#cisco IRC Archive for 2014-02-05

Symmetria	jato, ISO 7799?
dissolve	kenya
Symmetria	I think that was the number
jato_	I believe its abberviated form is 27K
jato_	but its actually 2700...something
jato_	Im still wrapping my head around it and deciding if its easier to quit or implement
Symmetria	heh jato, 27002
Symmetria	which was developed from BS7799
jato_	I have never even worked under one of these, let alone implemented it. Ive no idea why its been dropped in my lap
Symmetria	jato, that standard is the basis of the CISSP certification
Symmetria	and implementing it, well, it depends to what level you want to implement it
Symmetria	if you want the entire thing, well, then you're at military grade and I hope you have some pretty huge budgets ;p
Symmetria	jato the trick to doing that shit is to point out to management just what its going to cost to make it a complete reality
dissolve	Symmetria: dare i ask why you arent voiced and what shall i do to achieve something near your position
Symmetria	they generally decide its not such a good idea
jato_	I think I might just break down and cry in the corner, so far all management have given me is "This will be eaaaaasy, by the way do all your regular work still"
Symmetria	dissolve lol, not voiced cause I don't have a CCIE, and to get a position like mine? 18 years of experience, hard work and getting lucky by being in the right place at the right time
twkm	ahh, so overtime was authorized ...
Symmetria	and working 12 - 18 hours a day to stay current on a lot more than just networking
dissolve	yea... ive been doing that for a couple years now + school
Symmetria	jato, go and get the CISSP bootcamp docs
Symmetria	and a copy of the standard
dissolve	actually ive been doing that for like 8 years... but i dont want to be a contractor
Symmetria	then start making a list of expenses you will incur
Symmetria	;p
Symmetria	trust me they will not want to go the whole way
dissolve	f the expenses
Symmetria	heh I spent 2 years as a contractor till my biggest client made me an offer that I couldnt refuse
Symmetria	;p
Symmetria	now I live a pretty good life and have moved to Kenya ;p
dissolve	GC license# smoethign somethign on the wall behind me
dissolve	dont care
dissolve	so did u work + school combined for that entire time or did it just "come to you" with experience
Symmetria	heh, experience, I never even finished high school ;p
dissolve	ACTION fingers crossed "not the ladder..."
dissolve	ghey
Symmetria	but I had certain key advantages most of which came from sheer luck and timing
dissolve	<---27 how old r u if u don't mind me asking
Symmetria	I started one of the first security companies on my continent at the right time, when the IT industry and making money in it was dead easy, climbed out at the right time, and made a fair chunk of money, and money opened other doors
Symmetria	turning 35 in 16 days time ;p
newtmewt	ACTION is working from home :)
newtmewt	KickStarRabbit you around?
dissolve	well gj
KickStarRabbit	yes sir!
dissolve	ill catch up buddy
newtmewt	MTT 21874 hav ethey started it yet?
Symmetria	dissolve lol, as I said, a lot of getting ahead in life comes down to luck
dissolve	yea stuck in lakeland fl is not a place to throw luck around
Symmetria	J. Paul Getty was once asked how you get really really rich
dissolve	... something to that effect
Symmetria	he said, you get up in the morning and you work hard all day
KickStarRabbit	ping me newt
Symmetria	you go home, you sleep, you get up and do it all over again
newtmewt	i'll just call you :D
Symmetria	and somewhere along the way,... you get lucky and find oil
Symmetria	;p
drkat	Symmetria that's so not true ;)
KickStarRabbit	god no
drkat	We all know the secret to being rich is selling used cisco gear
drkat	ACTION nudges scrye
sartan	me licks drkat
dissolve	money is not so much as important as being able to get respect in irc!
Symmetria	drkat heh, hard work takes you a fair way, but its also timing and luck, the thing is, the hard work puts you in a position to take the chances when you get lucky and they come along
dissolve	rofl jk!
sartan	one day i'll get respect
Symmetria	you gotta have a combination of both :)
drkat	well hello sartan
sartan	ACTION removes pants
sartan	is this how you get people to like you?
drkat	Symmetria agreed
dissolve	sartan lol
drkat	sartan it is.
sartan	hmm, indeed, that's how i met your mother
Symmetria	sartan no thats how you get an O-line on efnet but only if you have tits as well
drkat	funny.. she cant see, so i guess you had a good shot
dissolve	k u r very distracting. i must get back to my extremely difficult homework lol
drkat	btw.. IE 11 == garbage
dissolve	duh
newtmewt	drkat: doesn't ie anything ==garbage
KickStarRabbit	just cleaned my outlook and I feel an overwhelming calmness
newtmewt	KickStarRabbit: good, then answer my call so i can uncalm you :D
KickStarRabbit	i am on hold with at at
KickStarRabbit	2 in hold
drkat	newtmewt you know.. IE isnt a BAD browser, it's just misunderstood
Symmetria	god, for a company that makes routers to drive high speed links
Symmetria	why cant cisco invest in some proper connectivity
drkat	;)
newtmewt	drkat: its the best browser to download another browser with as my old boss said
drkat	Symmetria cuz cisco is lacking
Symmetria	so when you need to download 2 or 3 gig IOS images from them it doesnt take 3 hours
drkat	newtmewt i agree
drkat	So i advised my customer how to move over his ISP connection
drkat	I tell him.. So what you wanna do?
drkat	he says move the isp
drkat	hmm
drkat	no shit :)
drkat	so Ive decided to re-read network warrior, this should be fun
Symmetria	if you're feeling masochistic and having nothing better to do
Symmetria	you could always go teach yourself ALU CLI ;p
dissolve	not to be racist.... of what descent are you mr Symmetria?
dissolve	DO NOT BE OFFENDED!
drkat	hes black
drkat	but totally white
dissolve	and u too sartan
jato_	Im reminded of a joke here somewhere...
drkat	sartan is latino
drkat	but canadian so you could never tell
dissolve	i can see that
newtmewt	KickStarRabbit
drkat	he's always saying EH anyway
newtmewt	ACTION loves having a t1 affected to bitch at you guys :D
dissolve	well i see rogers.com
dissolve	so yea
newtmewt	and this one is in denver, right around the corer... you should go fix it
KickStarRabbit	kicks newt in the balls
drkat	meh
drkat	show me the bert test
Symmetria	dissolve lol, I was born in South Africa, my parents were born in South Africa, my grandparents were british
drkat	cant loop the CSU, your problem
Symmetria	but I consider myself african and always will
dissolve	ah
dissolve	true african needing suntan gotcha
dissolve	lotion
Symmetria	lol since i moved to kenya Im even slowly starting to learn swahili ;p
Symmetria	which is taking some doing
drkat	acu cli? eww
dissolve	so sartan
dissolve	ur mexican canadian?
dissolve	is noone here indian??? i am very confused
dissolve	seems like... nm
adama	indians don't waste their time talking about getting a CCNA on #cisco
adama	they actually get their CCNA instead
dissolve	<--= fl cracker... err
dissolve	shhh
drkat	and work in a call center
KickStarRabbit	thats a badass indian
dissolve	lolo
sartan	yeah, i'm mexicna-canadian
drkat	esse eh
sartan	exactly
adama	lol
dissolve	mexican canadians dont like to go to movies they like hockey and star wars...
dissolve	wait that doesnt work
adama	i walked out of a mexican cinema earlier
adama	fuckers kept laughing really loudly
adama	never had that before, what the fuck
sartan	&C04,06LOL
adama	IT'S NOT THAT FUNNY GUYS
sartan	probably gang members
sartan	they feel their loud laughter will intimidate you
drkat	nah
adama	in yucatan? i doubt it!
drkat	they were laughing at his hair cut
dissolve	grr ccna coming up in 10 weeks.. should i even announce that probably not
adama	lol ccna, etc
dissolve	i took all 8 week courses tho! im sure u remember me bugging u
sartan	Good luck dissolve, 10 weeks is a far time away
drkat	?
drkat	why are we loling ccna?
sartan	just don't forget to keep studying, don't forget your course content
drkat	ccna is like a top rated search term from recruiters, so LOL!
dissolve	multi area ospf man! and everyones distracting me!
dissolve	ahhhh
dissolve	and u guys r mean dammit
twkm	you obviously didn't want to do the exercise.
drkat	twkm he did, but irc came first
sartan	IRC always comes first
sartan	My wife will call me to have sex and i'd rather be here on #idlerpg
drkat	i cant read a single chapter due to irc
dissolve	nah i do the excercises i just get lonely doing them because everyone in my class is a fn dick
drkat	sartan is this true?
sartan	tbh sometimes yes
drkat	yeah same here
drkat	heh
hjohnson	ACTION still has fond memories of his spanish GF.
sartan	well your wife only gives you your nuts once every couple of weeks, right? she keeps them in the purse
hjohnson	I was on IRC and ignorring her... so eventually, ruffling of clothes, then she drops into my lap
drkat	I was watching a show last night and I was really into it. She came down stairs and said :lets have sex and I was like in a sec..
drkat	i did not have sex
drkat	sartan HA, not true
hjohnson	needless to say, IRC was suddenly second priority
drkat	hjohnson she shouldve got under the desk while your irc'd
sartan	i get mad at her when she walks downstairs naked
hjohnson	lol
sartan	bitch there are flash games to play
sartan	don't clickblock me
drkat	you know tbh my wife has been better lately.. kinda weird
hjohnson	drkat: then again, she was also insane.. she'd be so angry that she couldn't contain herself... just shaking (the whole petite spanish girl thing)... not angry at me.... then she'd pull her pants down and drag me upstairs
drkat	still a total bitch, but improving
drkat	hmm
drkat	sounds hot
drkat	i had a mexican chick once..
drkat	she was umm..
drkat	yeah, i didnt like her
hjohnson	she was full blown spanish, from Matrid
hjohnson	er Madrid
drkat	she was full blown mexican.. from home depot
dissolve	got a teeny 4 month fetus maturing inside my 8 year gf behind me asleep but im blasting (quietly listenining to) some bull shit on ospf off youtube after reading all of the chapter.. irc took over tho
hjohnson	lol
drkat	wake her up and inpregnate her
drkat	again.
dissolve	SHE IS
hjohnson	drkat: Uhm, I don't think it works that way
dissolve	i do
drkat	4 monts huh?
dissolve	lol
newtmewt	KickStarRabbit: allen is going to punch you for me :D
dioz	is she hot?
drkat	congrats
dissolve	yea im scared
drkat	you should be.
tmx1	haahaha
dissolve	i am
tmx1	bitch
dissolve	=\
tmx1	you have NO idea what it is to have a baby
tmx1	little bitch!!!!!!!!!!!!!
drkat	huh?
tmx1	you will cry
drkat	who
dissolve	ACTION chris rock flash back
drkat	think you're on irc now?
hjohnson	lol
drkat	enjoy it..
drkat	cuz these days are gone
tmx1	enjoy irc?
hjohnson	I love kids, but kids are like boats.. the only thing better than your own are other people's kids
tmx1	you people must be on crack
dissolve	I GOT IRC ON MY GALAXY S4 beyotch
hjohnson	that way when they get fussy or smelly, you can hand them back.
drkat	ahh children
drkat	how i loathe thee
dissolve	i did not mean to bring this up
drkat	its ok.
dissolve	i dont want to think about this for another 3 months
hjohnson	naw, I love kids.. they're especially tasty when basted with mint sauce.
drkat	well..
dissolve	no
drkat	5 months really
dissolve	NO
dissolve	yes
dissolve	yes.
drkat	shoulda wrapped it
dissolve	i wasnt trying to add
tmx1	lets see you sleep 2hrs per night soon
tmx1	if that
dissolve	i was just trying to push that to the back of my mind
hjohnson	hehe
drkat	2?
drkat	shit..
drkat	maybe over the span of 6 hours
hjohnson	hah
dissolve	shhhh
tmx1	babies are cute..
hjohnson	eh, kids get fun when they're 4 to 6
dissolve	couple of my buddies seem to make it ok
drkat	dissolve oh its ok
drkat	hjohnson yea... sometimes
KickStarRabbit	yippie
drkat	:P
tmx1	i was afraid at first.. but it's easy
KickStarRabbit	oh i cant access the switch
tmx1	then you love it
dissolve	k
drkat	then youhave more
hjohnson	I'm doing a group vacation with a bunch of friends and their kids this march
hjohnson	maybe I'm insane
drkat	hjohnson pedo
hjohnson	drkat: hah, naw, it's the only way I can get out and about with my friends now that they all have kids.
drkat	im just playin
hjohnson	heh
drkat	none of my buddies have kids
drkat	so they dont come round
drkat	heh
dissolve	"when you're expecting" forced to watch that movie.. actually hilarious, but still i dont want to think about this till its near. shh
drkat	its ok
drkat	boy or girl?
dissolve	b !
dissolve	lol'
drkat	boy?
dissolve	si
drkat	lucky
dissolve	very very lucky yes
tmx1	itll be fun when you change diapers and all of a sudden pees on you
drkat	not that I'm mad, but I ended up with 2 girls
dissolve	i dont want to worry about dudes hittin on..
sartan	your unborn child?
dissolve	yea!
sartan	Why don't you have a seat right here.
drkat	well he may be gay
hjohnson	eh, if you have daughters, just get a 1ga
hjohnson	er 12ga
drkat	hjohnson heh
drkat	yeah I have 2.. so I have to deal with assholes
tmx1	2 girls?
drkat	yea
tmx1	oh god
drkat	yuuup
tmx1	growing up in this fucked up society
hjohnson	lol
drkat	its all going to hell
hjohnson	ACTION ponders buying a 3845
dissolve	1gauge there we go
dissolve	little bit of a kick
hjohnson	dissolve: it's a pea shooter!
dissolve	bfg9k style! pea shooter yes
hjohnson	naw, what you really need is a punt gun
diss\|learning	must minimize
adama	sartan: I'd like to take a minute so just sit right there and I'll tell you all about how I came to be the prince of Juarez?
adama	06:37 <+sartan> Why don't you have a seat right here.
sartan	I was playin' my lowrider on the north side of Tijuana, and my mom got scared
sartan	el paso\|juarez?
sartan	they share a border right?
adama	she said you're moving with your tia and tio in juarez
adama	yeah, i think it's those two
diss\|learning	oh yea http://www.youtube.com/watch?v=27GmBzQWwP0
adama	i watched the first episode of it the other day
adama	i totally forgot there was a long version of the song
sartan	diss\|learning: this is why i hate youtube
sartan	that 9 minutes and 35 seconds could be summarized in probably 2 paragraphs and maybe a screenshot.
diss\|learning	wrong one
diss\|learning	http://www.youtube.com/watch?v=K2U-uzK3qJE
diss\|learning	yes
diss\|learning	and 3 years ago now that i look at it nm
diss\|learning	k
drkat	yeah
drkat	So i'd like to thank cisco for updating the Security track
drkat	assholes
hjohnson	so my eyesight is as good as it ever could have been corrected due to glasses
hjohnson	\o/
t0m0_	can someone explain to me the concept of 'conversational learning' with OTV?
n1nja	ACTION pokes Scrye
KickStarRabbit	tickles scrye
drkat	hmm
veers	t0m0_: OTV or fabricpath?
veers	t0m0_: either way it basically just means that the devices only learn MACs that are relevant to it (i.e. sourced or addressed to something plugged into it)
t0m0_	veers: OTV
KickStarRabbit	i just tried to join #outlook so I can bitch
KickStarRabbit	haha
xous	fuck outlook
t0m0_	So if unicast flooding occurs, a switch won't installed that MAC into the CAM unless it's directly connected to one of its interfaces?
veers	basically no reason an OTV edge router needs to have every MAC at every site in the mac table
xous	it's for noobs.
KickStarRabbit	i just deleted EVERYTHING
KickStarRabbit	I got a virgin outlook now
xous	leave it that way
veers	either the source or the destination
KickStarRabbit	ACTION is resisting the urge to pop my o-cherry
xous	I really gotta start reading my emails
drkat	heh
drkat	xous uses evolution
xous	ACTION uses google
KickStarRabbit	i am setting a rule for ALL email to trash
veers	so if I have 4 sites; and server A is talking to server B; then the switch at site A and the switch at site B will have the MAC of both in the CAM table; C and D's OTV ISIS process will just be aware but it won't install in those switch's CAM
veers	unless a server at C or D decide to talk to server A for example
KickStarRabbit	wow
t0m0_	ok
t0m0_	That makes sense
t0m0_	so the IS-IS process will have all MACs stored in its structures?
TimberWolf_	xous, emails are overrated
veers	if we were talking about fabricpath for example; none of the spine switches would have anything in the MAC table; only leaf switches
KickStarRabbit	I love Spam
veers	yeah OTV uses IS-IS to keep track of what MAC is where (like if you vmotion a virtual machine from one site to another)
t0m0_	ok cool that makes sense.
t0m0_	so in a FabricPath situation, the spine switches would just have topology information about other FP switches?
xous	TimberWolf_: I delete most of them
veers	yeap; they see fabricpath frames addressed to other switches so they don't bother to learn any of the MACs in the fabricpath frame
KickStarRabbit	xous you could be missing out on meeting the russian girl of your dreams
veers	just the source/destination switch IDs
t0m0_	ok cool
TimberWolf_	always make sure to setup a rule to delete anything marked priority
xous	KickStarRabbit: I could also have a 10ft wang
xous	and make $1000/day
veers	unless your default gateway's on the spine but then you're addressing stuff directly to it
KickStarRabbit	I like emails from Nigeria....there priority
xous	and look like I'm 20 when I'm actually 60
KickStarRabbit	i forward to CEO
TimberWolf_	don't forget that lifetime supply of free viagra
TimberWolf_	forward all priority emails to upper management
KickStarRabbit	i would like a 4 hour erection instead of my normal all day erection
xous	haha
xous	I made two companies look like fucking retards today
drkat	hmm
drkat	like they were fucking retards?
drkat	bad porno
xous	idiots were going back and forther playing the blame game
xous	then they tried blaming the network
xous	so the CEO comes to see me
xous	"WHY WONT THIS SHIT WORK?"
xous	"I NEED YOU TO FIX THIS SHIT!"
xous	(yes, he seriously talks like that.)
KickStarRabbit	reset the card!
xous	so I call up the server dick and ask him whats wrong
xous	"software idiots can't access the database server"
KickStarRabbit	powercycle the port
xous	so I get the details and log into the shit
xous	ping ip
xous	works
xous	open MSSQL Management Studio
xous	connect
xous	works
KickStarRabbit	hey does anyone wanna buy my CERJAC HDSL box
xous	wtf would we want with tat shit
KickStarRabbit	i think its got a adtran card in it
KickStarRabbit	the shipping would be more then its worth
xous	I'd want whatever bell uses for slams
xous	heh
xous	that'd be interesting for lab shit
KickStarRabbit	tin can and a piece of wire
xous	heh
xous	I'm not even sure if they know what they use
KickStarRabbit	there techs sure as wonder that too
KickStarRabbit	*hell
xous	yeah
xous	last time I called bell
xous	"I have no idea how this works"
KickStarRabbit	i am on hold with bell right now
xous	"your port is access
xous	and I'm like dude
KickStarRabbit	like 25 min and no answer
xous	my side is trunk
xous	I have 4 functional 802.1q vlans on it
KickStarRabbit	me:port you:trunk
drkat	no you dont!
TimberWolf_	ethernet slipter to 4 access ports
TimberWolf_	all the rage these days
drkat	qinq
xous	then I suggest maybe you are poping the tags on at the other end?
xous	"I dunno"
xous	calls me back an hour later
drkat	I'm gonna pop some tags...
KickStarRabbit	while I am on hold I am gonna do some head to head testing in my pants
xous	yeah it was in the canoga view
drkat	omg.. canoga
TimberWolf_	http://www.monoprice.com/Product?c_id=105&cp_id=10513&cs_id=1051304&p_id=1106&seq=1&format=2
drkat	canoga perkins bitches
xous	which is the cpe
xous	drkat: do you know how to break into that shit
xous	I got one
drkat	not break into one
xous	bell left it behind and nobody wants to be responsible to take it back
drkat	hmm
xous	so I'm like
xous	LAB TIME
drkat	shit I need a lab
xous	but I can't figure out how to reset it
drkat	might motivate me
xous	or default
TimberWolf_	have you tried a hammer?
xous	TimberWolf_: nope
TimberWolf_	hammers always seem to work well
drkat	hmm
cyberputz	ACTION crawls out of his grave
xous	hrm
xous	the one I got seems to go for 1k on ebay
KickStarRabbit	were you keeping the crypt keeper warm?
cyberputz	Haha
cyberputz	Sorta
newtmewt	sweet, your moron noc issue an outage KickStarRabbit
cyberputz	Been doing an intense QA cycle and then fucking with a VoIP lab at home for a few weeks, think I actually understand cme fairly well now.
cyberputz	Been too obsessed to irc :p
KickStarRabbit	newt thay did there best
KickStarRabbit	now hug it out
newtmewt	lol
TimberWolf_	ACTION sets cyberputz dial-peer hunt to random
cyberputz	Haha
KickStarRabbit	this bell south IVR keeps telling me to powercycle my equipment
newtmewt	lol
xous	KickStarRabbit: How do you like it?
KickStarRabbit	i hope it lets me leave a voicemail
twkm	it's always a joy to call "carriers".
TimberWolf_	sounds like earthlinks tech support
cyberputz	EarthLink still exists?
TimberWolf_	cyberputz, sadly
KickStarRabbit	"most technical issues can be resolved by a powercycle!"
cyberputz	Wow
twkm	i've been tempted to try to enter a mac address when asked for my phone number.
TimberWolf_	and every time i opena ticket with them they spend 4 hours trouble shooting the wrong circuit
xous	drkat: I rent to access to my lab. $10/h :P
freax	lab rats
twkm	KickStarRabbit: i've had that suggested. i agree that i'll powercycle my device if they'll do theirs.
freax	lol
cyberputz	Haha twkm
KickStarRabbit	you do me i do you twkm?? :)
cyberputz	uh
cyberputz	;)
twkm	i'll take the reach-around, if it'll get past level n-useful.
xous	twkm: haha.
KickStarRabbit	if the wrap around will get me to tier 3 then i am in !
twkm	(you learn to collect, horde and be careful with direct noc numbers)
xous	haha
newtmewt	haha twkm
KickStarRabbit	why cant I ping 11.11.1
xous	I just lie
xous	"Yep. power cycled it.
xous	Yep. just did it again."
xous	usually when I tell them I have a hard loop on the line
KingPowerCycler	i also love to re seat cables
xous	and they keep saying they can't see it and power cycle my "equipment"
KingPowerCycler	sumtin bout plugging in and out repeatedly
xous	it's called exercising the jack
KingPowerCycler	I love asking end users "are you up?"
twkm	i usually walk over to their mux or patch and disconnect ... "any alarms yet?"
drkat	lol
drkat	oh LOS?
drkat	yup found it
xous	heh
twkm	that's me power cycling. hang on while it boots. then go get coffee.
onefst250r	fun part about carrier gear is you can usually go take lunch
onefst250r	come back, itll be about done
twkm	if i actually power cycled have this shit it'd be an easy 20 minutes.
xous	or fucking supplier before scrye kept sending RG-58 instead of 734A
twkm	half.
onefst250r	yeah, carrier stuff does not like rebooting
xous	heh
xous	I got in to a huge arguement with rogers
xous	I see packet loss to the first hop
xous	WHERE IS IT?
xous	"i see no packet loss when I ping you"
xous	"i've connected my laptop direct to the modem. still packet loss."
xous	"get new modem"
xous	luckily the rogers place was literally accross the street
drkat	sure isnt the line condition
KingPowerCycler	co has an outage
xous	so I was like fuck it
drkat	heh
xous	got a new modem
xous	called back 10 minutes later
xous	still packet loss
xous	"nothing is wroong"
xous	"asked for a escalation. they said someone would call me back."
xous	two days later there is a rogers van outside the building as I'm leaving
xous	come back home and internet is fine
onefst250r	invoice is in the mail
xous	I call 'em back and said I wanted a 2 month credit.
xous	I got 1.
xous	wasting my fucking time and lying to me
xous	dicks
cosbycoin	dealwithit.jpg
cosbycoin	unless you have a competiter in your area
xous	I have several
xous	hell we are one
onefst250r	he IS the competitor
Harlock	shaw has always been really good with me with such issues
xous	I could sell myself a DSL
Harlock	no lying
onefst250r	yeah, get epik to pay for a metroe connection
cosbycoin	cox isn't as shitty as at&t is
xous	heh. I wonder if I could make enough to warrant lighting the building
Harlock	i had a weird periodic issue and they appreciated my rrd graphs
onefst250r	how much was the rogers circuit?
onefst250r	back to your office
cosbycoin	$65/m for 50mbs down 15/up
xous	eh?
xous	it's not point to point
xous	it's just internet
onefst250r	didnt you get a quote for ethernet back to your office?
onefst250r	or was that from a different carrier
xous	bell in this area is like $650-1k for 100
onefst250r	ahh
onefst250r	so find 10 nerds in the building, each chip in 100
xous	that would involve knowing my neighbours
xous	haha
onefst250r	good point
onefst250r	put up a flyer in the common area?
onefst250r	"Sick of ROgers? Better call xous!"
xous	haha
xous	I know our sales dicks
xous	they'd take that cost and mark it up 30%
onefst250r	well
xous	I know someone else that can do Bell L2's though
onefst250r	thats why you just tell them that its a backdoor into your network for DR reasons
xous	maybe I'll get him to do a quote for shit
xous	onefst250r: and I need a 100MB EVC instead of a 10 because?
onefst250r	need to sell it to you for 0 markup
onefst250r	because configuring routers from the cli requires bandwidth
onefst250r	duh
xous	haha
onefst250r	better latency if the packets get serialized faster
xous	faster repair amirite
xous	haha
onefst250r	exactly
Harlock	$650-1k for 100 to where
xous	back to our colo
Harlock	like a leased line
xous	yeah
xous	L2
xous	Ethernet
Harlock	not metro-e
xous	it's dedicated
Harlock	that is not bad
xous	it is for home internet
xous	haha
Harlock	it's not even internet
xous	well yeah
onefst250r	Metro-E; the ethernet that spends lots of time in front of the mirror
xous	I'd borrow some of our existing transit
Harlock	how far it is?
xous	google says 4.3k by car
onefst250r	what is this "k" thing you speak of?
xous	km*
onefst250r	didnt you say it was like 11 blocks?
xous	that's to our OFFICE
Harlock	is it sm fiber?
xous	why would I haul it there just to haul it back to front anyway
xous	also the office only has a DS3
onefst250r	would it be shorter to the pop?
onefst250r	oh weaksauce
xous	and we have customers there
onefst250r	who the fuck uses tdm for office stuff?
xous	it was cheaper
onefst250r	cheaper than ethernet? really?
xous	and some asshat signed a contract saying we need $x number of ds3s
onefst250r	MLPPP a few of them together then :)
xous	I think our contract price is like $600/mo
onefst250r	per ds3?
Harlock	i should get some quotes myself
onefst250r	thats not bad actually
Harlock	i'm not liking the metro-e
onefst250r	who's the provider?
xous	bell
xous	fucking dicks.
onefst250r	harlock
Harlock	telus
xous	telus sucks balls
Harlock	we in a contract though
Harlock	they did the fiber builds
xous	heh
xous	we have a customer maxing out one of the bell circuits
xous	'oh noes when we go over 10Mbit/s shit gets dropped!"
Harlock	one of the builds was a mile too
onefst250r	how much bandwidth?
Harlock	right now we have 10m at each site on metro-e
onefst250r	Harlock: lots of providers will just bury build costs in the monthly nowadays
onefst250r	most situations it works out better for them anyways as it gets more fiber they can sell to other customers
xous	always nice to have the first client cover the costs though :PO
Harlock	if i can get 100m dedicated for $1k each that would be much better
onefst250r	you're paying more than that now?
Harlock	around 1k for each site
Harlock	4 sites
onefst250r	for 10m?
Harlock	ya
onefst250r	jesus
xous	where?
Harlock	edmonton
onefst250r	do they at least give you a reacharound?
Harlock	it l3 metro-e and they can't even set it up the way they said they were going to
xous	breach of contract
xous	find new provider :P
Harlock	i'm sure they can get away with correcting the problems
onefst250r	force them to sell you dark for hte same price :)
Harlock	one link is quite long though
Harlock	would be
xous	so
xous	20km/40km optics aren't that bad
Harlock	dunno if that impacts pricing
onefst250r	if its only gige, you can get like 120km
onefst250r	even more if its decent fiber
xous	if it's dark why not go 10G :P
onefst250r	there is that too
eirirs_	I love discovering lots of dark fibers
eirirs_	"whoohoo, where's it going to..."
xous	just pay for another dark strand to some place with cheap transit
xous	sell the rest of your buildings to cover costs
eirirs_	lol
Harlock	it's 21k by road
onefst250r	easy peasy
onefst250r	probably 30-40 by fiber
drkat	fuck i gotta go to bed
drkat	cya
Harlock	ya 3 dark links from 3 sites back to a forth would be nice
Harlock	fourth
Harlock	mesh would be nicer but i don;t think we need to jump that ditch
Harlock	wouldn't get much benefit vs work and cost
dissolve	sdf
Harlock	self defence force
terabit	http://bit.ly/1kaRg5R
terabit	ACTION thinks he'll stick with iptables :P
xous	hah
xous	I can't figure out why this 10G shit gives input errors
xous	one link didn't like SMF
xous	so I used that blue shit
xous	that worked
xous	other think. nope..
xous	other link*
xous	same optics same distance
freax	sdf.lonestar.org
freax	XP
xous	hrm
xous	so should I go back to the colo and move some cables around
blackOff	that really $260,000
blackOff	actually pretty good looking specs
blackOff	super expensive for only 10,000,000 friends
blackOff	8,000,000 foes
xous	eh?
xous	you still talkin' nonsense?
Oliber	talkin crackah
xous	so I wonder if I should do something silly.
Oliber	yes.
xous	How silly?
blackOff	less masturbating, more abstract
xous	da fuck you talkin' about willis?
drew__	260k for what
blackOff	some bad ass ASA
drew__	LOLOLOLOLOL
drew__	260k for a fucking firewall??????
xous	probbably has 40G interface
blackOff	10g
blackOff	xous, willis is dead
blackOff	found that out last year
blackOff	i thought he was still acting, been dead like 10 year
blackOff	s
xous	hrm
xous	dis rapid spanning tree shit isn't so rapid heh.
xous	I lost about 30 packets when I just did a test.
FungiFox	xous: they are over here
hkkl	xous: most likely you haven't configured it correctly :)
xous	probably not
xous	I just did spanning-tree mode rapid
xous	BE FASTAR
hkkl	:)
MyssT	30 packets is nothing if you're doing 100k/s to 1m pps on the interface
hkkl	xous: all edge ports are correctly set and no compability modes etc?
xous	no
xous	there are a few more switches that aren't configured for rapid-pvst/don't support it.
zamba	looking at 'sh int trunk' output, what's the difference between "Port Vlans allowed and active in management domain" and "Port Vlans in spanning tree forwarding state and not pruned"?
xro	Hi, i need a confirmation. I have 1 HSRP group with many standby IP inside (many VLAN gateways). If i add an interface to a HSRP group, there is no way to loose connectivity during the configuration? i mean active standby won't change?
Symmetria	https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-prn2/t31/1504173_10152016875370528_1023968795_o.jpg <=== do they look hungry enough to feed a vendor to them?
Lalufu	Symmetria: they're males. You want female lions.
Lalufu	lionesseses.
hkkl	well, if you kill, or incapacitate vendor first, i guess male lions will bother eat it
kuahara	ok, so plugging in the db9 to usb adapter into this pc results in windows detecting a com3 device: "Prolific USB-to-serial comm Port", but it is unable to install the driver for it automatically.
kuahara	is there a special driver that needs to be installed to be able to use these?
Baluse	hello
Baluse	http://i.imgur.com/MjtBJ7C.png
Baluse	what does this mean ?
Baluse	I mean I dont get rj45 pin numbers
bhuddah	what do you really want to know?
kuahara	heh, someone called it yesterday
kuahara	this stupid cable is a fake
Someonefromhell	kuahara : I have a prolific cable as well, works fine
Someonefromhell	well, prolific-based tbh
kuahara	the one I bought gives me error code 10, device failed to start
kuahara	the prolific software that tests it fails to open a com port every time
kuahara	there's a driver installed for it
FrFluffyBottom	what OS?
kuahara	win 7
kuahara	This is the one I bought: http://www.ebay.com/itm/380793906388?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649
kuahara	he's 99.2% positive feedback with almost a half million reviews.
kuahara	think I'll just contact him
FrFluffyBottom	Do you knwo if it's PL2303 based?
Someonefromhell	mine looks like that as well, different color though
kuahara	it says 2303 on the db9 end of the cable
FrFluffyBottom	I've had mixed success with them - more luck in OS X than Windows; if you have a mac try that with hte PL2303 driver
FrFluffyBottom	eliminate a system issue at the very least
kuahara	I don't have a mac
kuahara	I'll get a mac when the job absolutely requires it and alternatives are unacceptable
FrFluffyBottom	ACTION owns both a pl2303 clone and a keyspan device - teh keyspan is far more reliable and the drivers work on every system i've tried
FrFluffyBottom	cost a lot more, but worth the avoidance of headaches
kuahara	that really sucks. all of that other equipment arrived today and I can test none of it
FrFluffyBottom	Do they not have USB console ports?
kuahara	the 2821 router has 2 usb ports right next to the console port
FrFluffyBottom	yeah sadly 2800 doesn't have usb console
kuahara	there's a 2821 and 2801 router
kuahara	and 2x 3550 switches
FrFluffyBottom	Depending on what country you're in you cna buy 2303 in highstreet shops - in hte UK you can go to Maplin and they sell them; could test and return if it also doesn't work
MyssT	I'm using pl2303 driver version 1.4.17 with my cables, they're also supported under linux so just boot a live cd?
kuahara	I have the windows driver
kuahara	I think the cable is just defective
kuahara	or doesn't work because it is a fake
MyssT	it's true there are fake chinese pl2303 chips in some cables but they do work with older drivers you just have to get the right version
Baluse	http://i.imgur.com/MjtBJ7C.png I dont get the numbers
Baluse	at rj45 side.. are they in order or the pins ?
kuahara	mysst any idea where I might find an older one
kuahara	the ones I've finding are labeled v1.9, but when you open the pdf that comes with it, it says for windows it is v3.4
bhuddah	Baluse: i suggest getting a real cable and dissect that. rj-45 pins are numbered from one side to the other 1..8
Baluse	i did it and doesnt work
Baluse	i mean 4,3,2,7,8,5,6 mean the pins at rj45 ?
kuahara	someone posted that the fake ones work with this specific driver version. Installed it... device still doesn't work.
bhuddah	Baluse: http://www.cisco.com/en/US/docs/routers/access/hardware/notes/marcabl.html#wp54949
MyssT	kuahara: I give no guarantee or warranty on this file! it may or may not cause bouts of insanity or genital warts... http://gs2.futile.net/IO Cable_PL-2303_Drivers - Generic_Windows_allinone_PL2303_Prolific_DriverInstaller_v1417.zip
kuahara	The requested URL /IO was not found on this server.
kuahara	oh
kuahara	there's a %20 missing in your url =o
kuahara	still doesn't work. this time it changed to error code 1
kuahara	"The system cannot find the file specified".
Baluse	it isnt cisco though
xro	Hi, i have a very strange behavior on a 6500. I have a port channel with 2 members. The allowed vlan list is different on the Po and on the interfaces (don't know how it is possible).... When i do a sh int xxx switchport i see the list of trunking vlan configured on the Po (there are less vlan on the interfaces). Do you know this problem? is there a way to correct it without any loss?
Someonefromhell	kuahara : let me clone the driver cd I got and up it
Someonefromhell	kuahara : http://www.bnb.gr/prolific_drivers.zip
xro	If someone already met my problem, can you just give me an input in PM (lunch time)... thank you!
kuahara	Someonefromhell, thanks. downloading now
kuahara	Someonefromhell, tried the installer located in: prolific_drivers\12.02.1089\Windows first, but still error code 1. Will uninstall and try the others as well.
kuahara	also tried the installer located in: prolific_drivers\12.02.1071_12.02.1072\Driver_Release Note64_7840\Version1.3.10.0\Win64
kuahara	same error code
kuahara	That last one I tried appears to come with something called MultiImp. Ran that and clicked Test, it says no high speed usb multiserial devices detected.
wfq	Hi guys
wfq	a few months ago I bout a cisco ASA 5505. They guy who is now setting it up said that I need what is called DES
wfq	could anyone please advise what's the shortest way to obtain this?
Forge__	you do the 40 year old encryption dance
wfq	Forge__ was that for me?
Forge__	yes
Forge__	go here https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
Forge__	I'm guessing this is what you need
wfq	Forge__ thanks. I will register first. I can guess that on the registration process I will be asked for any ide number identifying my hardware otherwise how would I obtain the license that I need
Forge__	yes you need the serial number of your asa
eirirs_	lol
eirirs_	oh, nvm
wfq	thanks a lot Forge. In the middle of it.
eirirs_	I just read that this way:130215 < Forge__> yes you need the serial number of your ass
Forge__	eirirs_: that too
Forge__	wfq: I'm doubting the comptency of the guy configuring your asa if he can't obtain that license himeself
Forge__	it's free now, I was a paid for license historically
eirirs_	free? asa license?
eirirs_	thats new to me
wfq	Forge__ to be honest I am wondering the same given that I found how to do it in a couple of minutes - Of course I came here to ask but at least I know where to ask :)
Forge__	eirirs_: for strong encryption - 3DES/AES License
eirirs_	ah
RedShift	hi guys
RedShift	can you make BGP selectively annouce routes based on ip track?
RedShift	(using ip sla checks?)
Forge__	sounds like something I've let the routing protocol do
Forge__	you could do something with eem
Someonefromhell	depending on your design, yes
Forge__	but sounds like you're hacking something
Forge__	and going to cause yourself pain
Someonefromhell	if you've got nullroutes for them ( if they're aggregates ), you can tie the rtr to a track to the static route
RedShift	well the situation is, two WAN links, both dynamically configured (DHCP)
Someonefromhell	or you could just give up on setting up a somewhat manual kind of hell, and go to automatic hell ( pfr )
RedShift	I put one WAN link in VRF A, and one in VRF B
RedShift	now I need the 0.0.0.0/0 route to be injected in the global routing table, depending on which VRF has internet (A or B)
Someonefromhell	you can do that with what I said ( tie the static to a track to an rtr ) but it's not really what I'd call good design...
RedShift	how would you improve on this?
Someonefromhell	I'd have to know more details and the requirements...and I'm too busy for that at the moment :p
RedShift	just two ethernet cable modem connections... two ethernet interfaces on the router
gsmfax	anyone knows the best choice router for installing viop module for callshop?
mAniAk-_1	does packets dropped by policing on a 7600 show up as output drops?
void64	It may or may not, depends on how the software interacts with the asic, but you should see them in viewing the service policy on the interface
nieros	morning gents
oister__	yo
mAniAk-_1	void64: yeah I can see drops by the policer in sh policy-map, but do they show up as output drops on show interface or not? asking because some traffic in the a queue is policed, other is not, queue shows output queue drops
Bejgli	mAniAk-_1: check sh queueing interface
twmjr	mAniAk-_1: in general, the answer to your question is yes...it's possible it won't, but it's generally true that policer drops will appear as output drops...
mAniAk-_1	Bejgli: yeah it shows drops on one queue, though is that drops after the policer did its thing or does it include the police drops
Bejgli	mAniAk-_1: compare it with sh policy-map interface, that should should show policer drops only
mAniAk-_1	Bejgli: fika now but ill check, iirc sh policy showed hem in bits, sh que in packets
void64	Wow, every college I deal with… their internal networks are a disaster… and they wonder why they have connectivity issues
void64	gee, a public facing /19 on an Ethernet interface, what could possibly go wrong
GraNNy-	void64: who exactly wants to get paid crap that's any god?
GraNNy-	good
mynd	I have a feature request from a receptionist: she wants to be able to dial a number and before the call is connected transfer to another internal extension. Any ideas? Looking at the softkey template on CUCM under "Ring Out" I don't see a transfer option
hkkl	bleh, yet another guy from tech department resigned.
hkkl	that'll be fifth in 3 months
bamsefar	hkkl: How many left?
bamsefar	are left*
hkkl	ei guess ~20
bamsefar	Ok
bamsefar	So in another year..
hkkl	managed services team has been worst, it has halved
hkkl	guys left are bit overworked
bamsefar	hkkl: I can imagine
hkkl	well, i'd really like to switch jobs too
pffs	Rats from a sinking ship?
hkkl	well, i haven't heard about our last years revenues, but last indication was that we had growth, and quite much growth in profit, but both were lacking off budgeted.
mynd	hkkl: at the last gig, my whole team (albeit only 6 of use) left within 8 months of each other
hkkl	i guess market wasn't that easy last year though.
mynd	and they didn't hire on at a 1:1 to replacement
bamsefar	hkkl: Where do you work?
hkkl	AS29422
GraNNy-	hkkl shows how cool he is by using an AS :)
hkkl	haha
GraNNy-	AS6461 babeeee
mAniAk-_1	4 number as
hkkl	'my as is so large, oooh'
mardraum	oh here we go
mAniAk-_1	you guys suck
mAniAk-_1	:>
GraNNy-	well, i did work for a 3-digit once
GraNNy-	long time ago
GraNNy-	but never a 2 or a 1
hkkl	i've been at 6667/790
GraNNy-	i remember two of my AS's and that's about it, i'd have to look up the rest
mAniAk-_1	Bejgli twmjr guess ill have to put it another queue to find out
KenMatlock	lowest I've worked for I think was 3149
mynd	i've not worked at a company with a number :-(
pffs	I have no idea what our AS is
hkkl	i always forget current employers 4th as (we also have 13276 and 33935), and 33901 we gave back to ripe at some point
pffs	hkkl: it's easier for profits to go up if you no longer have employees
hkkl	pffs: true!
mynd	pffs: should be able to find it using one of your external IPs and robtex.com
hkkl	fourth one is 34484 it seems
pffs	mynd: yeah I can look it up if I wanted
pffs	just haven't had any reason to dick with that particular router
hkkl	hmmh.
hkkl	can i import routes in ios-xr with set clause 'as-path tag'
hkkl	seems that i would need to do that for customer
wfq	how long does Cisco usually take to send a license? I'd swear I read in the screen that it would be sent within 1 hour
garrettskj	wfq: lol no
wfq	garrettskj, sorry what? you mean that this takes a bit longer doesn't it?
garrettskj	yep.
hkkl	hmmh, it seems that 'prepend as-path' would be the command to use, but it seems to me that it don't have direct key word 'tag' or similar
hkkl	hmmh, so i would need to hardcode as-number to prepend, not really problem as this is single user case. but but, not scalable!
pffs	I was under the impression that as-prepend tends to be a poor solution as not everyone honors it
pffs	I think ATT strips all duplicate ASs in the path
hkkl	http://hkkl.fi/~hekkuli/match-tag.txt
hkkl	with that, route that matches prefix-list and has tag 13276 would be advertised as 29422 13276, not 29422
hkkl	ie. we are originating customers routes from his as-number
kmcelroy1	wait, what?
kmcelroy1	i walked in halfway :P
hkkl	i'd like to get that config as generic as that from ios to ios-xr :)
KenMatlock	are you trying to prepend AS numbers that you don't own?
KenMatlock	maybe I missed something :)
kmcelroy1	i missed a lot i think
hkkl	yes, and no. i'm not trying, i'm doing it, and we are prepending prefix with customers as number as he doesn't bother with bgp
hkkl	(and we are prepending few prefixes with another of our own as-numbers)
kmcelroy1	he doesn't have BGP, but you are adding his AS?
nieros	prepend all the thinnnngs
kmcelroy1	seems odd
kmcelroy1	also seems pointless
VlanX	anyone familiar with NAT1:1 here?
garrettskj	ask away VlanX
hkkl	well, the prepend to our own prefix isn't totally pointless. and customer doesn't want to originate his own prefix from his liiittle internets, and parts of the network are routed to different places
hkkl	i guess it's good to 'show' that as-number is in use, so ripe doesn't try to take it back :)
hkkl	(no, not common config :)
VlanX	I have a cisco 877 behind a router that is not accessible (my ISP's modem) and I'm trying to understand if I can get my 877 to the internet with NAT 1:1 to be able to receive crypto requests from another router that's willing to initiate a tunnel
kmcelroy1	if they don't use the AS number, RIPE should take it back
hkkl	they are using it, their prefix originates from it!
garrettskj	VlanX: only if you use certificates...
hkkl	by us sure, but it still is.
garrettskj	VlanX: cisco doesn't allow for hostname isakmp identity with PSK
kmcelroy1	except they really aren't using it
VlanX	garrettskj: who's talking about hostnames?
kmcelroy1	you aren't supposed to get your own AS unless you are multihoming or are an ISP
garrettskj	VlanX: I am..
kmcelroy1	they are limited
hkkl	kmcelroy1: well, how can you tell they aren't using it in internal use?
kmcelroy1	so it is really dumb for them to keep one they aren't using
garrettskj	VlanX: because you can't do IKE identieis behind NAT
kmcelroy1	you can use private internally
hkkl	not necessarily
VlanX	garrettskj: not even 1:1 ?
garrettskj	neg, the router still reports it's own IP address in the IKE negotiation
kmcelroy1	if they aren't multihoming or an ISP, they do not require an AS and are not following the rules
garrettskj	the way around that, is to use "Crypto identity hostname"
kmcelroy1	which causes issues for people who actually need AS numbers
kmcelroy1	it is no different than the douchebags that squat on IP blocks
hkkl	kmcelroy1: they can be multhomed to single provider too
garrettskj	but that command isn't "listened to" without using RSA-SIG
hkkl	and for LIR multihoming isn't requirement
garrettskj	sooo as long as you are doing certificates, you can have it behind the 1:1 nat and have it work.
hkkl	also public-as needed if you ever really want to change upstreams without problems
VlanX	garrettskj: Is there any tutorial for this?
kmcelroy1	yea, they don't need an AS
kmcelroy1	i hope RIPE takes it baclk
arcsky	BFD does it take much processes if i enable it ?
hkkl	imo they need
garrettskj	alternatively, if you're setting up a vpn to a third party provider, some of them have the provision to change the IKE peer manually.
garrettskj	i know that sonicwall, palo alto, and F5 can do that.
kmcelroy1	BFD is fairly light on resources
kmcelroy1	hkkl: well, your opinion is wrong so far, you haven't given an actual reason for them to need it :P
arcsky	kmcelroy1: thanks
kmcelroy1	just, well maybe they might need it, or they kinda might want it some day
drkat	any logical reason ot use no ip route-cache?
VlanX	garrettskj: yeah I could set up a third party server
garrettskj	VlanX: check this, https://learningnetwork.cisco.com/thread/42476
garrettskj	hrmm.. looks like if you force agressive mode, it might work.
kmcelroy1	drkat: you used to have to do that to use certain troubleshooting, it had to be punted so you could see it, but otherwise in production, no
garrettskj	follow that and tell me if it works. ;)
kmcelroy1	it basically just stops it from using CEF
drkat	yeah I was wondering why these 3550's had no ip route-cache on it
drkat	i knew it turned off cef, but
kmcelroy1	if it is in layer 2 mode, it is normal
nieros	groce
drkat	?
kmcelroy1	if you have ip routing off
nieros	3550s aren't really layer 2 switches are they?
nieros	oh I see
kmcelroy1	sh run \| i ip routing
kmcelroy1	if you see no ip routing, it is layer 2
drkat	not it has routing on
VlanX	garrettskj: Damn, this shit is hardcore
kmcelroy1	then you should try to turn route-cache back on, unless there is a limitation to the switch, can't remember for sure
hkkl	kmcelroy1: but that really doesn't solve the other situation i commented, that we originate in .fi network some prefixes with international prefix
drkat	but having no ip-route cache turned on a layer 2 device makes no fucking sense anyway..
drkat	meh i digress
drkat	lazy ass engineers
drkat	CCNP = Cut Copy N' Paste
hkkl	and we don't have any routers in .fi on that as
hkkl	(most of this shit is from multiple mergers :)
kmcelroy1	drkat: it does it automatically on layer 2, likely just part of the IOS layout
drkat	yeah, but this isnt a l2
drkat	i could understand some automatic output
kmcelroy1	i gathered that
drkat	good.. :)
kmcelroy1	mainly by when you said it was layer 3
kmcelroy1	but you said it doesn't make sense on layer 2, i explained it is automatic
drkat	K
kmcelroy1	so you have no choice in that instance
drkat	i got it now
drkat	so who wants some snow?
drkat	I have about 7 inches of it
kmcelroy1	i kinda do
kmcelroy1	right now it is just dreary and dead around here
drkat	I need some fucking quiet time, this work at home shit is nuts
kmcelroy1	throw your kids outside
KenMatlock	dude, you got snow outside, make the kids get dressed and go play in it, or better yet, shovel it
drkat	not my kids really
drkat	KenMatlock fuck that.. I dont shovel snow
KenMatlock	no, make them shovel it
KenMatlock	that's what kids are for, cheap slave labor
drkat	hmm
kmcelroy1	kids are legal slaves, you didn't know this?
drkat	whos gonna watch the kids outside?
kmcelroy1	no one
kmcelroy1	you just let them knock it out and hope they don't die
drkat	so my 1 yr old is gonna go out and shovel snow unsupervised?
KenMatlock	you got windows?
kmcelroy1	survival of the fittest man
KenMatlock	yep
kmcelroy1	they figure it out
KenMatlock	:P
drkat	lol
KenMatlock	the 1 year old probably needs a nap, kick the rest outside :P
drkat	she's stopped napping :(
drkat	damn kids
kmcelroy1	not if you have whiskey and some nyquil!
drkat	and my 7 yr old is sick
KenMatlock	ha! :)
kmcelroy1	that is the nap maker
drkat	and now my wife is sick and groaning over her stomach
drkat	like wtf..
drkat	the doctor needs to prescribe a little bit of man the fuck up
kmcelroy1	drug your wife and bang her, drug the 1 year old, throw the other kids outside
kmcelroy1	problem solved
drkat	http://files.sharenator.com/man_the_fuck_up-s500x347-231154.jpg
drkat	hilarious - http://global3.memecdn.com/man-the-fuck-up_o_1446277.jpg
Dalton	nice
kmcelroy1	http://www.zdnet.com/opendaylight-open-source-software-defined-networking-gets-real-with-first-release-7000025976/
kmcelroy1	interesting
drkat	so i told my wife to man the fuck up and well..
drkat	not a good idea
mynd	drkat: ha!
mynd	she give you one of them there "stern" looks
kmcelroy1	should have done what i told you
drkat	rape..
drkat	always the answe
drkat	*answer
kmcelroy1	drug and bang and she will be reasonably quiet and happy
drkat	so she pukes on me
kmcelroy1	doggy man
mynd	lol
kmcelroy1	puke the other way
d00n	sweet rainbow shower. normally got to pay extra for that .
drkat	on my versace bed sheets?
kmcelroy1	who said in bed
mynd	drkat: put downa few towels
kmcelroy1	just put her head in a bucket and knock it out
drkat	giggity
drkat	a bucket full of her own vomit
drkat	thats umm..
drkat	sick
kmcelroy1	make the kids hose it out
kmcelroy1	gives them something to do
mynd	only after they shovel
drkat	shit, mix it in the blender and feed it to em
kmcelroy1	nah, then they puke
drkat	we aint rich round here
kmcelroy1	pain in the ass
drkat	fucking snow
kmcelroy1	whiskey nyquil cocktails all around
drkat	shit i should take one
drkat	best sleep ever
mynd	drkat: you got like 7" of snow, eh? get a good layer of ice on top it?
drkat	so I'm going to install win7 on this desktop I hope its supported
drkat	mynd nah.. nice layer of ice underneath it
mynd	think the news said 7" here as well, but with ice on top
drkat	So I found a Dual Core in the garage
drkat	but it has vista on it
drkat	i dont do vista
drkat	my 24" monitor should be here this week so Im gonna put this PC in, put together my computer desk, throw my old desk out and get a keyboard and mouse and have a nice clean setup
drkat	sitting here on this 12.5" laptop really is hurting me ergonomically
gewt	heh
gewt	weather means my appointment is cancelled
tanner	mynd what does your receptionist want to do?
drkat	all of it
mynd	tanner: she wants to be able to make a call and while it's still ringing, transfer to another internal extension
tanner	mynd so transfer an active call, and complete the transfer before the other end answers?
mynd	not quite
mynd	the call isn't considered active as it's still ringing
razorz	Hmm wonder how portable the config from an ASA5510 would be to an ASA5515X
tanner	mynd okay, so she wants to transfer the call ringing to her to another line
mynd	picks up phone, dials a number, before they answer, she transfers it
mynd	she initiates the call
tanner	I don't follow, what is she transferring if she is initiating a call
Chyros	disconnect
mynd	how i understand it is: she calls an outside number for another user, while the phone is still ringing, she transfers it to the user's phone
mynd	why the other user just doens't make the call, i'm not sure
tanner	gotcha, so she's effectively dialing for someone else
mynd	yea
tanner	mynd possible with CTI or some other custom app; nothing native to do that
drkat	yet her key system did it..
mynd	i've not done much with CTI's and nothing at all with a custom app
mynd	drkat: yep
drkat	wtg cisco
tanner	mynd that's why my company exists; we do just these kinds of things
mynd	tanner: so did you read the whole back log? or do you have hilights for specific words?
tanner	highlights
tanner	anything voice related
mynd	makes sense
mynd	i don't even know what to search for me to start looking into it
tanner	mynd you'd really want to already be familiar with cisco CTI programming and the like
mynd	i've looked into custom softkeys, but that doesn't seem like it'd end up doing what i want
tanner	mynd you might also consider putting the line on her phone as a shared extension, let her dial and put it on hold. the other person should be able to answer it, but they have to pick up manually
mynd	hmmm
mynd	what about call park?
tanner	you could do that
tanner	but the person has to manually call the park number
tanner	sounds like she wants to dial and cold transfer when the other end answers?
mynd	can you put a call on hold before it's answered?
tanner	nope
drkat	why cant she just take the fucking call?
mynd	she wants to cold transfer before the other end answers
drkat	shes a receptionsit
drkat	receptionist
drkat	thats what she DOES
tanner	mynd If they really want it, I could mock it up and have something by EOD. but they have to pay for it :)
mynd	drkat: she's transferring an outgoing call that she makes
drkat	outgoing?
tanner	drkat she is making a call for someone else, effectively
mynd	tanner: I'm not sure my boss lady will go for it
drkat	call comes in, notices its so and so, while still ringing transfers to an external line?
drkat	or did I miss everything
tanner	mynd pitch it, you never know, they might want it bad enough =)
drkat	just tell boss lady to cut a check
drkat	did you witness the functionality on the previous key system?
worstadmin	Is there a way to just show interfaces with errors (reset/drop counters)
drkat	show int \| include err\|drop\|whatever
worstadmin	but then I dont know the interfaces
mynd	drkat: i did not
drkat	mynd god I hope the end user isnt imagining things
mynd	i think the reason the receptionist dialed for others before was the call restrictions that on the key systm
mynd	the local IT support told me about it first, so I tend to believe
drkat	oh ok
drkat	welp network warrior was boring me to death
kmcelroy1	that good huh?
drkat	oh yea
drkat	kinda hard to get into route redistribution and shit when I have no need for it ;)
mInrOz	Hm, doing som NAT labing and im having problem to get router2 to answere.
mInrOz	I think i got it working out from the internal network and it is hitting router 2
drkat	?
drkat	IOS or ASA?
mInrOz	But router 2 cant respond to the ping
mInrOz	IOS
drkat	kmcelroy1 I've also realized the last IOS router I was in was like 2 years ago
kmcelroy1	fun
drkat	ASA is very popular
drkat	heh
drkat	it slices, it dices
drkat	its the ASA!
generalshenaniga	traffic goes in, traffic goes out, you can't explain that!
E1ephant	I need help
mInrOz	generalshenaniga: lol'd
mInrOz	config: http://pastebin.com/8JPnxkjg
mInrOz	Should work right? Or?
twmjr	mInrOz: you have a typo in your "nat inside source list" :)
E1ephant	somehow, I am losing my precious netflow bits between a cat6k and nfdump. I see flows under "show mls netflow ip"
E1ephant	they don't make it to nfdump :\|
twmjr	the list name is not your acl name
mInrOz	twmjr: .... lol
mInrOz	didnt see that
E1ephant	https://gist.github.com/lkmhaqer/8826240
mInrOz	twmjr: Ok now i got that fixed :) But it is stil timing out on the pings
mInrOz	I can see the ip nat translations tho
twmjr	sure it's a NAT problem? Can you ping the destination sourced directly from your F0/0 IP?
mgeorge	looks like new cases are coming forward where the NSA has violated attorney-client privleges
mInrOz	Yup
mgeorge	this case is sure to get the attention of every layer in the country
mInrOz	twmjr: Pinging from the Router directly to the other router is no problem
mInrOz	But pinging from the "internal" interface failes
KenMatlock	mgif by 'attention' you mean 'apathy' I agree with you :P
KenMatlock	mgeorge: if by 'attention' you mean 'apathy' I agree with you
twmjr	mInrOz: pastebin the nat trans? I just threw it into a gns3 setup, basically an identical config, and it works as expected
mInrOz	hm, im doing it with Cisco Packet Tracer
mInrOz	just got an error when i did it in GNS3
mynd	tanner: found another way to do it
twmjr	wonder if packet tracer doesn't handle the NAT properly when its sourced from a local intf on the router...don't have access to it so can't test that
mynd	tanner: user calls receptionist, she answers, they tell her what number, she then presses transfer, dials the number, then transfers the call
kmcelroy1	packet tracer is buggy
mynd	i think that should do it as wlel
drkat	hmm
mInrOz	twmjr:
drkat	brilliant!
mInrOz	% NBAR ERROR: symbol addition
mInrOz	% NBAR Error : Activation failed due to insufficient dynamic memory
mInrOz	% NBAR Error: Stile could not add protocol node
mInrOz	%NAT: Error activating CNBAR on the interface FastEthernet0/1
mInrOz	thats the error i kept getting on GNS3, if i increased the ram the router whouldnt start
mInrOz	twmjr: But ok i configured NAT correctly... do i need to do something specific to the other router to make it respond to ping?
twmjr	if it responds to ping when sourced from f0/0, looking at your NAT config I see no reason it should not also respond when sourced from F0/1 (or a theoretical host sitting behind it)...my guess is your config is fine & there is something funky with packet tracer
mInrOz	twmjr: Hm ok... hope so, got my CCENT exam this friday :)
mInrOz	Thanks for the help
Riker0x00	b11d
drkat	ahh.. certifications the only motivator for labbing
ciscotree1	if i block countries by GEOIP in an ASA, can our internal traffic still reach those servers if there was a website hosted on an IP that falls under that country block?
void64	ciscotree1: I would assume not
void64	ciscotree1: wouldn't the return traffic be dropped?
ciscotree1	that's what i assumed too
ciscotree1	but if there is an existing connection, do the ACLs even get checked?
twmjr	mInrOz: sorry...I just re-looked at it...
ciscotree1	assuming it was intiaited from the inside
twmjr	mInrOz: ip nat inside source list inside_nat interface FastEthernet0/1 overload <== you need to ref your WAN interface prior to "overload" ... this should read: ip nat inside source list inside_nat interface FastEthernet0/0 <=== overload
twmjr	the interface you specify there is the interface it will use the NAT the traffic to
Riker0x00	b11d``
ciscotree1	void64: just found this: Cisco ASA will first verify if this is an existing connection by looking at its internal connection table details. If the packet flow matches an existing connection, then the access-control list (ACL) check is bypassed, and the packet is moved forward.
b11d``	hi
mInrOz	twmjr: oh... stupid mistake. Will try it out
twmjr	mInrOz: with that change, your exact config dropped into a GNS3 router works...so hopefully packet tracer does as well :)
void64	ciscotree1: yes, that's an EXISTING connection, thats normal
Mochit	Hi
void64	ciscotree1: but if it's a new connection out, I don't think the ACK would be allowed back
mInrOz	twmjr: yay
void64	ciscotree1: so I don't think the connection would setup
mInrOz	thanks it works :D
tanner	mynd that works. still incredibly stupid
tanner	mynd sounds like a terrible workaround for an old system
twmjr	np...glad I double checked...
mynd	tanner: the reason they did it before was due to call restrictions and access codes
tanner	mynd yeah
tanner	mynd make it so they don't need to =)
ciscotree1	void64: hmm, i guess its something i need to test. I would assume the connection would be setup if it was initiated from the inside. the returns packets should be allowed. even the initial ACK
ALucas	I hate natting on the new IOS version
kmcelroy1	if initiated from the inside, the reverse path will be allowed
kmcelroy1	assuming it is allowed from inside to outside of course
mynd	tanner: apparently, the workers have been caught, on many an occasion, just chilling on the phone and running up the bill
mynd	that's why they implemented passcodes in the legacy system
ciscotree1	kmcelroy1: even if there is an ACL blocking the IPs that were connected to fromthe inside?
twmjr	ciscotree1: that's how it should work..."existing" I believe includes only a SYN sent out and waiting for response, presuming it was allowed to begin with
tanner	mynd gotcha. still, must be a better way around it
garrettskj	ALucas: don't wine. adjust ;)
kmcelroy1	ciscotree1: i think you are missing some words in that statement
mynd	tbh, it's more of a policy issue and not a technilogical issue
tanner	yeah
ciscotree1	kmcelroy1: haha if i was blocking 140.0.0.0/24 on an outside ACL and an internal computer initiates a connection to 140.0.0.1, will the connection work?
kmcelroy1	yes
ciscotree1	awesome
ciscotree1	thanks
kmcelroy1	yo ucan test with packet tracer
ciscotree1	thanks twmjr void64
ciscotree1	lol
ciscotree1	duh
ciscotree1	good idea
kmcelroy1	one of the better features of the ASA
drkat	ASA pwnz
kmcelroy1	that and the packet capture, both quite nice
drkat	these sophos UTM's arent too bad either
drkat	hopefully be getting certifed in these little fuckers
ciscotree1	packet capture is amazing
kmcelroy1	IOS packet capture is nice too, but more of a pain in the ass compared to the ASA
drkat	I havent seen much cisco deployed in the SMB other than ASA, those Sonicwall wanna be devices arent ramping up
drkat	RV series
kmcelroy1	cisco has a pretty meh attitude toward SMB
kmcelroy1	if it happens, it happens, otherwise i don't think they give much of a shit
drkat	that they do
drkat	unfortunately thats where I work :(
drkat	heh
kmcelroy1	SMBs are cheap and don't buy a lot of smartnet
drkat	or any
drkat	enterprise 1000 users is where cisco starts to make sense
drkat	or SP
mepholic	drkat: hows ur vps
kmcelroy1	they still want the market share, they just don't want to put out a lot of effort
drkat	mepholic canceled it
drkat	pain in the ass to setup and I dont have that kinda time
mepholic	lol
mepholic	I paid $100 bux for a year of vps in detroit
mepholic	haven't set it up yet
ALucas	running on a rasberry pi :P
mepholic	I think it's a 512MB KVM
mepholic	running on dual L5560's
mepholic	sorry
mepholic	X5560
dioz	let me set it up
pffs	Really? Do you really need to come ask me how to wipe a config off a Juniper?
pffs	Would it really have taken you more time to have typed that into Google instead of walking over here?
mepholic	pffs: lool
pffs	I try to make myself available to be helpful as much as possible
pffs	but sometimes I swear some of our junior engineers couldn't take a shit without someone placing their ass on the toilet for them.
dioz	are the females?
pffs	nope
dioz	too bad
mepholic	dioz: what does that have to do with anything?
pffs	because you'd volunteer to help them shit?
pffs	I don't know where you're going with this
dioz	sothey're males?
kmcelroy1	i need an adult
terabit	I think he wants males
ALucas	Oh god..
dioz	are they he-she's?
ALucas	The toilet paper at work is like sandpaper... I'm pretty sure I've broken my turd tunnel.
terabit	pffs: are you a senior admin ?
terabit	ALucas: no match for my ass, I've used a phone book on it once!! and the phone book broke
dioz	i used a porkipine once
ALucas	that's some hardcore shit.
terabit	literally :)
pffs	terabit: not even
pffs	more senior than they are
terabit	hehe,this sounds like a stupid question but as someone who has never worked in corporate iT or even in an office, may I ask if you guys work in offices,cubicles or just wander around routers and switches and cabling cabinets?
dioz	cube
kmcelroy1	i date rape switches
kmcelroy1	but i have a cube :P
terabit	how can you work in a cube ? don't you need immediate access to the switches ?
kmcelroy1	for what?
ALucas	terabit: They just moved our IT out in an open office (think Apple store setup) with a bunch of HTML script kiddie developers... soo annoying
kmcelroy1	ssh bro
dioz	telnut
ALucas	It's not like we sit in the datacenter
ALucas	well.. mostly
kmcelroy1	there was some guy at a colo we went to that worked out of it :P
kmcelroy1	that must be awful
nemith	i like open office layouyts
ALucas	Fuck open office layouts
kmcelroy1	open office layouts are loud as fuck
kmcelroy1	fuck that
Badgerpoo	depends on the size and whos in them
kmcelroy1	i like speakerphone
ALucas	one side collaborates and disrupts everyone
drkat	yeah fucking head sets
Badgerpoo	we have an 8 person office with a really good dynamic here
nemith	kmcelroy1: actually ours are very quiet
ALucas	This is like a 50 man open office.
ALucas	so retarded.
kmcelroy1	then you must have no one there or no one on the phone
nemith	ALucas: i think where my temp desk is in California it is more than that
nemith	whole campus is open office
ALucas	Then I guess you don't have a bunch of people that need to "collaborate" or even talk. In a team envoriment it gets pretty chaotic
terabit	kmcelroy1: what if ssh fails
kmcelroy1	how would it fail? :P
terabit	you guys never run cables ?
kmcelroy1	fuck no
terabit	haha
terabit	awesome
ALucas	That's typically reserved for techs. lol
ALucas	If SSH fails you've got a bigger problem lol
nemith	ALucas: nah there is still some, but for real discussions you get a conference room
kmcelroy1	plus since we are a SP, it would be tough for me to wander to every POP to run cables and plug in :P
terabit	but wtf do you do then ? don't you install switches and routers and such ?
kmcelroy1	rarely do i install anything
kmcelroy1	i just set it up
terabit	what else is there to do just monitor them?
ALucas	I do
mynd	terabit: there's a whole host of things to do
ALucas	terabit: this depends on the type of job you have.
mynd	terabit: there's also the non-tech side of the job too
terabit	like what ?going to office parties and mettings ?
mynd	documentation, for starters
kmcelroy1	god, i hate documentation
terabit	don't you do that wheeen you install it
GraNNy-	documentation, janitor duties, politics
ALucas	yeah. it's never finished.
mynd	terabit: hahahahaha
ALucas	politics.. ugh
GraNNy-	terabit: you've never done janitor duties, have you?
mynd	kmcelroy1: think i have an allergic reaction to having to write documentation
kmcelroy1	i just sit at my desk mostly and add things
kmcelroy1	service provider is much less of a pain in that respect
mynd	kmcelroy1: like 1+1 :P
GraNNy-	i like writing docs because nobody else likes it and I then don't have to do 4am maint windows
terabit	GraNNy-: I've never worked in an office
kmcelroy1	i don't mind the occasional maintenance window
terabit	I'm working from home atm
hkkl	GraNNy-: i like 4am maintenance windows, can do whatever i want :)
terabit	I'm thinking here you guys spend 16 hours troubleshooting bgp and ospf and shit :P
GraNNy-	who says you do janitor duties in an office? you have no idea what i'm talking about i'm guessing
terabit	nope
terabit	unless you mean literal janitor
kmcelroy1	16 hours? jeez
kmcelroy1	8 hours normal day to day
ALucas	16 hours would be a problem lol
GraNNy-	janitor duties == wtf is this equipment doing here, oh you mean all the people who were working ont he project left, no docs, and shit is borked? you don't say!
ALucas	like loss of job problem
kmcelroy1	then if shit blows up, maybe 16 hours, followed by comp time :P
GraNNy-	you get comp time?!
kmcelroy1	of course
kmcelroy1	what am i an animal?
sng_	I can do that one better.
kmcelroy1	if i work late, i show up late the next day
sng_	I get paid actual for reals time and a half over time for all that bullshit.
mynd	normally ~8 days here too, but have done a few 16 hour days for about a week plus
ALucas	sng_, you fucker
sng	:D
kmcelroy1	i have had some weeks when we do POP installs or upgrades that are long hour weeks
kmcelroy1	but beyond that, not the norm
kmcelroy1	and i always comp time to make up for it
kmcelroy1	stroll in at 12 or just work from home at 1 or 2 or something
mynd	not a fan of the boss' take on comptime here
GraNNy-	kmcelroy1: your management seems to get it. a lot don't.
mynd	says that since we are salary, we're expected to work if we are needed and that she only counts comptime if we work the weekend
kmcelroy1	GraNNy-: my VP was a switch tech when he started :P
kmcelroy1	we get shit done and know what we are doing, so they just let him run the department and he knows we need sleep, ha
mynd	wait .. sleep and you're in IT?? does not compute
kmcelroy1	i have to have my 8 hours
GraNNy-	kmcelroy1: too bad i can't move to dallas, i'd work my way in for a job ;)
kmcelroy1	ha
kmcelroy1	there is a reason i am still here
GraNNy-	no kidding
kmcelroy1	the pay isn't it
mynd	not often i get that much. normally about 6
kmcelroy1	it is the freedom and perks
kmcelroy1	we are basically autonomous, we do our own thing as a group and no one really interferes
GraNNy-	kmcelroy1: good managers are hard to come by. keep them if you can
kmcelroy1	CEO trusts my VP implicitly, so it works out well
GraNNy-	follow them around
kmcelroy1	he isn't going anywhere :P
GraNNy-	i've had two good managers my entire career
kmcelroy1	if an exec annoys him, he makes them go away
kmcelroy1	even before he got VP :P
ciscotree1	anyone run pfsense for an enterprise?
drkat	kmcelroy1 so he is a working vp?
kmcelroy1	yup, he still goes to sites and does cabling and shit :P
terabit	err, the most intimidating part for me to do networking is the "office politics" everyone keeps talking about :P
kmcelroy1	he likes it
drkat	i hate office politics
drkat	so i shut up and ignore people
kmcelroy1	he went with me to NY and LA for the colo build out and he was running power and shit
drkat	coo
drkat	he configures the bgp
terabit	when I hear IT , I think of "the IT crowd" except with hot servers and ethernet cables and giant routers/mainframes and 2 guys lost in the maze trying to figure wtf is going on :P
rez410	ACS 5.5 I am unable to use an sftp. I get the "Error reading directory on remote server" message. I have added the host-key. any ideas?
dioz	ciscotree1: i'm pretty familliar with pfsense
dioz	i've used it for a few years
dioz	never seen it in a corporate environment tho
dioz	just small business
rez410	worked with same repo in 5.2 and 5.4
dioz	I PUMP SO HARD
ciscotree1	thanks dioz
rez410	ACS 5.5 I am unable to use an sftp. I get the "Error reading directory on remote server" message. I have added the host-key. any ideas?
dioz	i've always wanted to specifically sell solutions to small/medium businesses
dioz	as long as they want the setups tho
dioz	i'm not a big fan of trying to cold-call or dry-sell services
dioz	if they call and want someone to come in and discuss options that is what i like
GraNNy-	rez410: sounds like a permissions issue
rez410	hmm
dioz	sup GraNNy- feeling better this week?
GraNNy-	dioz: yes, thank you for asking
dioz	good to hear
rez410	I have tried several usernames
rez410	i set up the account in my sftp just for the acs
rez410	doesn't seem like it even tries to connect
rez410	i don't get nothing in the sftp log
GraNNy-	can you scp or ssh to it?
rez410	let me check
dioz	is there a hpsa wic?
dioz	and does anyone know the name of it?
rez410	GraNNy-, I can hit the server via ssh. i fail login but i do see the attempt in the solar winds sftp
dioz	nvm i found it
dioz	$250
dioz	craaazy
rez410	didn't see the restore sftp attempt tho
drkat_	cray cray
dioz	i want one tho
mepholic	cray cray
rez410	GraNNy-, I don't see the dir listing attempt either
drkat_	yo yo
GraNNy-	rez410: can you pastebin the logs of every step you take to get the error? or are you using an sftp gui client?
GraNNy-	remember, PASTEBIN
GraNNy-	rez410: e.g., check out https://supportforums.cisco.com/thread/2098035
rez410	I'm attempting sftp from the cli
rez410	I configure the sftp repository with user name and password which matches creeds in solar winds sftp server
rez410	i then run #show repository "repo name"
rez410	then get the error
rez410	solar winds does not detect the attempt whatsoever
rez410	this all worked fine in 5.2 and 5.4
GraNNy-	you have something like this, right? http://netwiki.davenoonan.com/Cisco/BackupRepository
Panther_Modern	greets
dioz	there's a party at the bar everybody put your glasses up
Panther_Modern	wat
Panther_Modern	It's Wednesday
Panther_Modern	In the middle of the day
Panther_Modern	Don't get drunk now
Panther_Modern	Get drunk in the MORNING
dioz	everything is so black and white to you
rez410	GraNNy-, exactly except ints not "host-key sync" in 5.5
Panther_Modern	I can't help it
Panther_Modern	My contrast setting is shot to hell
rez410	its #crypto host-key add host x.x.x.x
GraNNy-	rez410: do you have TAC provided assistance for your ACS servers? I have found that the path of solving problems with ACS most of the time is having TAC do it for me because the docs suck
ALucas	What do you guys recommend for corporate wireless?
drkat_	where the fuck is the nat config in the netscreen gui?
rez410	GraNNy-, We should. I didn't want to have to go that route but looks like I will have to. thanks for your help
GraNNy-	rez410: I'm sure it's something lame that has changed and you only need a little help
rez410	drkat_, # that guy is terrible.
rez410	drkat_, meant gui
dexta	evening
drkat_	oh
drkat_	its done via trust/untrust policies
drkat_	gay
rez410	drkat_, I hate screenOS but I'm a pro at it bc I'm forced to use it :(
GraNNy-	rez410: so are you sure there isn't some stupid firewalls in the middle that's not allowing the stfp to happen, either locally or something else?
rez410	GraNNy-, nope no firewall. This all woeked prior to upgrade to 5.5
rez410	GraNNy-, nothing changed but a fresh install of 5.5
rez410	GraNNy-, worked with a fresh install of 5.4
bschip	need alittle insight on wireless... should I be using multicast on a cisco wlc 5508? We are having some video streaming performance issues alot buffering etc.. currently we do not have multicast enabled
rez410	GraNNy-, do you think i would need #url sftp://x.x.x.x/S:/
drkat_	no biggie, were getting rid of the screen
drkat_	like a single box is using it.. no idea
rez410	emphasis on the directory letter?
drkat_	ugh
GraNNy-	rez410: i'm looking at the user guide, it sucks
rez410	GraNNy-, I agree
bschip	need alittle insight on wireless... should I be using multicast on a cisco wlc 5508? We are having some video streaming performance issues alot buffering etc.. currently we do not have multicast enabled
drkat_	i have no idea
GraNNy-	rez410: check out the usage guidelines in this link - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.5/command/reference/cli_app_a.html#wp1159569
GraNNy-	rez410: http://pastebin.com/cVkRJn8i
rez410	GraNNy-, so in my case the sftp root is just the S:/ drive. Do I have to map a folder to this?
GraNNy-	the example in the docs might help you better
GraNNy-	rez410: doesn't look like it
rez410	so I currently use #url sftp://10.0.10.10/
rez410	what would that change to? the sftp root is the root of a drive
rez410	S:
GraNNy-	for grins and giggles can you make a directory called test, have it with the most permissive of permissions, and try that?
rez410	sure
nieros	Why do people feel better when you put simple instructions into word format.
GraNNy-	then do #url sftp://10.0.10.10/test/ or #url sftp://10.0.10.10/test, not sure which one it's going to take from the docs
nieros	I mean, a list of 15-20 one to two line steps doesn't need to be formatted.
nieros	just read the text file numbskulls
rez410	GraNNy-, No luck
GraNNy-	rez410: without knowing your network better, I don't think i'm going to be much more help
GraNNy-	call the TAC, have them webex in and help you is still my suggestion 8-)
drkat_	nieros, looks more professional than a .txt
rez410	GraNNy-, ok, thanks for your help up to this point
drkat_	god my computers are friggin slo
nieros	drkat_: for customer facing sure
drkat_	old pieces of shit
rez410	GraNNy-, did you notice when that paste bin that you linked was posted ? :p
nieros	but for internal documentation?
nieros	suck a dick, word blows.
drkat_	nieros, well not for internal
drkat_	you should have a wiki
drkat_	;)
nieros	I'd love to see a wiki
nieros	no one wants one though
nieros	everyone gets hot and bothered about connectwise
drkat_	lots of places Ive worked had a "info.txt" file on a file share
drkat_	with everything
drkat_	heh
drkat_	connectwise fucking blows for credential management and information
drkat_	Im sorry.. but it does
drkat_	very tedious
nieros	I don't like keeping internal docs in connectwise
nieros	it's problematic on a lot of levels.
drkat_	agreed
drkat_	PSA fucks you every step of the way
drkat_	but people love it
drkat_	autotask is nice
hkkl	http://davesblog.com/blog/2014/02/05/verizon-using-recent-net-neutrality-victory-to-wage-war-against-netflix/
warriorforGod	Has anybody had any luck installing CentOS 6.x on Cisco UCS C200 M3 servers?
mynd	warriorforGod: directly on the hardware?
warriorforGod	mynd: yes
rez410	GraNNy-, Do you know of a way I can recover the Product Activation Key file from an ACS installation?
mynd	tbh, never thought about doing that
warriorforGod	TAC stated that they do not support CentOS at all and only RHEL so they won't help.
mynd	what's the reasoning for it?
razorz	fucking ACS
rez410	mynd, Me?
warriorforGod	Building an elastic search cluster.
mynd	rez410: was for warrior
warriorforGod	We have 32 C220 M3's connected up to UCS FI's.
mynd	i see
rez410	Since I am unable to perform a recovery in 5.5, I will just reconfigure our new 5.5 installation butI need my key file
rez410	mynd, oh ok
rez410	I can see my key number but my new 5.5 is asking for a file
stoplite	warriorforGod: are you hitting issues getting it installed, or just looking for testimonial from someone who has it running and is happy with it
warriorforGod	Getting it installed. Our kickstart pukes. We were able to install it from CD after going in and using fdisk to do the partitioning, but then they systems doesn't even see the hard drives to boot to it. Happening on multiple systems.
rez410	can someone tell me the format that a Product Activation Key for Cisco ACS comes in?
rez410	I have our PAK number but ACS wants a file
rez410	so i figure ill put the number in a file but I need the format
mynd	hkkl: http://bgr.com/2014/02/05/verizon-throttling-netflix-amazon-aws/
rez410	can someone tell me the format that a Product Activation Key for Cisco ACS comes in?
drkat_	rez410, you need to activate the PAK online
drkat_	then you'll get a link to download the license file
rez410	drkat_, I have a an ACS installation up an running with the PAK already in use. I have another ACS instance (5.5) that I want to configure so I can replace the 5.2 instance.
drkat_	im not sure if the lic is transferrable
drkat_	you'll wanna reach out to cisco sales
rez410	drkat_, ok. I wouldn't have to do this if the stupid 5.5 would just restore my backup
drkat_	idk man
drkat_	just saying
rez410	drkat_, but it sucks at doing sftp
pffs	"I already cabled up some switches and routers"
oister	whew... through with my portion of the pci audit
pffs	wtf do you mean
pffs	why would you just start randomly move cable
pffs	I wish I could stab techs through the phone
mynd	damn ... finding it hard to stay alert atm
pffs	mynd: go take a nap :)
drkat_	i need a nap
drkat_	a nap sounds fun
drkat_	"Kids: the result of sex"
riz0n	Hello guys. I have two Cisco 1721 routers that have been reset. One is connecting to Internet, the other to my LAN. The two routers are connected together through a cable on Serial0. I need some pointers on setting them up so I can get connectivity to my LAN.
bschip	any advice on multicast for a cisco wlc 5508 should it be enabled or not?
mynd	pffs: no place to do so
mynd	need to work at one of those modern offices that have a room dedicated for naps
pffs	mynd: bathroom?
mynd	sit on a stall?
pffs	sure
mynd	feet fall asleep ... i'd be walking all awkward for like 5 minutes after
pffs	but
pffs	naps
rostam	HI all, I am a newbie, and need some sample snmp code to manage cisco 3560-c switch. Any hint or pointer greatly appreciated? thx
drkat_	yeah legs go numb
drkat_	sucks
razorz	Cisco Cloud Web Security eh
drkat_	i used to go to the bathroom to sleep
drkat_	or run out to my car
drkat_	i hated getting up early
pffs	rostam: sample code insofar as what?
pffs	more than just snmp-server community IHATEMYLIFE RO
pffs	?
oister	good god the olympics this year are going to be a cluster fuck
rostam	pffs: I need to configure the switch as dhcp server, and some very basic funtionalties.
subunit	pffs, thats kinda grim isnt it?
oister	just use public ro and private rw
mynd	oister: why so?
oister	winter olympics on a beach resort
toet	I'm wondering if the following exists, i havent been able to find it by google. A desktop switch (5ish poorts) being powered by POE instead of an ac adapter.
mynd	oister: ??
mynd	toet: yes
mynd	netgear makes one
toet	sweet
toet	no ciscos?
mynd	toet: i doubt it
toet	i found http://www.cisco.com/en/US/products/ps10863/products_data_sheets_list.html but the data sheet says it does include an adapter
stoplite	toet there are a couple models of 2960C and 3560C that can be powered via PoE
mynd	stoplite: orly?!? didn't know that
stoplite	2960CPD-8TT-L
stoplite	2960CPD-8PT-L
stoplite	3560CPD-8PT-S
stoplite	those are the only ones i know of
toet	thanks! im gonna dive into these
oister	mynd: sochi is the only place in russia with no snow... lol
mynd	toet: http://www.cisco.com/en/US/prod/collateral/switches/ps11527/ps11289/data_sheet_c78-639705.html
mynd	oister: heh ... didn't know that
oister	yeah, they are having to make snow for the winter olympics
mynd	actually don't kknow much about Russia; well besides not to go to a .ru domain :)
mynd	that seems odd
mynd	to make snow for the olympics, where there are many a place around with olympic stadiums that have snow
oister	whats weird is of all the places in russia they are having it in the most southern part in a fucking beach resort town lol
mynd	http://www.theverge.com/2014/2/4/5377356/sochi-winter-olympics-2014-subtropical-transformation <-- says avg 52F and 75F in winter and summer, respectively
oister	lol
mynd	lol ... shawn white's gonna be wearing some hawaiian swim shorts when doing the half pipe
MrJayPC	Oh god this is the slowest usb pendrive ever..... 64gb and 5MB/s write speed
oister	hrm... womens skiing in bikinis?
mynd	i may actually watch than :-P
mynd	then*
trash80	its not like the SLC olympics was actually in SLC
trash80	i imagine its the same for sochi
yangm	hello
trash80	in soviet russia, olympics winter you!
yangm	I wanna know how to get info about this modem DPC3925, I want to make a IPSec VPN but I don't know what it supports and what not
mynd	yangm: http://www.cisco.com/en/US/prod/collateral/video/ps8611/ps8675/ps8686/7018333.pdf
yangm	mynd, thanks, gonna read it
razorz	Bah, cant do netflow on a 3750G
yangm	my ISP got me this one, so I have not earned the manuals
sartan	i have one of those i think
sartan	ya i do
sartan	treat it as a layer 3 hop only, or get your isp to put it in L2 mode
sartan	ignore all features
sartan	get your own router that does ipsec
sartan	it's a 'cisco' as in 'shitty linksys' cisco.
yangm	sartan, tell me more about that
sartan	what part?
sartan	it's like a best buy router
sartan	it's not very feature rich
sartan	it can do simple wifi, upnp, and give you a nat gateway to the itnernet and not much else
sartan	i called my ISP (Shaw cable) and asked them to turn it into 'bridge mode', and i put my own openwrt router behind it to get my internet IP
yangm	sartan, if I could I would be running a openwrt box righ now
sartan	yah.
yangm	man, I love that os
sartan	your isp technical support line may be able to just flip a switch for you, and all you have to treat it is a cable->ethernet box at that point
sartan	ignore all the features. just turn off wifi first
yangm	gonna try show how ridiculous it runs or doesn't run at all to my boss
yangm	so I can get a box to put whatever I want in it
sartan	is this for a small business cable line?
sartan	or did some idiot buy it as a standalone router
yangm	sartan, yeah, this limited thing is what provide us Internert
sartan	right
yangm	we are thinking about cutting the cord off and go voip, so it may only serve internet in the future
sartan	yah it's not a very flexible box anyway
sartan	it won't serve your ipsec requirement at all
yangm	at home I got "my" thomson replaced by one of these because it died. only use it as bridge, it is not very competend at wifi or anything at all
yangm	*competent
sartan	i will say though that it's fast on the wire
yangm	yeah, they got gigabit I think
yangm	but I can't understand why there is a useless USB port at all
sartan	it might be able to share a printer
sartan	i don't recall, the default config lasted about an hour before i had it changed
MrJayPC	Dammit, I know the UK has always been a joke for it's bad weather but it's getting stupid now :/
yangm	sartan, it didn't share my HP C4280 neither my USBs with fat32 or ntfs
sartan	i'nm probably wrong
sartan	in any case yangm forget about using the router, get a more capable device to put behind the dpc router.
E1ephant	4
mynd	tanner: question on srst on CME: can you set a translation to take effect only when it can't reach CM?
tanner	mynd should be under call-manager-fallback
tanner	for dial plan related anyway
mynd	thanks for the pointer. i'll see what i can find
sartan	dial peers are also processed in order... if a previous dial peer fails the next one will work
sartan	depending of course the cirucmstances of the fuckup
Apachez	speaking of which
Apachez	what happend to all those modem pools?
Apachez	is that gear being shipped to usa now? :P
ciscotree1	how much impact with a 6000 line ACL have on a router? (2821)
Apachez	2821 is a software router isnt it?
bamsefar	What are you doing? :)
bamsefar	Apachez: Yes it is
Apachez	so 6000 lines... first of... will you fit all those ?
ciscotree1	i want to block China lol
Apachez	I have seen 3550/3560 struggle with far less than 6000 lines :P
GraNNy-	6000 == someone doens't know how to firewall well
ciscotree1	as fun as that sounds
Apachez	but that depends on the ip / mask combos
Apachez	also with shitloads of acl's you should verify if your gear supports turbo acl
VlanX	Apachez: http://www.parkansky.com/china.htm
GraNNy-	https://isc.sans.edu/block.txt
Apachez	turbo acl will use more mem but will have like a constant lookup time
ciscotree1	How else would one block of of China Subnets?
Apachez	ciscotree1: srcip= GEOIP(CN)
Apachez	:)
Apachez	done!
Apachez	but thats paloalto gear
Apachez	dunno about cisco :P
ciscotree1	lol
sartan	a 6000 line acl...
sartan	=/
ciscotree1	cisco doesn't support it
ciscotree1	lol yeah it sounds wrong to me too
ciscotree1	that's why i don't want to implement it
sartan	you know what might be a better idea
sartan	using bgp and null route everything
sartan	so the replies go to null0
sartan	blackhole
GraNNy-	sartan +1
oister	i used to maintain a huge null route list but it got too big
razorz	Hmm C3850 supports NetFlow without a module?
ciscotree1	i'm thinking about switching to something with geoip for this reason. good to know PA supports it
ciscotree1	pfsense being an option
ciscotree1	as well
ciscotree1	GraNNy-: Thanks for that block list
GraNNy-	vlanX also had an excellent one
ciscotree1	i was using this list: https://www.countryipblocks.net/country_selection.php
sartan	razorz: most of the router-ISR stuff does
ciscotree1	comes out to about 5262 subnets
ciscotree1	some can be summorized
oister	and it changes a lot
sartan	ciscotree1: doing it in an acl will affect every packet... doing it in a null route will only affect what you want it to affect
oister	how does PA update the list?
sartan	that's probably at echncial question but i bet they reevaluate regularly
oister	firewall checks in to PA to get updates?
sartan	daily?
sartan	something like that i'd guess
sartan	PA. nice boxes
Apachez	however an acl can be hardware (like if you use 29xx or 35xx etc) compared to a null route which will consume system cpu if you are unlucky
therealnickcage	Apachez: TCAM
Apachez	oister: geoip is included in every appdb updated
GraNNy-	ciscotree1: you may also want to take a look at this - http://www.team-cymru.org/ReadingRoom/Templates/
sartan	tcam size is limited Apachez
sartan	buy 6 switches and daisy chain them, each with a different acl on l2 ports.
Apachez	oister: with PA you can also apply dynamic acl's which will for example fetch a list of ip addresses and use that as src or dstip
sartan	hey Apachez are you still doing a lot of arcsight stuf
Apachez	so that sans.edu blocklist you can put through your script so it will output just the netadress/mask
ciscotree1	GraNNy-: beautiful thanks
Apachez	and that dyanmic rule will like autoupdate itself every 5min or so
Apachez	the shitty part with such automation is that... imagine if somebody baxor your webserver with that blocklist and overwrite it with 0.0.0.0/0 :P
bschip	any advice on multicast for a cisco wlc 5508 should it be enabled or not?
sartan	i don't think wifi has many multicast applications that justify it
Apachez	do you need multicast?
Apachez	if not, disable and block it
sartan	it's basically a retransmit
sartan	it's awful for performance and just slows everything down
sartan	you should isolate clients away from each other as much as possible to keep performance ship shape
bschip	we are not running it now
sartan	shared medium blah blah
bschip	but not blocking it either
bschip	we are having some slow performance on our wireless though..
Apachez	have you dont channel planning and such?
Apachez	also tweaking beacon values etc...
therealnickcage	who is the youngest ccie in the world?
sartan	who cares
sartan	some punk with no experience
therealnickcage	well who achieved CCIE the youngest
therealnickcage	isn't it brian mcgahan?
therealnickcage	he got it at 20
sartan	invariable
GraNNy-	therealnickcage: no
therealnickcage	GraNNy-: who/
therealnickcage	?
GraNNy-	therealnickcage: goddammit, i forget his name. hold on
therealnickcage	mk
GraNNy-	Andrew Frame I beleive, founder of Oooma
GraNNy-	err Ooma
GraNNy-	I think he was 16? 17? when he got his frist CCIE
therealnickcage	holy fucking shit
therealnickcage	17 years old
GraNNy-	http://en.wikipedia.org/wiki/Andrew_Frame
therealnickcage	GraNNy-: fake
therealnickcage	he's not on cciehof.com
GraNNy-	uh no
GraNNy-	he's for real
therealnickcage	but he's not on cciehof
therealnickcage	so he's a liar
therealnickcage	it's brian mcgahan
GraNNy-	frame is like R+S and Dial CCIE, he could be more, I have no idea anymore
GraNNy-	DIAL CCIE
GraNNy-	old fucking school
ciscotree1	lol
ciscotree1	that's pretty old school
therealnickcage	well he's a liar
therealnickcage	because he's not on cciehof
GraNNy-	neither is Dan Golding
therealnickcage	everyone who ever got a ccie is on cciehof
oister	therealnickcage: so they skipped numbers?
GraNNy-	a lot of people who are/were ccie's aren't on cciehof
sartan	i dont even know how cciehof came to be
sartan	i got an email from the dude confirming me, and i don' tknow how he even got my address
_elgato	i feel like when my cousins talk about nascar, i have no idea who any of htese people are
therealnickcage	wtf
therealnickcage	is andrew frame a networking god
GraNNy-	no shit dude
GraNNy-	and he crashed Playboy parties on a regular basis
GraNNy-	when he was younger
GraNNy-	i wish I still had that video
therealnickcage	a video of him crashing playboy parties?
GraNNy-	yep
therealnickcage	wow
GraNNy-	but what I find interesting is that you call someone a liar, with the nickname therealnickcage :)
theleetnickcage	fixed
GraNNy-	bahahaha
bschip	beacon values are set to 1
theleetnickcage	this guy is a fucking monster
theleetnickcage	i never knew he existed
theleetnickcage	i wonder what he's up to now
theleetnickcage	and i wonder how many ccies he got
GraNNy-	wallowing in his millions
theleetnickcage	wasn't ooma a flop
dlots	I know this is a Cisco site, but I am hoping there is a Juniper guy in here some-where. I am looking at a SOHO Firewall, I want 3 zones Inside, Outside, and DMZ, VPN, Static and Dynamic nat, I am looking at the SSG5 but I know nothing about Juniper at all (but I do ALOT with Cisco) I am just wanting to make sure this doesn't have some gotcha that juniper people know but a Cisco guy wouldn't.
GraNNy-	dlots: #juniper ?
E1ephant	there is a juniper channel
dlots	ah ty :-)
GraNNy-	dlots: you can stay here too though!
oister	theleetnickcage: are you 15?
theleetnickcage	oister: why?
dlots	ty :-)
oister	just a hunch
toet	just do like everyone does, take the gotcha like a man
dlots	#juniper people are less helpful than #cisco people :-P
oister	try #paloalto
Apachez	less helpful?
Apachez	you have never been in a #perl channel right? :)
Apachez	#perl is the definition of less helpful :)
GraNNy-	apachez: what, do they kb you in perl for asking a question?
Apachez	:)
GraNNy-	lol
Apachez	been there, got the ban - have this tshirt :P
GraNNy-	sounds like efnet #cisco back in the day - they used to ban on keywords
toet	perl people are just sad because its dying
jamesd	Apachez: and they have been known to swear out of the blue for no reason at all... $@$@#$!@#^@$
toet	instead of helping folks, they're just showing off their 27 years of experience in perl causing new ppl to buy that one alternative with gui instead. killing their own language even more
theleetnickcage	just like /r/networking
theleetnickcage	people just go on there to hear themselves talk
jamesd	yes les perl is being written, but i don't think its going away too much legacy code is written in perl
GraNNy-	cobol hasn't died yet
oister	what do you think #cisco is mostly?
toet	anonymous iosaholics?
E1ephant	ACTION spits on an ASA
jamesd	oister: its Scrye secondary sales channel and where CCIE's can show off, and i can make bad jokes and poke fun at CCNA's
oister	jamesd: correct... and shit on ASAs
_bradk	[08:01] * E1ephant spits on an ASA - hooray it's ASA hate hour!
jamesd	_bradk: every hour is ASA hate hour.
E1ephant	;>
E1ephant	ACTION takes a sledgehammer to his sup2a
_bradk	we manage quite a few ASA's here
_bradk	it makes me sad
jamesd	we did have a PIX hate hour, but the load was too great for the ol'girl so we put it out of its missery.
_bradk	although, when i got here they used to have old P3 desktops running Ubuntu with IPTABLES
_bradk	so upgrading to the ASA was definitely better
toet	yesterday i changed all my end-userports fromm trunk to access + voice during work hours, it gave me quite a rush
jamesd	shorewall rocked, not sure it exists anymore since it can be replaced with a $20 device and get wifi as well
oister	toet: lol
_bradk	really confused why management decided to spend ~$5-6k on ASAs rather than ~$2-3k for something like a 1941
_bradk	toet: hahaha
oister	_bradk: you must not use failover
toet	i tested it before, voice calls wouldnt drop,just a 0.5 seconds delay, and one ping missed. no citrix connections lost
toet	it was really nice
jamesd	_bradk: when isn't management confused... we have 250 parts in stock and no one knows why we are ordering more... but still they get ordered.
_bradk	we do
oister	_bradk: how would you do that with 1941's ?
_bradk	they support hsrp, right?
oister	just imagine if you swapped out all of your stateful failover firewalls with routers right now
oister	imagine how much fun that would be to maintain
toet	i told my colleges i would do it, they told me to wait till after business hours, i was like "no i can do it, no one will notice it, but ok".
toet	awkward silence did you notice anything? "no"
oister	toet: like making STP changes in the middle of the day
_bradk	oister: why would it be more difficult to maintain?
oister	_bradk: twice the configuration
_bradk	oister: technically it wasn't me who caused the outage, it was spanning-tree!
oister	i usually blame stp
toastr	cut that fucker down
drkat	fuck stp
drkat	lame ass
oister	rstp is pretty good though
oister	none of that 30 sec outage bullshit
drkat	eferchannel
sartan	toastr: in my environment, that's considered an outage, 0.5s
sartan	it disrupts connectivity and some tcp apps might poop
drkat	so in otw sartan turns stp off
drkat	:P
oister	sartan: same here... ssh tunnels dont like that
toastr	sartan: timber!!!
sartan	yah fuck stp
sartan	bpduguard and portfast for everyone
drkat	Friends dont let friends switch
sartan	essentialy, yes, turning off stp
drkat	fortunate enough for me, none of my deployments even require any redundancy
drkat	;)
oister	so you etherchannel... to only one switch? or to a VSS?
drkat	customers barely have enough money for the switches let alone more than one
oister	ah.. that explains it :P
dioz	i setup stp on all my linux bridges for vps
dioz	cause people are stupid
drkat	i usually do etherchannel though if i do.. do redundant switch connections
toet	just tell them that for every day they need to hire you, they can buy 1 switch
dioz	these young white girls they'll be the death of me
drkat	as opposed to old black girls?
dioz	black girls don't like white boys
dioz	gimme a break
drkat	not true
drkat	im married to a black chick
drkat	and im white as fuck
dioz	heh i wear grinders and binders
toet	does she know spanning-tree?
dioz	i don't think black chicks would go for me
drkat	toet no
drkat	grinders and binders?
dioz	nvm
drkat	no please explain
drkat	like some rammstein shit?
envirocbr	Anyone here work with ASR1001?
oister	i have a couple 1002X's
sartan	why would you need to run stp on a vps?
E1ephant	BSDM related fun?
mepholic	sartan: linux bridges enable it be default iirc
mepholic	you can do some funny things to the traffic on a host node with STP on a KVM vm
mepholic	if it's not filtered properly
mepholic	or disabled on the host node
E1ephant	ugh, libvirt and iptables feels like the biggest kludge ever :<
dioz	drkat: braces and red laces?
_bradk	oister: you have a good point re: keeping stateful info in sync, but in our client sites we only have 1-2 ASAs max
mepholic	E1ephant: libvirt in general
_bradk	and each has its own internet connection so the configuration isn't that bad
mepholic	is like massive kludge
E1ephant	makes me want to just brctrl all the things
E1ephant	I just got a /24 for the lab to do it as well :D
oister	_bradk: ah, i thought you said you had a bunch of ASAs
envirocbr	Can I use GLC-T SFPs in them?
_bradk	yeah my bad, we have quite a few clients who have ASAs
_bradk	rather than us being a huge environment with complex configuration :P
drkat	ASA. ASA.
drkat	ASA.
drkat	like a mantre
drkat	double cheeseburger pizza.. hmm
drkat	idk
pffs	oh hay, another study that people work like shit when you make them work too many hours
sartan	IN RETROSPECT
oister	envirocbr: http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6981.html#wp131775
oister	doesnt appear to support GLC-T
drkat	ugh
drkat	i feel like ive been on here all day
drkat	wait.. i have
pffs	90 minutes to go!
envirocbr	oister: Damnit, our ISP sent an ASR1001 with no SFps
envirocbr	lol
drkat	90?
drkat	you'll be on here all night
instigator	yo. whats does preshutdown do? is it same as shutdown? or does it perform something before shutdown?
oister	envirocbr: doh
drkat	the bigger question is.. do I setup my desktop tonight
^WOLF^	when you create a vlan and assign it an ip does that mean that the interfaces using it can only have that subnet?
Lalufu	no
terabit	yes that's what it means in ipv4
terabit	afaik
coolhva	hello ;)
oister	you can run more than one subnet on a vlan if you wish
toet	you dont assign a vlan an ip
terabit	oister: on switches?
toet	vlan=layer 2, ip=layer 3
oister	you can use secondary addresses to use more than one network on a SVI
^WOLF^	I have a few vlans that have ip's assigned and also have a ip helper address for my dhcp scope
Harlock	often the vlan interface is assigned an ip
^WOLF^	so I am trying to figure out the purpose of that ip being assigned to the vlan
Harlock	which i guess is what he is talking about
^WOLF^	this is an existing conifg
Harlock	the switch might be doing the routing
Harlock	or dhcp
Harlock	or ip helper
toet	management or gateway
^WOLF^	there is a static route for 0.0.0.0 to send it to the firewall gw
^WOLF^	which then has all the other staic routes
coolhva	using nat for a global /24 to a pool overload distributed via bgp (null route, redist conn) works, but someone knows how to use a failover in a different vrf with bgp?
^WOLF^	I have to run but I will be back in a bit with a better question. thanks for the help
toet	you can have more than one subnet in the same vlan
oister	coolhva: that sounds kinda fugly
jamesd	toet: vlan is layer 1/2 .. subnets are layer 3.
coolhva	oister: yes it is :P let me explain a little bit
coolhva	I have global routing table with fa0/0.1972 with a /30 where an BGP session is established with the ISP
coolhva	I have multiple /24 networks (tennants) which are NAT-ed (overload) to an IP from a /29
coolhva	this /29 is sent over the BGP by redistributing conntected and a null route to the /29
coolhva	this works as expected
coolhva	I have a vrf ("lan") where I have fa0/0.1973 with a /30 and BGP and fa0/1.2 with a /29 (all public)
coolhva	in vrf lan I also have an ATM0/0/0 with ppp and bgp
coolhva	so the fa0/1.2 /29 network is advertised over the two bgp sessions in vrf lan
coolhva	what I want is when the fiber is not available I can advertise the /29 from the global routing table in the vrf lan and also to have NAT still working
coolhva	am I crazy? for sure, but can it be done?
rexwin_	hi my pbxinaflash server sends ACK signal to sip phone correctly using the public ip address. but the sip phone is able to send response from its private address which is not going out to the PBXIAF probably due to NAT. There is no SIP-ALG setting for my wireless router. I tried permitting incoming/outgoing connection in my router page and the issue still persists. Calls get dropped at the dreaded 32 secs. any help is appreciated.
sartan	what kind of router do you have?
ALucas	yelling timber
sartan	anyone struggle with issues of tcp inspection on asa not monitoring the ocnnection for long enough and finding syn replies are being dropped frequently?
sartan	eg my asa logs lots of drops from attacker IP 192.168.1.1:443 to target IP 203.0.113.13:32769
sartan	but 192.168.1.1 is the service that 203.0.113.13 is connected to
sartan	it's kind of messing up my log analysis bigtime
oister	its dropping from a syn timeout?
^WOLF^	rexwin: have you ruled out firewall issues? I maintain and deploy asterisk systems and almost always that issues is because the firewall starts rejecting the packets
sartan	well id o'nt know what's goin on.
sartan	the connection is gone by the time the webserver replies to the request
oister	timeout should be 30 secs
sartan	there's no application impact
oister	more than one firewall in the mix?
sartan	unlikely
oister	if you have more than 2 firewalls inline then if one closes the connection the other gets a timeout
oister	i mean more than 1 firewall inline
sartan	sh asp drop is just a disaster of random stuff, sadly it's difficult to know what's going on right now
sartan	there's a packet-capture flow type asp you can do but i'm busy
^WOLF^	rexwin also there is a page with pbxinaflash that you need to configure your external ip
^WOLF^	that will often cause this issue
rexwin_	^WOLF^, I know for sure the packets are getting dropped by the router. But there is no firewall setting in my router which prolink.
rexwin_	prolink router +sartan
sartan	the configuration option wolf is describing would arbitrarily put in the public nat IP in the sip headers before they go out through your firewall, allowing you to forget about any sort of inspection
oister	sartan: whats the full log message of the drop?
zooky	any one use Fortinet for their router/firewall/ips needs?
sartan	let me find a raw log
sartan	this is harder than it sounds :P
karmaghia	any thoughts on Netgear's 10GbE switches to get into it
sartan	all my logs i keep are transformed right no
oister	sartan: that sucks... i keep everything in raw format
oister	i send everything to a server running syslog-ng and then pipe those logs off to my SIEM
sartan	i just haven't completed my project yet
sartan	i send the logs to an arcsight connector which slices them up into metadata, ant rhwost he original log away
sartan	i haven't teed them to an arcsight logger yet
oister	Yeah we do something similar. The arcsight connector runs right on the syslog box
sartan	basically it should say soimething like Deny tcp src Web-DMZ:192.168.1.1/443 dst Outside:203.0.113.13:32769 by access-gropu WEB-DMZ_IN
sartan	which is just what you expect it to say
sartan	i'm using esm to analyze the data right now
sartan	by the way i fucking love esm.
oister	its pretty sweet
sartan	i thought you were going splunk?
oister	we use arcsight
sartan	noted :)
sartan	i just installed it here a few weeks ago, slowly building it up
sartan	i'm avoiding consultants for about 5 or 6 months
sartan	i went to training a few weeks ago
oister	im about to do the ESM training in a few months
oister	how was the training?
sartan	good
sartan	i did the arcsight express administration course.. if i were to do it again iw ould just take the ESM analyst course on CORE
sartan	not that there was much difference
sartan	so for full ESM there are.. uhm, three types of courses each very different
oister	noted, i think im signed up for analyst
sartan	administrator course is about managing the box itself, like disk, IO, and maybesome connector work
sartan	there's an architect/use case course (i might try ot take that later this year)
sartan	and an esm analyst course, which focuses on the console and content
sartan	the course content itself was very great
MrPocketz	when enabling sntmp logging on a cisco device, if i tell it logging trap notification, does that include ONLY notifications, or everything "more important" in addition?
oister	ive installed enough connectors that i have that part down now. I havent done upgrades yet which is going to be fun
sartan	MrPocketz: notification and up
sartan	so notification, warning, error, critical
sartan	connectors are the hard part
MrPocketz	got it
MrPocketz	thanks
sartan	installing isn't.. difficult, but customizing is a bitch
sartan	aggregation, filtering, re-maps, flexocnnector transforms
sartan	trying to find a way to scale the design properly so i don't reproduce a lot of effort
sartan	bought a software connector appliance, the repositpory feature is helpful
oister	yeah its a bit overwhelming
sartan	basically i'm only getting one or two log sources up everyfew days
oister	we have about a dozen connectors right now and prob need a few more
sartan	the biggest challenge i'm looking at now are windows logs
oister	about to start feeding it nessus scans
sartan	i thought the unified connector would use an lda query to automaticallly add log sources.
sartan	nope, it doesn't
oister	hrm
sartan	oister: heh funny you should mention that, i'm in the middle of fighting with nexpose scan data
sartan	some big advice, do this immediately
sartan	modify the agent.wrapper.properties file and change the java heap sizes from 256mb to like 4gb
sartan	the xml export from nessus is too big and arcsight shits a brick almost instantly
oister	hrm
sartan	if you're running the connector interactively edit connector.bat or connector.sh and do it there
sartan	-XmX and -XmS i think
oister	noted
sartan	my nexpose scan xml files are about 65mb, and the docs say it only supports up to 12.
sartan	sadly i can't "split" the data
oister	doh
sartan	it's running through a scan righ tnow
sartan	holy smokes, it finished, like ten seconds ago
sartan	succesfully
oister	nice
toastr	heh nexpose data firehose
sartan	=) yah
sartan	i'm about to start vuln scanning all of our desktosp too, this file is going to get pretty big
sartan	oi used to only do a small sample
ALucas__	hmm I've confused myself lol
ALucas__	Trying to setup a site to site VPN to a natted DMZ interface to the public interface... getting a NAT Reverse route error. idr what I'm missing ^^
oister	ALucas__: you have a static nat in place?
ALucas__	static (CardholderIf,DMZIf) 10.X.255.6 10.10.X.14 netmask 255.255.255.255
ALucas__	Then the site to site is coming from PublicBGPIf to DMZIf
oister	so you need a static to the public IP right?
ALucas__	nat (DMZIf,PublicBGPif) source static IP-10-20-X-0 IP-10-20-X-0 destination IP-10-X-255-6 IP-10-X-255-6 no-proxy-arp route-lookup
ALucas__	or are you saying
oister	it needs to nat to the public IP that they are going to hit over the tunnel
ALucas__	So, I'd have to do a static to the endpoint IP on the other side for the natted IP?
oister	something like static(dmz,public) <pub ip> <dmz ip>
ALucas__	Okay, I'll see what I can come up with, thanks.. I get myself completely lost with NAT rules on the cisco lol
oister	im still lost with 8.3
ALucas__	Yeah we just upgraded
ALucas__	idk why but the syntax just confuses the fuck out of me
oister	ah well snap... that static i gave you is 8.2
p3rror	hello
mepholic	hi
p3rror	please I need to configure a vpn ipsec between an asa and a ubuntu client
p3rror	so I use vpnc
p3rror	when I run vpnc I get
mepholic	pls do the needful
p3rror	vpnc: hash comparison failed: (ISAKMP_N_AUTHENTICATION_FAILED)(24)
p3rror	check group password!
p3rror	that's mean that I did not set the right ipsec secret in my vpnc config file ?
p3rror	is it ?
p3rror	please how I get this parameter in the asa config ?
oister	ALucas__: so i think you needf something like: http://pastebin.com/r7UqEmvS
oister	mepholic: lol
ALucas__	Thanks, yeah.. lovely formatting change
oister	p3rror: pastebin your config
mepholic	oister: I couldn't resist
oister	srsly making me laugh dude
Michael	mepholic: that phrase.. :\|
oister	ALucas__: oh, forgot part of it...
mepholic	well I hope I didn't hurt your sides too much
oister	ALucas__: http://pastebin.com/xdQK7viy
mepholic	Michael: can u do the needful pls sir???
Michael	yes
oister	forgot.. "sh run nat" doesnt give all the config... you have to sh run object and sh run nat then combine the two
oister	thanks obama!
ALucas__	lol, thanks
mepholic	pls sir i not sure how set up apache httpz
ALucas__	lol
ALucas__	ASP isnt working on my linux box
ALucas__	halp!
mepholic	ALucas__: you can do that no problem with mono
mepholic	js
xous	This is #cisco
toastr	i need coldfusion halp kthx
mepholic	toastr: go
socomm	People still use ASP?
mepholic	leave
ALucas__	People still use ASP? :P
mepholic	out
mepholic	now
ALucas__	haha
oister	i use GASP
toastr	haha
mepholic	ALucas__: I take that back
ALucas__	I'm a huge fan of acrobat and flash player
p3rror	oister, http://paste.debian.net/80362/
mepholic	you can do asp.net no problem with mono
mepholic	not asp
toastr	i'm a huge fan of old versions of acrobat and flash player when abusing metasploit ;)
oister	p3rror: what IP is your vpnc box on?
mepholic	http://www.mono-project.com/ASP.NET
p3rror	oister, not a static one
p3rror	oister, I use nomad client
ALucas__	mepholic, interesting
oister	p3rror: so RA vpn
mepholic	it apparently works pretty well too ALucas__
mepholic	I've never done it
mepholic	but I seen some stuff
mepholic	and things
p3rror	oister, so what do you think ?
oister	p3rror: whats the actual error message?
p3rror	oister, vpnc: hash comparison failed: (ISAKMP_N_AUTHENTICATION_FAILED)(24)
p3rror	check group password!
hjohnson	damnit... temp IT guy said "it didnt' work, so I rebooted the network"
hjohnson	facepalm
oister	p3rror: did you check the group password?
p3rror	oister, you mean IPsec secret ?
xous	hjohnson: fired?
hjohnson	xous: alas, I don't have the power to do so
mepholic	hjohnson: :\|
oister	p3rror: not a vpnc expert but I'd guess thats right
hjohnson	I want to know what he rebooted though
p3rror	oister, OK
hjohnson	rebooted the core switch
mepholic	hjohnson: remove his hands
p3rror	oister, so I think that in the config is it not set ?
p3rror	oister, is it ?
oister	p3rror: which group are you logging into? "ACCES-VPN" ?
rexwin_	is there a channel for softphones?
p3rror	oister, yes
hjohnson	of course, the network is so bogged down after being out for 7 hours, it's hard for me to do a post-mortem
hjohnson	(7 hour power outage today)
oister	p3rror: then your PSK has to match whats configured in the tunnel group
hjohnson	oh, and joy.. network has just fallen off the air again
p3rror	oister, in tunnel group I have pre-shared-key *
hjohnson	though this time totally
mepholic	hjohnson: where's the UPS's and backup generators?
mepholic	:[
hjohnson	mepholic: oh, the UPSes did their job
Michael	he did not do the needful, mepholic ;)
mepholic	oh
mepholic	GOOD JOB hjohnson
hjohnson	mepholic: but the mid-point switch that linkes the satellite uplink to the main core only lives about 3 hours or so
hjohnson	but now the uplink has gone kerblooie
hjohnson	hopefully it's because it's snowing
mepholic	rofl
mepholic	kerblooie
p3rror	oister, please can you tell me what is the group password for ACCES-VPN tunnel group ?
mepholic	p3rror: you should probably know that
Michael	lol
p3rror	mepholic, all I know is the username and the password
oister	you need the group password for it to work
mepholic	so change the psk
p3rror	mepholic, psk ?
p3rror	mepholic, you think that psk is not set ?
mepholic	the group password
hjohnson	and I can't remember the password for the receiver
hjohnson	damnit
p3rror	mepholic, I think that it is not set
p3rror	pre-shared-key *
mepholic	it's set
p3rror	mepholic, where
toastr	it's set but it's masked
mepholic	there
mepholic	ASA's hide the passwords with *
p3rror	I can not see it in the config
oister	more system:running-config
p3rror	Ah OK
oister	but its still encrypted
mepholic	which is why I recommend changing it
mepholic	if you can't change it because other clients are using it
mepholic	get it from another client
ball	I should go home, I suppose.
mepholic	or change it and change it on the other clients
hjohnson	damnit, wtf did they drop off the air
oister	wait... its not encrypted
hjohnson	that's it... i'm setting up a VPN tunnel over the Hughesnet so that I can backdoor into the system
mepholic	oister: really?
mepholic	lol
oister	more system:running-config will give it to you
hjohnson	fuck this shit
p3rror	Ah yes
p3rror	I see them now
mepholic	hjohnson: oh man hughesnet D:
p3rror	thanks a lot
oister	the user passwords are encrypted though
oister	but not the tunnel psk's
hjohnson	mepholic: the primary link is a 1.2mbps SCPC satellite link
hjohnson	mepholic: the Hughesnet is a backup
mepholic	oister: yeah, he pasted all of his hashes in here
mepholic	SCPC?
oister	now just paste your PSKs!
hjohnson	mepholic: single carrier per channel
hjohnson	mepholic: ie it's not a shared network
mepholic	ah
mepholic	that's neat
mepholic	why satellite though?
hjohnson	mepholic: so yeah, it's slower than snot, but it's normally damned reliable, and actually handles VOIP nicely
mepholic	only option?
hjohnson	mepholic: single most isolated permanently inhabited location int he lower 48 states.
mepholic	that sounds fun
mepholic	how many concurrent calls can you do?
hjohnson	mepholic: realistically? probably 10 or 20 or so... I've never seen more than 3 active at once.
oister	heh, ASA < 8.3 hashes arent salted either
hjohnson	mepholic: head end takes a PRI, runs H323 trunks across the satellite to the CME router in the vilalge.
KenMatlock	Mmmmm. salty hash....
mepholic	>h323
mepholic	>1994
mepholic	hello
hjohnson	mepholic: http://goo.gl/maps/kfcoS now count how many times you have to hit the zoom-out button before you see civilization.
oister	KenMatlock: you moved to CO right? :P
KenMatlock	never left CO
oister	woots!
hjohnson	mepholic: eh, h323 or sip doesn't really matter... I actually don't care about the transport, that's just what the cisco uses by default
mepholic	huh
oister	you bought your first ounce yet?
mepholic	9 whole times
KenMatlock	oister: nah, not my thing
hjohnson	mepholic: like I said, isolated.
mepholic	that's pretty redonk
mepholic	how many actual miles to a decent internet connection?
oister	KenMatlock: i'm heading up to vail in a few weeks... hopefully there are some weed stores in place alreeady
hjohnson	mepholic: about 60
mepholic	have you looked into line of site terrestrial wireless?............
mepholic	nvm
mepholic	lol
hjohnson	mepholic: yes, would require the construction of two self-powered repeater stations, on national forest service land
mepholic	yep nope
mepholic	not happening
mepholic	in 1000000 years
mepholic	and it would be way more expensive than it's worth
hjohnson	actually, it could be done, the permitting and so forth isn't that hard, especially if you let the Forest Service co-locate, say, their own radio repeater there.
mepholic	tru
hjohnson	mepholic: well, the curent satellite link is worth about $12k a month
mepholic	oh
mepholic	that's pretty expensive
hjohnson	mepholic: satellite is always expensive
mepholic	$10,000/Mbit
mepholic	lool
hjohnson	mepholic: as a rule of thumb, satellite costs about $10/kbit/month on a two year contract (it's not actually sold in bits or whatever, but when you do the math of data->frequency that's what it works down to)
mepholic	hjohnson: is that IP or transport?
hjohnson	mepholic: it's fuzzy.... the actual satellite link is HDLC, but the modems do IP header compression etc... to improve performance
hjohnson	(huge win on VOIP)
mepholic	ya
hjohnson	ie it only sends every 20th packet header
mepholic	I guess what I'm asking
mepholic	is your satellite provider also your internet provider
mepholic	or do they give you transport on the other side
mepholic	at the downlink site
hjohnson	the satellite provider just provides a frequency allocation
hjohnson	we own 1.2MHz on SES-1
mepholic	I don't really understand much about how satellite shit works
hjohnson	mepholic: a satellite is just a dumb radio repeater
mepholic	yeah I know that
hjohnson	basically dumb as a brick, no onboard intelligence
mepholic	bent pipe etc
hjohnson	yep
trash80	that is not always true..
mepholic	yeah I know trash80
mepholic	that's the majority of them though
mepholic	so hjohnson hm
mepholic	do you have two radios at separate locations?
hjohnson	mepholic: well, our comms provider (which we partner with, nd I actually operate his network) has a main dish at his head end, and then adish in the vilalge
mepholic	ok
hjohnson	he's primarily a rural telco, we're customers... but I know more about htis shit than he does.
mepholic	so you just gave him your freq. allocation, he tuned in
mepholic	and bam?
hjohnson	anyhow, our voice runs via PRI from his telco switch (oldschool NOrtel) to the cisco across the room. :)
hjohnson	naw, the whole thing is his job
hjohnson	though I actually run it. :P
mepholic	I see
hjohnson	basically this is what I did in my day job
hjohnson	so I volunteered to help it out... made it work infinitely better for everyone involved
hjohnson	used to be one huge fucking free-for-all with 80 people trying to hit 1mbps
hjohnson	as you can imagine that sucked balls
mepholic	looooooooooooooool
mepholic	oh man
hjohnson	threw some good QoS at it, some caching, local DNS, etc.... and now it's still slower than snot, but it's reliable.
mepholic	yeah
mepholic	that's pretty neat
hjohnson	and the voice quality is near toll quality
mepholic	you been out to bumfuck nowhere to set shit up?
hjohnson	(g729 over satellite... so eyah, it kinda sucks, but it's useable)
hjohnson	mepholic: yes, professionally as well.
mepholic	that's cool as shit
hjohnson	damnit... why is this not working
hjohnson	this is where I wish i had a remote spectrum analyzer. :(
MrJayPC	http://www.dramafever.com/news/man-jumps-to-his-death-rather-than-continue-shopping-with-his-girlfriend/?utm_source=outbrain&utm_medium=cpc&utm_content=blog&utm_campaign=outbrainpaid I know I shouldn't laugh but.... lol
Twizt3d	Dissolve what up loser
Twizt3d	Don't know how ircs work never used one
MrJayPC	http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16104&view=map Ohhh it's pretty tonight
sartan	http://i.imgur.com/dNfHaiU.gif
halakar	anyone here good with...gulp....Cisco Configuration Assistant (CCA) ??
mepholic	GULP
halakar	I'm trying to NAT port 443 to an inside host (web server), it doesn't appear to be working
halakar	so, naturally after setting up the static NAT in CCA and that not working, I went and checked the security/firewall, and it looks like it's out of the box. wants me to select an outside interface - and there are also inside interfaces to select too
halakar	I guess that is optional ? I dunno. New at this. Anyway, once I select fe0/0 (WAN), I can move the little slider and select a security level (low, med, high)
halakar	i'm assuming that if there isn't anything configured, it just blocks everything incoming on the WAN port?
Krugger	what are you configuring with the CCA?
halakar	it's a UC540
halakar	in my mind, I would select the inside(trusted) interface, then just move the slider to where I want it and click apply - however - what about the inside interfaces listed - two of which are Vlan1 and Vlan100
halakar	err, i'm sorry
halakar	i meant outside(untrusted)
envirocbr	Anyone use a ASR1001 for OTV?
hjohnson	ok.. mdoem came back
hjohnson	wtf
hjohnson	ACTION is confused
jato	One of our windows guys
jato	Is trying to help a customer using OSX troubleshoot stuff
jato	Its got to be the funniest shit ive ever heard
sartan	OSX sucks
MrJayPC	lol
pffs	woo workin from home tomorrow
toastr	"workin" eh?
pffs	yup
pffs	my wifes gonna be on da teevee
pffs	so skipping work
mepholic	so you can be on da teevee too?
sartan	all we have to do is watch all the tv tomorrow and look for how hot or not pff's wife is
mepholic	yeah
mepholic	cause there's only one channel
p3rror	hello
mepholic	hi
mepholic	did u do the needful yet sir???
p3rror	I try to connect to a VPN IPSEC
p3rror	from my debian box
sartan	conact your network administrator for more information
p3rror	mepholic, yes
p3rror	mepholic, the authentification works
mepholic	good
p3rror	mepholic, and now I get /usr/sbin/vpnc: no response from target
p3rror	I can not connect
mepholic	authentification is very important
p3rror	yes
garrettskj	wait
p3rror	I'm behind a wireless router
garrettskj	how is the authentication working
mepholic	no garrettskj
garrettskj	if you aren't able to use vpnc
mepholic	it's authentification
p3rror	mepholic, I dont think so
p3rror	All my vpn does not work
blackswan	i can use vpnc to connect to cisco's vpn from debian from behind a wireless router, so... it can be done
garrettskj	oh sure, I use vpnc all the time.
p3rror	but why I get this error
garrettskj	but "no response from target"
p3rror	yes
garrettskj	isn't an authentication issue ;)
p3rror	yes
mepholic	garrettskj: it's authentification!!!!!
blackswan	probably - and this is just a guess - it's not getting a response from the target
garrettskj	or an authentification issue either ;)
p3rror	garrettskj, it is not authentification issue
garrettskj	blackswan: damnit! why didn't I think of that ;)
garrettskj	lol p3rror
toastr	it's a layer 8 issue
blackswan	i have years of experience in detecting the obvious
p3rror	garrettskj, All my passwords are correct
garrettskj	i'm sure.
p3rror	garrettskj, nop
garrettskj	make sure that authentifying is good, and you can reach the host, and it's ok.
p3rror	toastr, so how to debug
garrettskj	p3rror: are you connecting to a hostname, or an IP
blackswan	the timeout is 1 second, it makes 3 tries, if it gets no response, it gives that message
p3rror	garrettskj, IP
blackswan	but what it's sending, no idea
garrettskj	can you ping the IP
p3rror	garrettskj, yes
drkat_	no response from target can be an auth issue
p3rror	no
mgeorge	hmmm
drkat_	what vpn client
mepholic	hmmmmmmmmmmmm
blackswan	it's sending udp datagrams probably to port 500 or 4500
p3rror	vpnc
blackswan	by default
garrettskj	p3rror: go output a "Debug cry isa" to a pastebin
garrettskj	and post the pastebin
blackswan	does your wireless router do NAT?
mepholic	p3rror: on a serious note is it a nat issue
garrettskj	mepholic: seriousfly?
mepholic	loooool
blackswan	it's probably NAT if it's pingable
mepholic	NATification issue
p3rror	http://paste.debian.net/80373/
p3rror	garrettskj, http://paste.debian.net/80373/
toastr	p3rror: clu by 4
garrettskj	Feb 05 23:48:29 [IKEv1]: Group = DefaultL2LGroup, IP = 41.141.65.206, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key. Aborting
garrettskj	L2L
garrettskj	not RA
garrettskj	pastebin your ASA config.
mepholic	garrettskj: hold
p3rror	garrettskj, http://paste.debian.net/80362/
mepholic	17:45:46 <p3rror> oister, http://paste.debian.net/80362/
mepholic	hue
garrettskj	oh i showed up late to the part ;)
garrettskj	party
p3rror	garrettskj, http://paste.debian.net/80374/
garrettskj	wow
garrettskj	k
garrettskj	are you not handing out DHCP to your VPN clients?
p3rror	garrettskj, You think that I need dhcp server
garrettskj	no
garrettskj	I'm jsut ascertaining your configuration
garrettskj	also: what group ID are you using?
garrettskj	GSajidRA20 ?
garrettskj	why do you have: nem enable
garrettskj	on a RA group policy
p3rror	garrettskj, yes
garrettskj	also your split tunnel ACL...
garrettskj	am i right in assuming your VPN clients are in the 10.100.100.x network? or
garrettskj	192.168.10.x?
p3rror	garrettskj, there are no vpn-addr-assign dhcp
p3rror	garrettskj, so I think dhcp is disabled
garrettskj	yes. but what addresses are you giving your clients
garrettskj	on your tunnel group
garrettskj	tunnel-group GSajidRA20 general-attributes
garrettskj	authentication-server-group LOCAL
garrettskj	there
p3rror	yes
garrettskj	that should allow you use to authentication with "cisco" as a username
garrettskj	I can't remember if that's the default in 8.2 or nto
garrettskj	or if you had to specifically define it
p3rror	garrettskj, really I did not understand
garrettskj	tunnel-group GSajidRA20 general-attributes
garrettskj	authentication-server-group LOCAL
garrettskj	add that
p3rror	garrettskj, yes
p3rror	/usr/sbin/vpnc: expected xauth packet; rejected: (ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS)(30)
garrettskj	test plz
garrettskj	much better.
p3rror	it is worked
p3rror	es
p3rror	yes
p3rror	but I get this error
garrettskj	crypto isakmp nat-traversal 20
p3rror	Feb 06 00:16:20 [IKEv1]: Group = GSajidRA20, Username = system, IP = 41.140.179.192, Removing peer from peer table failed, no match!
p3rror	Feb 06 00:16:20 [IKEv1]: Group = GSajidRA20, Username = system, IP = 41.140.179.192, Error: Unable to remove PeerTblEntry
p3rror	/usr/sbin/vpnc: no response from target
diss\|learning	dsaf
garrettskj	let's take this to a private room.
garrettskj	otherwise we'll be drowning this room
KickStarRabbit	hey yo
garrettskj	what u KickStarRabbit
garrettskj	up
KickStarRabbit	erp me garrett
KickStarRabbit	r u drinking with xous
garrettskj	nah. trying to help someone get a VPN working
garrettskj	because that's what I do
garrettskj	lol
KickStarRabbit	so vpn whats up
KickStarRabbit	kinda quite tonight
mardraum	quite quiet?
KickStarRabbit	damn u mar
KickStarRabbit	i am really bad spiller
KickStarRabbit	haha
garrettskj	yea, it's pretty silent, everyone must be working.
t0m0_	or preparing for their performance review :P
t0m0_	another year eh.
KickStarRabbit	i did my perf already
KickStarRabbit	main point: i am so under utilized i force not sleeping at my desk
t0m0_	Same with my KickStarRabbit
t0m0_	*me
t0m0_	Under utilized/under paid.
t0m0_	The account i'm on is a government site though.
t0m0_	so not a lot of project work to do
t0m0_	especially since our state government lost their credit rating :/
t0m0_	but we have money to bait sharks off our coastline
t0m0_	ACTION returns from tangent
lkthomas_	hey guys
lkthomas	so for OSPF, I don't need to insert remote site IP info, OSPF itself would announce itself to neighbor, right ?
onefst250r	ACTION scratches head
onefst250r	confusing question is, confusing
lkthomas	for static IP route, each site have to insert neighbor info into local router
onefst250r	when running a dynamic internal gateway protocol, you need to configure the router to avertise what links is has connected to it
onefst250r	and, it will advertise what networks it has access to via those links
lkthomas	right
onefst250r	so whats teh question?
garrettskj	i'm waiting tooo
garrettskj	for the qeustion
lkthomas	nevermind, maybe I am confused by myself. Second question: for example area 0, contain two path network (first is acutal link, second is failover link), how long does it take for OSPF to detect first link failing and switch to second failover link ?
onefst250r	3x hello timer
onefst250r	so out of the box, 15 seconds
onefst250r	if its all ethernet
garrettskj	3? i thought it was 4 with ospf
garrettskj	first time, and 3 retries
lkthomas	garrettskj: do you know where does cisco document that number ?
onefst250r	garrettskj: that might be right
garrettskj	just do a gns3 setup,a nd test for youself.
garrettskj	lol you will find out real quick
garrettskj	you just need 2 routers
onefst250r	i was thinking it was declared dead after missing 3
garrettskj	yea, but I think that's it though
garrettskj	3 retries it's dead...
garrettskj	but you still have the first time.
garrettskj	so the time would be equivalent to 4
lkthomas	4 seconds ?
onefst250r	somewhere between 3 and 4?
garrettskj	4 hellos
onefst250r	4 hellos
lkthomas	15 seconds each hellos ?
KickStarRabbit	if tier 1 asks me to powercycle a modem again i am gonna crack
garrettskj	finally got p3rror stuff figurred out
onefst250r	default for ospf is 5 seconds
garrettskj	so 20 seconds.
lkthomas	I see, so 20 seconds
lkthomas	right
garrettskj	1 x 5, 3 x 5 retries = 20
lkthomas	how does it handle flapping link ?!
onefst250r	you can tune if you're so nerdy
onefst250r	tbh, horribly
garrettskj	ok guys. i'll bbl. onefst250r hold down the fort
garrettskj	;)
onefst250r	the protocol has to miss 3 hellos
lkthomas	onefst250r: so it can't handle random packet loss ?
onefst250r	so
onefst250r	if two miss, one gets through
onefst250r	one misses, two get through
lkthomas	grrrrrr
onefst250r	the protocol never signals a failover
lkthomas	right
onefst250r	a better way at it nowadays is to run bfd
lkthomas	bfd ?
lkthomas	Bi-directional forwarding detection
lkthomas	ACTION learn something new
onefst250r	yes
onefst250r	or big fucking deal
onefst250r	depends on who you ask
hendrikz	KickStarRabbit, tier1's can't reboot modems? crayy
lkthomas	LOL
lkthomas	onefst250r: so basically I would just need to insert bfd interface... into configuration
onefst250r	its a pretty simple configuration
lkthomas	is it only OSPF "add-on" ?
lkthomas	I mean, does BFD only for OSPF ?
onefst250r	no, its a separate protocol
onefst250r	and it works for multiple routing protocols
lkthomas	I see
pffs	KickStarRabbit: don't you love shit that has had zero tier 1 troubleshooting?
KickStarRabbit	i hate noobs, tier 1, and wannabe hackers
lkthomas	my supervisor used to tell me "give the tier 1 a break, they are fucking busy"
KickStarRabbit	some of the shit I am told is crazy
pffs	KickStarRabbit: I had a junior engineer walk over today and ask me how to wipe a juniper
pffs	I was just like "....do you not know how to google?"
KickStarRabbit	did you refer to bathroom
lkthomas	onefst250r: so BFD have a lot lower timer, like 50 ms
onefst250r	thats the idea
lkthomas	hmm
lkthomas	onefst250r: during failover situation, does traceroute from client side would show the packet is running on fail over route ?
onefst250r	yes...
lkthomas	onefst250r: I see, so better monitor the route instead of monitor neighbor
lkthomas	onefst250r: I am trying to understand how it works and implement monitoring system on links
onefst250r	monitor bfd
KickStarRabbit	ATT IVR can burn in hell!!!!
onefst250r	link failures = bfd failure = snmp/syslog trap
lkthomas	onefst250r: honestly I don't trust trap :P
onefst250r	so what do you do?
lkthomas	onefst250r: SNMP poll ? :P
halakar	hay guise
halakar	got a UC540, trying to NAT to a web server behind the device, but it isn't working, at least according to a port scan tool -
halakar	I thought something might be up with the firewall, so i NAT'ed to another port to the same box inside, it worked
halakar	Does this UC540 run its own https server that could be interfering? If so, how to get it out of there
onefst250r	lkthomas: sure
hj050	ygu
hj050	hi
lkthomas	onefst250r: if BFD can't be use, what should I monitor on OSPF then?
onefst250r	snmp/syslog
lkthomas	on SNMP, which specific object should I monitor?!
onefst250r	no clue
lkthomas	LOL
onefst250r	im not an nms guy
lkthomas	Ok
onefst250r	i have a noc for that
KickStarRabbit	my gf wants to get a 3- bedroom so she can have her own office
lkthomas	right
KickStarRabbit	i just want her to work horizontal ... am i being unfair
lkthomas	KickStarRabbit: cisco related ?
KickStarRabbit	yes
KickStarRabbit	as I am a cisco tech
mgeorge	http://www.utsandiego.com/news/2014/feb/05/firefighter-chp-handcuffed-freeway/
mgeorge	cop arrests firefighter for not moving his truck which is protecting the response and emt crew
mgeorge	stupid democratic cops
lkthomas	nice
onefst250r	KickStarRabbit: will she make monies in said office?
KickStarRabbit	tbd
mepholic	guys, consumer grade trendnets are production worthy core switches, right???
onefst250r	if not, she should have to work it off somehow :P
onefst250r	./kick mepholic
mgeorge	typically in most states
lkthomas	mepholic: LOL
mgeorge	the fd has authority over an accident scene
mepholic	onefst250r: thats what the last guy that had my job thought
KickStarRabbit	i guess i gotta make her the sugar momma :)
mgeorge	pd is required to provide security and direct traffic
onefst250r	mepholic: hopefully he got fired for being a 'tard?
lkthomas	http://www.trendnet.com/products/products.asp?cat=76
lkthomas	that one ?
mepholic	onefst250r: ftr, he got fired for not documenting anything
lkthomas	mepholic: he don't need to
onefst250r	close enough
lkthomas	mepholic: because he know nothing
mepholic	because he thought that if he didn't document anything, he'd have job security
lkthomas	LOL
lkthomas	closed mind thinking
onefst250r	Boss says "Challenge Accepted"
mepholic	basically
mepholic	my boss is cool
onefst250r	how nice of them. you can emulate trendnet web gui's - http://www.trendnet.com/products/emulators.asp
lkthomas	onefst250r: it could be linux or BSD
lkthomas	mepholic: I think that guy suggest trendnet have a reason: everything is on GUI
mepholic	http://www.trendnet.com/emulators/TEG-160WS_vD1.0R/login.html
mepholic	i think it's that one
onefst250r	username/password is admin/admin! :)
onefst250r	i actually have a trednet device in my soho....a poe N access point
onefst250r	was nice and cheap and does vlans
onefst250r	think i paid like 60 dorra
malaphus	dorra, is that some kind of new virtual currency?
lkthomas	nice
onefst250r	or its me making fun of the japanese
circuit	BYAAAAAAAAAAAAAAAAAAH
onefst250r	what kind of circuit are you?
drkat_	trendnet?
drkat_	gizzay
Titanium	is there a modular trendnet switch?
Titanium	or is that just dell
nobit	was wondering if anyone here has experience with brocade routers. I'm a bit confused by virtual interfaces on brocade, like for example, interface ve 1 is a virtual interface. how would something like that look in cisco world?
civillian	nobit: probably like an SVI
nobit	so basically a vlan that can route ip traffic?
civillian	Not a VLAN, it's a layer 3 interface
civillian	so you attach the ve to a VLAN
Titanium	have you ever used CATOS?
Titanium	in hybrid mode?
Titanium	it sounds like that
nobit	civillian, I see. thanks
circuit	onefst250r: a funky one
Titanium	:)
Titanium	i found 2 bugs where each's workaround makes the other happen
onefst250r	Titanium -- the bug maker
Titanium	o
Titanium	no
Titanium	the developers make bugs
Titanium	i just find them
Titanium	programming - The process of adding bugs to code
circuit	im so glad i didnt pursue programming
circuit	fuck that
Titanium	me too :)
Titanium	i program for fun
Titanium	programming would be fun if it was done as a professional engineer
circuit	coding is fun though i will admit that
Twizt3d	Why can't it be done as a professional engineer?
Titanium	it can
Titanium	it just isnt
Twizt3d	You made it sound like it couldn't. Lol. Gotcha
Titanium	like programming if a PE is going to stamp the code
Twizt3d	Yeahh
Titanium	i only enjoy 2 languages :(
Titanium	and people hate them both
Twizt3d	Which ones?
circuit	which
Titanium	java
Titanium	verilog
circuit	you dont hear too many people who choose verilog
circuit	interesting
Twizt3d	People shouldn't hate Java that's one of the easiest out there
Titanium	its an irrational hate, from unimfirmed people
Titanium	uninformed
Twizt3d	It's not easy but I mean it's one of the object oriented ones
Titanium	you can do so much in jave with so little effort
Twizt3d	Yeah
Titanium	and it can do threading so well, so the code runs fast
Titanium	verilog is insanely fast, and fun to write in
Twizt3d	You just have to know the right classes to use... Lol
Titanium	real men make their own tools
Twizt3d	I've never heard of that I need to look it up
Titanium	verilog isnt really programming
Twizt3d	Is it a newer language?
Titanium	its a language to describe hardware
Twizt3d	Oh, ok.
Titanium	it all boils down to wires and gates sortof
Titanium	instead of assembly
Twizt3d	Still I should look it up though. Sounds interesting
dissolve\|	(()=D
Twizt3d	Lol what
Titanium	^^ explain yourself
dissolve\|	no explanation necessary
dissolve\|	lol
Twizt3d	I remember creating a and my hard drive died and I lost it. It was my first actual program that generated random IP addresses for class A B and Can depending on which one you chose
Twizt3d	C*
circuit	i love watching the food network
Titanium	i made a calculator program that balanced redox reactions
dissolve\|	should have saved that
dissolve\|	!
circuit	these fuckers are cooking huge octopus
Twizt3d	I just wanted to see what I could do with the different classes I didn't think I could do that but I managed it it was pretty cool
Twizt3d	That's cool
Twizt3d	Yeah I should have saved it I did but on the hard drive that died
Twizt3d	It sucks
Titanium	also back in middle school i made programs to do all the algebra II stuff
Titanium	in less time than the teacher took to teach it :D
Twizt3d	I love to program. There are just so many classes it gets a little confusing about which to use because you can use a lot of classes for the same thing
Twizt3d	Haha that's cool
Titanium	write your own
Twizt3d	Yeah I haven't tried that
Titanium	Oo
Twizt3d	I'd start doing that when I have more experience with it
dissolve\|	ACTION slaps Scrye around a bit with a large trout
KickStarRabbit	hmm....
baristatam	ACTION slaps Scrye around a bit with her large dick
circuit	ummm
pffs	ACTION slaps baristatam with his huge moobs
baristatam	bring it
onefst250r	baristaTam: it does not count if its big, black and rubber
baristatam	s/black/purple
circuit	veiny?
pffs	purple, the length of my forearm and causes ladies to scream
pffs	SIDS
baristatam	sudden infant death?
baristatam	o-o
pffs	yup!
baristatam	morbid, yo
pffs	so is you whipping your dick out ._.
baristatam	that's not morbid
baristatam	it's just vulgar
pffs	says you
baristatam	there's a world of difference. but no, neither is tactful
baristatam	I apologize
baristatam	ACTION puts her dick away
drkat	woah
baristatam	o/ drkat
baristatam	to be fair drkat you joined after <dissolve\|> slaps Scrye around a bit with a large trout
drkat	umm
drkat	nice?
drkat	fuck im tired
drkat	meh
circuit	drkat: goto sleep doood
TimberWolf_	take nyquil drkat