I recently acquired a 2950 switch brand new, this is now on production but I needed several things to be setup on the switch such as SNMP, setup an IP to access it over a browser, etc. etc.
Do you know somebody who offers a setup service for cisco switches?
Cisco Switch IP Route setup
This is probably an easy and simple task for someone that have a good knowledge in Cisco, BGP and Blackhole/Synchole communities.
We do have a Cisco 2948G that is our border and through this equipment we apply Blackhole (a sequence of commands to filter all the traffic from the world except our country, this is done by communities that is setup in cisco).
These are the sequence of the commands to apply it for IP 189.1.XXX.40
Enter configuration commands, one per line. End with CNTL/Z. asw-hl01(config)#router bgp 184XX
asw-hl01(config-router)#network 189.1.XXX.40 mask 255.255.255.255 asw-hl01(config-router)#exit
asw-hl01(config)#access-list 50 permit 189.1.XXX.40
asw-hl01(config)#ip route 189.1.XXX.40 255.255.255.255 Null0 250 asw-hl01(config)#
I have another Cisco 2948G that is connected in a FastEthernet port of the border above, and this other cisco is holding another subnet. To make it clear,
Border - I have 189.1.XXX.1 ~ 189.1.XXX.127 (subnet 255.255.255.128)
Cisco2 - I have 189.1.XXX.128 ~ 189.1.XXX.255 (subnet 255.255.255.128)
This is being done through a ip route from Border to Cisco2 to forward subnet 128 ~ 255 to the switch,
ip route 189.1.XXX.128 255.255.255.128 172.16.1.2
Ps: 172.16.1.2 is the internal IP for switch2
Now we go to the problem. If I want to apply a Blackhole (those sequence of commands for an IP located at subnet 128 ~ 255 switch2) it block all the traffic for that given IP, and I cant get access from national backbones. To make it clear,
Blackhole for IP 1 ~ 128 - It works fine
Blackhole for IP 128 ~ 255 - It doesnt work correctly, instead of blocking only international traffic its blocking everything in the world
if I could use a Cisco Catalyst WS-C2924 in a datacenter environment without any issues? Anything I should know about this model? Just looking for a cost effective and used switch to start out with. Switch Configuration and Graphs?
View 14 Replies View RelatedWe're evaluating options on new switch deployments and wish for advise or opinions. We have experience with 2950's but want to move up into all gigabit devices. They will be used for pure L2 purposes as front-end access switches for server racks.
For our needs (24 port, all ethernet, L2 only) it looks like these two competing models fit our requirements and budget:
Cisco Catalyst 2960G (about $2150):
Switching: 32Gbps
Forwarding: 35.7Mpps
Foundry FLS624 (about $2400):
Switching: 108Gbps
Forwarding: 161Mpps
It's a tough decision because we have no experience with Foundry products, but from the spec sheets the price vs. performance ratio seems amazing (almost too good to be true).
You have to wonder if they get their ratings only under one specific situation in which you never encounter in "real world" use.
For those of you using Foundry what models are you using for your access switches to your web severs? Is there a better model for our application? What's your overall opinion of the products and service? Would you invest your entire network to them?
We have a mix of various vendors right now for switching / routing (Juniper, Cisco and Riverstone), but looking to the future being more vendor centric to either Cisco or Foundry for switching will be the model (using Juniper for routing). We've also considered other vendors such as HP, Extreme, etc, but ruled these out for a variety of reasons.
i am thinking about upgrading things at the colo soon and am looking for some comments.
my current configuration is like so:
my bandwidth is delivered over fast ethernet and it is plugged straight into a cisco 3550 switch. i have the ip range they have assigned me cut up in to vlans the way i need.
i snmp poll the switch for traffic statistics with rtg.
this works fine, im only working about 10mbit avg so no biggie.
well, i am considering picking up another provider (super cheap cogent) to adding it to the pile. i want to get bgp setup and have my own address block assigned by arin (unless my carrier now lets me announce their address space out cogent). getting a ASN isnt a problem, and i have done some tinkering with bgp in the lab.
so anyway.. i am having a bit of a time figuring out what would work better for me, a 7200 series vxr router or a 4500 series catalyst. what would be the pros and cons of either one?
I am looking at picking up a switch to mess around with at home. I found the following within driving distance but have no idea of which one will give me more up to date, hands on experience. Any feedback is greatly appreciated.
Used Cisco WS-C5509 Chassis with power supply ( POWER SUPPLY 34-0870-01), and fan (WSC5509FAN)
Cisco WS-X5530-E2 Supervisor Engine III Modules
Cisco Systems WS-U5537-FETX CISCO 4 PORT 100BASETX UPLINK MODULE
Cisco WS-X5234-RJ45 Switch Modules X 8
$160 each.
Cisco WS-C5500 Chassis
POWER SUPPLY 34-0773-03
Cisco Ws-x5550 Supervisor Engine Iii G-series
WS-X5234-RJ45 X 11
For $200
Cisco WS-C5505 Chassis
Cisco WS-X5530-E2 Supervisor Engine III Modules
Cisco WS-U5533-FEFX-MMF Supervisor Engine III Uplink Modules
Cisco WS-X5225R Switch Modules X 2
For $140
I have 2 racks in a DC that cross connected together. Now, the datacenter gives me 1 port and I would like to put 1 switch at each rack. I have successfully set up 1 switch and connect to the internet. But, I am unable to set up the other.
Below is a diagram of what I want to do: ...
I'm switching my colo and I currently am going to be hosting in my own colo; therefore I'm going to be switching IP addresses for all my servers.
I have a cisco switch, an APC and a few servers ... I know how to change the IP addresses within linux, but I do not know how to assign them within the switch.
Does anyone know how to do this?
Also, since I'm changing everything, does anyone know if the gateway IP address on each server has to be changed? If so, then how do you do it?
Since now I utilize Cisco 2924 in my racks, now I am going to install a new rack and I want to know if to install again 2924 or you recommend me 2950? what important differences (pros and cons) offers the 2950 front to 2924?
View 11 Replies View Relatednew Cisco 2960 switch keeps going offline every 12 hours.
I will power cycle it, then about 12 hours later it goes off again. This is a brand new switch.
I have a Cisco 2950 and would like to make a script to activate or deactivate a switch port with snmp.
Does someone now the OID or how I can get this? I searched now very long for this in google, but I'm not able to find it.
I am in the process of gathering the peices to move from a dedicated box to my own hardware in a local colo and am undecided how best to choose the edge device.
The colo has a 30Mb pipe with about 10Mb of it being constantly used during biz hours. Another 10Mb is being allocated in the next couple of months. I want to be able to burst to the full 30Mb when needed.
I am getting 12 IP's allocated but will increase to 24 soon if all goes well (fingers crossed!).
I will have for starters just a single Proliant running dnp on 2008 with IIS, FTP, Mail, ns1 and a 2003 VM running my secondary ns.
What I am unsure of is the edge device and looking for others that have used either a 2800 series router or a ASA5500 series firewall in a similiar fashion. I know what the raw throughput of each device is, but raw benchmarks are not realworld numbers by any means.
I am looking at the 2801 with IOS Firewall turned on and hopefully even some inspects for FTP and HTTP traffic. The other option and one that I am less familiar with is to use the ASA5505 instead which will do my basic routing but supposedly provide more thourough inspects and advanced rules.
Does anyone have experiance with either of these in a hosting environment and have input on the realistic throughput one can expect from either device?
There is a signifigant cost difference with the ASA5505 being much cheaper but I am more familiar with IOS. Would anyone recommend a 1841 router instead?
We are currently looking making some switch changes in our rack as we are expanding.
We don't push a whole lot of traffic (currently 15MBPS) but would like to think ahead for growth.
We are looking at using either the Procurve 1800-24G which will provide web managed 24 10/100/1000 ports or the Cisco Catalyst Express 520-24TT which provide web managed 22 10/100 & 2 10/100/1000 Ports.
Connected to these switch would be our servers and then uplink to our firewalls.
HP is cheaper and provides faster ports, but would Cisco provide additional value over the HP because it's Cisco and their experienced technology?
My host has helped me to install a switch. However, I don't know how to configure using the command line. Could anyone help me?
I need to be able to connect to my Cisco switch using Cisco Network Assistant. If you know the command sequence,
a sales told me i can buy two switch and do series connection,
then if one fail,another will continue to work,
it will take high HA,
but i still can not understand how to do it and work,
could you know what it is?
As my clients' needs expand, they're asking for chroot ssh/sftp setup. I'm currently on a dedicated Linux setup but don't really have the time to set up a whole new box with full virtualization or investigate a full chroot solution (baby on the way), and to be honest it would be less hassle to move to a new provider than worry about down time with sites.
What I'm looking for:
- linux hosting
- hosting for 30+ accounts, some with several domains
- at least 6 IP addresses for SSL certs
- each account in a full chroot environment (ssh/sftp/ftp) so they can't poke around each others' files, or each account set up in a virtual machine setup (ie: openvz)
- maildir
- spamassassin
- php 5, mysql, perl 5.8.8
- suexec apache would be nice
Anyone know anything about cisco pix 501s? i need help setting one up if anyone can give me a hand.
View 14 Replies View RelatedI just got a Cisco PIX 501 from my IT Guy for home use and he didn't reset the firewall to default settings so there are ton of old commands in here.
Is there a command I can use to reset the firewall back to the factory default settings?
Or is there anyway I can flash it back to factory default settings?
I am interested to buy a Cisco ASA firewall. So far I have never played with this gears and I wonder if it is easy to setup.
Is there any software provided by Cisco to setup rules and ACL thru some graphic interface software ?
I have learnt it is harder to setup than I initially expected (since I have just moved from a shared hosting service). I am in need of some help setting up my DNS servers, as I am very confused. Here is most of the info I know:
1) I am running HyperVM
2) I've installed LXAdmin
3) I own the domain (purchased from xeodomains.com) runemart.com
4) My VPS hostname is: vps.runemart.com
5) I know my IP
6) My host has said:
'For VPS customers that have a HyperVM login you can now host forward DNS on the DNS servers rdns1.vaserv.com (US)rdns2.vaserv.com (UK'
And I am unsure what this means/how to do it.
I am not sure if I need some more information to set up my DNS, however I am sure that I can get it if I do.
Now, my questions begin. Firstly, I need to point my domain - runemart.com - somewhere. I believe I need to set up my DNS via HyperVM or LXAdmin so that they are something like: ns1.runemart.com and ns2.runemart.com. Though, is this correct? Am I able to set up my own actual domain name servers, or will my domain have to point at something like rdns2.vaserv.com?
If anyone can assist me in this I would be very greatful, as I am waiting to get my website running. This is all I will ask for now, I will take it one step at a time =).
We are looking to replace our existing WatchGuard Firebox's with a hopefully more reliable firewall from Cisco's range although I'm a bit lost when it comes to the different ranges.
Could somebody suggest a firewall that is capable of:
1: Both NAT & Drop-in (bridge) mode
2: Pretty low bandwidth requirements, no more than 10mbit/s traffic
3: SNMP Monitoring
4: High availability pairing
I am on a tight budget for a Cisco firewall. I am browsing and seeing some affordable options in the x600 series.
Please tell me, which series is best?:
1600
2600
3600
The higher the better?..
Also what about submodels, like is 1650 better than 1600?
And how can I tell how much DRAM each one can take up to?
I see a lot of DDos related articles here at WHT. We've got hit multiple times by DDos and had to handle those attacks everytime with a different approach.
The largest one and the most well know one (we were in Times Mag, AP news, CNN, slashdot, you name it - just do a search about us on WHT) was Russian botnet cyberattack - we had to anaylyze netflow and then block everything on our edge routers, then on the firewall and then locally on the servers.
Since then we had number of other attacks, some of them we were not able to defend on the server level, while, as you can understand we can't do netwflow and manual intervention evey time somebody gets an attach.
We have very good scripts which allow to mitigate huge number of DDos attack, whet our scripts are finding attacking IPs and blocking them automatically - still some attacks could be blocked only on the router level.
I've read that Cisco Guard (I am interesed in 65xx version of it) suppose to mitigate DDos attacks in automatic mode.
after months of disruption moving servers into a new data centre, our once reliable colocation company has now had nearly 6 hours downtime in the last 16 hours. So much for network redundancy.
View 5 Replies View RelatedI'm trying to learn about network. I bought Cisco 2950 for testing. I set it up and finding out the way to cap its ports at 20Mbps or 50Mbps. Do you know what command or how to do this?
Also what command to check the port speed or to uncap the port?
Other than eBay does anyone know of a supplier of Cisco gear that has good prices and knows their Cisco equipment?
View 14 Replies View RelatedI am setting up a small ccna lab and i have RIP working and i can ping my lan from both routers, but only certain hosts on the lan from the one router the setup is
LAN (192.168.1.0/255.255.255.0)
|
/
router 1 E0 192.168.1.45
Serial0 10.10.10.1
|
/
Serial0 10.10.10.2 (of router2)
|
/
E0 192.168.3.250
E1 192.168.2.250
Lo 192.168.5.4
I can ping 192.168.1.102 from router 2 and 192.168.1.45 but no not 192.168.1.201 ... or 192.168.1.1
also i can ping 192.168.5.4 from 192.168.1.102 which is a linux box and an ip route to tell it that 192.168.5.0 can be gotten from 192.168.1.45
What is the difference between the Cisco PIX and Cisco ASA Firewall Systems?
Also which firewall do you guys recommend for a rack of servers
I am currently looking at these Cisco switches:
- Cisco 2924 WS-C2924-XL-EN Enterprise Switch
- Cisco 2950 WS-C2950-24 Catalyst Switch
- Cisco 3512 WS-C3512-XL-EN Enterprise Switch
- Cisco 3524 WS-C3524-XL-EN Enterprise Switch
- Cisco 3548 WS-C3548-XL-EN Enterprise Switch
1) I was recommended to chose the XL-EN model switches because it seems they have more Memory, but the second one in the list (Catalyst) is not a XL-EN, is that going to have any affect performance wise? or it doesn't really matter?
2) I was also recommended to choose managed switches because that way I can use the SNMP features to measure bandwidth, are any of the switches above unmanaged?
3) I also want to be able to manage the switch remotely, web managed, are any of the switches above web-manageable?
4) Most importantly, when my datacenter give me a 100mbit drop, I dont know which port to plug it in in the 29** series. In the 35** I see it clearly but I am not able to see it in the 29**, any ideas?
5) On some of these switches I see a special port called "Console", what is it? where does that connect to?
6) Do any of the switches above not have a console port?
My network currently looks like this :
ISP ->> L3 Switch ->> Firewall (Transparent Mode) ->> Switch ->> Servers
I have a single /24 and my firewall is on x.2 and routes traffic for each of the servers.
Now i have a new Cisco ASA 5510 that i want to replace the aging firewall currently in place, however i dont want to put the firewall into transparent mode because i dont want to lose all the functionality.
Now with most firewalls your outside subnet cannot be the same as your inside subnet, which is fine if you are using NAT but i dont want to NAT. I need all of my servers to remain with their public ip addresses.
So what is the ideal way to setup something like this? Request my ISP give me a /30 for the ASA outside interface or something? And then ask them to route my /24 through the /30 new subnet?
whether I can grant a specific vlan priority over all other traffic..and if so does anyone know an appropriate site where I can find documentation on how to do so?
View 0 Replies View Related