Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
0

I am reading up on some CCNA stuff we had at school this spring, as we will be tackling CCNP very soon.

Reading up, I discover that I still don't quite get the point of PPP. I mean, you have a dedicated link between two routers. Nothing else can listen unless the connection is changed, so maybe I do get the authentication part of it, but what about the rest?

What is a practical use case of PPP?

I get that PPPoE can be neat, as the "point to point" connection could be through a switch and multiple routers could exist. That way authentication would actually be useful.

0
7 comments
37
Comments are locked

Hey Reddit: Want to write better? Eliminate grammatical mistakes, wipe out wordiness, and let your ideas shine. See for yourself why over 10 million users are hooked on Grammarly's free writing app.

37
comment
1

Hi all

I have a ASA 5508-x, every thing was working before i tried upgrading it to FTD.

After that did not work I formatted the flash and now tried installing ASA 9.4.4(22) through romon with help of a TFTP server.

After which i used a copy command to used TFTP to install - ASDM 7.6.2(150).

After i tried to launch ASDM from Crome i find an error for site can not be reached.

I am attaching a link to my startup config.

Thanks for the help.

1
2 comments
6

As far as I can tell, Cisco Umbrella is based off monitoring DNS requests that are made through their servers. Wouldn't it be pretty easy for a malware author to code an alternate method of resolving names to IP's, thereby bypassing any sort of DNS monitoring?

6
8 comments
6

So a while back I posted about Upgrading ISE 2.2 to the latest version. I was running into some disk space issues and I couldn't figure out why. Ultimately I am going to have to rebuild my ISE infrastructure so, I am not thrilled about that, but it is what it is.

I just wanted to give everyone an update as I've figured out why the disk space thing is an issue. So when I initially setup ISE, my local rep advocated that we just use the EVAL ova. Me being a VMware guy first and foremost, pretty much figured that "eval" was just what they called the OVA until you punched in the license and then it was the full version. This is not the case... The EVAL ova is different from the SNS appliance. Why you can install a production license on the EVAL version is beyond me, but whatever.

As an editorial comment, I think it's stupid that there's a separate EVAL ova from the actual production deployment OVAs. If you're considering ISE and you want to test out the virtual machine, there is absolutely no reason why the SNS-3515 cannot do the job. Even most developer workstations running VMware workstation could support that. Further more, I think (and you can correct me if I am wrong) that the only differences between the different SNS Virtual appliances is disk size and CPU count. If that's the case, there's no reason you can't have a single OVA file with a selection tool option that can customize the virtual hardware upon deployment.

Anyway, this is MOSTLY on me for not properly reviewing or at least asking the question about the OVA verisons available for ISE download. I made the mistake however, in my defense, I think there are better ways to deal with using the Virtual Appliance concept.

6
2 comments
0

So, I just started playing around with the Cisco vWLC 8.2. I'm having issues adding an 1142n due to a failed certificate. Can anyone shed some light?

0
14 comments
0

Is it me, or is something completely broken on CiscoSSO side - no matter which browser I am using, the "Forgot Password" link brings back the login page. I really do not want to create another account - had bookmarks in the one I've been using.

0
1 comment
20

A few weeks ago a I posted some helpful videos on GRE tunnels (how they work, how to configure them, etc).

For anyone who is interested, here is a follow up (and the last one).

It covers tricks you can use to help keep the tunnel stable.

I hope this is useful to you

https://www.youtube.com/watch?v=tfaRP9Putfk

20
7 comments
1

Hello fellow Cisco admins.

I'm looking into connecting two 29xx gateways with CUBE to each other through H.323.

The first gateway will be hooked up to PSTN through a SIP trunk and both gateways will be connected to different CUCMs.

My question is, is the possible?

I already have SIP to H.323 working with a 3rd part IVR gateway so I imagine the same to a second CUBE gateway should be possible.

1
5 comments
1

Hello Cisco Reddit Community,

I'm a bit of an amateur, fairly tech savvy with almost 4 years of heldesk experience but very new when it comes to networking. Currently starting to study for Net+ and CCNA so decided to beef up my home network and build myself a lab.

I have a Cisco 1841 router I'm using, sits between my firewall (Sophos) and my Cisco switch. The router and switch are new additions to my network. I've done a factory reset on the router and Googled some basic setup scripts. Running into two issues:

1.) The setup won't save after I reboot the router, goes back to initial config wizard at boot. I run "copy running-config startup-config" and it appears to successfully save but then after I run the "reload" command it goes right back into setup mode after boot. The router has a 64Mb Cisco CompactFlash card inserted which I assume is where this startup config gets saved to. Could this have gone bad and needs replacing or am I missing something? I don't have any server setup with a config file to pull from yet either.

2.) Problem #2 is a bigger issue for me. I've pasted the initial configuration script I'm using below. Router appears to pull IP from DHCP just fine (tested with both the firewall and modem/router from ISP), NAT appears to be setup, LAN DHCP (the network managed by router) is configured but I can't get out to the internet, even with a ping ran internally from router. I have FE 0/0 going to firewall (or ISP router when troubleshooting to eliminate firewall issue), able to pull IP from DHCP to FE 0/0, FE 0/1 I had a laptop hooked up to test ipconfig, I could not pull an IP let alone ping from PC. Normally FE 0/1 will have a Cisco 2950 switch hooked up but I wanted to setup the router first. I'm not sure what may be happening. Here's what I'm seeing so far...

Test PC plugged into FE 0/1 - no ip in ipconfig

FE 0/0 has IP, pulling from DHCP - Tried switching connection from firewall to modem/router (pulled DHCP IP both times)

Unable to ping 8.8.8.8 from within router

No activity light movement (all solid green) - all cables have been swapped and testing know good ports

Thank you in advance for input and feedback, I appreciate it greatly!

Initial Config Script:

ip dhcp pool HomeNetwork

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.0.1

ip dhcp excluded-address 192.168.1.1 192.168.1.99

ip access-list standard NAT

permit 192.168.1.0 0.0.0.255

ip nat inside source list NAT interface FastEthernet0/0 overload

interface fa0/0

ip address dhcp

ip nat outside

no shut

description This interface is connected to Sophos XG Firewall

exit

interface fa0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

no shut

description This interface is connected to HomeSwitch

Show Interfaces:

HomeRouter#show interfaces

FastEthernet0/0 is up, line protocol is up

Hardware is Gt96k FE, address is 0064.405a.1b7e (bia 0064.405a.1b7e)

Description: This interface is connected to Sophos XG Firewall

Internet address is 192.168.0.2/24

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:02:00, output 00:00:02, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

3 packets input, 744 bytes

Received 2 broadcasts (0 IP multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

27 packets output, 3994 bytes, 0 underruns

0 output errors, 0 collisions, 4 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

FastEthernet0/1 is up, line protocol is up

Hardware is Gt96k FE, address is 0064.405a.1b7f (bia 0064.405a.1b7f)

Description: This interface is connected to HomeSwitch

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:02, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

Show Run:

HomeRouter#show run

Building configuration...

Current configuration : 1381 bytes

!

! Last configuration change at 13:13:54 UTC Sat Sep 15 2018

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname HomeRouter

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.99

!

ip dhcp pool HomeNetwork

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.0.1

!

!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

license udi pid (removed)

!

redundancy

!

!

crypto ikev2 diagnose error 50

!

!

interface FastEthernet0/0

description This interface is connected to Sophos XG Firewall

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description This interface is connected to HomeSwitch

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list NAT interface FastEthernet0/0 overload

!

ip access-list standard NAT

permit 192.168.1.0 0.0.0.255

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end

1
3 comments
9

Hi, I'm looking for an equipment that could manage around 100 Site-to-Site IPSEC VPN tunnels with relatively low traffic such as SSH and RDP. Which equipment would you recommend to me from Cisco or other brand ?

Thank you for your answers :)

9
10 comments
0

1) How good are you with Cisco (Ccna,Ccnp,Ccie etc) and how much sysadmin task you're doing (WinServer, Linux etc) at your job ?

2) Do you feel that more and more of the networking is going in SDN inside or outside the Datacenter or in medium, large enterprise ?

3) Do you like the rivals tech like Juniper, Aruba etc or you prefer to stay Cisco ?

4) Do you manage a lot of Cloud tech and are you afraid of automation or infrastructure as code ?

0
3 comments
1

Hi,

I just purchased both of these devices.

At the start of the IOS .bin file there is the device name/model.

Would the Catalyst 2950 be "c2950" or "CAT2950" and would the Cisco 2600 be "c2600"?

Is this corrrect?

1
1 comment
1
Comments are locked

BGP Inbound Traffic Engineering | Gaining control over your inbound traffic

1
comment
0

I have a UCS C240 M4 with a VIC 1385 module installed. Both 40gb qsfp modules are connected to a 9k switch. This server is currently running Windows Server 2016 as its O/S.

Should I be able to create NIC Teams with these interfaces? Currently I have a vnic created under each physical interface giving a total of 4 interfaces. PHY0-VNIC1 and PHY1-VNIC0 are how I have the teams configured in Windows. Either team individually will come up and lacp will negotiate fine, but if I try to bring up both teams at the same time both will fail LACP negotiation and show the network connection as unplugged.

Any ideas or insight would be awesome.

0
comment
1

Since the Nexus 7k doesn't support pre-provisioning, is there any way to see the config on a fex port on a fex that's gone down? It seems like it's somewhat unknowable what config a particular port will come up with when the fex is reconnected.

1
8 comments
10

ello everyone,

Been having issue installing my Call Manager. Everything goes well intil I get to the part where it asks for NTP servers.

I’m trying to use my domain controller as the NTP server and as far as I know it’s configured correctly. I’ve edited the registry to manually configure NTP.

When I try to add IP of the domain controller in the CUCM installer, it tries to connect and errors and says the IP is inaccessible.

Any help is greatly appreciated. Thank you.

10
13 comments
9

I can't figure out what's going on with my SSH management ACL. When I apply it to my control-plane I'm not able to login. I have to re-enable my ssh line to get it working. See working and non-working below.

Working

ssh stricthostkeycheck
ssh 10.10.202.121 255.255.255.255 inside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1

Non-Working

ssh stricthostkeycheck
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1
object network HALO host 10.10.202.121
access-group Internal-SSH-In in interface inside control-plane
access-list Internal-SSH-In extended permit tcp object HALO interface inside eq ssh
interface GigabitEthernet1/1
 nameif inside
 security-level 100
 ip address 10.10.202.1 255.255.255.0

I do still have HTTP lines on to access ASDM in case it doesn't work, is that what's getting me? This is also present in the non-working config. I don't have the ability to connect a console cable at the moment.

http server enable
http 10.10.202.121 255.255.255.255 inside

9
8 comments
6

Trying to upgrade ISE 1.4 stand alone mode to 2.0 upgrade, seems hitting bug https://quickview.cloudapps.cisco.com/quickview/bug/CSCux72726

but as stated in bug condition in our enviourment we are not using external (AD) password for admin user

Does anyone know how to recover from this?

ISE/admin# application upgrade proceed

Initiating Application Upgrade...

% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.

STEP 1: Stopping ISE application...

STEP 2: Verifying files in bundle...

-Internal hash verification passed for bundle

STEP 3: Validating data before upgrade...

STEP 4: Taking backup of the configuration data...

STEP 5: Running ISE configuration database schema upgrade...

- Running db sanity check to fix index corruption, if any...

- Upgrading Schema for UPS Model...

- Upgrading Schema completed for UPS Model.

ISE database schema upgrade completed.

STEP 6: Running ISE configuration data upgrade...

- Data upgrade step 1/51, RBACUpgradeService(1.5.0.111)... ..Done in 124 seconds.

- Data upgrade step 2/51, UPSUpgradeHandler(1.5.0.136)... Done in 6 seconds.

- Data upgrade step 3/51, UPSUpgradeHandler(1.5.0.139)... Done in 0 seconds.

- Data upgrade step 4/51, ANCRegistration(1.5.0.140)... Done in 0 seconds.

- Data upgrade step 5/51, NSFUpgradeService(1.5.0.149)... Done in 12 seconds.

- Data upgrade step 6/51, UPSUpgradeHandler(1.5.0.150)... Done in 6 seconds.

- Data upgrade step 7/51, NetworkAccessUpgrade(1.5.0.151)... Done in 0 seconds.

- Data upgrade step 8/51, UPSUpgradeHandler(1.5.0.156)... Done in 0 seconds.

- Data upgrade step 9/51, NetworkAccessUpgrade(1.5.0.159)... Done in 0 seconds.

- Data upgrade step 10/51, NetworkAccessUpgrade(1.5.0.162)... Done in 2 seconds.

- Data upgrade step 11/51, NSFUpgradeService(1.5.0.180)... Done in 0 seconds.

- Data upgrade step 12/51, NetworkAccessUpgrade(1.5.0.180)... Done in 0 seconds.

- Data upgrade step 13/51, NetworkAccessUpgrade(1.5.0.181)... Done in 4 seconds.

- Data upgrade step 14/51, UPSUpgradeHandler(1.5.0.183)... Done in 0 seconds.

- Data upgrade step 15/51, NSFUpgradeService(1.5.0.184)... Done in 0 seconds.

- Data upgrade step 16/51, UPSUpgradeHandler(1.5.0.187)... Done in 1 seconds.

- Data upgrade step 17/51, RBACUpgradeService(1.5.0.195)... ....Done in 289 seconds.

- Data upgrade step 18/51, NSFUpgradeService(1.5.0.199)... Failed.

% Error: ISE Global data upgrade failed!

Attempting to rollback: Rolling back the configuration database...

Starting application after rollback...

./isedbupgrade-newmodel.sh: illegal option -- 1

Invalid option: -

Rollback completed: The node has been reverted back to its pre-upgrade state.

% Application install or upgrade cancelled.

6
3 comments
0

https://pastebin.com/t8kphQDX

Any other suggestions to tweak the config are also welcome....

UC520 running at my house. sing voip.ms as my SIP provider.... all calls should ring the 1001 extension....(my desk) but it doesn't anymore....

0
7 comments
6

Hi,

We currently have a Cisco CME2901 on site for our VoIP needs. We have almost no idea how it works, since we specialize in other IT-related fields, so we've been paying an MSP to do pretty much anything related to it. However, we'd like to learn how to execute simple tasks, such as adding a new phone or upgrading the firmware. Where can we find learning resources to help us in this? Thanks.

6
5 comments
3

Is is true that UCS doesn't work with Chrome?

3
6 comments
10

OK, so this is one of those things that I know exist but really have never had to mess with...TCAM.

I'm getting constant errors on a 3560x that one or more specific prefixes couldn't be programmed into TCAM and are covered by a less specific prefix and the packets may be software forwarded.

Obviously punting packets over to the CPU isn't ideal so what I'm looking for is a fix that doesn't require a hardware swap. Our routing table is rather large, but could possibly be summarized, likely even auto summary, would this fix the issue by removing loads of specific routes and combining them into a smaller large summary route?

10
5 comments
3

What would be considered the next in line if we're upgrading fro ma Cisco ASA 5505? I've heard the ASA 5506-X which I'm looking at, however I wasn't sure if it included routing/switching capabilities.

3
21 comments
4

This is the first time I have configured a cell interface for a Cisco router. I am configuring some tradeshow equipment for my company and we ordered a Cisco IR829. We didn't realize the antennas didn't come with the unit [of course they don't!] so I was wondering if something like this would work for us. That would save the hassle of going through our vendor again and paying for a premium Cisco antenna. We just have one SIM card. Any suggestions?

4
3 comments
1

So here's a screwy one for you. I've got a handful of Cisco 2950 switches that have decided to disregard their local list for users and deny all logins (except to the console, thankfully).

All of the switches are running c2950-i6k2l2q4-mz.121-22.EA14 firmware and all of them have the below configs:

enable secret 5 password_hash_goes_here

enable password 7 password_hash_goes_here

!

username User1 privilege 15 secret 5 password_hash_goes_here

username User2 privilege 15 secret 5 password_hash_goes_here

ip subnet-zero

....

....

line con 0

line vty 0 4

password 7 password-hash-goes-here

login local

transport input telnet

line vty 5 15

password 7 password-hash-goes-here

login local

transport input telnet

!

I am at my wits' end trying to get telnet working, much less SSH. To make matters worse, there's no logging detail that will tell me if the password's wrong for either user, or anything that gives me even the most remote inkling of a clue as to why the switches have systematically disavowed their access lists. I've even tried copying sections of code from other switches that work and nothing can persuade these switches into working. I think I know how to enable SSH but at this time, I'm just trying to get username/password combinations working in Telnet first.

Any suggestions/hints? Thank you!

1
14 comments
Community Details

18.5k

Subscribers

78

Online

Create Post
r/Cisco Rules
1.
No Brain Dumps
2.
No direct sales of equipment
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.