aleksashkahello, is it possible to use PVDM2 in 2901 without PVDM adapter?
aleksashkaI'm not sure if this adapter is used just to suit to clips or it actually relocates some pins' position... (( this is just for lab purposes
plateYooOo voip
platewhat's up?
metheo_irchi guys
Claude__Good morning, would any be willing to look at my Switch/router config and help me find why my switch is not routeing my PCs?
Claude__CCIEs +v
lowbytegenerally if you put your configs up on (try make it unlisted and with an expire time) then paste the link here in channel some people take interest and provide feedback. just make sure you also detail your issue (from what sources to what destinations) and extra topology information like 'there is a firewall in the middle.. here'.
Claude__OK, Switch setup with 4 vlans (to be tweeked for Prvt and public later for hosts) route through the routet to the internet.
Claude__Oh if it matters its a 870 Router and a 3550 switch
truthryou enter into your browser, it goes out to dns server somewhere, which returns the IP address to your browser correct?
Claude__Yes and no
truthrwhy no
Claude__You enter, Your PC asks DNS what IP and DNS tells your computer what IP address to send the browser to
truthrok cool thx
Claude__An example would be
Claude__Ping no DNS response you will get "Unknown host"
Claude__Ping and no DNS response you will get "Unknown host"
Claude__Oh and
Claude__It doesnt go to a random DNS server, what it goes to what DHCP assigns it or you set you DNS server to
Claude__Mpst DNS servers will not resopond unless your on Their network
truthrok. my question is a little different though
Claude__Ok explain what you want to do
truthrsay you want to connect to
truthryou type into your browser
Claude__No DNS required
truthrok good. also, there is a pathway to get to
Claude__You already told the browser where to go
Claude__What ever your default gate way is
truthrdoes your browser construct the path to get to the destination, the entire chain of servers involved?
truthrso that it knows what that first server to connect to is, or does the default gateway do that?
Claude__Ex if you look at your wireless or network adapter ipv4 you will see Gateway and DNS
Claude__Default gateway does that
Claude__Like if your PC is A
truthrthe default gateway is the name of some other server not your own?
Claude__It does A to Gateway and the Gateway routes to the next hop and then these devices route the packets to the destanation IP
Claude__But... Say for example you conntact to a wireless router
truthrso what a VPN does for example, is it simply changes the default gateway from that of your ISP, to whatever the VPN service provider says to use for default gateway?
Claude__Your IP Your gateway You type in to the browser
Claude__The request is sent to the Gate device
Claude__gateway that is]
Claude__Do this is you want to see the path, Open command prompt
Claude__type: tracert and it will show you the path it takes. Here I will show you.
truthrit worked
Claude__Oh ok coo
truthri have vpn client on my machine. it connects to a vpn service ipredator
truthrthat connection occasionally fails, and when it does, the ...gateway? ...reverts back to my ISP default gateway
truthrand I don't want it to do that
truthrif the VPN fails, i just want the connection to fail
Claude__ <-Trace route
Claude__VPN does something diffrent
truthrI was thinking a small firewall appliance where you could allow only connections from to VPN service providers gateway
Claude__I dont under stand that question, VPN connects one network to another encrypting the data between the 2 networks
truthri need a way to enforce the use of the VPN and fail the connection should the vpn fail for any reason
Claude__You must have VPN on both sides
truthri don't know what you mean. I have a subriction to ipredator, they have the VPN servers on their end
Claude__Hmm thats getting complicated
truthri guess I don't see why it should be complicated though
Claude__OK so if you have a VPN client then you can connect to their VPN servers
truthrall traffic on my machine should be headed to one location
Claude__Well I dont know what kind of device your useing, what is on the other network or what you want to fail it to
truthrthe internet
truthrmy computer --- vpn provider ---- internet
Claude__Perhaps I am misunderstanding you or I dont know enough to answer your questions
truthri don't want computer ---- internet
Claude__"internet" is very vauge
truthrgotta run. thx for the help
Claude__So how will to get to the ther end of the VPN?
Claude__OK cheers
Claude__Anybody awake?
zapotahClaude__: your switch is routing just fine
zapotahClaude__: however, you lack routes back towards the switch networks from the router and youre also not doing NAT at the router
td34hey all has anyone used cisco's NEAT feature on switches?
cromagisnt ISE the new NEAT or something ?
td34not sure
td34I want to authenticate my devices on a per port basis.
td34so if i have 4 phones connected to one switch, I want to make sure that the ports is open when my 802.1x certificate has been accepted.
td34Looking more into NEAT now, it looks like it is only md5 authentication...
no_sleephow long do you think an HDMI cable will be before one experience slight signal loss
Gollee10 meters maybe
IShouldDoSomeWorMorning all(Afternoon for everyone lucky enough to be almost done with Monday)
gypsymaurothere is a way to know how many broadcast packets transits on a switch?
xousnot directly
Golleecheck the interface counters
xous-^ this
xousyou'd have to total the counters for all interfaces
xouswhy do you want to anyway?
xousif you've got issues with too many broadcasts you've either got a bad network design or an terrible app
nightcrowhi guys, I have a Cat 3560 and I am trying to filter a command. 'sh ip int brief' - I am trying to display the lines that do NOT contain the words 'unassigned' and 'down. ie. sh ip int brief | exclude unassigned OR down
nightcrowis there a way to do this?
nightcrowi got cut off
nightcrowany ideas regarding my question?
qwert_sho ip int brie | e una|down
Giant81hehe 30 input errors on a storage port in the last 50min, I really don't think this is a big deal, but does anyone else think it's worth investigating?
zapotahdepends on the volume of traffic
Giant81input rate 91.48 Mbps, 2.85 Kpps; output rate 76.12 Mbps, 3.88 Kpps
Giant815min load interval
Giant81all of them appear to be CRC errors
Giant81any way to get the nexus to punt CRC error packets into a capture or even the src to a log so I can correlate if they are all coming from the same place?
MrPockets$180 a month per switch for TDS managed switching. I ask what kinda switch they're putting in, either Cisco SG200s or if we want "the big guns" as the sales rep said, they'll throw in a 2960S
MrPocketsyeah, that November 2020 EOL looks GREAT for our 5 year plan..
MrPocketsSome ISP that sells managed VoIP and managed switching.
MrPocketsthey're big in this area.
zapotah180$ a _month_ for sg200
zapotahi would laugh at the fuckers all the way out that instant
MrPocketsThe best part, is they really DONT configure them for fuck.
Giant81oh shit, awefully big GUNS
zapotahwell, to be fair, they cant be configured much :P
MrPocketsThe "QoS" you can do on those is limited as shit, and when we asked them for a LAG they're like "no, we don't like to customize things per client. It makes it too hard to manage"
Giant81so is a 3850 or cat 9k an ICBM?
Giant81whew, whatch out those LAG ports are hard to manage
Giant81who the fuck is managing this? n215?
MrPocketsso, for the same price, we're going to recommend 2960X switches all around
IShouldDoSomeWorLast time I touched a SG220 it would decide if SNMP or SSH would work at any given moment. Normally the answer was no.
zapotahsg200 doesnt do fucking anything
MrPocketsEven the 300s are bullshit
IShouldDoSomeWorIt is a glorified Linksys
zapotahits along the same lines as the shitty 3com shit
IShouldDoSomeWorMrPockets: Is this just a temp thing or would it be in place for 5 years or more?
MrPocketsideally its a 5 year plan
MrPocketsThis is a refresher quote too, they already have this service, and they have 10+ year old 10/100 catalysts in there now.
MrPocketsif _nothing_ else, they should be maintaining _current_ piece of shit switches.
IShouldDoSomeWorConsidering a 2960x should cost around $2500 without smartnet compared to them charging you $10k over 5 years for a $200 switch.....
MrPocketsyeah, its an easy sell
MrPocketsand our contract covers management of network infrastructure, so they get better service.
Giant81about the onlyh place I'd put an SG200/SG300 is in my home lab as just a gig switch for all the PCs in the house to use
Giant81and even then, I'd leave it flat, and forget about it
MrPocketsSo we're in agreement then: These guys are fucktards.
MrPocketsOnto the next topic.
IShouldDoSomeWorGiant81: I had to set up a voice vlan once
IShouldDoSomeWorGiant81: I wanted to die
Giant81I guess I can see using it as an under desk switch in a corner of the building, but honestly the 2960x is so fucking quiet anyway when running and so much more capable
MrPocketsI mean the price is $1500 more
IShouldDoSomeWorOr 4 of them as a foot rest
MrPocketsbut seeing as they're getting screwed for price anyway.
IShouldDoSomeWorWait are you competing against this company?
MrPocketsNot really. They're the ISP and provide managed phones
MrPocketsWe're their overall IT consultant, so I'm encouraging them to review this managed switching contract, and the aforementioned is the best that this comapny can offer
MrPocketsso Im just recommending they buy their own switches, and we'll manage them under existing contract for no additional cost.
IShouldDoSomeWorWell that should be an easy win
IShouldDoSomeWorConsidering they can get 4 switches for the price of 1
MrPocketsand the board is all about cost savings, so this'll be a win all arond.
IShouldDoSomeWorbefore any maint
IShouldDoSomeWorExcept for that one guy who has a friend at the other place....
squibbyknuck knuck
bellisI'll toss another "ugh" at SG300s.. old employer used to sling them when I first started there, and as far as I know their office is still mostly SG300's, but so many random BS problems (along with general architectural deficiencies, of course)
EterisWhy is it that cisco still can't get emulators on their exams to work?:/
squibbyEteris, ahhhhh welcome welcome
squibbywhat was broken on your sim?
IShouldDoSomeWorEteris: NP Switch sim?
EterisI passed, but it was still broken and annoying
bellisthe last one I remember dealing with was that switches would occasionally just 'forget' some of the VLANs it's supposed to be tagging on a trunk link, would require a reboot to fix
EterisNP switch, lab ports wouldn't come up yet I was passing traffic through them... xD
Eterislikewise if I tried to remove an ACL entry
IShouldDoSomeWorEteris: I had the same issue
squibbyEteris, I had a broken mutual redistribution lab where end to end IP connectivity was working even though only half of the needed configuration was completed
Eterisit just added it again
squibbyI completed the config anyway but it was super sketch
EterisI literally couldn't remove an ACL entry
Eterissquibby: hahaha
EterisIt's so frustrating
squibbyEteris, the first time I took the CCNA, back in the bronze age, it asked me a question about VLAN port assignments and the running-config didn't match the mac address table
EterisEven if they threw some bad version of packet tracer on there it would still work
bmoraca_workthat's why simulations suck more than emulations
squibbybmoraca_work, hey man. been having a lot of fun with vpn4 and spine-leaf labs
squibbybmoraca_work, pissed me off though.. with IPv4 af over IPv6 peering on nx-os, it won't let you use a route-map to set an IPv4 next-hop like on IOS
squibbyso you HAVE to use a rfc5549 compatible peer or it doesn't work
bmoraca_worksquibby: ouch...vpnv4 sucks for that. EVPN or Segment routing ftw
bellisgood thing you still pulled a 'pass', would suck to know your sim's borked when they hand you a fail :\ Sometimes you can complain and get credit back, but that seems to depend a lot on the testing facility
squibbyunless you know of a way to do it with nxos
squibbybmoraca_work, no no the vpn4 was a totally separate lab
squibbythis was a simple spine-leaf
squibbybut I was trying to avoid addressing the ptp links
squibbyso I used ipv6 lla
squibbywith ip unnumbered for ipv4
squibbyit works splendid with all IOS devices, for nxos topology I just let the rfc5549 support work its magic
squibbybut nxos won't let you use a route-map to fix the next hop
squibbyit doesn't work, no matter what it wants to send an ipv6 nexthop. which sucks
squibbyit's just annoying with cisco though
squibbyfor example on IOS if you use ipv6 lla peers, it forces you to specify the interface identifier on neighbor statements right
squibbybut it doesn't let you repeat the same neighbor address on different interface identifiers. you have to have a unique lla per peer. totally lame
squibbyand nxos is the same problem because you can't specify an identifier interface at all, you have to specify an update source interface. so it forces you again to have unique lla peer addresses
MrPocketsWould best practice suggest always stacking your MDF switches?
MrPocketsand avoid using 1GBe to connect switches whenever possible?
squibbyMrPockets, best practice would suggest to never stack your switches at all.
squibbyMrPockets, how many switches would be in one of your stacks? How many ports per switch? How many uplinks will the stack be using and what interface speed
MrPocketslike three 48port switches?
squibbyok. and what interface speed are the uplinks and how many will you be using
bellisshared management plane = single point of failure, better off going with ecmp or some sort of mlag (if you can, of course) rather than stacking/vss+lacp
MrPocketsVMware enviornment, 3 hosts, 1 SAN, ~15 virtual servers and 100 workstations
MrPocketsanything connecting to it is all 1GBe
bellisbut 'it depends', of course :)
squibbythe uplinks
squibbythe ports that the stack uses to reach the rest of the network
squibbyhow many uplinks towards your network core and what interface speed
MrPocketsthese are the only switches in the enviornment
squibbyso it's just 3 switches and a vmware cluster all in a bubble? not connected to anything? huh?
MrPocketsInternet is on a Sophons UTM somethingorother
MrPockets20/20 fiber into that
MrPocketsother locations VPN in over the sophos
squibbyI guess you can stack them then. sure why not.
bellismeh I'd just stack them at that point
MrPocketsWould connecting the switches with two ports in a port-channel be idiotic?
belliswith something that small/consolidated it wouldn't really net you much benefit in terms of redundancy IMO, especially if port counts are at a premium
bellisjust go with the higher-speed stacking backplane and be done with it
MrPocketsport-channeling moreso for bandwidth than redundancy?
belliswhat model switches?
oisterwhy would that be idiotic?
belliseach connector on those is 20Gbps IIRC, so you should be pretty well-off if you just make sure your stack setup is full-duplex
belliseach stack-connector, I mean
squibbyMrPockets, well you have three switches so it's a bit awkward. if you had 4 switches I would advocate create two stacks of two and then using a portchannel
MrPocketsI see
MrPocketsyeah, but if i port-channel the 1GBe copper
kmcelroy1you have 1 sophos, so why is this even a discussion? :P
kmcelroy1stack the switches and move on
squibbyyou'd be forced to create a triangle topology, in which case you'd force at least one portchannel to be STP blocking
squibbyso it's not really worth it
MrPocketsDoes anyone implement dual NICs on workstations to accomidate switch failures?
kmcelroy1if you need more bandwidth, add another port in powers of 2
squibbyMrPockets, you should definitely dual attach your vmware hosts
kmcelroy1vmware yes, but not workstations
MrPocketssquibby, oh yeah, thats being done
MrPocketsfor everything in the hosts
squibbykmcelroy1, we dual attach our traders. -.-
oisterwe dont use port channels on our vmware hosts though, just use vmware port failover function
MrPocketsIf I went in and said "pick 2 people in each critical department and we'll throw a 2nd NIC in there so if a switch fails you have a handfull of important proplr up"
MrPocketsit'd be, strange?
oistersimple and works great
MrPocketsoister, we're doing the same.
MrPocketsVMware handles load balancing and failover on the connections, no LAG on the switches
kmcelroy1MrPockets: in an environment that doesn't have dual power, dual internet, generator and full redundant everything, no
bellisyeah only do port channels on vmware if you're using vDS+LACP, otherwise you'll just have a bad time :\
kmcelroy199% of normal branches like described, you wouldn't waste your time
squibbyMrPockets, right vmware doesn't need LAG
MrPocketsMakes sense.
MrPocketsAlright, off to the Gym
bellisbut if you have Ent+ licensing already, LACP there works well in my experience
squibbyI just do load balancing by port-id
squibbythe vmware default
squibbyeasy enough.
bellisyar, that's all you should ever have to do in the overwhelming majority of occasions
bellisand if you 'need' to do anything else, it's probably because you're an IT cowbow that just has to muck around and make things overly-complicated for no reason
bellismy favorite people <3
squibbyyeah. I used to be guilty of that myself
squibbyI think it's something that most grow out of with experience
kkanybody can share firmware files of some cisco devices (ASA, Sx500, Sx200, etc...)
hkklcisco tac if you find some security hole that your current ones have
hkklcco if support contract
hkklotherwise contact your AM
Giant81ok so looking at route-map documentation "If a match command is not present, all routes match the clause. In the previous example, all routes that reach clause 30 match; therefore, the end of the route-map is never reached."
Giant81so a route-map with just a description will match everything
Giant81sooooo why is it not matching everything... fuck
squibbyyou don't even need a description it just needs to be a permit sequence
squibbybgp policy route-maps for example, often have a tailing permit sequence that basically means "permit everything else that wasn't previously matched"
sartansome shitty app on my phone disabled wifi, i was watching youtube all night last night.... data GONE for the rest of the month
sartanfuck you canada.
sartani only have like 2gb fora month
sartanextra data is like 30 cents a megabyte or something
sartanwhat a rip off
sartanwe need new cell phone plans hardcore.
sartanthis LTE4 is fucking amazing, exhaust my entire months worth of data in 15 minutes
sartanSO FAST
MadClown2GB is pretty low
MadClown6GB suits me just fine
voipmonkfreedom mobile?
sartanmy wife just bought an iphone 7 too so i'm kinda stuck here unless i pay a huge contract breakage fee
kmcelroy1you got canuked
kmcelroy1mine, do not steal
wprinssartan: 2g/month?? its 2017!
sartanwelcome to canada
sartani have data caps on my internet too
oisteris it free?
sartanwhen i went to japan I had unlimited lte4 for $100
sartani downloaded maybe 3tb. (was work)
sartanhere i can get 20gb for $105.
sartan$10 for each extra gb! what a deal!
kmcelroy1everyone knows canadian bytes or more expensive than japan bytes
kmcelroy1conversion costs
sartanyeah, we have to add an 'eh' after every other byte
kmcelroy1gotta pay for all those freebies somehow
sartanencapsulated in thick maple syrup
kmcelroy1probably half of the bill is taxes :P
kmcelroy1make 150k, take home 60 :P
atten10Which CCNP exam do people normally start with?
kmcelroy1the first one
atten10I'm talking about R/S
kmcelroy1the first one
linux4lifehello all. I have a call manager 9 system. I have a phone that can only dial the speed dial extensions on his phone and extensions NOT in his Calling Search Space. any thoughs? DNA says the call should be going through. but his phone just sits there for a second, then the screen goes back to the main screen....
atten10linux4life, sounds like a SIP problem cannot get out or something
atten10SIP isn't getting through NAT or whatever
atten10I don't know I haven't touched phones in forever
linux4lifenot sip. sccp. No Nat this is a routed network.
kmcelroy1sartan: you are the designated phone person now that tanner is MIA
kmcelroy1get on it
kmcelroy1i can fumble through sip crap, but fuck CUCM :P
sartanno thank you
linux4lifeI know, it's a main.
sartani dont do voice anymore
kmcelroy1sartan: you gotta pass the torch to someone, that's the rule
kmcelroy1just like i need to find someone to pass the qos torch too
squibbykmcelroy1, just build the templates and make ops do it
atten10I think I'm going to start with t-shoot first
kmcelroy1squibby: ha, i meant here
kmcelroy1i don't really do that sort of stuff anymore here
kmcelroy1i should clarify the 2nd here is worth
kmcelroy1first here is irc
kmcelroy1god, my typing sucks today
squibbyI hate sip
squibbythe farther away I can get from sip on my next job the better
kmcelroy1meh, i don't mind moving it
kmcelroy1i just hate dealing with it itself
kmcelroy1dial plans and gay crap like that
kmcelroy1but dealing with voice packets doesn't bother me
squibbythey make me read all of the sip traces for tshooting here because nobody else can be arsed to learn it
kmcelroy1i never dealt with sip traces thankfully
squibbyand there's a bunch of faggy xml encoding specific to skype for business
kmcelroy16 years of telco, never looked at a sip trace
squibbyfuck sip
kmcelroy1sip is an obnoxious protocol
kmcelroy1hey, let's make a connection oriented protocol on top of UDP then make a whole setup of failure messages to deal with that
kmcelroy115 years later, hey, we should use tcp messaging
kmcelroy1no shit
squibbyyeah it took way too long for that to be the default practice
kmcelroy1i had to fight at the last place to get them to finally just do it
squibbyI mean us at a herp derp enterprise don't need to worry about tons of tcp state. fuck it
kmcelroy1like, we have these timeouts after x period
kmcelroy1well, you are timing out the firewall
kmcelroy1send a fucking reinvite properly
kmcelroy1or just use tcp like a normal person
kmcelroy1switching to tcp fixes so many sip problems
squibbykmcelroy1, yeah dude, not too long ago the director tried to get me to research SIP REFER because we were having a problem with one of our conferencing servers that is hosted on prem
linux4lifedamn.... opened up a can of worms here huh??? Sorry guys, didn't mean to spark bad flashbacks. :-)
kmcelroy1it was funny cause they fought it but found out broadsoft was all tcp inside their network
squibbyand it took forever to explain to them what sip refer is and why it has nothing to do with anything they were talking about
kmcelroy1they kept claiming they couldn't do it
kmcelroy1then it was like, shit
kmcelroy1broadsoft has it running
squibbythey also can't seem to understand the different paths signaling takes here, when and why
squibbyeven though we've been over it
kmcelroy1damn you sip
kmcelroy1that protocol looks like someone was half drunk when they designed it
squibbyso one thing that confuses them is we have multiple edge pools right
kmcelroy1hey, let's reinvent tcp but for phones
squibbyand edge pools and associated with different front end pools
kmcelroy1okay, great idea
squibbyand we do active/active on the edges
kmcelroy1we saved like 8 bits
squibbybut I still can't get them to understand that the sip signaling is always pinned to a primary edge pool in an active/standby manner, and only the media is active/active. the sip signaling will pin the media to the correct respective edge pool, depending on the user group
kmcelroy1what about faxing? can't we just do email instead? no, we have to have faxing
squibbyover and over and over we go about this
kmcelroy1will it be ridiculous? of course
squibbyI eventually forbade the sysadmin from messing with the DNS records
oistertell them to hard code IPs instead
squibbythat goes on here too
squibbya lot
squibbyI'm currently trying to sell them on anycasting DNS and syslog here
snacky<kmcelroy1> 15 years later, hey, we should use tcp messaging
snackyit's POSSIBLE the early devices didn't even have tcp stacks, just udp. early cable modems were like that
snackylots of 90s network appliances had udp but no tcp
snackyI still hate sip
squibbyI'm pretty sure some of the companies we've been forced to video conference with still have systems from the 90s
mplexsip/h.323 are horrible protocols
mplexeverything should work behind NAT these days ;)
jdk101Hello! is it possible to do a packet capture in the stack ports of a Cisco switch?!
squibbyjdk101, good question!
jdk101I want to see the 38 byte stack header
mplexdoubtful if it's not in monitor session source
jdk101Yeah, it's not :S
IShouldDoSomeWorACTION has flashbacks
sartanfuck voip.
sartansip is awesome though
sartaneasy to debug
sartanit's all like http.
sartanyour analogy of trying to say tcp for phones is completely wrong
sartanyou can go ahead and try to debug mgcp, sccp, or h323 instead.
squibbysartan, the basic sip messaging is simple, some of the proprietary glue sauce is not as clear
sartani dont like having to look up error codes from a table.
squibbytcp does eliminate some problems with sip over udp
squibbymostly issues involving stateful devices in the path
bmoraca_workwelp, got illumio to play with it
kmcelroy1sartan: didn't say those were better :P
kmcelroy1sartan: just that sip is retarded compared to what it should have been
kmcelroy1could have cut back on the amount of messages needed if they just used tcp from the get go
kmcelroy1and would cut back on the issues we have
MadClownno net neutrality debate today?
kosswhat's to debate
kossunless your an ISP you should be against it. or being paid off by one
MadClownsome folks were going off the other week
MadClownkoss: what are you up to these days?
kossgettin old. lol.. not much
kosschasin kiddos around, boring job as a network admin
kosshave an interview wednesday for some other gig. not that i was looking, but ex-worker begging me
bmoraca_workmore important than net neutrality should be the municipalization of last mile infrastructure. you do that and net neutrality ceases to be a thing because you have real competition.
bmoraca_workbut noooo...people would rather posture over the perceived threat of "fast lanes" through the internet
Giant81bmoraca_work: never going to happen in the US... common carrier would help people and hurts monopolies, will never happen
kossbut trump pretends to care about common people ;)
oisterhe does if you believe corporations are people :P
kosshe cares that some people can afford membership to his clubs ;)
kmcelroy1bmoraca_work: free market is only good when it benefits the business obviously
kmcelroy1otherwise it is bad
squibbysilly kmcelroy1, consumers aren't part of the free market system
kmcelroy1i have argued the same municipalization of last mile and people look at me weird
kmcelroy1complain about free market
kmcelroy1i am like, that is free market, pay for it from taxes, then rent it to whomever will pay to run the service on it
kmcelroy1you can't have 20 people laying infrastructure, that is retardedly expensive
bmoraca_workbut those same people, i'm sure, consider the Internet to be a "utility", right?
kmcelroy1i have no idea
squibbybmoraca_work, I absolutely cannot live without game of thrones
kmcelroy1i think they don't have the ability to understand that just cause you say you want free market, doesn't mean you do
kmcelroy1like, free market
kmcelroy1it isn't a catch phrase, it means something
kmcelroy1and if something gets in the way of it, gasp, you may have to work around that problem to make it function properly
kmcelroy1like, no, everyone should just make their own infrastructure
kmcelroy1and that is when i know they have no idea what they are talking about or have spent more than 4 seconds thinking about it beyond their catch phrase
kmcelroy1like, cool, do you want every water company to run their own water pipes to your house?
kmcelroy1so you have 10 people's pipes coming in, then you pick one?
kmcelroy1oorrrrr, do you think maybe we build infrastructure and let someone bid to manage?
kmcelroy1everyone just build their own roads, then you pick the road you want
kmcelroy1like, you people are insane and need to stop chanting catch phrases
HEROnymouskmcelroy1, yeah but things tend to mean different things to different people
bmoraca_worki don't know, man, there are some cases where i'd definitely prefer a toll road to what the shitty state of california offers
HEROnymous"free as in beer vs. free as in stallman", etc.
kmcelroy1i hate party system, it makes retards get involved in plitics :P
kmcelroy1bmoraca_work: sure, but that is purely just an issue of them building the road, then passing it off, that is what they did here :P
kmcelroy1i wouldn't be bothered by that if we didn't pay to build the damn road though
kmcelroy1then give it to them to charge us again
kmcelroy1also the lack of competition is problematic
HEROnymouskmcelroy1, a problem with your suggestion that "we" build infrastructure is that you didn't define "we". personally, I don't know much about building a water and sewer infrastructure...
kmcelroy1HEROnymous: public vs private :P
kmcelroy1public is we
kmcelroy1i don't mean you go out there with a hammer and go at it
kmcelroy1sort of like how you don't build firestations or do your own policing, but the state still does it :P
HEROnymousI do my own policing
JK-47I had a well and leech field. Town made me pay sewage tax and water. Also tried to sue me to get on town sewers.
HEROnymousI even have a sign on my house that says "we do not call 911"
JK-47Though, we are a nation that arrests us if we try to live off the grid or collect rainwater.
kmcelroy1well, someone still has to remove the dead body
kmcelroy1i mean, if you can cremate it and do the paperwork for investigation, congrats
HEROnymousinvestigate? what's my motivation to investigate?
HEROnymousand my dog's not picky about what he'll eat.
HEROnymouswould probly test it for nasty chemicals first, of course.
HEROnymousnot gonna feed my dog methhead.
HEROnymousbut yeah, cremate... burn barrel... same shit.
kmcelroy1if the fumes go onto your neighbors property, you broke the NAP
kmcelroy1that means he will just tactical nuke you
HEROnymousyeah, good thing I don't give a shit about any of that silliness :)
emptynineor end up in the barrel also
nemith HEROnymous │ I do my own policing <-- oh jesus fuck.
nemithwhy do people try so are to be anti social
kmcelroy1well, someone on your property doing shady things, that is met with a gun, can't fault that :P
nemithwe are better together
kmcelroy1pretty much SOP
HEROnymousnemith, well, I mean, I prevent crimes from being committed against me. I don't go around charging people money for speeding on highways, harassing innocent minorities, and murdering random strangers. that's a part of 'policing' today, I guess, too.
sartanRainwater belongs to farmers.
sartanDon't forget. And Nestle.
kmcelroy1fucking nestle
HEROnymousnemith, I agree that we're better together. I disagree that "the police" do a better job of protecting my home and family than I do.
nemithHEROnymous: that is some concocted drempt up "hero" complex you have invented for yourself
oistermove to mexico HEROnymous
kmcelroy1HEROnymous: well, unless 100 of us got together and decided we wanted your shit :P
JK-47I had 5 fruit producing trees. technically i was an orchard. since the govt can steal any land deemed agriculture at any time.
kmcelroy1i feel like there is a line there
oistersee if that same thing applies
HEROnymousnemith, I mean, or I'm just a realistic.
nemithno you are delusional
HEROnymousoister, nah, mexico is a brutal police state. I'll stay away, thanks.
sartanyeah, your outdoor non-city forest mansion sounds like an absolute nightmare to live in
HEROnymousnemith, no you are!
oisteryou'll be glad you had police
kmcelroy1there is a happy line, defend yourself if needed, but cops are still a need as well
nemithi mean you should do things to protect yourself. Like lock your doors but to pretend that you are 100% independent is delusional
oistersee any 3rd world country
nemithHEROnymous: please explain why i am delusional
nemithI am interested in hearing your reasons
HEROnymouskmcelroy1, sure, people can fuck with eachother. the good news is that most people don't. times I've had to use a gun on another person: 0.
kmcelroy1HEROnymous: really depends on who is around :P
HEROnymousnemith, you degenerated into ad hominem attacks and name calling. my response to that is always just "NO U!"
oisterthats why you should move to a third world county HEROnymous :P
oisterget to use those guns
HEROnymouskmcelroy1, I guess. statistically speaking, most people who are victims of crimes are people who associate with criminals, so...
Giant81HEROnymous: sounds like you live in Montana
kmcelroy1HEROnymous: concur
nemithHEROnymous: I feel like I am backing up my claims. But i did figure your rebutal was the adult version of "I am rubber you are glue"
HEROnymousoister, you should move to antarctica. because I said so, and it makes no sense either.
HEROnymousnemith, no, it was the childish version of that - just like your childish name-calling. :)
HEROnymousGiant81, nope. Missouri.
Giant81you drive an old duece and a half, wear almost exclusively camo, and prep rather extensively for fear that the GUBMENT COMM'N FOR MA GUNZ
nemithYes. We, as a society, need to quit with this "move if you don't believe in the same arguable view as mine" bullshit
oisterit does make sense if you want to truly police yourself :D
kmcelroy1HEROnymous: it is sort of the mix of if someone is breaking in, you call the cops, but if they get in, you shoot. there is a need for both :P
nemithHEROnymous: What names did I call you? I called you delusional for thinking you with a gun is better than a society of rules and concequences? That isn't a name.
HEROnymousoister, no it doesn't. most third world countries are ruled by a more or less corrupt police state (of course depends on what you consider third world) and the citizenry is vastly less free to defend themselves than many US citizens are.
Giant81nemith: I've found anyone that says "well move if you dont' like it" isn't willing to move themselves if they don't like it so they are typically MASSIVE Hippocrates
kmcelroy1need someone to investigate a crime? call the cops. need to defend yourself immediately, weapon
Giant81protect your family, call cops to clean up the mess
nemithHEROnymous: I am very interested in your response but you are not confronting the debate i lay before you but instead are trying to discredit me
HEROnymousnemith, well first of all, that isn't what I said. don't conflate "the police" with "a society of rules and consequences". they're not even remotely the same - and the police are a great example of how they're not, seeing as how often police get away with doing things that ordinary people do not.
kmcelroy1Giant81: pretty much
nemithGiant81: it's all bullshit
nemithHEROnymous: The police are are part of that system. They are the enforcement arm
nemithand without the police the system cannot be sustained
Giant81nemith: they're also the ones that are all "don't like your job, just get a better one!" cause I guess the job market is infinite
squibbynemith, ad hominem! no ad hominem! you're the ad hominem!
HEROnymouskmcelroy1, well, sure. but on the same token, the police don't bother with putting any real resources towards investigating the sort of crimes that are most frequently committed.
nemithsquibby: also a huge pet peive of mine
kmcelroy1HEROnymous: agreed, that is why if it gets done on your property and you can, you stop it with force :P
HEROnymousnemith, but that's the most troubled and deeply problematic arm of a system that has very fundamental problems.
kmcelroy1HEROnymous: otherwise, you call the cops after the fact
nemithalso exactly what the current president does
Giant81HEROnymous: I think it also comes down to the chances of a conviction
nemithHEROnymous: I am not saying the system isn't flawed
Giant81I mean I doubt the police are going to take DNA samples if someone shits on your lawn in the hopes of tracking down this dangerous criminal
HEROnymouskmcelroy1, imho, common sense goes a long way too. you don't need to shoot a 14 year old trying to steal a bike off your porch. you probably do need to shoot a meth head who breaks in through a window at night.
kmcelroy1well, you don't need to, but he didn't need to steal it either :P
kmcelroy1so it sort of goes both ways
nemithbut i would rather try to fix it than pretend that I am John Wayne and my property is the wild west in some sort of childhood fantasy
kmcelroy1if you didn't teach your kid not to steal, kinda bad parenting
Giant81stereo stolen? big whoop, why dust for prints, there probably aren't any, it's not really that big of a crime, just let your insurance fix it
kmcelroy1my father would have fucked me up pretty bad if i stole shit
HEROnymouskmcelroy1, yeah but to be honest, I don't think I'd call the cops after the fact either. bad things can happen in those circumstances. like that woman in Minneapolis just a couple of days ago.
HEROnymousshe called the cops to report a bumfight in the alley. cop shows up, murders her in cold blood. and "oops my body camera was turned off!"
Giant81HEROnymous: yeah shoot someone on your property then NOT call the cops, that seems like a really good idea
kmcelroy1Giant81: i think he means he would just take the loss on the bike
nemithso all cops are killers?
HEROnymousnah, I'd put the word out in the neighborhood and when it was spotted, I'd go get it back.
Giant81sure why not, unless you have a video and even then, just turn it into the cops later
nemithHEROnymous: have you recovered your own stolen property before?
Giant81lol would love to see that, get arrested for stealing your own shit back
kmcelroy1here you can shoot people if you catch them stealing :P
HEROnymousnemith, no, but some are. and that's enough for me to be wary. I also don't hang around with hard drug addicts or people with mental illnesses that lead them to flying off the handle.
nemithgood plan
HEROnymousnemith, sort of. I had a car broken into once. I wasn't awake at the time, but another neighbor was, and that neighbor beat the thief down with a tire iron. so my property was recovered.
kmcelroy1HEROnymous: hahaha
kmcelroy1good neighbor
nemithand then you called...?
HEROnymoustrue story. happened in greenbelt, md.
Giant81seems like a pretty solid use of deadly force there, saving that brittany spears CD
HEROnymousback in my DC days
kmcelroy1Giant81: meh, fuck em
HEROnymousalso, he didn't beat him to death, geez.
Giant81yeah well, could have ended up badly
Giant81could have been shot
kmcelroy1thieves deserve whatever they get
kmcelroy1Giant81: so could the thief, didn't stop him apparently
HEROnymousanother thing to remember about the police is that when seconds count, they're only minutes away
Giant81sure, but if you start beating some fucktard with a tire iron and he's got a gun, not worth confronting the fucker over something as stupid as personal property
kmcelroy1yeah, usually after 1 hit with a tire iron, you aren't going to be good to start reaching for things
HEROnymousso assuming you have the best, kindest, most dedicated police force ever in your town, with not a single lunatic or homicidal maniac or racist or whatever else among them... if somebody comes into your house and decides you're getting buttraped tonight, they're probably going to get away with it before the cops make it there.
Giant81no he'd get shot, let the cops clean it up after
kmcelroy1castle doctrine is a mus imo
Giant81but I'm not going to shoot the idiot rummaging through my car
nemithHEROnymous: so I am trying to figure out what your stance is?
HEROnymousnow, all this said, I think that a functional society is a wonderful thing. with good functioning neighborhoods, we need police *less*.
kmcelroy1Giant81: why not?
kmcelroy1Giant81: then again, i don't know the legality of that there :P
Giant81can't use deadly force unless I'm in thread of death or bodily harm
kmcelroy1Giant81: well, that's why then
kmcelroy1texas you can use it to stop someone from taking your property
Giant81even then, doubt I would, not worth the paperwork
Giant81just insurance claim it, buy a new thing, move on
HEROnymousnemith, on what specifically? police? I think that police can be very dangerous. only over the past few years since everyone has a phone with a camera has the truth about so many incidents come to light. and yes, that's a tiny minority of people, but when someone can kill you and get away with it, is it really worth taking the chance of putting yourself in a position to be around them?
kmcelroy1no paperwork, they show up, see you shot him while he broke in, done :P
HEROnymousMissouri is excellent on castle doctrine, too.
Giant81most of the time, but I don't think I'd chance it going bad on me
kmcelroy1Giant81: hell, they had a guy that did it for his neighbor on the phone with 911 :P
nemithHEROnymous: I think armed citizen can be just, if not more, dangerous
kmcelroy1shot two people on recording
HEROnymousMissouri also has a "car is your castle" law, too.
Giant81or ending up in some endless civil suite by his sister/wife
kmcelroy1HEROnymous: same here
kmcelroy1Giant81: they protect you from that as well
nemithI think some vigalante going to reclaim his stolen property is very dangerous
HEROnymousnemith, sure, but... on the same token, I haven't seen any stories lately where someone called an armed neighbor to break up a fight and that neighbor murdered them in cold blood.
kmcelroy1once you are found not criminally liable, no civil suit is allowed
nemithBecause that doesn't really happen
Giant81car is your castle, but I can't shoot anyone if I'm not in it
HEROnymousnemith, well, then don't steal things and you'll be ok?
kmcelroy1Giant81: here it is pretty much if you are doing it to protect someone else or their property even, you can deadly force it
Giant81like if I pull up to my house, and nobody's home, but tehre is someone rummaging around, I Can't then go into my house and shoot them... they don't pose a threat to me or mine.
HEROnymousthat's really what a lot of it comes down to - cops harass people who've done nothing wrong. and they can. while some random dude isn't going to go messing with you just because you're <insert race here> or whatever.
Giant81yeah TX is pretty cool about that
kmcelroy1don't steal is pretty much the moral of the story :P
nemiththe situation is more more rare so it's harder to find an example. I am sure you wouldn't have to google hard to find such an incedent. It's just that the news isn't saying that the neighbor isn't "being called in to enforce a situation"
kmcelroy1Giant81: yeah, here you can blast them without worry
nemithrather they are just a murderer
HEROnymousdon't steal, rape, murder... basically just leave other people alone if they don't want you around.
bmoraca_workhuh...illumio doesn't support centos 6.9
HEROnymousnemith, I dunno... I don't see such situations really.
nemithYeah well there is the other problem
HEROnymousbtw, anyone interested in the story I referenced a couple of times...
HEROnymousabsolutely insane. and there's a very low chance that the cops who murdered her will face any sort of criminal punishment.
HEROnymousthe cop who murdered castile got away with it, too.
HEROnymousand it disgusts me.
nemithhumans are really bad at doing statistical analysis on the fly. Just because you cannot recall, or on the flip side because you have a single specific example of your argumenet doesn't make it a problem.
Giant81like the cop that shot that one buy with his arms up laying on the ground in broad daylight?
nemithYou instead need to analyze a large sample set of issues
Giant81though I suspect he got fucked
nemithand then you can start to fix the prob lem
Giant81nope one bag egg ruins the whole bunch
kmcelroy1HEROnymous: well, to be fair, everyone let off is let off by a grand jury generally, so peers say no, or if it goes to court, a jury decides as well
kmcelroy1so iono
Giant81all cops are murdering, racist, assholes with a badge
HEROnymousGiant81, yeah, this stuff happens all the time. for every incident we hear about because the person involved was rich/white/etc, or because someone happened to have a cell phone camera out recording... plenty of others go unnoticed.
Giant81should be a cop, so I can randomly just shooot people on the street
nemithCitizens kill citizens all the time too
HEROnymousGiant81, no, but some are.
nemithmore so than cops killing citizens
nemithbut one makes news
HEROnymousnemith, should those people go to prison for it?
nemithof course
HEROnymousbut the cops don't when they do it.
HEROnymousand there's your difference. this is not a society of rules and order.
HEROnymousthis is a society of "us and them".
nemithThats not 100% true either.
HEROnymouseverything is built upon "us and them".
kmcelroy1there are cops that go to jail
kmcelroy1they just had one
nemithThere is a cop here in Colorado who just got convicted of murder
Giant81HEROnymous: if some are, than you have to assume all are
Giant81shot any you see before you get shot
nemithfor every one bad cop you speak of, there is probably 1000, 10,000 who are serving the communities they work in
Giant81I know I'm kidding
HEROnymouswhether it's "republicans" and "democrats" or "citizens" and "illegals" or "cops" and "not cops"
Giant81chances are most will never come across a legit bad cop, just cops that they think are bad for doing their job or shitting on your fun while your drunk.... doesn't mean the cops bad, just that you're just on the wrong side of the situation and aren't mature enough to realize it
nemithHEROnymous: yes
nemithvery much so
HEROnymousGiant81, I grew up in a poor, mostly-black neighborhood. I noticed the difference in how cops acted towards us when I was with my black friends, versus when I was not with any black people.
nemithI would argue that US is mankind and them isn't needed
kmcelroy1HEROnymous: statistical analysis :P
nemithracism is dying... slowly, but it is getting better
kmcelroy1HEROnymous: if you were in a rich neighborhood, would have never come up
nemithit's also easy to talk shit about a problem. Harder to try to actually help fix ity
HEROnymousnemith, yeah but that has to be maintained. because otherwise people start applying class analysis to things. god help the entrenched authorities if a bunch of trailer park kids and a bunch of urban projects kids got together and realized they had more in common with eachother than with donald trump or barack obama.
DoYouKnowI cannot believe I don't have the CCNA yet
DoYouKnowI need to study and pass that thing
Giant81DoYouKnow: take the test
Giant81do the combined test, none of this ICND 1 or 2 bullshit
DoYouKnowI will, again and again
DoYouKnowI just failed last time I took it and dad is sort of being controlling, even though I'm 30
bellistook me a long time to finally take and pass it, too.. still less than 2 years ago
HEROnymouskmcelroy1, I grew up in the area where The Wire was set, pretty much
Giant81DoYouKnow: sounds like you have more problems than just the test
HEROnymousDoYouKnow, what does your dad have to do with anything?!
kmcelroy1HEROnymous: yeah, we got shipped to innercity craphole in high school
kmcelroy1most of my friends were gang members/drug runners, etc.
kmcelroy1lot in jail, dead
DoYouKnowI have more problems than just the test, HEROnymous
kmcelroy1fun times
Giant81I've done it twice and passed it by a wide margin both times, but can't seem to pass a CCNP test, miss it by anywhere from 10-50 points each time, fuckers
kmcelroy1had quite a few get hit with serious trafficing felonies, ha
kmcelroy1kilos of coke, 3000 x pills, etc.
DoYouKnowI have paranoid schizophrenia. symptoms: inflated ego and low self-awareness
HEROnymouskmcelroy1, hahah. yeah the gang kids stuck to themselves, mostly, never really got to be friends with any of them.
DoYouKnowok, just kidding about the first one
kmcelroy1HEROnymous: i was friends with all the dirtbags
kmcelroy1iono why, i guess i am a dirtbag
HEROnymousI don't think those are symptoms of paranoid schizophrenia. I used to work with a dude who was schizophrenic. he was on meds and mostly passed as normal though.
DoYouKnowyeah, it's changing
DoYouKnowHEROnymous: I think most people agree that my dad is controlling and that I should move out
HEROnymouswhy would... nevermind.
Giant81who cares if he's controlling
Giant81you're 30, move out
Giant81unless the rent is good
kmcelroy1is this real life?
Giant81I mean I have a buddy that stays at his parents house, he can afford a place of his own, but no rent, no utilities, no bills accept his car/bike payments, insurance, and cell phone. He just works a tech job, banks the rest
HEROnymousnemith, as far as helping fix a problem, I think that there're a lot of interwoven problems, and you can't solve them individually. you need a real holistic approach, but trying to remove the right to self defense from individuals and outsource it to a separate, higher class of individuals called police, you can't have real peace between those classes.
HEROnymousGiant81, I have a buddy that lives with his parents, makes decent money, and blows it all on this ugly annoying girl that all of his friends hate.
HEROnymousso... eh.
Giant81has bull autonomy to come and go as he pleases, parents are chill as fuck, house is close to his work, other than a bit less privacy
HEROnymoushis parents are nice people and also hate her.
HEROnymousa lot.
Giant81been talking about a place with his gf, who is also cool as hell
Giant81but I get to benefit from his money, he's bought me rifles, ammo reloading supplies, paid for shit for me, gave me a server for my lab, shit like that, he's not materialistic at all, money is just something he has and can afford to spread around and have some fun with it, he keeps his bills paid and has fun with the rest
HEROnymousyeah me and some of my friends are like that... always buyin eachother shit heheh
DoYouKnowmy dad is very much against spending money to make money
bellisI give my little brother a hard time for still living with family at like 26, but the truth is that he makes a fraction of what I do and pockets WAY more disposable income than I ever did at his age, so meh :|
HEROnymous"I like you so much I have your address as a delivery option in my amazon yo"
DoYouKnowwhether it's for a business, or anything
HEROnymousbellis, see, I'm doin that now, I got a crazy cheap house that I don't have a mortgage on
HEROnymousone day I'm gonna be able to drop probly half a mil or so on a place with a lot of land in the country
HEROnymousbut for now, no house payment at all, $270/year property tax and that's it
bellisthough, to his credit, he's probably moving out with his girlfriend soon (who will probably be making more than he does anyway)
bellisbetter life choices than my decision to move out at 19 with a shitty part-time job, unemployed (and terrible) girlfriend, her unemployed sister, and her unemployed sister's unemployed boyfriend at the time
bellissuper smart
Kazaiisounds similar to me @ 19, bellis
DoYouKnowI sort of had an opportunity to be significantly employable by my late 20's, but I didn't have the courage to stand up to my dad and I blew the opportunity
DoYouKnowgoing to work with what I have, and study for the CCNA again
MadClownwhen your phone autocorrects "xenpack" to "sex pancake" you know it's going to be an interesting day
MadClowneven better when you don't catch it
bellisI prefer sex pancakes
DoYouKnowmy dad is probably a little bitter because he lost his job as a network admin and now works helpdesk
bellisespecially 10 gigabit sec pancakes
HEROnymouswhy doesn't he just get another network admin job?
DoYouKnowprobably brainwashed
Giant81lol my father in law got canned as a manager at an insurance company like 20 years ago
DoYouKnowby management
MadClownfor 160K / year, I'll clean up interface descriptions
Giant81still won't get a job, because nobody would hire him as a manager, he couldn't possible take anything lower than management
MadClownno shame
DoYouKnowthe problem is they let him keep his pay
DoYouKnowso now he has no job security
Giant81so instead of take a job somewhere and work up to management if he was worth it (believe me he's not) he's been unemployed for 20 years cause he's a lazy fuck
HEROnymousMadClown, what's an interface description?! ;)
Giant81HEROnymous: you know that thing that never actually is accurate on anything farther out than the core, and even then, it's hit or miss
HEROnymousGiant81, why would no one hire him as mgmt for that long? is he bad at interviews or something?
MadClownHEROnymous: that's for me to know and bill out
DoYouKnowGiant81: oh
Giant81HEROnymous: he's an idiot
HEROnymousI will say though, I have netbox setup and actually have all my interfaces documented in there, and I'm pedantic as hell about keeping it up to date
MadClownCDP/LLDP work great until the interface goes down :)
Giant81is pretty sure he's better than everyone, his shit doesn't stink, everyone else is stupid and 'ignorant', and spends is days at home gardening listening to rush limbagh and fox news
DoYouKnowthat will rot your brain
Michaeland now you know why he was management
nemithyou need to model offline
nemithuse the model to generate interface configs
HEROnymousnemith, yeah or at least shut interfaces that it says are not used ;)
DoYouKnowfox news is definitely dumb
MadClowndesc Unused
HEROnymousthat way if people fuck up, it gets noticed
DoYouKnowFox News Network
HEROnymousI can't do biased news. so I mostly avoid the news except for cnbc.
HEROnymouscnbc is actually as unbiased as it gets.
DoYouKnowI watch bbc
Atrooh god, DoYouKnow are you also here as well?
HEROnymousI watch bbc for some of their awesome shows
MadClownc-span is fairly unbiased
HEROnymousdid you watch victorian slum house?
HEROnymousMadClown, is that really "news" though?
DoYouKnowAtro: I'm here, yes. I've been on this channel since 2008
HEROnymousvictorian slum house is actually pretty good though.
Atrogood for you
Atroits just funny
MadClownHEROnymous: technically yes, but it's like watching paint dry
Atrocluelessperson hangs around ##networking :P
MadClownI'd rather take a nap than watch C-SPAN
HEROnymousI'd rather take a nap than do just about anything
MadClownsometimes I take a nap while kayaking, best of both worlds
oisterwatch c-span or golf to help take naps
MadClownthe sound of waves against the shore knocks me right out
DoYouKnowI want to take a nap, but I feel constantly sort of jolted awake
DoYouKnowI feel tired for sure
DoYouKnowACTION stands absolutely still as he hears a conversation going on in the background
DoYouKnowACTION resumes
Giant81wasn't a conversation in the background
Giant81was just teh voices in your head
[work-muze]so we have a campus with building-to-building fiber, Nexus 9k core, and mostly 2960S access switches. I've been having an odd issue with new 2960s lately...when we've been replacing access switches in each IDF, the switch will pass traffic through, but we cannot ping, telnet, or ssh into them.
jdk101Check if the ip default-gateway is configured on the device.
[work-muze]all of them have their IP, subnetmask, and default gateway configured btw
jdk101beat me to it :S
jdk101But, you mean replacing like migrating from 2960s to Xs?
[work-muze]we're not there yet. we're still working our way through backstock of Ss
oistercare to share your config?
[work-muze]I've tried setting the default native VLAN to VLAN2 since it is our campus-wide trunk, but still nothing
jdk101Ok, so you are replacing one switch for another?
[work-muze]jdk101: correct
jdk101are you moving the master??? IIRC all the management is done by it, even when the members are still passing traffic.
[work-muze]define "master"? all L3 is done in the core at our DC
[work-muze]it's worth noting that the the neighbor details for this device has it's IP address a loss as to what I did wrong
jdk101Master in the stack is the switch that controls the members. Most processing is done by it, security stuff, management stuff, etc. I'm assuming the switches in your IDFs are stacked, right>
[work-muze]these are not stacked
oisterare you using vlan 1?
oisteris vlan 1 shutdown?
oisterdoes the vlan database have your management vlan?
[work-muze]on the problematic access switch?
oistersh span vlan X
oisteron your mgmt vlan
[work-muze]I'll have to try that tomorrow when I can get a console cable on it
oisterif you pasted in a configuration then it probably doesnt have the vlans created
oisteron a 2960s issuing "int vlan 100" doesnt actually create vlan 100 in the database
[work-muze]so configuring VLAN2 with a 10.2.0.x address, subnetmask, and default gateway will not allow it to accept incoming traffic?
oisteryou still need "vlan 2" command
oisterto put it in the vlan database
oisterand that command doesnt show up in the show run
oisterso if you just copied from another switch then it wont create the vlans in the database
[work-muze] like: config t --> int vlan 2 --> address, etc....will not create VLAN2 in the VLAN DB?
oisterits retarded but thats how it works :D
atten10oister, the VLAN will be created once he assigns a port to VLAN 2, automatically, without having to enter the VLAN
[work-muze]I've never been taught to do otherwise...?!
atten10to configure a SVI though, for a VLAN interface you have to enter the interface configuration and assign the properties
atten10at least in a cisco switch
oisterive never tried to create a vlan by adding it as a switchport
oisterbut i know it wont create one if you manage via trunks
oisterive been bitten by that a few times
atten10if you manage via trunks?
atten10What the hell does that mean?
atten10Are you talking about VTP?
oisterif the vlan is no the in the database
oisterits not going to work
jdk101And also creating the vlan and configuring and SVI does not mean the SVI will come up. It has to be on a switch, like an access or trunk port
atten10no the in?
oisterif you issue "int vlan 2"
oisterit does not put it in the database
oisteron a 2960S at least
oistermaybe the new XE works differently
jdk101I thinks is the same in the XE.
[work-muze]oister: so if this is the case, how do I make the switch acknowledge the VLAN it's managed by?
oisterjust create the vlan in the database... "vlan 2"
oisterit may not be the problem but thats my best guess
[work-muze]I'll give it a shot tomorrow. I've never had this issue before...
almostdvsapologies for any ignorance I've inherited a mess
almostdvsI attempted to switchover ISP for a customer. I changed the IP address to one in the range they gave me and transferred connection to the new modem
almostdvsand I changed ip route new.modem.ip.address
almostdvsfrom the router I can ping the modem and I can traceroute to
almostdvsfrom the firewall behind the router I can ping the router however I cannot ping the modem or get to any internet address
almostdvsany guidance on what I might be doing wrong?
zapotahyoure lacking routes and/or NAT somewhere
almostdvsthere is a switch in between the router and firewall but from what I can tell its a dumb switch and that thing can ping both firewall and router no problem as well
almostdvsI'm curious as to its purpose but not as important to me
almostdvsany suggestions on what to check zapotah
zapotahfigure out wether the switch actually is unmanaged and if not, how its configured. then check the routes
zapotahafter that check NAT on the edge
zapotahassuming ipv4
almostdvszapotah: edge being the router?
zapotahwhatever is the last device that terminates IP before the ISP
almostdvsI don't think it performs any NAT. I believe the firewall does that
almostdvsI suppose its important to mention that they own a /24 public block that has to be configured but I'm not down that road quite yet
almostdvscould it be that the modem does not know how to send traffic back to the router?
zapotahhow are you in charge of this if you dont know how basic routing works?
almostdvsengineers keep getting fired or quitting ...
almostdvsI know how basic routing works but this stack is really complex
zapotahsure doesnt sound like it
almostdvsI'm about CCNA level; this is a public /24 network with bgp and HSRP failover
zapotahwhich is part of ccna these days
bmoraca_workmodem->router->switch->firewall isn't really complex...
almostdvsmodem>router=router>switch>firewall=firewall>switch>switch> users
almostdvsI am focusing on where I see the problem. the firewall which is the gateway cannot communicate with the modem
bmoraca_workwell, that's not what you explained above. drawing a picture might be helpful. label it with IPs.
bmoraca_workas stated, that's more than likely because the modem doesn't have a return route for the firewall
bmoraca_workhow does the modem learn of routes beyond the routers?
almostdvsthank you bmoraca_work. Do I just have to have the ISP verify that
bmoraca_workmaybe? impossible to know, based on the information you've shared.
bmoraca_workyou stated BGP...BGP to what? from the router to the ISP? does your new ISP support that? have you properly configured it? is the neighborship up?
squibbydid you turn the firewall on?
almostdvsrouter to ISP yes and router to router. router 2 has been down for months so that neighborship i don't care about
almostdvsits the same ISP but billed under a different company
bmoraca_workthen it's not the same.
bmoraca_workif your next hop is different, BGP probably has to be reconfigured
bmoraca_workis the neighborship up to the ISP? are you learning routes from them? are they learning routes from you?
squibbybmoraca_work, is this confusing af? am I dumb?
squibby"Now you need to define something called the RP set. This is the set of all the routers which would act as RP. You need to have a loopback on each prospective RP router, which is different than the loopback that is being used as the RP address. In this example, loopback 1 is on both Nexuses that have IP address and, respectively. This loopback 1 is used to define the RP set. The command to do the same is:"
almostdvsprobably not. It was the same ASN for both router and the ISP but I'm now thinking that I have to coordinate with the ISP.
bmoraca_worksquibby: anycast rp
almostdvshow can I verify the neighborship is up?
squibbywhy are and "prospective RPs"? when the anycasted RP address is already manually defined as
almostdvssorry for all the confusion. I'm literally following partial notes on a notepad and a mess of wires
bmoraca_worksquibby: are you labbing EVPN?
squibbybmoraca_work, going to in a bit
squibbystill reading up
zapotahsquibby: isnt that just for syncing the tree?
zapotahsquibby: between the anycast RP announcers
bmoraca_worksquibby: this is the old white's badly written, but has some good info:
bmoraca_workthis is the new white paper:
bmoraca_workmuch better written
squibbyzapotah, I guess so, but in another exmaple I have the leafs are and those are VTEPs. why would they be involved in the anycast syncing?
squibbybmoraca_work, thanks
bmoraca_workleafs wouldn't be
bmoraca_workyou technically don't need multicast
bmoraca_workit's only for BUM. if you don't need BUM in the overlay, you don't need multicast in the underlay
bmoraca_worki typically deploy it anyway because i don't know
squibbyI feel like it would be a mistake to not support BUM from the get go.
bmoraca_workalso, if you're on gen 1 (9372) or 2 (9396), you won't have enough TCAM to enable arp suppression
zapotahsquibby: hey, MS network virtualization doesnt do BUM with 2012R2 :3
zapotahat all
zapotahbut thats NVGRE
bmoraca_worksquibby: this is the new whitepaper, not the other one i sent you:
bmoraca_workwait, this one sucks too
bmoraca_worki can't find the one that cisco did
bmoraca_workthey had a really good one for the 9k
squibbyI just spent 20 minutes in mutant rage because I had a VPN4 RR that wouldn't install updates it was receiving from my PEs
squibbyand it turns out I didn't configure the PEs as RR clients
squibbyso it was dropping the NLRIs because no route-targets or VRFs
zapotahnot hulk rage?
zapotahor does that count as mutant rage?
bellisthat's when you print out a picture of yourself that you can punch in the face later
bmoraca_worksquibby: hey, at least it was simple and you figured it out quickly
squibbybmoraca_work, not before I cried a bucket of liberal tears
zapotahis that better or worse than conservative tears?
bmoraca_worksquibby: i think what they're saying there is that the two RPs use those system-specific addresses to exchange the multicast source information. they obviously can't do it with just the anycast RP address, so they're saying "these are all the members that are listening on that anycast address"
squibbybmoraca_work, so I understand the need to sync the trees between the anycast RPs. what I don't understand is why the client VTEP IPs are referenced as part of the anycast rp statements
squibbyleaf vteps shouldn't be invovled in the syncing it feels like