Category: Cisco

I HAVE THE POWER!!!!!!

It is funny how things cycle. We have been doing a bunch of Cisco 4500 installs ranging from 4506’s through the 4510 and even a few 6500s in the mix. And no matter how hard we try we have power issues with them every single time. We either are in a hurry and spec the wrong cables, the client requests the wrong cable, we don’t have the correct power to stage the equipment in our office or the client doesn’t have the right power for the unit. In many cases we temporarily fall back to using 110 power with NEMA 5-15/20T cables and then force the power supplies to combined mode in order to get enough power to bring up the entire chassis.  I should point out that this is usually only good for temp fix and that you should fix your power issue (usually installing bigger circuits) and move back to redundant mode.  But for that quick fix here is the command on a 4500 or 6500 chassis to combine the power supplies:

power redundancy-mode combined

This command should be ran from config mode and once your config is saved it will return to this state after reboot.

And for a bit of extra fun scream out BY THE POWER OF GREYSKULL as you type this in.

Where the Heck are My TenGigabit Interfaces?

Well the picture to the right shows exactly where they are.  In the past we have dealt with 1Gbps interfaces on supervisors that had both RJ-45 and SFP slots and it was an either/or decision if you wanted to use them.  In those cases you had a config entry that required you to state SFP or RJ-45 in the interface configuration.  No matter what you chose it was always shown Interface GigabitEthernet Mod#/Port#.  So when I dove  into the Sup720 I was configuring I decided it was supposed to be the same way because why would Cisco ever let me use all the ports on the front of my hardware?  Being the all knowing geek that I am I also ignored the config file that I have seen at least 30 times in the last hour and I just started typing Interface TenGigabitEthernet 5/1, and I kept getting this; Read more

Captain the warp subsystems are down what should we do?!!!

Over the last two years I have become quite the Mac/OSX fan.  For years I was down on apple and to this day think I had every right to be.  But with OS 10.4 and now 10.5 they have created a powerful and flexible unix distribution for the general user and the power users.  However I have from time to time notices funky issues with software such as the Cisco IpSec VPN client.

Most recently in 10.5.1 I kept getting the VPN subsystem could not be contacted.  Well here is the fix from nate,

“If you are running Cisco’s VPNClient on Mac OSX, you might be familiar with (or tormented by) “Error 51: Unable to communicate with the VPN subsystem”. The simple fix is to quit VPNClient, open a Terminal window, (Applications -> Utilities -> Terminal) and type the following:
sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart
and give your password when it asks. This will stop and start the “VPN Subsystem”, or in other words restart the CiscoVPN.kext extension.”

Thanks Nate and I hope this help everyone else out there keep their WARP core under control….later!

Open wide I need to see all your packets!

I have been doing alot of reading lately about network monitoring, IDS, network problem diagnosis and other such topics. Out of that reading I have been picking up on something that was totally left out of my education in the finer arts of networking. That something is the necessary use of network TAPS for full visibility of of traffic in a structured switched Ethernet network. I plan on discussing that issue more in the near future. But on the front end I have discovered the need to use the existing SPAN and port mirroring options to get a better view on a highly VLAN’d environment. This article from NetworkIntrusion was just what the doctor ordered. So until I can get my hands on some TAPS and get some articles out about how they have revolutionized my troubleshooting methodology I hope this use of tried and true tools for monitoring switches helps.

The Magical Disappearing ASA ACL.

I was on a client site about a month ago finishing an ASA install running PIX IOS 7.2.3. We were moving the client from flat ACLs to Object Group based ACLs, Object groups and named hosts. But for whatever reason we were having problems with the ACL. So from the command line I planned on using the tried and true no access-list “ACL NAME” to get rid of the offending ACL and start over. I was confused when the ACL did not go away. Well in reading 6200networks yesterday I came accross the the answer. From global config mode use clear configure access-list “id” and is should take care of that troublesome ACL. Thanks to Joe at 6200networks for the info.