IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.19 MB
Powered by
Channel Info
Network: freenodeChannel: #cisco |
Search in www.irclog.org
Log from #cisco at freenode 2006-06-06
[20:41]<jeeej>+there isn't really "switch one"; the 2 physical units are logically a single switch
[20:41]<xud2jfv>+I have one central 3750 with 2 port etherchannels to all sourrounding 2900 and 2950 switches. I would like to prepare for the case the center switch goes down and want if possible zero down time.
[20:42]<jeeej>+yeah, the 3750-style stacking is pretty new to cisco
[20:42]<[mzvzyw]>+ugh, 23 conduits on this bitch
[20:42]<[mzvzyw]>+wtf, conduit permit ip any any........
[20:42]<jeeej>+nice
[20:42]<jeeej>+turn your pix into a 2500
[20:43]<[mzvzyw]>+lmao, conduit permit gre any any, conduit permit esp any any, conduit permit ahp any any, conduit permit ip any any
[20:43]<xud2jfv>+ozzzo: yes, they are one switch, but if one goes down, does the other still remember it actually has 56 ports instead of just the 28 it pysically has?
[20:43]<jeeej>+yes
[20:44]<[mzvzyw]>+this might be the worst config I've ever seen for a firewall.
[20:44]<vd2r>-[Matrix]: it's beefy because it's the horizontal output transistor for a 19" monitor.
[20:44]<vd2r>-whatever that means.
[20:45]<[mzvzyw]>+ahh, believe that means it controls the horizontal scan, not sure though
[20:45]<[mzvzyw]>+haven't really gotten into CRT theory much
[20:45]<xud2jfv>+so the above layout: having 2 3750 stacked with one interface per physical switch forming an etherchannel to my 2950s and 2900s is a pretty stable redundant solution?!
[20:46]<[mzvzyw]>+brb, need food.
[20:46]<jeeej>+yes
[20:47]<vd2r>-this thing is connected to the flyback transformer, not sure if it's as in input or an output.
[20:47]<vcul>+are those ethernet ports in the cisco 804 switched or hub?
[20:48]<vcul>+there's a little push-button that has "Hub" when pushed and "No Hub" when released but I'm not sure of "No Hub" means switch :)
[20:50]<vcul>+s/of/if
[20:52]<fjsvnf>+tkup: They're not switched. its a hub. The button corresponds to what you're uplinking to no-hub==pc hub==switch/hub
[20:53]<usg>+hi all
[20:54]<jeeej>+hi usn, all isn't here right now
[20:54]<jeeej>+try back later
[20:54]<usg>+ozzzo, :-*
[21:04]<trff-rud>+Gents (and ladies?), I've got some Pix to IOSrouter VPN wierdness going on.....anyone willing to field a few questions?
[21:05]<cuvyncjmnz>+Don't ask to ask, just ask
[21:07]<trff-rud>+question 1: If I can ping to/from both internal network sides of the VPN, but nothing else (I get Syn Fails with http, telnet 25, net use..etc)....what might this point to?
[21:07]<trff-rud>+question 2: can I have GRE and IPSEC tunnels using the same crypto map (different peers) ?
[21:08]<vcul>+postel, thanks
[21:10]<xud2jfv>+ozzzo: thanks for your clearing words!
[21:10]<xud2jfv>+I'll do it that way!
[21:10]<jeeej>+np, happy to help ;}
[21:11]<jeeej>+tall-guy: 1: do you have something like "allow icmp any any"? That would explain why pings get through. Do you have static/acl statements to allow http, telnet, etc.?
[21:12]<[mzvzyw]>+think the flyback transformer output voltage is higher than 600v, so that's probably an input
[21:12]<jeeej>+2: I think so but haven't tried it
[21:13]<trff-rud>+ozzo: yes, I do have an allow icmp any any (clears that puppy up doesn't it!)....as for the static/acl's...do you mean on the OUTSIDE (internet) interface?
[21:13]<trff-rud>+ozzo: rethinking question 2, it must be "yes", as my vpn client is using ipsec...(same crypto map as a GRE peer) and it works.
[21:14]<jeeej>+you need a static for everything that will go from outside to inside, as well as an acl entry
[21:14]<jeeej>+put your config on pastebin.com and i'll take a look
[21:14]<jeeej>+what pixos version?
[21:16]<trff-rud>+ozzo: but I'm not going from outside to inside......I'm doing a vpn......
[21:17]<fjzvxnz-wjzc>+[Matrix]: the flyback output voltage in a typical monitor is around 75,000 volts.
[21:17]<jeeej>+is this a site-site vpn?
[21:17]<fjzvxnz-wjzc>+[Matrix]: You know why they call it a flyback transformer? 'cause if you touch it wrong, you're gonna fly back
[21:17]<trff-rud>+ozzo: yes, PIX to 2611 router
[21:18]<jeeej>+i would turn on some debugging and watch the logs; I'd guess that you have an acl blocking stuff
[21:18]<trff-rud>+alas, therin lies the rub....If I turn debugging on enough to be of value...I bring the 2611 to its knees....
[21:19]<jeeej>+can you debug on the pix?
[21:19]<fjzvxnz-wjzc>+yeah, those poor little MPC860s are a little overworked as it is :\
[21:19]<trff-rud>+ozzo: yup, nothing of interest.....
[21:20]<trff-rud>+If I am on the 2611 side (inside network), and try and initiate a connection to a host on the inside of the PIX....I can see the traffic hitting the pix with the correct source/destination IP's and port nums....
[21:20]<trff-rud>+but not sure how to get similar info from the 2611
[21:21]<[mzvzyw]>+you're trying to route back out the same interface on the pix?
[21:21]<j2rgvr_>-Tall-guy: You have NATing properly turned off for traffic that is going through the tunnel?
[21:21]<jeeej>+it would be easier if we were looking at your configs
[21:21]<[mzvzyw]>+nevermind.. I read that totally wrong
[21:21]<jeeej>+can you put them on pastebin?
[21:21]<trff-rud>+obanta: I beleive I do.....I'm doing some "route-map nonat"s on my nat pools, and an appropriate deny ACL....(which is being matched)
[21:22]<trff-rud>+ok, I'll post the configs...with the warning that the 2611 is a HUGE config.....
[21:22]<trff-rud>+might be a few minutes...the 2611 is scheduled for a reboot over the lunchour.
[21:22]<[mzvzyw]>+sure I've seen bigger
[21:22]<trff-rud>+matrix: mine is bigger than yours :)
[21:22]<[mzvzyw]>+Tall-guy: doubtful
[21:23]<trff-rud>+matrix: maybe my shwartz is bigger?
[21:23]<[mzvzyw]>+I see your shwartz is as big as mine.
[21:23]<trff-rud>+:)
[21:23]<[mzvzyw]>+that was a great movie, haha
[21:24]<trff-rud>+what the hell is an aluminum falcon?
[21:24]<[mzvzyw]>+Sir, they've jammed the radar! :O
[21:26]<fjzvxnz-wjzc>+LUDICROUS SPEED!
[21:26]<trff-rud>+heheh
[21:26]<fjzvxnz-wjzc>+the winnebago was the funniest part of that movie
[21:27]<fjzvxnz-wjzc>+with the giant dog driving :D
[21:27]<trff-rud>+i liked the cinnamon buns on princes lea
[21:27]<fjzvxnz-wjzc>+that was pretty funny too
[21:27]<bsdrgdjg>-ahaha my msn pic right now is the two guys combing the desert and the caption is "WE AINT FOUND SHIT!"
[21:28]<vz2ufzzzsz>-Spaceballs... heh
[21:28]<bsdrgdjg>-giant dog... dude that was john candy
[21:28]<trff-rud>+what was his name again...Barf?
[21:28]<bsdrgdjg>-yup
[21:28]<vz2ufzzzsz>-yeah
[21:28]<trff-rud>+jeezus...
[21:28]<vz2ufzzzsz>-the beginning scene where he is dancing and eating is hilarious
[21:29]<bsdrgdjg>-that movie was a whole hell of a lot better then star wars
[21:29]<fjzvxnz-wjzc>+combing with the afro pick?
[21:29]<fjzvxnz-wjzc>+lol
[21:29]<bsdrgdjg>-yes hahaha
[21:30]<fjzvxnz-wjzc>+on a somewhat related note: https://addons.mozilla.org/firefox/1542/ <--- install it, NOW.
[21:32]<trff-rud>+ok, even if you guys can't help me with my vpn issue...I thank you for spaceballing me :)
[21:32]<fjzvxnz-wjzc>+bow chicka bow wow
[21:32]<bsdrgdjg>-nice fuckin theme man
[21:33]<fjzvxnz-wjzc>+may the schwartz be wif you.
[21:33]<fjzvxnz-wjzc>+BSDaemon: i told you, it's pimpin'
[21:33]<vz2ufzzzsz>-i see your schwartz is as big as mine
[21:33]<[mzvzyw]>+I already said that, bitch
[21:33]<fjzvxnz-wjzc>+you get bling if your firefox
[21:33]<vz2ufzzzsz>-bite me
