aleksashka | hello, is it possible to use PVDM2 in 2901 without PVDM adapter? |
aleksashka | I'm not sure if this adapter is used just to suit to clips or it actually relocates some pins' position... (( this is just for lab purposes |
plate | YooOo |
plate | YooOo voip |
plate | what's up? |
metheo_irc | hi guys |
Claude__ | Good morning, would any be willing to look at my Switch/router config and help me find why my switch is not routeing my PCs? |
Claude__ | CCIEs +v |
lowbyte | generally if you put your configs up on pastebin.ca (try make it unlisted and with an expire time) then paste the link here in channel some people take interest and provide feedback. just make sure you also detail your issue (from what sources to what destinations) and extra topology information like 'there is a firewall in the middle.. here'. |
Claude__ | OK, Switch setup with 4 vlans (to be tweeked for Prvt and public later for hosts) route through the routet to the internet. https://pastebin.com/1y3BJhcN |
Claude__ | router* |
Claude__ | Oh if it matters its a 870 Router and a 3550 switch |
truthr | you enter www.google.com into your browser, it goes out to dns server somewhere, which returns the IP address to your browser correct? |
Claude__ | Yes and no |
truthr | why no |
Claude__ | You enter www.google.com, Your PC asks DNS what IP www.google.com and DNS tells your computer what IP address to send the browser to |
truthr | ok cool thx |
Claude__ | Np |
Claude__ | An example would be |
Claude__ | Ping www.google.comand no DNS response you will get "Unknown host" |
Claude__ | Ping www.google.com and no DNS response you will get "Unknown host" |
Claude__ | Oh and |
Claude__ | It doesnt go to a random DNS server, what it goes to what DHCP assigns it or you set you DNS server to |
Claude__ | Mpst DNS servers will not resopond unless your on Their network |
truthr | ok. my question is a little different though |
Claude__ | Ok explain what you want to do |
truthr | say you want to connect to 1.1.1.1 |
truthr | you type into your browser 1.1.1.1 |
Claude__ | No DNS required |
truthr | ok good. also, there is a pathway to get to 1.1.1.1 |
Claude__ | You already told the browser where to go |
Claude__ | What ever your default gate way is |
truthr | does your browser construct the path to get to the destination 1.1.1.1, the entire chain of servers involved? |
truthr | so that it knows what that first server to connect to is, or does the default gateway do that? |
Claude__ | Ex if you look at your wireless or network adapter ipv4 you will see Gateway and DNS |
Claude__ | Default gateway does that |
Claude__ | Like if your PC is A |
truthr | the default gateway is the name of some other server not your own? |
Claude__ | It does A to Gateway and the Gateway routes to the next hop and then these devices route the packets to the destanation IP |
Claude__ | Correct |
Claude__ | But... Say for example you conntact to a wireless router |
truthr | so what a VPN does for example, is it simply changes the default gateway from that of your ISP, to whatever the VPN service provider says to use for default gateway? |
Claude__ | Your IP 10.10.10.2 Your gateway 10.10.10.1 You type in www.google.com to the browser |
Claude__ | The request is sent to the Gate device |
Claude__ | gateway that is] |
Claude__ | Do this is you want to see the path, Open command prompt |
truthr | ok |
Claude__ | type: tracert www.google.com and it will show you the path it takes. Here I will show you. |
truthr | it worked |
Claude__ | Oh ok coo |
Claude__ | cool* |
truthr | i have vpn client on my machine. it connects to a vpn service ipredator |
truthr | that connection occasionally fails, and when it does, the ...gateway? ...reverts back to my ISP default gateway |
truthr | and I don't want it to do that |
truthr | if the VPN fails, i just want the connection to fail |
Claude__ | https://pastebin.com/i8gtdfya <-Trace route |
Claude__ | VPN does something diffrent |
truthr | I was thinking a small firewall appliance where you could allow only connections from to VPN service providers gateway |
Claude__ | I dont under stand that question, VPN connects one network to another encrypting the data between the 2 networks |
truthr | i need a way to enforce the use of the VPN and fail the connection should the vpn fail for any reason |
Claude__ | You must have VPN on both sides |
truthr | i don't know what you mean. I have a subriction to ipredator, they have the VPN servers on their end |
Claude__ | Hmm thats getting complicated |
truthr | i guess I don't see why it should be complicated though |
Claude__ | OK so if you have a VPN client then you can connect to their VPN servers |
truthr | all traffic on my machine should be headed to one location |
Claude__ | Well I dont know what kind of device your useing, what is on the other network or what you want to fail it to |
truthr | the internet |
truthr | my computer --- vpn provider ---- internet |
Claude__ | Perhaps I am misunderstanding you or I dont know enough to answer your questions |
truthr | i don't want .....my computer ---- internet |
Claude__ | "internet" is very vauge |
truthr | ok |
truthr | gotta run. thx for the help |
Claude__ | So how will to get to the ther end of the VPN? |
Claude__ | OK cheers |
Claude__ | Anybody awake? |
zapotah | Claude__: your switch is routing just fine |
zapotah | Claude__: however, you lack routes back towards the switch networks from the router and youre also not doing NAT at the router |
td34 | hey all has anyone used cisco's NEAT feature on switches? |
cromag | isnt ISE the new NEAT or something ? |
td34 | not sure |
td34 | I want to authenticate my devices on a per port basis. |
td34 | so if i have 4 phones connected to one switch, I want to make sure that the ports is open when my 802.1x certificate has been accepted. |
td34 | Looking more into NEAT now, it looks like it is only md5 authentication... |
no_sleep | how long do you think an HDMI cable will be before one experience slight signal loss |
Gollee | 10 meters maybe |
IShouldDoSomeWor | Morning all(Afternoon for everyone lucky enough to be almost done with Monday) |
jbisk | moenin'... |
gypsymauro | hi |
gypsymauro | there is a way to know how many broadcast packets transits on a switch? |
xous | not directly |
Gollee | check the interface counters |
xous | -^ this |
xous | you'd have to total the counters for all interfaces |
xous | why do you want to anyway? |
xous | if you've got issues with too many broadcasts you've either got a bad network design or an terrible app |
nightcrow | hi guys, I have a Cat 3560 and I am trying to filter a command. 'sh ip int brief' - I am trying to display the lines that do NOT contain the words 'unassigned' and 'down. ie. sh ip int brief | exclude unassigned OR down |
nightcrow | is there a way to do this? |
nightcrow | sorry |
nightcrow | i got cut off |
nightcrow | any ideas regarding my question? |
qwert_ | sho ip int brie | e una|down |
Giant81 | hehe 30 input errors on a storage port in the last 50min, I really don't think this is a big deal, but does anyone else think it's worth investigating? |
zapotah | depends on the volume of traffic |
Giant81 | input rate 91.48 Mbps, 2.85 Kpps; output rate 76.12 Mbps, 3.88 Kpps |
Giant81 | 5min load interval |
Giant81 | all of them appear to be CRC errors |
Giant81 | any way to get the nexus to punt CRC error packets into a capture or even the src to a log so I can correlate if they are all coming from the same place? |
MrPockets | Awesome. |
MrPockets | $180 a month per switch for TDS managed switching. I ask what kinda switch they're putting in, either Cisco SG200s or if we want "the big guns" as the sales rep said, they'll throw in a 2960S |
MrPockets | yeah, that November 2020 EOL looks GREAT for our 5 year plan.. |
zapotah | TDS? |
MrPockets | Some ISP that sells managed VoIP and managed switching. |
MrPockets | they're big in this area. |
zapotah | 180$ a _month_ for sg200 |
zapotah | i would laugh at the fuckers all the way out that instant |
MrPockets | The best part, is they really DONT configure them for fuck. |
Giant81 | oh shit, awefully big GUNS |
zapotah | well, to be fair, they cant be configured much :P |
MrPockets | The "QoS" you can do on those is limited as shit, and when we asked them for a LAG they're like "no, we don't like to customize things per client. It makes it too hard to manage" |
Giant81 | so is a 3850 or cat 9k an ICBM? |
Giant81 | whew, whatch out those LAG ports are hard to manage |
MrPockets | yeah |
Giant81 | who the fuck is managing this? n215? |
MrPockets | so, for the same price, we're going to recommend 2960X switches all around |
IShouldDoSomeWor | Last time I touched a SG220 it would decide if SNMP or SSH would work at any given moment. Normally the answer was no. |
zapotah | sg200 doesnt do fucking anything |
MrPockets | Even the 300s are bullshit |
IShouldDoSomeWor | It is a glorified Linksys |
MrPockets | ^ |
zapotah | its along the same lines as the shitty 3com shit |
IShouldDoSomeWor | MrPockets: Is this just a temp thing or would it be in place for 5 years or more? |
MrPockets | ideally its a 5 year plan |
MrPockets | This is a refresher quote too, they already have this service, and they have 10+ year old 10/100 catalysts in there now. |
MrPockets | if _nothing_ else, they should be maintaining _current_ piece of shit switches. |
IShouldDoSomeWor | Considering a 2960x should cost around $2500 without smartnet compared to them charging you $10k over 5 years for a $200 switch..... |
MrPockets | yeah, its an easy sell |
MrPockets | and our contract covers management of network infrastructure, so they get better service. |
Giant81 | about the onlyh place I'd put an SG200/SG300 is in my home lab as just a gig switch for all the PCs in the house to use |
MrPockets | Right |
Giant81 | and even then, I'd leave it flat, and forget about it |
MrPockets | So we're in agreement then: These guys are fucktards. |
MrPockets | Onto the next topic. |
IShouldDoSomeWor | Giant81: I had to set up a voice vlan once |
IShouldDoSomeWor | Giant81: I wanted to die |
Giant81 | I guess I can see using it as an under desk switch in a corner of the building, but honestly the 2960x is so fucking quiet anyway when running and so much more capable |
MrPockets | I mean the price is $1500 more |
IShouldDoSomeWor | Or 4 of them as a foot rest |
MrPockets | but seeing as they're getting screwed for price anyway. |
IShouldDoSomeWor | Wait are you competing against this company? |
MrPockets | Not really. They're the ISP and provide managed phones |
MrPockets | We're their overall IT consultant, so I'm encouraging them to review this managed switching contract, and the aforementioned is the best that this comapny can offer |
MrPockets | so Im just recommending they buy their own switches, and we'll manage them under existing contract for no additional cost. |
IShouldDoSomeWor | Well that should be an easy win |
MrPockets | truth |
IShouldDoSomeWor | Considering they can get 4 switches for the price of 1 |
MrPockets | and the board is all about cost savings, so this'll be a win all arond. |
IShouldDoSomeWor | before any maint |
IShouldDoSomeWor | Except for that one guy who has a friend at the other place.... |
squibby | knuck knuck |
bellis | I'll toss another "ugh" at SG300s.. old employer used to sling them when I first started there, and as far as I know their office is still mostly SG300's, but so many random BS problems (along with general architectural deficiencies, of course) |
Eteris | Why is it that cisco still can't get emulators on their exams to work?:/ |
squibby | Eteris, ahhhhh welcome welcome |
squibby | what was broken on your sim? |
IShouldDoSomeWor | Eteris: NP Switch sim? |
Eteris | I passed, but it was still broken and annoying |
Eteris | Yeah... |
bellis | the last one I remember dealing with was that switches would occasionally just 'forget' some of the VLANs it's supposed to be tagging on a trunk link, would require a reboot to fix |
Eteris | NP switch, lab ports wouldn't come up yet I was passing traffic through them... xD |
Eteris | likewise if I tried to remove an ACL entry |
IShouldDoSomeWor | Eteris: I had the same issue |
squibby | Eteris, I had a broken mutual redistribution lab where end to end IP connectivity was working even though only half of the needed configuration was completed |
Eteris | it just added it again |
squibby | I completed the config anyway but it was super sketch |
Eteris | I literally couldn't remove an ACL entry |
Eteris | squibby: hahaha |
Eteris | It's so frustrating |
squibby | Eteris, the first time I took the CCNA, back in the bronze age, it asked me a question about VLAN port assignments and the running-config didn't match the mac address table |
Eteris | Even if they threw some bad version of packet tracer on there it would still work |
bmoraca_work | that's why simulations suck more than emulations |
squibby | bmoraca_work, hey man. been having a lot of fun with vpn4 and spine-leaf labs |
squibby | bmoraca_work, pissed me off though.. with IPv4 af over IPv6 peering on nx-os, it won't let you use a route-map to set an IPv4 next-hop like on IOS |
squibby | so you HAVE to use a rfc5549 compatible peer or it doesn't work |
bmoraca_work | squibby: ouch...vpnv4 sucks for that. EVPN or Segment routing ftw |
bellis | good thing you still pulled a 'pass', would suck to know your sim's borked when they hand you a fail :\ Sometimes you can complain and get credit back, but that seems to depend a lot on the testing facility |
squibby | unless you know of a way to do it with nxos |
squibby | bmoraca_work, no no the vpn4 was a totally separate lab |
squibby | this was a simple spine-leaf |
bmoraca_work | oh |
bmoraca_work | ok |
bmoraca_work | lol |
squibby | but I was trying to avoid addressing the ptp links |
squibby | so I used ipv6 lla |
squibby | with ip unnumbered for ipv4 |
squibby | it works splendid with all IOS devices, for nxos topology I just let the rfc5549 support work its magic |
squibby | but nxos won't let you use a route-map to fix the next hop |
squibby | it doesn't work, no matter what it wants to send an ipv6 nexthop. which sucks |
squibby | it's just annoying with cisco though |
squibby | tbh |
squibby | for example on IOS if you use ipv6 lla peers, it forces you to specify the interface identifier on neighbor statements right |
squibby | but it doesn't let you repeat the same neighbor address on different interface identifiers. you have to have a unique lla per peer. totally lame |
squibby | and nxos is the same problem because you can't specify an identifier interface at all, you have to specify an update source interface. so it forces you again to have unique lla peer addresses |
MrPockets | Would best practice suggest always stacking your MDF switches? |
MrPockets | and avoid using 1GBe to connect switches whenever possible? |
squibby | MrPockets, best practice would suggest to never stack your switches at all. |
MrPockets | Hm |
squibby | MrPockets, how many switches would be in one of your stacks? How many ports per switch? How many uplinks will the stack be using and what interface speed |
MrPockets | like three 48port switches? |
squibby | ok. and what interface speed are the uplinks and how many will you be using |
bellis | shared management plane = single point of failure, better off going with ecmp or some sort of mlag (if you can, of course) rather than stacking/vss+lacp |
MrPockets | VMware enviornment, 3 hosts, 1 SAN, ~15 virtual servers and 100 workstations |
MrPockets | anything connecting to it is all 1GBe |
bellis | but 'it depends', of course :) |
squibby | the uplinks |
squibby | the ports that the stack uses to reach the rest of the network |
squibby | how many uplinks towards your network core and what interface speed |
MrPockets | these are the only switches in the enviornment |
squibby | so it's just 3 switches and a vmware cluster all in a bubble? not connected to anything? huh? |
MrPockets | Internet is on a Sophons UTM somethingorother |
MrPockets | 20/20 fiber into that |
MrPockets | other locations VPN in over the sophos |
squibby | I guess you can stack them then. sure why not. |
bellis | meh I'd just stack them at that point |
MrPockets | Would connecting the switches with two ports in a port-channel be idiotic? |
bellis | with something that small/consolidated it wouldn't really net you much benefit in terms of redundancy IMO, especially if port counts are at a premium |
bellis | just go with the higher-speed stacking backplane and be done with it |
MrPockets | port-channeling moreso for bandwidth than redundancy? |
bellis | what model switches? |
MrPockets | 2960X |
oister | why would that be idiotic? |
bellis | each connector on those is 20Gbps IIRC, so you should be pretty well-off if you just make sure your stack setup is full-duplex |
bellis | each stack-connector, I mean |
squibby | MrPockets, well you have three switches so it's a bit awkward. if you had 4 switches I would advocate create two stacks of two and then using a portchannel |
MrPockets | I see |
MrPockets | yeah, but if i port-channel the 1GBe copper |
kmcelroy1 | you have 1 sophos, so why is this even a discussion? :P |
kmcelroy1 | stack the switches and move on |
MrPockets | dope |
squibby | you'd be forced to create a triangle topology, in which case you'd force at least one portchannel to be STP blocking |
squibby | so it's not really worth it |
MrPockets | Does anyone implement dual NICs on workstations to accomidate switch failures? |
kmcelroy1 | if you need more bandwidth, add another port in powers of 2 |
kmcelroy1 | no |
squibby | MrPockets, you should definitely dual attach your vmware hosts |
kmcelroy1 | vmware yes, but not workstations |
MrPockets | squibby, oh yeah, thats being done |
MrPockets | for everything in the hosts |
squibby | kmcelroy1, we dual attach our traders. -.- |
squibby | fml |
oister | we dont use port channels on our vmware hosts though, just use vmware port failover function |
MrPockets | If I went in and said "pick 2 people in each critical department and we'll throw a 2nd NIC in there so if a switch fails you have a handfull of important proplr up" |
MrPockets | it'd be, strange? |
oister | simple and works great |
MrPockets | oister, we're doing the same. |
MrPockets | VMware handles load balancing and failover on the connections, no LAG on the switches |
kmcelroy1 | MrPockets: in an environment that doesn't have dual power, dual internet, generator and full redundant everything, no |
bellis | yeah only do port channels on vmware if you're using vDS+LACP, otherwise you'll just have a bad time :\ |
kmcelroy1 | 99% of normal branches like described, you wouldn't waste your time |
squibby | MrPockets, right vmware doesn't need LAG |
MrPockets | Makes sense. |
MrPockets | Alright, off to the Gym |
bellis | but if you have Ent+ licensing already, LACP there works well in my experience |
squibby | I just do load balancing by port-id |
squibby | the vmware default |
squibby | easy enough. |
bellis | yar, that's all you should ever have to do in the overwhelming majority of occasions |
bellis | and if you 'need' to do anything else, it's probably because you're an IT cowbow that just has to muck around and make things overly-complicated for no reason |
bellis | my favorite people <3 |
squibby | yeah. I used to be guilty of that myself |
squibby | I think it's something that most grow out of with experience |
snacky | |
kk | anybody can share firmware files of some cisco devices (ASA, Sx500, Sx200, etc...) |
hkkl | cisco tac if you find some security hole that your current ones have |
hkkl | cco if support contract |
hkkl | otherwise contact your AM |
Giant81 | ok so looking at route-map documentation "If a match command is not present, all routes match the clause. In the previous example, all routes that reach clause 30 match; therefore, the end of the route-map is never reached." |
Giant81 | so a route-map with just a description will match everything |
Giant81 | sooooo why is it not matching everything... fuck |
squibby | you don't even need a description it just needs to be a permit sequence |
squibby | bgp policy route-maps for example, often have a tailing permit sequence that basically means "permit everything else that wasn't previously matched" |
sartan | some shitty app on my phone disabled wifi, i was watching youtube all night last night.... data GONE for the rest of the month |
sartan | fuck you canada. |
sartan | i only have like 2gb fora month |
sartan | extra data is like 30 cents a megabyte or something |
sartan | what a rip off |
sartan | we need new cell phone plans hardcore. |
sartan | this LTE4 is fucking amazing, exhaust my entire months worth of data in 15 minutes |
sartan | SO FAST |
sartan | CANADASFASTESTNETWORK |
MadClown | 2GB is pretty low |
MadClown | 6GB suits me just fine |
voipmonk | freedom mobile? |
sartan | my wife just bought an iphone 7 too so i'm kinda stuck here unless i pay a huge contract breakage fee |
kmcelroy1 | you got canuked |
kmcelroy1 | ™ |
kmcelroy1 | mine, do not steal |
wprins | sartan: 2g/month?? its 2017! |
sartan | welcome to canada |
sartan | i have data caps on my internet too |
oister | is it free? |
voipmonk | ugh |
sartan | when i went to japan I had unlimited lte4 for $100 |
sartan | i downloaded maybe 3tb. (was work) |
sartan | here i can get 20gb for $105. |
sartan | $10 for each extra gb! what a deal! |
kmcelroy1 | everyone knows canadian bytes or more expensive than japan bytes |
kmcelroy1 | conversion costs |
sartan | yeah, we have to add an 'eh' after every other byte |
kmcelroy1 | gotta pay for all those freebies somehow |
sartan | encapsulated in thick maple syrup |
kmcelroy1 | probably half of the bill is taxes :P |
sartan | heh |
sartan | indeed |
kmcelroy1 | make 150k, take home 60 :P |
atten10 | Which CCNP exam do people normally start with? |
kmcelroy1 | the first one |
atten10 | I'm talking about R/S |
kmcelroy1 | the first one |
linux4life | hello all. I have a call manager 9 system. I have a phone that can only dial the speed dial extensions on his phone and extensions NOT in his Calling Search Space. any thoughs? DNA says the call should be going through. but his phone just sits there for a second, then the screen goes back to the main screen.... |
atten10 | linux4life, sounds like a SIP problem cannot get out or something |
atten10 | SIP isn't getting through NAT or whatever |
atten10 | I don't know I haven't touched phones in forever |
linux4life | not sip. sccp. No Nat this is a routed network. |
kmcelroy1 | sartan: you are the designated phone person now that tanner is MIA |
kmcelroy1 | get on it |
kmcelroy1 | i can fumble through sip crap, but fuck CUCM :P |
linux4life | lol. |
sartan | no thank you |
linux4life | I know, it's a main. |
sartan | i dont do voice anymore |
kmcelroy1 | ha |
linux4life | *pain |
kmcelroy1 | sartan: you gotta pass the torch to someone, that's the rule |
kmcelroy1 | just like i need to find someone to pass the qos torch too |
squibby | kmcelroy1, just build the templates and make ops do it |
atten10 | I think I'm going to start with t-shoot first |
kmcelroy1 | squibby: ha, i meant here |
kmcelroy1 | i don't really do that sort of stuff anymore here |
kmcelroy1 | i should clarify the 2nd here is worth |
kmcelroy1 | first here is irc |
kmcelroy1 | work |
kmcelroy1 | god, my typing sucks today |
squibby | I hate sip |
squibby | the farther away I can get from sip on my next job the better |
kmcelroy1 | meh, i don't mind moving it |
kmcelroy1 | i just hate dealing with it itself |
kmcelroy1 | dial plans and gay crap like that |
kmcelroy1 | but dealing with voice packets doesn't bother me |
squibby | they make me read all of the sip traces for tshooting here because nobody else can be arsed to learn it |
kmcelroy1 | ha |
kmcelroy1 | i never dealt with sip traces thankfully |
squibby | and there's a bunch of faggy xml encoding specific to skype for business |
kmcelroy1 | 6 years of telco, never looked at a sip trace |
squibby | fuck sip |
kmcelroy1 | sip is an obnoxious protocol |
kmcelroy1 | hey, let's make a connection oriented protocol on top of UDP then make a whole setup of failure messages to deal with that |
kmcelroy1 | 15 years later, hey, we should use tcp messaging |
kmcelroy1 | no shit |
linux4life | lol |
squibby | yeah it took way too long for that to be the default practice |
kmcelroy1 | i had to fight at the last place to get them to finally just do it |
squibby | I mean us at a herp derp enterprise don't need to worry about tons of tcp state. fuck it |
kmcelroy1 | like, we have these timeouts after x period |
kmcelroy1 | well, you are timing out the firewall |
kmcelroy1 | send a fucking reinvite properly |
kmcelroy1 | or just use tcp like a normal person |
kmcelroy1 | switching to tcp fixes so many sip problems |
squibby | kmcelroy1, yeah dude, not too long ago the director tried to get me to research SIP REFER because we were having a problem with one of our conferencing servers that is hosted on prem |
linux4life | damn.... opened up a can of worms here huh??? Sorry guys, didn't mean to spark bad flashbacks. :-) |
kmcelroy1 | it was funny cause they fought it but found out broadsoft was all tcp inside their network |
squibby | and it took forever to explain to them what sip refer is and why it has nothing to do with anything they were talking about |
kmcelroy1 | they kept claiming they couldn't do it |
kmcelroy1 | then it was like, shit |
kmcelroy1 | broadsoft has it running |
squibby | they also can't seem to understand the different paths signaling takes here, when and why |
squibby | even though we've been over it |
kmcelroy1 | ha |
kmcelroy1 | damn you sip |
kmcelroy1 | that protocol looks like someone was half drunk when they designed it |
squibby | so one thing that confuses them is we have multiple edge pools right |
kmcelroy1 | hey, let's reinvent tcp but for phones |
squibby | and edge pools and associated with different front end pools |
kmcelroy1 | okay, great idea |
squibby | and we do active/active on the edges |
kmcelroy1 | we saved like 8 bits |
squibby | but I still can't get them to understand that the sip signaling is always pinned to a primary edge pool in an active/standby manner, and only the media is active/active. the sip signaling will pin the media to the correct respective edge pool, depending on the user group |
kmcelroy1 | what about faxing? can't we just do email instead? no, we have to have faxing |
squibby | over and over and over we go about this |
kmcelroy1 | will it be ridiculous? of course |
kmcelroy1 | ha |
squibby | I eventually forbade the sysadmin from messing with the DNS records |
oister | tell them to hard code IPs instead |
squibby | that goes on here too |
squibby | a lot |
squibby | I'm currently trying to sell them on anycasting DNS and syslog here |
snacky | <kmcelroy1> 15 years later, hey, we should use tcp messaging |
snacky | it's POSSIBLE the early devices didn't even have tcp stacks, just udp. early cable modems were like that |
snacky | lots of 90s network appliances had udp but no tcp |
snacky | I still hate sip |
squibby | I'm pretty sure some of the companies we've been forced to video conference with still have systems from the 90s |
mplex | sip/h.323 are horrible protocols |
mplex | everything should work behind NAT these days ;) |
jdk101 | Hello! is it possible to do a packet capture in the stack ports of a Cisco switch?! |
squibby | jdk101, good question! |
jdk101 | I want to see the 38 byte stack header |
mplex | doubtful if it's not in monitor session source |
jdk101 | Yeah, it's not :S |
IShouldDoSomeWor | WHY DID YOU HAVE TO MENTION FAXING? |
IShouldDoSomeWor | ACTION has flashbacks |
sartan | fuck voip. |
sartan | sip is awesome though |
sartan | easy to debug |
sartan | it's all like http. |
sartan | your analogy of trying to say tcp for phones is completely wrong |
sartan | you can go ahead and try to debug mgcp, sccp, or h323 instead. |
squibby | sartan, the basic sip messaging is simple, some of the proprietary glue sauce is not as clear |
sartan | i dont like having to look up error codes from a table. |
squibby | tcp does eliminate some problems with sip over udp |
squibby | mostly issues involving stateful devices in the path |
bmoraca_work | welp, got illumio installed...now to play with it |
kmcelroy1 | sartan: didn't say those were better :P |
kmcelroy1 | sartan: just that sip is retarded compared to what it should have been |
kmcelroy1 | could have cut back on the amount of messages needed if they just used tcp from the get go |
kmcelroy1 | and would cut back on the issues we have |
MadClown | no net neutrality debate today? |
koss | what's to debate |
koss | unless your an ISP you should be against it. or being paid off by one |
MadClown | some folks were going off the other week |
MadClown | koss: what are you up to these days? |
koss | gettin old. lol.. not much |
koss | chasin kiddos around, boring job as a network admin |
koss | have an interview wednesday for some other gig. not that i was looking, but ex-worker begging me |
bmoraca_work | more important than net neutrality should be the municipalization of last mile infrastructure. you do that and net neutrality ceases to be a thing because you have real competition. |
Atro | ok |
bmoraca_work | but noooo...people would rather posture over the perceived threat of "fast lanes" through the internet |
Giant81 | bmoraca_work: never going to happen in the US... common carrier would help people and hurts monopolies, will never happen |
koss | but trump pretends to care about common people ;) |
oister | he does if you believe corporations are people :P |
koss | he cares that some people can afford membership to his clubs ;) |
kmcelroy1 | bmoraca_work: free market is only good when it benefits the business obviously |
kmcelroy1 | otherwise it is bad |
squibby | silly kmcelroy1, consumers aren't part of the free market system |
kmcelroy1 | i have argued the same municipalization of last mile and people look at me weird |
kmcelroy1 | complain about free market |
kmcelroy1 | i am like, that is free market, pay for it from taxes, then rent it to whomever will pay to run the service on it |
kmcelroy1 | you can't have 20 people laying infrastructure, that is retardedly expensive |
bmoraca_work | but those same people, i'm sure, consider the Internet to be a "utility", right? |
kmcelroy1 | i have no idea |
squibby | bmoraca_work, I absolutely cannot live without game of thrones |
kmcelroy1 | i think they don't have the ability to understand that just cause you say you want free market, doesn't mean you do |
kmcelroy1 | like, free market |
kmcelroy1 | it isn't a catch phrase, it means something |
kmcelroy1 | and if something gets in the way of it, gasp, you may have to work around that problem to make it function properly |
kmcelroy1 | like, no, everyone should just make their own infrastructure |
kmcelroy1 | and that is when i know they have no idea what they are talking about or have spent more than 4 seconds thinking about it beyond their catch phrase |
kmcelroy1 | like, cool, do you want every water company to run their own water pipes to your house? |
kmcelroy1 | so you have 10 people's pipes coming in, then you pick one? |
kmcelroy1 | oorrrrr, do you think maybe we build infrastructure and let someone bid to manage? |
kmcelroy1 | everyone just build their own roads, then you pick the road you want |
bmoraca_work | lol |
kmcelroy1 | like, you people are insane and need to stop chanting catch phrases |
HEROnymous | kmcelroy1, yeah but things tend to mean different things to different people |
bmoraca_work | i don't know, man, there are some cases where i'd definitely prefer a toll road to what the shitty state of california offers |
HEROnymous | "free as in beer vs. free as in stallman", etc. |
kmcelroy1 | i hate party system, it makes retards get involved in plitics :P |
kmcelroy1 | bmoraca_work: sure, but that is purely just an issue of them building the road, then passing it off, that is what they did here :P |
kmcelroy1 | i wouldn't be bothered by that if we didn't pay to build the damn road though |
kmcelroy1 | then give it to them to charge us again |
kmcelroy1 | also the lack of competition is problematic |
HEROnymous | kmcelroy1, a problem with your suggestion that "we" build infrastructure is that you didn't define "we". personally, I don't know much about building a water and sewer infrastructure... |
kmcelroy1 | HEROnymous: public vs private :P |
kmcelroy1 | public is we |
kmcelroy1 | i don't mean you go out there with a hammer and go at it |
kmcelroy1 | sort of like how you don't build firestations or do your own policing, but the state still does it :P |
HEROnymous | I do my own policing |
JK-47 | I had a well and leech field. Town made me pay sewage tax and water. Also tried to sue me to get on town sewers. |
HEROnymous | hahah |
HEROnymous | I even have a sign on my house that says "we do not call 911" |
JK-47 | Though, we are a nation that arrests us if we try to live off the grid or collect rainwater. |
kmcelroy1 | well, someone still has to remove the dead body |
kmcelroy1 | i mean, if you can cremate it and do the paperwork for investigation, congrats |
HEROnymous | investigate? what's my motivation to investigate? |
HEROnymous | and my dog's not picky about what he'll eat. |
HEROnymous | would probly test it for nasty chemicals first, of course. |
HEROnymous | not gonna feed my dog methhead. |
HEROnymous | but yeah, cremate... burn barrel... same shit. |
kmcelroy1 | if the fumes go onto your neighbors property, you broke the NAP |
kmcelroy1 | that means he will just tactical nuke you |
HEROnymous | yeah, good thing I don't give a shit about any of that silliness :) |
emptynine | or end up in the barrel also |
nemith | HEROnymous │ I do my own policing <-- oh jesus fuck. |
nemith | why do people try so are to be anti social |
kmcelroy1 | well, someone on your property doing shady things, that is met with a gun, can't fault that :P |
nemith | we are better together |
kmcelroy1 | pretty much SOP |
HEROnymous | nemith, well, I mean, I prevent crimes from being committed against me. I don't go around charging people money for speeding on highways, harassing innocent minorities, and murdering random strangers. that's a part of 'policing' today, I guess, too. |
sartan | Rainwater belongs to farmers. |
sartan | Don't forget. And Nestle. |
kmcelroy1 | fucking nestle |
HEROnymous | nemith, I agree that we're better together. I disagree that "the police" do a better job of protecting my home and family than I do. |
nemith | HEROnymous: that is some concocted drempt up "hero" complex you have invented for yourself |
oister | move to mexico HEROnymous |
kmcelroy1 | HEROnymous: well, unless 100 of us got together and decided we wanted your shit :P |
JK-47 | I had 5 fruit producing trees. technically i was an orchard. since the govt can steal any land deemed agriculture at any time. |
kmcelroy1 | i feel like there is a line there |
oister | see if that same thing applies |
HEROnymous | nemith, I mean, or I'm just a realistic. |
nemith | no you are delusional |
HEROnymous | oister, nah, mexico is a brutal police state. I'll stay away, thanks. |
sartan | yeah, your outdoor non-city forest mansion sounds like an absolute nightmare to live in |
HEROnymous | nemith, no you are! |
oister | you'll be glad you had police |
kmcelroy1 | there is a happy line, defend yourself if needed, but cops are still a need as well |
nemith | i mean you should do things to protect yourself. Like lock your doors but to pretend that you are 100% independent is delusional |
oister | see any 3rd world country |
nemith | HEROnymous: please explain why i am delusional |
nemith | I am interested in hearing your reasons |
HEROnymous | kmcelroy1, sure, people can fuck with eachother. the good news is that most people don't. times I've had to use a gun on another person: 0. |
kmcelroy1 | HEROnymous: really depends on who is around :P |
HEROnymous | nemith, you degenerated into ad hominem attacks and name calling. my response to that is always just "NO U!" |
oister | thats why you should move to a third world county HEROnymous :P |
oister | get to use those guns |
HEROnymous | kmcelroy1, I guess. statistically speaking, most people who are victims of crimes are people who associate with criminals, so... |
Giant81 | HEROnymous: sounds like you live in Montana |
kmcelroy1 | HEROnymous: concur |
nemith | HEROnymous: I feel like I am backing up my claims. But i did figure your rebutal was the adult version of "I am rubber you are glue" |
HEROnymous | oister, you should move to antarctica. because I said so, and it makes no sense either. |
HEROnymous | nemith, no, it was the childish version of that - just like your childish name-calling. :) |
HEROnymous | Giant81, nope. Missouri. |
Giant81 | you drive an old duece and a half, wear almost exclusively camo, and prep rather extensively for fear that the GUBMENT COMM'N FOR MA GUNZ |
nemith | Yes. We, as a society, need to quit with this "move if you don't believe in the same arguable view as mine" bullshit |
oister | it does make sense if you want to truly police yourself :D |
kmcelroy1 | HEROnymous: it is sort of the mix of if someone is breaking in, you call the cops, but if they get in, you shoot. there is a need for both :P |
nemith | HEROnymous: What names did I call you? I called you delusional for thinking you with a gun is better than a society of rules and concequences? That isn't a name. |
HEROnymous | oister, no it doesn't. most third world countries are ruled by a more or less corrupt police state (of course depends on what you consider third world) and the citizenry is vastly less free to defend themselves than many US citizens are. |
Giant81 | nemith: I've found anyone that says "well move if you dont' like it" isn't willing to move themselves if they don't like it so they are typically MASSIVE Hippocrates |
kmcelroy1 | need someone to investigate a crime? call the cops. need to defend yourself immediately, weapon |
Giant81 | protect your family, call cops to clean up the mess |
nemith | HEROnymous: I am very interested in your response but you are not confronting the debate i lay before you but instead are trying to discredit me |
HEROnymous | nemith, well first of all, that isn't what I said. don't conflate "the police" with "a society of rules and consequences". they're not even remotely the same - and the police are a great example of how they're not, seeing as how often police get away with doing things that ordinary people do not. |
kmcelroy1 | Giant81: pretty much |
nemith | Giant81: it's all bullshit |
nemith | really |
nemith | HEROnymous: The police are are part of that system. They are the enforcement arm |
nemith | and without the police the system cannot be sustained |
Giant81 | nemith: they're also the ones that are all "don't like your job, just get a better one!" cause I guess the job market is infinite |
squibby | nemith, ad hominem! no ad hominem! you're the ad hominem! |
HEROnymous | kmcelroy1, well, sure. but on the same token, the police don't bother with putting any real resources towards investigating the sort of crimes that are most frequently committed. |
nemith | squibby: also a huge pet peive of mine |
kmcelroy1 | HEROnymous: agreed, that is why if it gets done on your property and you can, you stop it with force :P |
HEROnymous | nemith, but that's the most troubled and deeply problematic arm of a system that has very fundamental problems. |
kmcelroy1 | HEROnymous: otherwise, you call the cops after the fact |
nemith | also exactly what the current president does |
Giant81 | HEROnymous: I think it also comes down to the chances of a conviction |
nemith | HEROnymous: I am not saying the system isn't flawed |
Giant81 | I mean I doubt the police are going to take DNA samples if someone shits on your lawn in the hopes of tracking down this dangerous criminal |
HEROnymous | kmcelroy1, imho, common sense goes a long way too. you don't need to shoot a 14 year old trying to steal a bike off your porch. you probably do need to shoot a meth head who breaks in through a window at night. |
kmcelroy1 | well, you don't need to, but he didn't need to steal it either :P |
kmcelroy1 | so it sort of goes both ways |
nemith | but i would rather try to fix it than pretend that I am John Wayne and my property is the wild west in some sort of childhood fantasy |
kmcelroy1 | if you didn't teach your kid not to steal, kinda bad parenting |
Giant81 | stereo stolen? big whoop, why dust for prints, there probably aren't any, it's not really that big of a crime, just let your insurance fix it |
kmcelroy1 | my father would have fucked me up pretty bad if i stole shit |
HEROnymous | kmcelroy1, yeah but to be honest, I don't think I'd call the cops after the fact either. bad things can happen in those circumstances. like that woman in Minneapolis just a couple of days ago. |
HEROnymous | she called the cops to report a bumfight in the alley. cop shows up, murders her in cold blood. and "oops my body camera was turned off!" |
Giant81 | HEROnymous: yeah shoot someone on your property then NOT call the cops, that seems like a really good idea |
kmcelroy1 | Giant81: i think he means he would just take the loss on the bike |
nemith | so all cops are killers? |
HEROnymous | nah, I'd put the word out in the neighborhood and when it was spotted, I'd go get it back. |
Giant81 | sure why not, unless you have a video and even then, just turn it into the cops later |
nemith | HEROnymous: have you recovered your own stolen property before? |
Giant81 | lol would love to see that, get arrested for stealing your own shit back |
kmcelroy1 | here you can shoot people if you catch them stealing :P |
HEROnymous | nemith, no, but some are. and that's enough for me to be wary. I also don't hang around with hard drug addicts or people with mental illnesses that lead them to flying off the handle. |
nemith | good plan |
HEROnymous | nemith, sort of. I had a car broken into once. I wasn't awake at the time, but another neighbor was, and that neighbor beat the thief down with a tire iron. so my property was recovered. |
kmcelroy1 | HEROnymous: hahaha |
kmcelroy1 | good neighbor |
nemith | and then you called...? |
HEROnymous | true story. happened in greenbelt, md. |
Giant81 | seems like a pretty solid use of deadly force there, saving that brittany spears CD |
HEROnymous | back in my DC days |
kmcelroy1 | Giant81: meh, fuck em |
HEROnymous | also, he didn't beat him to death, geez. |
Giant81 | yeah well, could have ended up badly |
HEROnymous | lol |
Giant81 | could have been shot |
kmcelroy1 | thieves deserve whatever they get |
kmcelroy1 | Giant81: so could the thief, didn't stop him apparently |
HEROnymous | another thing to remember about the police is that when seconds count, they're only minutes away |
Giant81 | sure, but if you start beating some fucktard with a tire iron and he's got a gun, not worth confronting the fucker over something as stupid as personal property |
kmcelroy1 | yeah, usually after 1 hit with a tire iron, you aren't going to be good to start reaching for things |
HEROnymous | so assuming you have the best, kindest, most dedicated police force ever in your town, with not a single lunatic or homicidal maniac or racist or whatever else among them... if somebody comes into your house and decides you're getting buttraped tonight, they're probably going to get away with it before the cops make it there. |
Giant81 | no he'd get shot, let the cops clean it up after |
kmcelroy1 | castle doctrine is a mus imo |
kmcelroy1 | must* |
Giant81 | but I'm not going to shoot the idiot rummaging through my car |
nemith | HEROnymous: so I am trying to figure out what your stance is? |
HEROnymous | now, all this said, I think that a functional society is a wonderful thing. with good functioning neighborhoods, we need police *less*. |
kmcelroy1 | Giant81: why not? |
kmcelroy1 | Giant81: then again, i don't know the legality of that there :P |
Giant81 | can't use deadly force unless I'm in thread of death or bodily harm |
kmcelroy1 | Giant81: well, that's why then |
kmcelroy1 | texas you can use it to stop someone from taking your property |
Giant81 | even then, doubt I would, not worth the paperwork |
Giant81 | just insurance claim it, buy a new thing, move on |
HEROnymous | nemith, on what specifically? police? I think that police can be very dangerous. only over the past few years since everyone has a phone with a camera has the truth about so many incidents come to light. and yes, that's a tiny minority of people, but when someone can kill you and get away with it, is it really worth taking the chance of putting yourself in a position to be around them? |
kmcelroy1 | no paperwork, they show up, see you shot him while he broke in, done :P |
HEROnymous | Missouri is excellent on castle doctrine, too. |
Giant81 | most of the time, but I don't think I'd chance it going bad on me |
kmcelroy1 | Giant81: hell, they had a guy that did it for his neighbor on the phone with 911 :P |
nemith | HEROnymous: I think armed citizen can be just, if not more, dangerous |
kmcelroy1 | shot two people on recording |
HEROnymous | Missouri also has a "car is your castle" law, too. |
Giant81 | or ending up in some endless civil suite by his sister/wife |
kmcelroy1 | HEROnymous: same here |
kmcelroy1 | Giant81: they protect you from that as well |
nemith | I think some vigalante going to reclaim his stolen property is very dangerous |
HEROnymous | nemith, sure, but... on the same token, I haven't seen any stories lately where someone called an armed neighbor to break up a fight and that neighbor murdered them in cold blood. |
kmcelroy1 | once you are found not criminally liable, no civil suit is allowed |
nemith | Because that doesn't really happen |
Giant81 | car is your castle, but I can't shoot anyone if I'm not in it |
HEROnymous | nemith, well, then don't steal things and you'll be ok? |
kmcelroy1 | Giant81: here it is pretty much if you are doing it to protect someone else or their property even, you can deadly force it |
Giant81 | like if I pull up to my house, and nobody's home, but tehre is someone rummaging around, I Can't then go into my house and shoot them... they don't pose a threat to me or mine. |
HEROnymous | that's really what a lot of it comes down to - cops harass people who've done nothing wrong. and they can. while some random dude isn't going to go messing with you just because you're <insert race here> or whatever. |
Giant81 | yeah TX is pretty cool about that |
kmcelroy1 | don't steal is pretty much the moral of the story :P |
nemith | the situation is more more rare so it's harder to find an example. I am sure you wouldn't have to google hard to find such an incedent. It's just that the news isn't saying that the neighbor isn't "being called in to enforce a situation" |
kmcelroy1 | Giant81: yeah, here you can blast them without worry |
nemith | rather they are just a murderer |
HEROnymous | don't steal, rape, murder... basically just leave other people alone if they don't want you around. |
bmoraca_work | huh...illumio doesn't support centos 6.9 |
bmoraca_work | interesting |
HEROnymous | nemith, I dunno... I don't see such situations really. |
nemith | Yeah well there is the other problem |
HEROnymous | btw, anyone interested in the story I referenced a couple of times... https://www.washingtonpost.com/news/morning-mix/wp/2017/07/17/bride-to-be-called-911-for-help-and-was-fatally-shot-by-a-minneapolis-police-officer/?utm_term=.8e6502d7dd9a |
HEROnymous | absolutely insane. and there's a very low chance that the cops who murdered her will face any sort of criminal punishment. |
HEROnymous | the cop who murdered castile got away with it, too. |
HEROnymous | and it disgusts me. |
nemith | humans are really bad at doing statistical analysis on the fly. Just because you cannot recall, or on the flip side because you have a single specific example of your argumenet doesn't make it a problem. |
Giant81 | like the cop that shot that one buy with his arms up laying on the ground in broad daylight? |
Giant81 | *guy |
nemith | You instead need to analyze a large sample set of issues |
Giant81 | though I suspect he got fucked |
nemith | and then you can start to fix the prob lem |
Giant81 | nope one bag egg ruins the whole bunch |
kmcelroy1 | HEROnymous: well, to be fair, everyone let off is let off by a grand jury generally, so peers say no, or if it goes to court, a jury decides as well |
kmcelroy1 | so iono |
Giant81 | all cops are murdering, racist, assholes with a badge |
HEROnymous | Giant81, yeah, this stuff happens all the time. for every incident we hear about because the person involved was rich/white/etc, or because someone happened to have a cell phone camera out recording... plenty of others go unnoticed. |
Giant81 | should be a cop, so I can randomly just shooot people on the street |
nemith | Citizens kill citizens all the time too |
HEROnymous | Giant81, no, but some are. |
nemith | more so than cops killing citizens |
nemith | but one makes news |
HEROnymous | nemith, should those people go to prison for it? |
nemith | of course |
HEROnymous | but the cops don't when they do it. |
HEROnymous | and there's your difference. this is not a society of rules and order. |
HEROnymous | this is a society of "us and them". |
nemith | Thats not 100% true either. |
HEROnymous | everything is built upon "us and them". |
kmcelroy1 | there are cops that go to jail |
kmcelroy1 | they just had one |
nemith | There is a cop here in Colorado who just got convicted of murder |
Giant81 | HEROnymous: if some are, than you have to assume all are |
Giant81 | shot any you see before you get shot |
nemith | for every one bad cop you speak of, there is probably 1000, 10,000 who are serving the communities they work in |
Giant81 | I know I'm kidding |
HEROnymous | whether it's "republicans" and "democrats" or "citizens" and "illegals" or "cops" and "not cops" |
Giant81 | chances are most will never come across a legit bad cop, just cops that they think are bad for doing their job or shitting on your fun while your drunk.... doesn't mean the cops bad, just that you're just on the wrong side of the situation and aren't mature enough to realize it |
nemith | HEROnymous: yes |
nemith | very much so |
HEROnymous | Giant81, I grew up in a poor, mostly-black neighborhood. I noticed the difference in how cops acted towards us when I was with my black friends, versus when I was not with any black people. |
nemith | I would argue that US is mankind and them isn't needed |
kmcelroy1 | HEROnymous: statistical analysis :P |
nemith | racism is dying... slowly, but it is getting better |
kmcelroy1 | HEROnymous: if you were in a rich neighborhood, would have never come up |
nemith | it's also easy to talk shit about a problem. Harder to try to actually help fix ity |
HEROnymous | nemith, yeah but that has to be maintained. because otherwise people start applying class analysis to things. god help the entrenched authorities if a bunch of trailer park kids and a bunch of urban projects kids got together and realized they had more in common with eachother than with donald trump or barack obama. |
DoYouKnow | I cannot believe I don't have the CCNA yet |
DoYouKnow | I need to study and pass that thing |
Giant81 | DoYouKnow: take the test |
Giant81 | do the combined test, none of this ICND 1 or 2 bullshit |
DoYouKnow | I will, again and again |
DoYouKnow | I just failed last time I took it and dad is sort of being controlling, even though I'm 30 |
bellis | took me a long time to finally take and pass it, too.. still less than 2 years ago |
HEROnymous | kmcelroy1, I grew up in the area where The Wire was set, pretty much |
HEROnymous | lol |
Giant81 | DoYouKnow: sounds like you have more problems than just the test |
HEROnymous | DoYouKnow, what does your dad have to do with anything?! |
kmcelroy1 | HEROnymous: yeah, we got shipped to innercity craphole in high school |
kmcelroy1 | most of my friends were gang members/drug runners, etc. |
kmcelroy1 | lot in jail, dead |
DoYouKnow | I have more problems than just the test, HEROnymous |
kmcelroy1 | fun times |
Giant81 | I've done it twice and passed it by a wide margin both times, but can't seem to pass a CCNP test, miss it by anywhere from 10-50 points each time, fuckers |
kmcelroy1 | had quite a few get hit with serious trafficing felonies, ha |
kmcelroy1 | kilos of coke, 3000 x pills, etc. |
DoYouKnow | I have paranoid schizophrenia. symptoms: inflated ego and low self-awareness |
HEROnymous | kmcelroy1, hahah. yeah the gang kids stuck to themselves, mostly, never really got to be friends with any of them. |
DoYouKnow | ok, just kidding about the first one |
kmcelroy1 | HEROnymous: i was friends with all the dirtbags |
kmcelroy1 | iono why, i guess i am a dirtbag |
HEROnymous | I don't think those are symptoms of paranoid schizophrenia. I used to work with a dude who was schizophrenic. he was on meds and mostly passed as normal though. |
DoYouKnow | ok |
Giant81 | https://www.youtube.com/watch?v=QXx-n6T7tZg |
DoYouKnow | yeah, it's changing |
DoYouKnow | really |
DoYouKnow | HEROnymous: I think most people agree that my dad is controlling and that I should move out |
HEROnymous | why would... nevermind. |
Giant81 | who cares if he's controlling |
Giant81 | you're 30, move out |
Giant81 | unless the rent is good |
kmcelroy1 | is this real life? |
Giant81 | I mean I have a buddy that stays at his parents house, he can afford a place of his own, but no rent, no utilities, no bills accept his car/bike payments, insurance, and cell phone. He just works a tech job, banks the rest |
HEROnymous | nemith, as far as helping fix a problem, I think that there're a lot of interwoven problems, and you can't solve them individually. you need a real holistic approach, but trying to remove the right to self defense from individuals and outsource it to a separate, higher class of individuals called police, you can't have real peace between those classes. |
HEROnymous | Giant81, I have a buddy that lives with his parents, makes decent money, and blows it all on this ugly annoying girl that all of his friends hate. |
HEROnymous | so... eh. |
Giant81 | has bull autonomy to come and go as he pleases, parents are chill as fuck, house is close to his work, other than a bit less privacy |
HEROnymous | his parents are nice people and also hate her. |
HEROnymous | a lot. |
Giant81 | been talking about a place with his gf, who is also cool as hell |
Giant81 | but I get to benefit from his money, he's bought me rifles, ammo reloading supplies, paid for shit for me, gave me a server for my lab, shit like that, he's not materialistic at all, money is just something he has and can afford to spread around and have some fun with it, he keeps his bills paid and has fun with the rest |
HEROnymous | yeah me and some of my friends are like that... always buyin eachother shit heheh |
DoYouKnow | my dad is very much against spending money to make money |
bellis | I give my little brother a hard time for still living with family at like 26, but the truth is that he makes a fraction of what I do and pockets WAY more disposable income than I ever did at his age, so meh :| |
HEROnymous | "I like you so much I have your address as a delivery option in my amazon yo" |
DoYouKnow | whether it's for a business, or anything |
HEROnymous | bellis, see, I'm doin that now, I got a crazy cheap house that I don't have a mortgage on |
HEROnymous | one day I'm gonna be able to drop probly half a mil or so on a place with a lot of land in the country |
HEROnymous | but for now, no house payment at all, $270/year property tax and that's it |
bellis | though, to his credit, he's probably moving out with his girlfriend soon (who will probably be making more than he does anyway) |
bellis | better life choices than my decision to move out at 19 with a shitty part-time job, unemployed (and terrible) girlfriend, her unemployed sister, and her unemployed sister's unemployed boyfriend at the time |
bellis | super smart |
Kazaii | sounds similar to me @ 19, bellis |
DoYouKnow | I sort of had an opportunity to be significantly employable by my late 20's, but I didn't have the courage to stand up to my dad and I blew the opportunity |
DoYouKnow | going to work with what I have, and study for the CCNA again |
MadClown | when your phone autocorrects "xenpack" to "sex pancake" you know it's going to be an interesting day |
MadClown | even better when you don't catch it |
HEROnymous | lol |
bellis | I prefer sex pancakes |
Atro | what |
DoYouKnow | my dad is probably a little bitter because he lost his job as a network admin and now works helpdesk |
bellis | especially 10 gigabit sec pancakes |
HEROnymous | why doesn't he just get another network admin job? |
DoYouKnow | probably brainwashed |
Giant81 | lol my father in law got canned as a manager at an insurance company like 20 years ago |
DoYouKnow | by management |
MadClown | for 160K / year, I'll clean up interface descriptions |
Giant81 | still won't get a job, because nobody would hire him as a manager, he couldn't possible take anything lower than management |
MadClown | no shame |
DoYouKnow | the problem is they let him keep his pay |
DoYouKnow | so now he has no job security |
Giant81 | so instead of take a job somewhere and work up to management if he was worth it (believe me he's not) he's been unemployed for 20 years cause he's a lazy fuck |
HEROnymous | MadClown, what's an interface description?! ;) |
Giant81 | HEROnymous: you know that thing that never actually is accurate on anything farther out than the core, and even then, it's hit or miss |
HEROnymous | Giant81, why would no one hire him as mgmt for that long? is he bad at interviews or something? |
MadClown | HEROnymous: that's for me to know and bill out |
DoYouKnow | Giant81: oh |
Giant81 | HEROnymous: he's an idiot |
HEROnymous | I will say though, I have netbox setup and actually have all my interfaces documented in there, and I'm pedantic as hell about keeping it up to date |
MadClown | CDP/LLDP work great until the interface goes down :) |
Giant81 | is pretty sure he's better than everyone, his shit doesn't stink, everyone else is stupid and 'ignorant', and spends is days at home gardening listening to rush limbagh and fox news |
HEROnymous | hahah |
DoYouKnow | lol |
Michael | rofl |
DoYouKnow | that will rot your brain |
Michael | and now you know why he was management |
nemith | you need to model offline |
nemith | use the model to generate interface configs |
HEROnymous | nemith, yeah or at least shut interfaces that it says are not used ;) |
DoYouKnow | fox news is definitely dumb |
MadClown | desc Unused |
HEROnymous | that way if people fuck up, it gets noticed |
MadClown | done! |
DoYouKnow | Fox News Network |
HEROnymous | I can't do biased news. so I mostly avoid the news except for cnbc. |
HEROnymous | cnbc is actually as unbiased as it gets. |
DoYouKnow | I watch bbc |
Atro | oh god, DoYouKnow are you also here as well? |
HEROnymous | I watch bbc for some of their awesome shows |
MadClown | c-span is fairly unbiased |
HEROnymous | did you watch victorian slum house? |
HEROnymous | MadClown, is that really "news" though? |
DoYouKnow | Atro: I'm here, yes. I've been on this channel since 2008 |
HEROnymous | victorian slum house is actually pretty good though. |
Atro | good for you |
Atro | its just funny |
MadClown | HEROnymous: technically yes, but it's like watching paint dry |
Atro | cluelessperson hangs around ##networking :P |
MadClown | I'd rather take a nap than watch C-SPAN |
HEROnymous | I'd rather take a nap than do just about anything |
MadClown | sometimes I take a nap while kayaking, best of both worlds |
oister | watch c-span or golf to help take naps |
MadClown | the sound of waves against the shore knocks me right out |
DoYouKnow | I want to take a nap, but I feel constantly sort of jolted awake |
DoYouKnow | I feel tired for sure |
DoYouKnow | ok |
DoYouKnow | ACTION stands absolutely still as he hears a conversation going on in the background |
DoYouKnow | ACTION resumes |
Giant81 | wasn't a conversation in the background |
Giant81 | was just teh voices in your head |
DoYouKnow | lol |
Atro | rekt |
[work-muze] | so we have a campus with building-to-building fiber, Nexus 9k core, and mostly 2960S access switches. I've been having an odd issue with new 2960s lately...when we've been replacing access switches in each IDF, the switch will pass traffic through, but we cannot ping, telnet, or ssh into them. |
jdk101 | Check if the ip default-gateway is configured on the device. |
[work-muze] | all of them have their IP, subnetmask, and default gateway configured btw |
jdk101 | beat me to it :S |
jdk101 | But, you mean replacing like migrating from 2960s to Xs? |
[work-muze] | we're not there yet. we're still working our way through backstock of Ss |
oister | care to share your config? |
[work-muze] | I've tried setting the default native VLAN to VLAN2 since it is our campus-wide trunk, but still nothing |
jdk101 | Ok, so you are replacing one switch for another? |
[work-muze] | jdk101: correct |
jdk101 | are you moving the master??? IIRC all the management is done by it, even when the members are still passing traffic. |
[work-muze] | define "master"? all L3 is done in the core at our DC |
[work-muze] | it's worth noting that the the neighbor details for this device has it's IP address blank...at a loss as to what I did wrong |
jdk101 | Master in the stack is the switch that controls the members. Most processing is done by it, security stuff, management stuff, etc. I'm assuming the switches in your IDFs are stacked, right> |
jdk101 | ? |
[work-muze] | these are not stacked |
oister | are you using vlan 1? |
[work-muze] | no |
oister | is vlan 1 shutdown? |
[work-muze] | yes |
oister | does the vlan database have your management vlan? |
[work-muze] | on the problematic access switch? |
oister | yes |
oister | sh span vlan X |
oister | on your mgmt vlan |
[work-muze] | I'll have to try that tomorrow when I can get a console cable on it |
oister | if you pasted in a configuration then it probably doesnt have the vlans created |
oister | on a 2960s issuing "int vlan 100" doesnt actually create vlan 100 in the database |
[work-muze] | so configuring VLAN2 with a 10.2.0.x address, subnetmask, and default gateway will not allow it to accept incoming traffic? |
oister | you still need "vlan 2" command |
oister | to put it in the vlan database |
oister | and that command doesnt show up in the show run |
oister | so if you just copied from another switch then it wont create the vlans in the database |
[work-muze] | wait...so like: config t --> int vlan 2 --> address, etc....will not create VLAN2 in the VLAN DB? |
oister | correct |
oister | its retarded but thats how it works :D |
atten10 | no |
atten10 | oister, the VLAN will be created once he assigns a port to VLAN 2, automatically, without having to enter the VLAN |
[work-muze] | I've never been taught to do otherwise...?! |
atten10 | to configure a SVI though, for a VLAN interface you have to enter the interface configuration and assign the properties |
atten10 | at least in a cisco switch |
oister | ive never tried to create a vlan by adding it as a switchport |
oister | but i know it wont create one if you manage via trunks |
oister | ive been bitten by that a few times |
atten10 | if you manage via trunks? |
atten10 | What the hell does that mean? |
atten10 | Are you talking about VTP? |
oister | if the vlan is no the in the database |
oister | its not going to work |
jdk101 | And also creating the vlan and configuring and SVI does not mean the SVI will come up. It has to be on a switch, like an access or trunk port |
atten10 | no the in? |
oister | if you issue "int vlan 2" |
oister | it does not put it in the database |
oister | on a 2960S at least |
oister | maybe the new XE works differently |
jdk101 | I thinks is the same in the XE. |
[work-muze] | oister: so if this is the case, how do I make the switch acknowledge the VLAN it's managed by? |
oister | just create the vlan in the database... "vlan 2" |
oister | it may not be the problem but thats my best guess |
[work-muze] | I'll give it a shot tomorrow. I've never had this issue before... |
almostdvs | apologies for any ignorance I've inherited a mess |
almostdvs | I attempted to switchover ISP for a customer. I changed the IP address to one in the range they gave me and transferred connection to the new modem |
almostdvs | and I changed ip route 0.0.0.0. 0.0.0.0 new.modem.ip.address |
almostdvs | from the router I can ping the modem and I can traceroute to 8.8.8.8 |
almostdvs | from the firewall behind the router I can ping the router however I cannot ping the modem or get to any internet address |
almostdvs | any guidance on what I might be doing wrong? |
zapotah | youre lacking routes and/or NAT somewhere |
almostdvs | there is a switch in between the router and firewall but from what I can tell its a dumb switch and that thing can ping both firewall and router no problem as well |
almostdvs | I'm curious as to its purpose but not as important to me |
almostdvs | any suggestions on what to check zapotah |
zapotah | figure out wether the switch actually is unmanaged and if not, how its configured. then check the routes |
zapotah | after that check NAT on the edge |
zapotah | assuming ipv4 |
almostdvs | zapotah: edge being the router? |
zapotah | whatever is the last device that terminates IP before the ISP |
almostdvs | I don't think it performs any NAT. I believe the firewall does that |
almostdvs | I suppose its important to mention that they own a /24 public block that has to be configured but I'm not down that road quite yet |
almostdvs | could it be that the modem does not know how to send traffic back to the router? |
zapotah | how are you in charge of this if you dont know how basic routing works? |
almostdvs | engineers keep getting fired or quitting ... |
almostdvs | I know how basic routing works but this stack is really complex |
zapotah | sure doesnt sound like it |
almostdvs | I'm about CCNA level; this is a public /24 network with bgp and HSRP failover |
zapotah | which is part of ccna these days |
bmoraca_work | modem->router->switch->firewall isn't really complex... |
almostdvs | modem>router=router>switch>firewall=firewall>switch>switch> users |
almostdvs | I am focusing on where I see the problem. the firewall which is the gateway cannot communicate with the modem |
bmoraca_work | well, that's not what you explained above. drawing a picture might be helpful. label it with IPs. |
bmoraca_work | as stated, that's more than likely because the modem doesn't have a return route for the firewall |
bmoraca_work | how does the modem learn of routes beyond the routers? |
almostdvs | thank you bmoraca_work. Do I just have to have the ISP verify that |
bmoraca_work | maybe? impossible to know, based on the information you've shared. |
bmoraca_work | you stated BGP...BGP to what? from the router to the ISP? does your new ISP support that? have you properly configured it? is the neighborship up? |
squibby | did you turn the firewall on? |
almostdvs | router to ISP yes and router to router. router 2 has been down for months so that neighborship i don't care about |
almostdvs | its the same ISP but billed under a different company |
bmoraca_work | then it's not the same. |
bmoraca_work | if your next hop is different, BGP probably has to be reconfigured |
bmoraca_work | is the neighborship up to the ISP? are you learning routes from them? are they learning routes from you? |
squibby | bmoraca_work, is this confusing af? am I dumb? |
squibby | "Now you need to define something called the RP set. This is the set of all the routers which would act as RP. You need to have a loopback on each prospective RP router, which is different than the loopback that is being used as the RP address. In this example, loopback 1 is on both Nexuses that have IP address 192.168.1.1/32 and 192.168.2.2/32, respectively. This loopback 1 is used to define the RP set. The command to do the same is:" |
squibby | http://www.cisco.com/c/en/us/support/docs/ip/ip-multicast/115011-anycast-pim.html |
almostdvs | probably not. It was the same ASN for both router and the ISP but I'm now thinking that I have to coordinate with the ISP. |
bmoraca_work | squibby: anycast rp |
almostdvs | how can I verify the neighborship is up? |
squibby | why are 192.168.1.1 and 192.168.2.2 "prospective RPs"? when the anycasted RP address is already manually defined as 10.1.1.1 |
almostdvs | sorry for all the confusion. I'm literally following partial notes on a notepad and a mess of wires |
bmoraca_work | squibby: are you labbing EVPN? |
squibby | bmoraca_work, going to in a bit |
squibby | still reading up |
zapotah | squibby: isnt that just for syncing the tree? |
zapotah | squibby: between the anycast RP announcers |
bmoraca_work | squibby: this is the old white paper...it's badly written, but has some good info: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-paper-c11-735015.html |
bmoraca_work | this is the new white paper: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-738489.html |
bmoraca_work | much better written |
squibby | zapotah, I guess so, but in another exmaple I have the leafs are 192.168.1.1 and 192.168.2.2. those are VTEPs. why would they be involved in the anycast syncing? |
squibby | bmoraca_work, thanks |
bmoraca_work | leafs wouldn't be |
bmoraca_work | but |
bmoraca_work | you technically don't need multicast |
bmoraca_work | it's only for BUM. if you don't need BUM in the overlay, you don't need multicast in the underlay |
bmoraca_work | i typically deploy it anyway because i don't know |
squibby | I feel like it would be a mistake to not support BUM from the get go. |
bmoraca_work | also, if you're on gen 1 (9372) or 2 (9396), you won't have enough TCAM to enable arp suppression |
zapotah | squibby: hey, MS network virtualization doesnt do BUM with 2012R2 :3 |
zapotah | at all |
zapotah | but thats NVGRE |
bmoraca_work | squibby: this is the new whitepaper, not the other one i sent you: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/guide-c07-734107.html |
bmoraca_work | wait, this one sucks too |
bmoraca_work | i can't find the one that cisco did |
bmoraca_work | they had a really good one for the 9k |
bmoraca_work | hrm |
squibby | I just spent 20 minutes in mutant rage because I had a VPN4 RR that wouldn't install updates it was receiving from my PEs |
squibby | and it turns out I didn't configure the PEs as RR clients |
squibby | so it was dropping the NLRIs because no route-targets or VRFs |
squibby | ¯\_(ツ)_/¯ |
zapotah | not hulk rage? |
zapotah | or does that count as mutant rage? |
bmoraca_work | lol |
bellis | that's when you print out a picture of yourself that you can punch in the face later |
bmoraca_work | squibby: hey, at least it was simple and you figured it out quickly |
squibby | bmoraca_work, not before I cried a bucket of liberal tears |
zapotah | is that better or worse than conservative tears? |
bmoraca_work | squibby: i think what they're saying there is that the two RPs use those system-specific addresses to exchange the multicast source information. they obviously can't do it with just the anycast RP address, so they're saying "these are all the members that are listening on that anycast address" |
squibby | bmoraca_work, so I understand the need to sync the trees between the anycast RPs. what I don't understand is why the client VTEP IPs are referenced as part of the anycast rp statements |
squibby | leaf vteps shouldn't be invovled in the syncing it feels like |