@team.telstra.com wrote: as the VLAN only allows one igmp querier address multicast will break for servers that talk on another range that the querier address does not belong to (e.g. igmp snooping querier 192.168.34.254 means that 192.168.34.0/24 cluster will work but a cluster talking on 10.10.10.0/24 will not work). I think you'll find that this is an imagined limitation. Will NX-OS allow you to originate queries from 0.0.0.0? If so, use that. Either way, watch to see whether your servers send host reports in response to queries from nonsensical querier addresses. I expect that they will. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Receiving out of order packets in SPAN session on Catalyst 3750X
I've seen enough oddball discrepancies on port mirror functions of various platforms (including Cat3K) over the years to conclude that SPAN et al. are adequate for diagnosing application issues, but not for performance issues. Non-aggregator taps are the best way to approach those problems which require investigation into sub-millisecond timing issues, packet loss, performance, etc... /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4900M and Layer2 Broadcasts
Your case reminds me of something Tim Stevenson said about N7K and IPv4 multicast. I don't remember the details exactly, but he left me with the impression that the L2 filtering stuff for multicast frames, which usually doesn't do *exactly* what you want (subscribe to 239.1.2.3 and you'll get L2 traffic for 239.2.2.3 as well) was fixed on N7K: It filters/forwards at L2 using L3 criteria. Your problem is almost exactly the other way around. Sorry I don't have any answers, thanks for filling me in on the application. It makes sense that these crazy frames are generated by a magic box HA setup. Good luck, and please follow up with the list if TAC gives you anything helpful.. /chris On Mon, Jun 30, 2014 at 4:21 PM, Ivan cisco-...@itpro.co.nz wrote: Hi Chris, The traffic is some kind of state replication mechanism between to geographically diverse appliances. My guess is that the appliances are sending layer 3 headers inside layer 2 broadcast over the HA vlan. Someone asked out the config - can't get much more simpler. Also remember is working fine for IPv6. Ingress port: interface GigabitEthernet2/13 switchport trunk allowed vlan 327 switchport mode trunk switchport nonegotiate mtu 9198 load-interval 30 flowcontrol receive off flowcontrol send off no cdp enable spanning-tree portfast trunk spanning-tree bpdufilter enable Egress port (same device for testing): interface TenGigabitEthernet2/7 switchport access vlan 327 switchport trunk allowed vlan none switchport mode access switchport nonegotiate mtu 9198 load-interval 30 flowcontrol receive off flowcontrol send off no cdp enable Also the counters someone was suggesting looking at; AKNNR-ISP-SW1#show int counters detail | in 2/13|Port Port InBytes InUcastPkts InMcastPkts InBcastPkts Gi2/13 222183306824 00 2114072064 PortOutBytes OutUcastPkts OutMcastPkts OutBcastPkts Gi2/13 682063116 061300 5592900 Port InPkts 64OutPkts 64InPkts 65-127 OutPkts 65-127 Gi2/13 0 1 2106943835 5103190 Port InPkts 128-255 OutPkts 128-255 InPkts 256-511 OutPkts 256-511 Gi2/13 71282265510090 0 Port InPkts 512-1023 OutPkts 512-1023 Gi2/13 0 0 PortInPkts 1024-1518 OutPkts 1024-1518 InPkts 1519-1548 OutPkts 1519-1548 Gi2/13 0 00 0 PortInPkts 1549-9216 OutPkts 1549-9216 Gi2/13 0 0 PortTx-Bytes-Queue-1 Tx-Bytes-Queue-2 Tx-Bytes-Queue-3 Tx-Bytes-Queue-4 Gi2/13 4413448 00 0 PortTx-Bytes-Queue-5 Tx-Bytes-Queue-6 Tx-Bytes-Queue-7 Tx-Bytes-Queue-8 Gi2/13 0 00 677643104 PortTx-Drops-Queue-1 Tx-Drops-Queue-2 Tx-Drops-Queue-3 Tx-Drops-Queue-4 Gi2/13 0 00 0 PortTx-Drops-Queue-5 Tx-Drops-Queue-6 Tx-Drops-Queue-7 Tx-Drops-Queue-8 Gi2/13 0 00 0 PortDbl-Drops-Queue-1 Dbl-Drops-Queue-2 Dbl-Drops-Queue-3 Dbl-Drops-Queue-4 Gi2/13 0 0 0 0 PortDbl-Drops-Queue-5 Dbl-Drops-Queue-6 Dbl-Drops-Queue-7 Dbl-Drops-Queue-8 Gi2/13 0 0 0 0 Port Rx-No-Pkt-Buff RxPauseFramesTxPauseFrames PauseFramesDrop Gi2/13 0 00 0 PortUnsupOpcodePause Gi2/13 0 Have logged a support case so hopefully can report back more soon. Thanks Ivan On 1/Jul/2014 1:20 a.m., Chris Marget wrote: Hi Ivan, Your L2 broadcast / L3 unicast traffic has piqued my curiosity. Can you share some details about the use case for this unusual traffic? I have a project in mind where I'll be doing exactly the opposite: IPv4 multicast in Ethernet unicast. My use case is a multicast application with an un-graceful startup. If the application restarts mid-day, there's a long delay while it collects state information from incoming multicast packets. There is no mechanism for priming this application - the only option right now is to wait while the infrequent state messages re-build the state database. I plan to cache incoming state data in an L2 adjacent server, and blast this traffic at any instances which have recently restarted. I can't mess with the traffic at all because it's cryptographically
Re: [c-nsp] NPE-G1s don't want to talk to each other over copper?
802.3-2008 40.4.4 says: Implementation of an automatic MDI/MDI-X configuration is optional for 1000BASE-T devices. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TAC hits a new record level of aggravation...
On Sat, Feb 1, 2014 at 12:41 PM, Chris Marget ch...@marget.com wrote: I tried two operating systems and four browsers yesterday. I couldn't upload files that were just a few hundred KB. That was on Friday. Nothing has changed on my end (hardware/software/network), but I'm able to upload files just fine today. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TAC hits a new record level of aggravation...
I tried two operating systems and four browsers yesterday. I couldn't upload files that were just a few hundred KB. /chris On Sat, Feb 1, 2014 at 9:54 AM, Pavel Skovajsa pavel.skova...@gmail.comwrote: Resurrecting this thread, Is any of you having issues uploading file attachments to TAC cases using the http java page? Somehow nobody in our org can upload anything - we have latest Firefox, latest Java from Sun, still after clicking the Submit button in the file upload window nothing happens. Regards, -pavel skovajsa On Thu, Nov 7, 2013 at 12:13 PM, Antonio Soares amsoa...@netcabo.pt wrote: Another tool that is a nightmare. The new bug search tool: it hangs my IE 9, my FF 25, ... This is what FF tells me: A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete. Script: https://tools.cisco.com/bugsearch/resources-2.0.5/js/jquery-1.8.2.js:624 Java, JavaScript, etc, why do we need that ? Regards, Antonio Soares, CCIE #18473 (RS/SP) amsoa...@netcabo.pt http://www.ccie18473.net -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin M. Streiner Sent: domingo, 3 de Novembro de 2013 14:35 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] TAC hits a new record level of aggravation... On Sun, 3 Nov 2013, Jeff Kell wrote: Customer support died a decade ago. For the front-end stuff, sure. To be fair, and to give credit where credit is due, I have dealt with some TAC engineers who have been incredibly helpful, professional, and responsive. For the things I generally reach out to TAC for, it seems like the level of response I've gotten recently has improved a bit from, say, two years ago. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Re-licensing secondhand Cisco equipment
On Thu, Jan 9, 2014 at 5:55 PM, John Elliot johnellio...@hotmail.comwrote: So, just to clarify - You can purchase refurb/secondhand Cisco kit and then purchase a smartnet contract for software access/updates(And also hardware replacement)? But you cant purchase (legally) refurb/secondhand kit and use it with the software running on it? That's my reading of thishttp://www.cisco.com/en/US/prod/hw_sw_relicensing_program.html : 1. The embedded Cisco software that runs on the hardware—as well as Cisco standalone software—is not transferable. If you purchase used or secondary-market Cisco equipment, you must acquire a new license from Cisco before the software can be used. The text above suggests that it's possible to acquire a new license, but I haven't figured out how to do it yet. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Re-licensing secondhand Cisco equipment
I'm curious to hear experience stories from anyone who's explored the hardware inspection and relicensing program: http://www.cisco.com/en/US/prod/hw_sw_relicensing_program.html Specifically, I'm curious about: - the inspection process/logistics - the costs associated with the inspection - the cost of various software licenses, and whether these are standard price list items Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Re-licensing secondhand Cisco equipment
My primary interest with this query is to do everything above-board from a software licensing perspective. Hardware support (warranty) and TAC support is a secondary concern. Software updates, on the other hand, do kind of matter. Is there a right way to handle software updates without a support contract? What is it? Surely the folks who buy this thing aren't forever stuck with whatever software version it happens to ship with... Are they? http://www.newegg.com/Product/Product.aspx?Item=N82E16833120360 It's frustrating that the OS required to run a router can't be transferred with the device. I'm sure people would freak right out if, say, General Motors tried that with the software that runs in their cars. Heck, even Microsoft allows you to transfer OS licenses, sometimes with hardware, sometimes without. It's not clear that it's even *possible* to use secondhand Cisco equipment without running afoul of the license terms, which seems kind of crazy. I'm just hoping I'm wrong about this, for the cases where the budget falls somewhere between stealing and gold plated On Tue, Jan 7, 2014 at 1:06 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: What about support with Cisco (eg TAC) and software updates, security patches, bug fixes etc? alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Re-licensing secondhand Cisco equipment
On Tue, Jan 7, 2014 at 5:23 PM, Andrew Miehs and...@2sheds.de wrote: If you can't afford new Cisco hardware for production, then find another platform. According to this thread, even those who can afford new Cisco hardware are going to have a problem unless they can *also* afford a support contract. See the previous notes about the ISRG2 from newegg or pcconnection, which will ship with an unknown software version for about 40% off list ($1595, right?). That's about normal, and it comes from a genuine Cisco channel partner. You NEED to be able to update the software on the boxes. These devices become a danger to the Internet if you don't keep up to date with the security fixes. I recognize this need. That's why I'm interested in buying software licenses :) FWIW, it seems that the security fixes might be available for free, so long as Cisco PSIRT recognizes a vulnerability in a particular bit of software. ...But the document describing that process suggests calling TAC, which doesn't usually go well if the serial number of the device isn't covered by a support contract... http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Running them for a home lab is another story. It's another story from the vulnerability perspective, but the same story from the am I entitled to run this software? perspective, which is the one I'd like to better understand. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10Gb Cable Recommendations
I'd imagine you'd have no problem satisfying TIA TSB-155 in a ToR deployment where the links consist a single Cat6 patch cable, so why worry about Cat6A? Even worst case Cat6 deployments should reach 37m, so intra-rack should be no problem at all with the short runs and relatively generous inter-cable spacing afforded by cable managers (as compared with 25-pair bundles). I have not done this personally, but your hardware manufacturer seems to endorse such a deployment, so It sounds like it might be worth a try... http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/white_paper_c11-609513.pdf /chris On Tue, Dec 24, 2013 at 11:24 AM, Vincent Aniello vanie...@portware.comwrote: I am deploying Cisco 3064T switches as top of rack switches and was looking for CAT 6A cable recommendations. Any reason to go with shielded instead of unshielded? The racks are in a colo and will contain networking gear and rackmount servers, pretty standard stuff. Also, any recommendations on cable vendors? CAT 6A cables can be pricey and there are discount cable vendors, but I am concerned with the quality of the cables from these sources. Any recommendations based on others experience would be appreciated. Thanks. --Vincent ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ntp configuration
On Mon, Nov 18, 2013 at 2:31 AM, Kirill Bychkov kirill.bych...@gmail.comwrote: ntp peer IP ADDRESS Sometimes, after turnoff power, this line disappears from configuration. I've seen similar behavior on IOS 12.x when the router is configured with 'ntp server name' The problem there is that if DNS fails (because, say, we're waiting for DHCP to tell us about a DNS server), the line is skipped at boot time. startup-config still retails the configuration, but it does not appear in running-config. A 'wr mem' at this point wipes it out from the startup configuration as well. IOS 15.x tries to resolve DNS names repeatedly, so it's no problem there. CSCtw45592 describes the problem. Perhaps it is related? I've not explored the implications of configuring 'ntp peer' when 'ntp server' is missing. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multicast issue
I manage a network where multicast is the most important traffic and sometimes I get issue by customer where they state that some packets are lost… I used to manage a the network for a very large financial firm, had to deal with this sort of issue all the time. I had optical taps in multiple spots in the environment. The most important ones collected data at the edge and at the server handoff. These taps fed into a Niksun appliance which wrote full packets to disk. Niksun is a powerful box, but I used it primarily to deliver pcaps, not so much for its analysis features. Analysis was done with some stuff that I'd whipped up, because I couldn't find any off-the-shelf products that gave useful visibility into what was happening on the wire. Case study of a missing packets incident here: http://bit.ly/13jjP7z A video highlighting my analysis tool here: http://bit.ly/ygf8EG /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multicast issue
If I get your description you have the tap (which vendor? ) at source and destination (I guess in span mode?), these taps send data to niksun appliance (which model?) that create the pcap and then you can analyse for example with wireshark these files, am I correct? The taps were NetOptics iTaps, but didn't need to be. The important part of the tap was the optical splitter, which is usually around US $300 for a duplex unit. Span mode? Nope. Just an optical splitter at the carrier handoff. The Niksun was a NetVCR appliance of some sort. I just used it for capture, not analysis. I'd probably have been happier with a Linux system and a hardware capture card (endace, napatech, etc...), but this environment tended to prefer gold-plated appliances rather than homegrown solutions. The whole system was put together in order to demonstrate whether my gear (enterprise routers/switches/firewalls) were delivering data from the transit provider's handoff down to the servers. By storing every packet that crossed the various handoffs (into my equipment at one end, and out of it at the other end), I could prove to the pricing feed people whether I was responsible for any problems they were seeing. Wireshark was one of the analysis tools I used, but it was not particularly helpful for the protocols I was transporting. The links I shared previously detailed some of the analysis techniques. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 mounting with cables
Let me know where you find those Cat6 rated Amphenol cables at. That's the reason I've heard behind the demise of RJ21 connectors. No need for Cat6. 1000BASE-T only calls for Cat5, same as 100BASE-TX. Heck, it's right in the title of 802.3ab. I'm curious whether folks here have found any benefit in using Cat5e or Cat6 over Cat5 for Ethernet. Is there any? It's almost hard to find Cat5 these days - what's driving the demand? Surely people aren't buying Cat6 with TIA TSB-155 in mind, so why is the market flooded with better-but-not-meaningfully-so cable? Maybe there's a significant non-Ethernet use, like analog video transmission? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 mounting with cables
Some cable management products for 6500 have a solid plate which forces all cables to run right. Like this one: http://bit.ly/1d9Rgej If cables are run to the left, how do you deal with a failed fan module? My preference is to use Panduit Plugpacks (http://bit.ly/10ID89A) at the front of the switch, ensuring that all patch work is done elsewhere, not at the front of the switch. Plugpacks collate up to 12 cables into a single removable unit, so that you can be confident that each cable is back where it belongs when maintenance is complete. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 mounting with cables
I've often lamented that Cisco no longer ships blades with RJ21 connectors. I worked in a couple of shops where tens of thousands of user ports used this type of line card, and there were no cable management problems at the face of the switch. I don't see any technical reason to have abandoned this connector. Maybe it didn't sell? /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 mounting with cables
On Mon, Jul 8, 2013 at 9:20 AM, Ricardo Stella ste...@rider.edu wrote: Ok my math is off and got curious... It would be 6 gig ports. Yes. So a 48 port blade would require 8 RJ21 connectors, which is not unprecedented: http://bit.ly/156LDdK I'm not saying it's not crowded, just that it's better (IMO) than 48 individual cables. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] nexus 7k IGMP QUERIER on HSRP interface?
On Fri, Apr 19, 2013 at 4:13 PM, Jeffrey G. Fitzwater jf...@princeton.edu wrote: How should an igmp querier be configured if the interface is also configured for HSRP? vlan configuration (vlan#) ip igmp snooping querier A.B.C.D -- Do I use the VIP IP or the interface IP. You only need the IGMP snooping querier configuration in 'vlan configuration' context if you're not running PIM on the interface because it's a link-local multicast with no multicast routing configured. If that's the case, it really doesn't matter what IP you use, but using the HSRP address would make the IGMP querier election (it's a little surprising that this runs, but it does) kind of wonky, so I wouldn't do that. I *think* (some?) Catalysts which support this L2 querier feature send their queries from 0.0.0.0, though I haven't tested it for a long time. I have experimented a bit with exactly the scenario you're talking about much more recently. The IP you configure here will be stamped in the IGMP queries. Nothing more. The router portion of your Nexus doesn't even need to hear the reply, so you could use an address you don't own. These queries exist only to make hosts reply for the benefit of IGMP snooping L2 gear. It's totally synthetic and doesn't really matter. /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/