drkatim doing training
drkatyour "mom" is over
drkatiBoss Active Directory Integration
drkatso much fun!
drkatthis guy talkin has a very wet mouth
drkatand fat person breathing
diozmouth breathing
drkatheavy mouth breathing
drkatlike its such a work out doing the webex
circuitlol mouth breathing
circuiti fucking hate those people that refuse to swallow
circuitand you see the saliva build up on the edges of their mouth
dioz"clear your throat"
drkatall bitches that dont swallow
drkateat a dick
circuitalmost foaming at the mouth at times
circuitmy professor is the wooooorst
circuitlike buddy SWALLOW
diozor spit
circuitman what am i gonna do for valentines day for my girlfriend
drkattry and do a no roofie night?
onefst250rthats no fun
diozdo what i do
diozand do nothing
diozand if she makes a big deal about it
diozexplain to her what the day actually is
dissolve|wtf whens valentines day
onefst250rnext friday
onefst250rfeb 14th, just like always
circuitsuch a gay fucking day
diozgay like christmas
circuitnono, christmas is acceptable
t0m0_christmas = delicious food and beer
t0m0_valentines = blowjob
drkati hate valentines
drkatmy wife thinks its fucking christmas
drkatand i dont even get a bj on valentines
diozyou been married a while and you got kids
diozi doubt you get bj's anymore
diozyou said 2 daughters
diozi asked my buddy who's been married forabout 7 years now how often he gets a hummer
diozhe said it's been a looong time
diozi lol'd
kuaharaam married, BJs never happen
kuaharafor any reason on any occasion, ever
KickStarRabbitkua haha
diozhow do you warm her up?
diozto penetrate her?
dioz"pre heat the oven" so to speak
kuaharathe ex used to give BJs only on special occasions
kuaharalesson to be learned here is: Don't fucking marry.
kuaharaif you avoid marriages, you can change relationships for free
circuiti have always prefered sex over bjs
kuaharacompletely off topic, but any of you have any experience with tsmuxer? wondering if I can losslessly join two .m2ts files together using the tsmuxer gui
kuaharacircuit: overall, sure. But variety is still nice
circuitthis is true
dioznice hostname!
diozit isn't actually what it says thp
diozwhat are rrsig ?
drkathummers are non existent
diozi assumed
drkatsort of
drkatI got one the other day
diozfrom what i've heard from the married people i know
drkatbut its far and in between
drkatsex isnt as frequent either.. apparently kids + marriage == no sex
drkatof course I could care less if she does it or not.. I'd rather work
diozdoes your old lady work?
drkat_part time
drkat_fuckin laptop battery ugh
diozidk how my mom never worked
drkat_different time
diozdual income housing is needed now days imo
drkat_sure is
drkat_wish i took all my wifes income :)
diozi give my gf all the money i make
diozshe makes more than me and she's a trust fund baby
onefst250rhwo is dual income housing different than single income housing?
kuaharabeen married to my current wife 3 years and she has never needed a job
drkat_well I guess it depends
kuaharathat said, she wants to work, so she has an interview tomorrow
drkat_if the man makes enough etc
drkat_My wife never used to work
drkat_but then I said fuck that noise, I hate paying for everything, free loading cunt
circuitlol trust fund baby
drkat_ya know what I miss? not having to go to customer sites
drkat_I wanna build a super bad ass desktop
drkat_but then I fear I wont use it for its full potential
diozi got a gtx570 with a 60gb ssd and a i3
diozfor gaming
diozwith 16 gb of ram
diozplays any game i want and it was like $500
drkat_My mom just bought a 8gb of ram i3 with a TB of space
drkat_you know.. to check email :)
kuaharaI'm starting to think those are the people that need the most powerful machines
drkat_well shit.. she was gonna get a 4GB win7 box with a core 2 or some shit
drkat_i told her.. no fuckin way
drkat_just spend the extra 150 and get a good box
kuaharaYou open up msconfig on their PCs and not only are they flooded with bloatware, but every app that has ever been installed on the machine is set to start every time windows starts
kuaharaalways the same story, "I just check email and go on facebook"
drkat_I have a dell inspiron 530 im gonna put win7 on.. it has a dual core processor and 4gb of ram
drkat_nothing great
drkat_but good enough for my needs
kuaharaI need to start telling people, "oh for that, you're going to need a large SSD, an extreme edition cpu and 64GB of ram" (so I never have to talk to you again).
drkat_this pc im on now is an amd athlon 64 with 2gb of ram
kuaharayea, but you don't require as many system resources as the "I just check email and go on facebook" users
drkat_this is also true
drkat_my laptop is a core 2 duo with 3gb of ram
drkat_i seriously dont do jack shit with my computers
drkat_i just work and like check my bank and talk on irc
garrettskjdrkat_: you are hardcore
drkat_i know right
drkat_man i just do this shit to get paid i could care less :)
Titaniumcan you even boot windows in less time than heat death of universe with 2 GB ram?
drkat_XP boots pretty quick
Titaniumyes it does :)
DavidHif you cant boot windows with 3GB memory you are not designed for this industry
Titaniumbut unlike me, most people have upgraded
drkat_my win 7 laptop has a 3gbps ssd
garrettskjif you can't boot windows with 128mb of RAM
garrettskjyou aren't designed for this industry
Titaniumanyone ever boot an OS that pages to tape?
DavidHI have a win7 netbook with 1GB and it runs smooth
garrettskjhahahaha Titanium
drkat_Titanium, eh?
garrettskjoldest I have ever done was an MFM drive
drkat_I really AM running XP SP3
drkat_on this box
Titaniumi only got sp2 :(
Titaniumsp3 is evil
drkat_i bought this pc off craigslist for $100 bucks
drkat_i dont like to spend money on computers
Titaniumi used to do that
drkat_my laptop i got for free
garrettskjI got MFM running with windows NT 3.51 when I was in highschool :/
garrettskjkinda a challenge really
drkat_and my other desktop? free
garrettskjwhy are you guys not running linux
drkat_cuz it sucks?
garrettskji will help you guys run it.
garrettskjit doesn't suck at all
garrettskjit's freaking great.
circuitACTION gasps
drkat_I ran linux back in the day son
garrettskjlol it's totally a different animal my friend ;)
drkat_openoffice is gay
garrettskjthat's becasue no one uses openoffice
garrettskjyou use libre office, or google docs
drkat_whatever its called now
circuitlibreoffice sucks too
garrettskjgoogle docs usually
drkat_they all suck
kuaharafucking tsmuxer
drkat_MS office is still top dog
kuaharajoined 2 files, specified the right order... it muxes them backwards
DavidHgoogle docs does everything i need it to
garrettskjfine fine, run a VM with MS Office.
circuithow often do you use MS office tough
drkat_what about orca for msi edits
drkat_can you run that in linux?
kuaharaI'd imagine a VM is where I'd need to run linux if I had a use for it
kuaharatoo much windows shit is not meant to be emulated
circuitumm fuck windows
drkat_the windows admin running linux ha!
onefst250rget a mac then parallels your windows
kuaharaI just had a nightmare experience just trying to get osx and windows to dual boot when the original os was osx
kuaharaused bootcamp
garrettskj05:59 < kuahara> too much windows shit is not meant to be emulated
garrettskjthat's ridiculous
DavidHyeah it is
DavidHi have virtualized more windows servers than i can count, and ive never had any more problems then with linux or bsd
garrettskjseriously drkat_ you with your Core2Duo
garrettskjyou are ripe for linux
kuaharagarrettskj, while I don't think I'll have time to game in the foreseeable future, most games are not VM friendly
garrettskjkuahara: vmware workstation has 3D hardware acceleration.
garrettskjkuahara: SteamOS is built on debian
kuaharagreat, try playing pretty much anything made by blizzard in a VM
garrettskjdrkat_: ubuntu or fedora
DavidHtrying to sell him on l inux?
DavidHwindows is still for gaming righ tnow
garrettskjkuahara: like WC3?
drkat_im good
drkat_i admin windows bro
drkat_i gotta endorse the product
kuaharaI don't game right now though, so I have no real arguments
kuaharaI spend most of my time (for the last 2 months or so) studying and am guessing that is what I'll spend most of at least the next few years doing
drkat_shit man im just confused on to use my desktop or laptop
drkat_thats my dillema
garrettskji'm happy right now.
garrettskjnew episodes
drkat_i remember I had my computer just the way i liked it, my apps, etc etc
drkat_then bam crashed
drkat_so now I dont customize shit
Titaniumdo you at least unhide stuff windows hides?
kuaharaheh.. every time this guy reads the word "facility" he keeps saying "faculty"
blackOffapril 18
eirirs_Scrye: are you there?
KickStarRabbitahh choo
drkat_shit i still run office 2003 on this machine
drkat_damn im outta date
drkat_time for bed
circuitnighty night keep your butthole tight
Titaniumfacility was a crappy cpounterstrike map
newtmewttonight is shit
newtmewtour office lines are bouncing
Titaniumi got a week of work done today :)
newtmewtsome remote vpn's site primary connection is shit and no one has showed me how to force them down the backup
Titaniumdepending on how you count
blackOffnewtmewt, read the notes/manuals
blackOffor go home
Titaniumim too excited to sleep
Titaniumtomorrow i am going to use my program to figure out how a switch does some of its forwarding that is secret :)
Titaniumand i dont know the answer before i start :0
newtmewtblackOff: we have no manual lol
newtmewtand notes are lacking
bruceleeanyone know how i can configure anyconnect vpn to have specific network access (like accessing another VLAN), based on the anyconnect user's windows group?
n1njaTitanium, what program?
blackOffsounds like hell newtmewt
Titaniumi wrote it
Titaniumi think it is named Java Application 47
xousanyone have custom machining stuff done?
xousI used to get a friend to do shit like that for cheap
xousbut then I moved heh.
xousneed someone to make some rackmounts
Titaniumbuy some angle brackets from lowes and a metal bit?
Titaniumif bending a piece of metal and drilling 6 holes in it is 'custom machined part' ...
Titaniumi dont know what to say to you
xousit's a bit more complicated than that
xousI need 35" rails for a IBM bladecenter
xousIBM don't make e'm that keep
xousso I basically need angle iron with ears wielded on the end
xousthat can hold 400lbs
xousbetween the two
xousif I were at home I'd do it myself with the arc wielder (after afew attempts)
xousbut I dun got one here.
xousI need two sets... dunno wtf it would cost though
xousif it's more than $100/pair
xousfuck that
Azeei need foot in the door in networrking field. got my ccna last year. currently getting ready to give ccnp switch exam
Azeewhat kinda jobs should i be looking for ?
xousCCNP with no experience?
saqentry level
saqexperience = king
xousyeah. CCNP with no experience = resume tossed.
Azeei dont wana get ccnp without exp
saqif you picked up ccna and ccnp easily you have a good brain for this stuff and you'll learn quickly
saqfind something that deals with networks that wants to hire somebody like you
saqget practical experience
xousAzee: learn how to troubleshoot effectively.
xousMost people memory shit
xousmemorize shit
Azeei dont
xousbut fail at troubleshooting
Azeesince age of 15-16 i was into botnets n stuff on irc
xousuhh. that is not really something to brag about
jcpeters01Hello everyone, I am working on a Cisco 1841 router. I have two wan connections and using ip sla to monitor my primary wan (Cable Modem w/DHCP (static is not possible)) and failover to a cradlepoint. When the cable modem recovers, after a logical failure it comes back 'up' but the default route continues to the cradlepoint. Is there a process I can run to make sure that DHCP rebuilds the default route?
xousany idiot can run a botnet
Azeei know
Azeei am a techy person
Azeethis stuff interest me
xousso find an entry level job
xouscage tech
xousnoc monkey
Azeehey everyone starts from somewhere
jcpeters01working a noc can be interesting... can also be boring haha
xousAzee: that's what I just said
xoustry to keep up.
Azeeu used the term monkey .. lol
Azeeso just defended myself
Azeethat might be my future
eirirs_as a monkey
xousI call our helpdesk guys idiots.
Azeeworking at noc
xouslazy bastards
Azeei did work as helpdesk before
eirirs_I never did
newtmewtffs this is pissing me off
Azeefor about 2 years
xousI finish what I'm doing. save changes. take a drink
xous"ok so what is the problem?"
xousmaybe I'm just cranking
Azeedamn irc is still full of trolls.. i missed it
eirirs_when are Scrye awake
xouseirirs_: scrye is driving right now
xousso I'd hope he's awake
xouseirirs_: what do you need?
eirirs_I need to talk to him
xoussend him an email
xousthat's the best way to get him to do orders and shit.
eirirs_it aint about orders, just some quesitions
xousAzee: trolls?
xouseirirs_: about?
newtmewtACTION wishes i knew more about these fucking vpns
xousI imagine he's not gonna be around on irc for at least a few hours
xoushe's probably 2 hours into a 5 hour drive
kuaharaI will never fucking buy prolific again
xouskuahara: fucking told you didn't I?
gosimorning folks
xouskuahara: get a linux livecd
xousmight work in there
kuaharathis thing is such a piece of shit
kuaharaxous, can I just run it in a vm?
xousyou'd probably have to remove the windows driver
kuaharaany particular linux distro?
xousit should be built into the kernel
kuaharacrap, uninstalling this requires a reboot
xousthe module name is pl2303 iirc
xouswhy does everyone cheap out on the usb2serial shit
drew__the problem ive had with those usb serial converters is sometimes the usb vendor id is different
drew__there are really 2 main kinds
drew__pl2303 and ftdi
xousdrew__: there are shitton of chiness knockoffs
drew__both work just fine
drew__all of the chinese knockoffs are pl2303 or ftdi
xousI've never seen one for ftdi
drew__even if the usb vendor id is different
xousI've seen tons of the pl2303 though
drew__all you have to do is hex edit your pl2303 driver and add the usb vendor id
xousI had a legit prolific
xousit started doing screwy shit after 2 months
eirirs_I like how my support mails are immediately escalated in 99% of my cases
xousI find if you get VERY specific in tickets
xoustier1/tier2 panic and escalate
xousor if they are really dumb they ask you to power cycle and check cpe
xouslike megapath
xousor misinterpret the results
xousyou know how cisco's ping commands says
xous"Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:"
xousand it was followed by "!!!!!"
xousMEGAPATH moron read that
xous'it's timing out every 2 seconds. It's your CPE!"
eirirs_xous: Ilol
xousI was NOT nice
xousOk. Please escalate this to someone who understands basic networking because it's clear you are a moron."
xoushe was a tier 2 manager.
kuaharaI think I would have de-escalated
kuaharapass me down to someone who makes half your salary please
xousI send a a very angry email to a bunch of people
xousmy boss had to applogize for me
xous"You can't call people morons and idiots."
xous"He was a moron."
kuaharajust start repeating shiboleet into the phone over and over
xousI just make our tier1/tier2 deal with them
kuaharashiboleet, shiboleet, shiboleet, WHY ISN'T THIS WORKING?!?!! shiboleetshiboleetshiboleet
xousit's like pokemon
xousmy idiot and their idiot fight it out
kuaharahttp://xkcd.com/806/ (in case the reference was missed)
xousI forgot about taht
xousI just write down tier 3 numbers when find someone that's not an idiot
kuaharaI tried to chat support once, gave up on this guy and called in. Turns out the guy I called was sitting right next to the guy I'd been chatting with.
bruceleeanyone know how i can configure anyconnect vpn to have specific network access (like accessing another VLAN), based on the anyconnect user's windows group?
dadrcThey were probably like: "Yo, dude, I've got that guy you were just chatting with. He nice?"
kuaharaI don't remember what the support call was about, but he announced it out loud, "ah yea, you were just talking to the guy sitting right next to me"
kuaharathen worrying that the other guy was probably talking shit about me now
xousI make fun of most of our customers
xousI've had tier1 come and tell me about a problem
xousask one or two questions
xousthen say the customer is lying.
dadrc"We didn't touch that."
dadrc"Oh, unplugging stuff counts as touching? Did not know that."
xousthat one the first things I try to beat into them
xousthe customer is almost always gonna lie to you
xousverify everything
xoushell. I verify when our techs are on site
xous"I just plugedd that switch into fa0/24
dadrcvery house-md-y
kuaharawhen I was at AT&T, we had a few bad techs call in, but the vast majority of problems were from agents in our center that either can't or refuse to think outside a very small box they live in.
dadrcEverybody's lying.
xousnope you plugged it into 22
xousmove it.
xous"oh, oops"
xousdadrc: the question is "about what?"
Oliberhttp://davesblog.com/blog/2014/02/05/verizon-using-recent-net-neutrality-victory-to-wage-war-against-netflix/ | http://bgr.com/2014/02/05/verizon-throttling-netflix-amazon-aws/
kuaharaI just imagine them sitting there all, "this is what the paper says, I don't care about your real world scenario"
xousI still make fun of this one client iT guy
xouswe call him dimlights
xousbecause he callled in on weekend
TimberWolf_you make fun of everyone xous
xous"what's wrong with the switch?" Light's dim."
xousTimberWolf_: so?
dadrcxous, cynical, but probably right.
TimberWolf_oh nothing.
xousWhat's life if you can't find something to laugh at?
xousdadrc: effective.
TimberWolf_you just don't need to state that you make fun of on guy :P
xroHi, is there someone who already had allowed vlan list mismatch between Po and interfaces? what can cause it? normaly Po conf should be sync into interfaces...
kuaharaI'd get escalations from junior agents that would go something like this (and I am not making this up), "this prem tech wants a helper, but says he can't sync up at the terminal because it was hit by a car. I can't approve this if he doesn't sync up at the terminal".
xousHe was a complete idiot. Invoked the 'power of certification' and was completely wrong on several different issues. All stemming from his stupidity.
xousHow does that not deserve mockery?
Oliberincompetence should be rewarded, with promotions
eirirs_I hate people that waves with their title, degree or certs and is like "LOOK THIS! I KNOW THIS ALL!"
dadrcPromote 'em out of the way so the competent people can get some shit done?
xousI say fire 'em
xousand laugh when someone calls for reference
TimberWolf_heh the other day i had tech try and tell me that a user did not exist
dadrcThat'll unfortunately just get you new idiots.
xousdadrc: interviewing people isn't so boad
xoushour away from work
xousget to destroy someone's self worth
eirirs_conan the librarian
xouswhile playing with my cellphone
TimberWolf_checked AD and saw the user was there. Turns out someone had spelt the users name wrong in an email and instead of just searching for the user asked me
dadrcdunno, hiring's not my thing.
xousTimberWolf_: haha.
xousdadrc: I kinda forced my way into the hiring process when they kept hiring morons
blackOff3TB/$95 white lable 1yr warranties
kuahara"he can't test because of foreign voltage on the line, so I can't approve this".
eirirs_TimberWolf_: been there, seen this. I spelt Manual instead of Manuel once :( that dude were like "manual username didn't work, btw, why did I get THAT username instead of my username?"
eirirs_im like, fuck what happended , needs to slow it down
xousthat's why I copy and paste shit like that
xouscan't fuck it up.
eirirs_xous: for me its faster to type manuel instead of copy paste it
xousbut then you fuck it up
eirirs_true lol
newtmewti'm a moron righ tnow...
eirirs_thats my first anyways
TimberWolf_can't be as bad as our imaging monkey
newtmewti spent like an hour(cause i'm in panic mode with like 100 things happening) and all i had to do is set the admin distance on the bouncy wan to higher than the non bouncy wan....
newtmewti was trying to fuck with route-maps and shit...
xousdo or do not -- there is no try :P
xousnewtmewt: I thought you did all DIA shut
newtmewtand this other one was down cause no one ever configured the fucker... GRRRRRRRRRRRRRRRRRR
newtmewtxous: mostly
newtmewtone customer we ahve started doing VPN shit for them
newtmewtback to their data center
Azeeto get a job alot of places require A+ ? worth doing it ? even though its a joke....
xousAre you gonna touch hardware?
Azeehelp desk jobs ...
xousthen it might be advisable
blackOffyou peaked at the book?
xouscerts get you past HR
kuaharaI fucking hate shit like A+
TimberWolf_our imaging guy fucked up bad this week. We have finally started installing windows 7 and was giving out a loaner to some dude. Turns out the laptop belogned to a VP before the guy never formated the drive so all the VPs files were still on.
kuaharahow many pins does ______ have?
blackOffA+ is all your basic hardware tech stuff
xousTimberWolf_: the imaging guy didn't reimage the computer?
blackOffnot going to learn much to do with cisco stuff, but it's a good cert to start with, or a good book to read
TimberWolf_xous, nope just installed 7 on top of xp without formatting
Azeei think in this day in age everyone older then 12 knows what A+ teaches...
TimberWolf_so you get the nice windows.old folder
dadrcThe fuck. That's not imaging :>
xousTimberWolf_: what's the point of calling him an imaging guy if he doesn't do it.
blackOffA+ goes through the Windows OS tech also
blackOffit's like a 1800 page book
TimberWolf_xous, he imaged pcs with XP. I just got tasked with creating the process for win 7 like a week ago
kuaharayea, but it also goes through a bunch of random trivia questions you don't need to know in order to use the related technology.
TimberWolf_but boss man said start doing win 7 install now anyways
Azeelike what ? windows regiestery ?
xousTimberWolf_: and it still hasn't got it done?
dadrcTimberWolf_, I kinda get the impression you guys are a little behind on the tech curve.
blackOffregistry too
blackOffit's a technician cert
kuaharaAzee, like my pin count example question. As if you can't plug something in without knowing the exact number of pins on the end of whatever connection
Azeei was thinkin ccna date centre
kuaharaand general b.s. just like that
xouskuahara: you'd be surprised how many people fuck that shit up.
blackOffi'd get A+ before attempting ccna data center
xousand you mean you don't know all the pins?
blackOffor at least read the book
Azeei gave ccna r&s
kuaharaxous, no. why bother?
TimberWolf_dadrc, not so much the tech curv but the staff curv
xousphone powers up but says ethernet disconnected. it only has an ethernet cable plugged in? What is wrong?
cisconinjahow are you folks doing
blackOffgood, u?
cisconinjawhat is one forgot their enable secret 5 password?
TimberWolf_xous, someone fucked up a cable terminiation?
xousit's 3am
cisconinjai think i found a bug in cisco ios
xousTimberWolf_: exactly. What makes you suspect that?
TimberWolf_xous, power but no data
cisconinjaand i am not drunk yet :)
xousbecause power is passed on pins 7,8
xouskuahara: that's why you need to know pinouts
xroany input about "allowed vlan list" mismatch between Po and Phys interfaces? (When i do a switchport trunk allowed vlan add XX to my Po, i didn't see the vlan on the Phys interfaces)
TimberWolf_had a similar issue with an old analog polycom phone
Azeethis is more like ccna voice then A+
TimberWolf_the phone had power but couldn't place calls but would ring
kuaharaxous, in a few specific situations you may
Azeethey dont teach out about voip in A+
newtmewtffs shit is breaking everywhere
kuaharabut you don't need to memorize them for every connection type in existence
TimberWolf_turned out pin 7 was not terminated
xouswe had a customer have all these brand new drops installed. installer only terminated 1,2 4,5 because that's all thats needed for ethernet.
blackOffthey go through voip a little
dadrcknowing your basic ethernet cabling is good, knowing all the pins in vga is probably useless
xousmaybe not
blackOffcisco is all networking
Azeethats what i wana do
blackOffa+ is just tech
dadrcIf a VGA cable gives you any trouble, you just dump it and get a new one :>
kuaharawait, you don't know how many vga pins there are? You're clearly not qualified to plug this in. exam fail, try another career.
blackOffthey're not really comparable
cisconinjawhat is one should do if they forgot their enable secret 5 password?
xousI saved a customers ass once by making a t1 xcover on the fly
blackOffa+/server+ wouldn't hurt if you're going the comptia route
xoustheir IT guy had no fuckign clue
Roqcisconinja: password reset
xouskuahara: it's 15 pings, iirc
dadrcAnd if you really need the pins for something, you can just look 'em up.
newtmewtACTION wants to run and hide
kuaharaxous, ok, so I have ubuntu installed in this VM.. wait, shit forgot to count the number of pins on the rs232
dadrcnewtmewt, nobody stoping you :P
cisconinjaRoq: by changing the confreg from rommon right?
kuaharaok, 9. that solves that.
xouskuahara: 9
Azeeu can findout all ur pin answers from there
newtmewtour work fiber connection s maintinace that we were suposidly told about
TimberWolf_he couldn't even google it?
newtmewtthe backup cable line we have no fucking clue
Roqcisconinja: usually yes, what device do you have? Just google 'device number password reset'
xousRoq: password recovery
xousAzee: internet is not always availible
cisconinjaRoq: i figured how to do it in less than a sec , without changing the confreg
newtmewtgranted the ILEC for for both is the same....
newtmewtbut the clec confirmed on their end they were doing maintiance
newtmewtso no clue about the cable
Azeexous: really ?
cisconinjaand without reload the device
xousAzee: it happens
xousout in the middle of no where
xouspoor or no cell reception
newtmewtxous: Azee my office right now......
newtmewtwell not this second
kuaharaanywho... so how do I test this serial adapter on a linux vm?
newtmewtbut tonight lol
newtmewtwe need to get a diverse connection with a different ilec
Azeeget a new network admin if ur network is down
xousAzee: I've walked remote hands through command after command
xouswhen there was no other option
blackOffwhat if a mouse took it down
newtmewtthe fiber runs over the local cable provider(who also does fiber and stuff)
newtmewtand the cable.... well runs over the cable provider
newtmewtthe fiber is via a clec in the area
xousthen there was the time our entire office was down
newtmewtand the cable is straight from the cable co
newtmewtso IP/routing wise we have diversity
xousbecause bell killed the wrong oc12
newtmewtbut plant wise... not so much
lo0Free /69 IPv6 allocations on Valentine's day? Sweet!
newtmewti mean its fiber vs cable plant
Azeexous r u from GTA ?
newtmewtbut at some point they go back to the same fiber i'm sure
xousAzee: yes.
Azeeah cuz i heard bell :{
xousI'm 5 minutes from bloor and yonge
Azeegrand theft auto
xousGreater Toronto Area
newtmewti normally just call it the "the northern neighbor" or "northern snowy neighbor"
xousit's what they call this jumble of cities that grew together
newtmewtgranted recently we have a shit ton of snow here
newtmewtthe coutny sheiriff shut downt he roads yesterday
Azeeis bell as opennings for freshies ?
Azeeentry lvl ?
xousfucked if I now
xousyou wouldn't want to work there anyway
xousfucking retards.
Azeethen u r kinda the right person to take advice from u know the job market here :P
xousfull of idiots with lots of degrees
xousall worthless
xoushad one CCIE voice wanting 75k/year
xouscouldn't even tell me how to get the physical port from a mac address on a switch
eirirs_degrees and no experience
xoushe was a friend of an employee too
Roqxous: i don't understand that, that's ccna level
xousthey train to pass tests
xousnot to actually troubleshoot
xousif give them a actual problem
xousand watch them try to work it
xousthey break down and fail hard...
newtmewtyou'll be dead before they figure it out
kuaharaxous, you familiar with ubuntu?
terabitit sucks!!
Azeethats why i am looking for work
xousI've used it
Azeei dont wana be a paper ccnp
kuaharaI plugged in the usb to rs232, not sure how to find it in this os
xouskuahara: type dmesg
Opt1Azee, did you build a lab at home?
newtmewtkuahara: do a "dmesg"
newtmewtand look for the device
xousyou should see something like /dev/ttyS0
xousor /dev/usbttyS0
terabitkuahara: /dev/ttyUSB0
xousor something like that
eirirs_and then you can access the console using screen
xousor minicom
Roqxous: ah yeah i know those too. guy i know memories a downloaded exam, without actually understanding what he memorised
terabitno ttyS0 is for serial,he's using a sub converter
Azeejust starting to build one at home
kuaharaI saw about 10 pages of bullshit fly by
RoqHe still passed
xousterabit: I find the naming varies depending on the driver
terabitkuahara: if ubuntu comes with the driver for usb-> serial converter it should be there
xousdon't forget to makme sure you assign the device to the VM
xousotherwise it won't work
eirirs_xous: any suggestions for an alternative to using a old 2500 as access server for cisco labs?
terabitxous: I've only tried 2 different brands of converters but buth used ttyUSB0
kuaharawhen I type dmesg, I get instaspammed with pages of text
terabitkuahara: that's normal
xouseirirs_: NM-16A/S
terabitand dmesg won't tell you that anyways :P
Azeei used packet tracer at home and there lab at tution
terabitkuahara: "ls /dev/ttyUSB0"
eirirs_xous: got a NM-32AS incoming lol
terabitdoes that show the file ?
xousterabit: looking at the dmesg output should be more definitive
kuaharathere is no ttyUSB0
terabitxous: it won't tell you the dev node
Roqkuahara: you can type lsusb (or sudo lsusb)
Azeebut for ccnp switching u can use any simulator :(
xousterabit: does on mine
Roqkuahara: or lsusb -v
xoushe's doing with inside a vm
terabitkuahara: then try what xous said use putty and try serial connection to /dev/ttyS0
xousso this may not work at all
kuaharawhen I try that, putty fails to open a port
terabitoh,ubuntu is in the vm ? windows guest ?
kuaharawindows is the host
kuaharaubuntu is the guest
xousI told him that it may or may not work
xouskuahara: you sure you assigned the usb device to the vm?
kuaharaI checked, vmware says that it gets it by default
kuaharaand that if I want the host to pick it up, I have to disable that feature in vmware first
xousdo you see it in lsusb?
kuaharawhen I try that, it just says no such file or directory
xoussudo lsusb
kuaharaBus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
kuaharaBus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
kuaharaBus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
kuaharaBus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
newtmewtstop spamming
xousit's not there
xousnone to eat
Roqkuahara: can check in syslog? 'cat /var/log/syslog | grep usb'
kuaharamy wife eats that crap all the time
xousmystery meat
archuser2Hey. Did anyone work with alcatel lucent?
newtmewtwow..this customer of ours that is having us do the VPN shit is finding(and we are too) that when we go out a LOT of the locations main switch at the site is actually an old HP hub......
newtmewtand its not actually HP
kuaharaRoq: http://pastebin.com/reiGdUXN
newtmewtits HP branded, but is cisco hardware, i think it says "powered by cisco" or something
terabitkuahara: xous said it's not there
xouskuahara: yeah. the usb device didn't pick it up
terabiteither you need to do modprobe or it's not connected to the virtual machine
xousso either you haven't assigned it to the vm
kuaharacrud, moved it to a different usb port and windows is trying to install the driver for it
newtmewti suspect you don't have it connected/passed correctly
terabitdon't you need drivers for the guest btw ?
terabitvmware drivers *
xousterabit: it picked it up
xousshows the vmware hub
xoushe can try modprobe pl2303
xousbut I think it would still show in lsusb
RoqIt should
kuaharathere's no device manager gui similar to what windows uses?
terabitkuahara: nope
xousyou don't need one
xousthis is fastar
terabitevery driver comes with linux
kuaharaI typed sudo modprobe pl2303
kuaharait dropped to the next line, no error messages
xousnow do dmesg
terabitmy usb-serial is " QinHeng Electronics HL-340 USB-Serial adapter "
terabitthen it might have worked
xousand lsusb
xouspastebin both
dadrcyou can check the loaded modules with `lsmod`, if you suspect that something went wrong there.
kuaharaxous, dmesg produces more text than I can scroll back to see the beginning of
xousthat's fine
xouswe only want the last few lines
eirirs_kuahara: add |more on the end if you want to see all
xousless is more :P
eirirs_kuahara: I also like to use lshw|more
dadrcif you're on ubuntu, there's pastebinit. `dmesg | pastebinit` will put the whole thing in a pastebin and echo the url
dadrcyou'll probably have to install it, package's called pastebinit (surprise)
xouslooks like the driver loaded
xousbut no device found
dadrcyou can also pastebin files, `pastebinit /path/to/file`
kuaharaxous, that mean the adapter is broken?
eirirs_I've experienced something similar to it, had to blacklist some conflicting modules
xousprobably means usb passthrough isn't working from host to vmware
terabitkuahara: I seriously suggest dual booting linux
xousjust do a livecd f
eirirs_who hell is using cd these days
dadrcNo need to install stuff, just boot it.
terabitif it's just for putty why not
xouseirirs_: who the hell uses more these days :P
eirirs_xous: me
terabithaha,while your at it try opensuse :)
xousless > more
eirirs_xous: I want more!
terabitxous: no,specially not with money ,sex and food!
eirirs_terabit: unless you are xous
terabitACTION wonders what else matters.....:P
terabiteirirs: hope not
terabitI woke up today and broke my gentoo host ,finally fixed now :(
hjohnsonwow, their power is really sucking today
hjohnsonthree major outages probably 8 hours or more
hjohnsonguess the power plant is freezing up
xousfix it :P
newtmewtffs provisioning.. they are putting the ILEC circuit id's into our circuit id field....
newtmewti dont' care about that except at install
newtmewtafter that all i need is the carrier we pay's circuit id
kuaharagrr.. it won't let me select this damn ubuntu image to use with "startup disk creator"
terabityou may or may not want this but susestudio.com lets you create usb/hdd/iso/vm/cloud images with customized packages and branding and download the images :)
kuaharadoing it in windows instead
kuaharaI assume that if this does not work with the livecd, then the problem is undoubtedly the adapter
hjohnsonxous: it's -8F outside right now...
hjohnsonnot much I can do to fix that
xousmake fire!
xousheh. it's hydro electric?
newtmewtisn't most stuff near niagra?
xousnewtmewt: he's not here.
xoushe's on the other coast
newtmewtall i know is if our office internet bounces again i'm out
hjohnsonxous: yeah
kuaharaok, I've got the laptop booted into ubuntu live usb
newtmewteverytime it bounces i loose ssh to this box i'm IRC'ing on, any work boxes i'm in, and our portal's login(have to re-log)
hjohnsoni'm finally going to put my SHDSL link ito place, but to work around these kinds of power outages
hjohnsonthe two main nodes of my network have very large battery banks (8 to 12 hours of runtime)
hjohnsonthe middle node that all the traffic has to go through only gets about 3 hours or so
newtmewthuh, for once the fuckers at level 3 were right...
newtmewtthe circuit i was bitching about the 10 vs 50Mbps
hjohnsonquick, buy a a lottery ticket!
newtmewtit is in fact a 10Mbps circuit, just with "upgrade rights"
newtmewtalso.. they suck at differenting between Mbps and MBPS
newtmewtfor the same circuit this is the billing: IP:Fixed,10 MbpsFE and Access SEQ1 FE 10 MBPS Offnet
kuanixok, new paste is: http://pastebin.com/YnNHjF2H
hjohnsonwell, network is goign to die again
hjohnsonpower is out, and the UPSes are not liking it at all
kuaharaxous, that look any better?
Opt1just bought eigrp.co
newtmewthmmm and why do we have a NRC of $2.00 on that circuit.. WTF
Olibernewtmewt: NRC? not seen that acronym about..
newtmewtNon-Recurring charge
newtmewtone time fee
kuanixgrr... on the live usb version, I can't install putty
onefst250ralso nuclear regulation commission
hjohnsonNational Research Council
kuanixattempting to returns: E: Unable to locate package putty
kuanixsame command I used in the vm
xouskuahara: use screen or minicom
onefst250rnorwegan refugee council == CuriosTiger?
xousand does the device exist?
kuanixsays it can't locate package minicom either
kuanixxous, I would assume so if it works, I left another paste
kuanixit found screen
kuanixwonder why the live version can't install putty
xousprobably no dns
xousor no internet
kuanixwell, we're chatting :)
kuanixinstall screen, but the app doesn't appear to be there
kuanixfrom the dash anyway
xouskuanix: it's command line only
kuanixmind walking me through testing to see if this works?
xousscreen /dev/ttyusb0
xousor whatever the device is
kuanixthe new paste of dmesg and lsusb is http://pastebin.com/YnNHjF2H
xousyeah it picked it up
hjohnsonand there it goes
eirirs_onefst250r: yep
eirirs_dont forget to specify baud 9600
eirirs_when starting screen
kuanixholy shit...
kuanixshit is working
kuanixinstalling ubuntu on this laptop lol
kuanixI finally have a use for it
hjohnsontha-tha-tha-tha-that's all folks
kuaharaclose to that's all
kuaharahave to google what the work around is to getting into this router
kuaharasince it's requiring a user/pw
xousmodel password recovery
xousit's easy as shit
kuaharaI know there's a reg entry that can be changed
kuaharaThanks for walking me through all that
kuaharaI know that's frustrating ;)
hjohnsonoh well, tomorrow hopefully they'll get the 1803 setup
kuaharagod, doing side by side installations of windows and linux, linux and linux, or windows and windows is SO much fing easier than doing a side by side install of OSX and anything.
kuahararesize partition, install new os, done
xroany input about "allowed vlan list" mismatch between Po and Phys interfaces? (When i do a switchport trunk allowed vlan add XX to my Po, i didn't see the vlan on the Phys interfaces)
kuaharaso if someone sells a router with the user/pw not wiped out and you recover the config, you can get the password in plain text
kuaharasounds like they might, potentially, be putting their network at risk
newtmewtyou can encrypt them too
newtmewtsome people don't
kuaharayea, but the encryption used with service password-encryption is pretty much just kiddie encryption isn't it?
newtmewtyou can set the type
newtmewtyou can use type 7 or md5
newtmewttype 7 is kiddie
mAniAk-_-type 7 is reversible
newtmewtmd5 is pretty good
newtmewtits not reversible directly
mAniAk-_-md5 is fine, though it can be found it with time
dadrcmd5 is worthless, if some wants the password badly enough
newtmewtof course
newtmewtbut it keeps the kiddies out :D
dadrcyeah, ok
xousheh. I broke some shit.
dadrcan arm and a leg?
mAniAk-_-kuahara: even if you forgot to wipe it before you sold it you shouldnt have any local usernames anyway, central tacacs/whatever, password on console and enable
xousdadrc: montreal
xousour montreal pop
xouskuahara: that's why only noobs sell routers without wiping them
xousand yeah most companies use tacacs/radius anyway.
dadrcxous, have you tried turning it off and on again? :P
xousdadrc: it was taking a weird l2 path through some switches that are acting up
xousand then there was an mtu issue on the link
dadrcI swear, sometimes those things are just out to fuck with your day.
xousthe switches?
xousor mtu?
xouswell these switches were probably dropped down a few sets of stairs by the looks of them
xousso I can't exactly blame them.
kuaharayea, they used md5
xoussha512 on modern ios
xouscisco's md5 is salt+hash so you can't use a pre-computed hash attack on them
dissolve|do i really need to memorize the different types of LSAs?
xouswhy not?
dissolve|just wondering how important that is
xouswhat are you doing?
dissolve|judging by your answer it is
dissolve|still ccna
xousnot sure if it's required for the CCNA
dissolve|quick lsa type 3 what is it!
xousfucked if I remember
RoqIt's more a ccnp topic, not so much ccna
dissolve|2 months from now then :p
xousI memorize what I need
xousI'm lazy.
dissolve|i have to make retarded acronyms for stuff i need
xousbesides... cisco seems to think subnetting is the most important shit
bhuddahthe calculation of subnets using nothing but your brain :)
xousI do it mentally
dissolve|yea thats already a must for ccent
kuaharawife just brought in a sizzling plate of sisig :)
xousshow of hands. who had to google that?
dissolve|mine just farted
dissolve|thought u misspelled sausage..
dwxreaperhow many feeds of full tables should 1GB of RAM hold, as a very rough estimate?
xousisn't it about 600mb now?
xousI forget
Oliberooh, this is #cisco, thought it was a db question..
dwxreaperASR router ran out of memory with 2, has 1GB
xousthat prefix length?
dwxreaperI think it has some templates to not accept more than X routes and X length prefixes
xouswell at le 24 it will be a lot less than le 23
xousI'm tired. I should be sleeping.
eirirs_no, it's lunch time now
xousit's 5am here
dwxreaperthat was my plan : )
dwxreaperI take sleeping bills sometimes, damn that is hard to get up on those!
xousI'm working
dwxreaperyou work night shift?
xousnoon to 20:00
xousemergency maintenance
kuaharameh.. xrdp just showing the background only. none of the apps
xoustry rdesktop
xouscould also be video driver issue
kuaharado I need to remove xrdp?
kuaharardesktop doesn't appear to be working at all
dwxreaperthat's something you could use in place of freenx?
xouskuahara: nope
twkmrdesktop and xrdp are different, though related things.
xousdifferent programs
xousfind a program to test your video cards stuff
xousprobably a issue with xorg or the video driver
dwxreaperI put a few of my computers with puttytray and a usbstick, automatic login with the keys, but I gotta add xming. would be nice to get the full GUI up and running with some client on there
kuaharaxous, rdesktop is only from ubuntu to windows?
kuaharaam trying to remote in the other direction
dwxreaperI think rdesktop is a remote desktop client, I use it to connect with remote desktop with xming, like rdesktop name in bash
kuaharacompiz crashed when I remoted in with xrdp
twkmrdesktop is an rdp client. xrdp is an rdp server.
dwxreaperthe new windows rdp gateway services might smooth the video out and what not, sounds like a lot of setup
dwxreaperthat or xendesktop
xousmaybe you want vnc then
kuaharaLiterally just read an article that points out why using rdp (this guy also used xrdp) is better than attempting vnc
Azeexous go to bed lol
Azeeits 5:13 am
eirirs_xous: I got up from bed at 0530am
xousI woke up at 16:00
xousbecause I accidently slept in 4 hours
xousbut I work from home
kuaharait says that rdp is aware of controls, fonts, and other graphical primitives and that because of this, the datastream is compressed significantly over alternatives like vnc
xousso nobody noticed...
dwxreaperI don't think I could work from home, I just really really don't want to work when I'm at home
dwxreaperI think I"d make a depressing looking office
xousI'm usually more productive at home
xousI get distracted easily.
newtmewtlol what
newtmewtyou are more productive but get distracted easily?
xousI get distracted easily at work
newtmewti got to work from home last night due to the weather
xousat work I can screw with the noobs
kuaharaoh jeez. so it looks like someone has posted the solution, but I don't know enough about linux to implement this
Azeexous are u ccie ?
xousI'm a drunk
Azee5am .. damn
xouswhy 4 need at ccie?
newtmewtthey are too lazy to just set up our VOIP boxes to foward the calls to our 877 # to a hunt group or some shit...instead they pay a fucking answering service to answer the call, take a call back # and details, and then call us up and ask if they can connect the call...
newtmewtand then the fuckers keep on calling me and my room mate/co-worker until 11am... we were off work at 8:30...
newtmewti even answered once and was like "look, stop calling, i'm off the clock"
kuaharaxous, hate to ask, but... in this paste: http://pastebin.com/B1piLSud Do I just type the 3 commands he included in that post to do what he's talking about or is it more involved than that?
newtmewtxous: i was getting ready to set them to spam on google voice and let them get the "# has been disconnected" message :D
xouskuahara: loosk fine.
newtmewtbut i was afraid i would forget to remove them from spam and then next time i had to work from home it wouldn't go well lol
xousnewtmewt: so just bill overtime for the annoyance
newtmewti should :D
xousI have a rule on my work line
newtmewtwell you have to reemeber these were to personal cells
newtmewti don't have a work line
xous12-0000 it rings and forwards to my cell
xousother than that
xousit goes direct to VM
newtmewtsee you have computer intelligance
newtmewti was dealing with answering service morons
xouspower button on cell phone :P
newtmewti should set up a group on google voice for them alone and set up time rules.....
newtmewtxous: i was using it for other stuff...
xoushell you could have just pretended to be a recording
xous"I'm sorry *giggle* this line has been disconnected."
newtmewti was goign to just get shit faced and start answering :D
xousthey call me on th weekends all the time
xouswhen I'm shitfaced
xousI still fix shit and call 'em noobs
newtmewtit was actually funny, my roomy(me and him were both working last night) walked in part way thought the night and handed me a smirnoff
newtmewtit was funny to be able to say "i'm drinking and getting paid to"
xousI used to do that all the time
xousat my old job
xousdo like 40 tickets
kuaharaugh... the refresh rate using this is fing horrible =/
xousin like 2-3 hours
xous(everyone else did 20-25)
xousget drunk and watch movies the rest of the night.
newtmewti still tink the funny thing would be to have gotten shit faced as soon as i signed off and then start answering the answering service peeps
xousprobably some outsourced indian shit anyway.
newtmewtthe time i answered they where like "ok i'll skip you and brett and go to Guy"(my boss). i laughted and was "he'll love it too"
newtmewtxous: they are US based
xousah. stupid americans
xousheh. I got a "how do you like your services call" from rogers the other day
newtmewti honestly can't imagine what they are paying those fuckers
newtmewti would have just fowarded the 877 # to a number on our asterisk box at the colo and then we could foward it how ever the fuck we wanted
xous"how happy are you with your service?"
newtmewtfuck they could of even just sent us a couple of the voip phones they are texting
xous"we considering I told rogers that the next time they called me when there wasn't a problem with my account I'd cancel...."
newtmewtthe idiocracy amazes me lol
xousnewtmewt: hehe
newtmewtlol xous
xousnewtmewt: our call flow is fucked.
newtmewti mean on a day to day basis it works
xousnewtmewt: they woke me up 6 times in one week
newtmewtsince we have the pbx at the office
xousI was fucking livid.
newtmewtbut i mean we have been setting up our own voip infrastructure
newtmewtwhy not fucking using
xousnewtmewt: stupid is as stupid does
kuaharaI hate xrdp. Think I am just going to try vnc regardless
kuaharawell, this doesn't make sense. If I type commands into a terminal window, everything shows up just fine.
kuaharaif I use screen /dev/ttyUSB0 and issue commands, it is as if I am typing with echo turned off
kuaharaand I can't see the results of issued commands without closing the terminal window, reopening it, and using screen again to get the update
kuaharaso I'm wondering if the issue is xrdp or screen
xouswhy not just ssh into the box
xousand use screen that way?
kuaharaI'll try it
kuaharaone thing I love about this
kuaharainstalling most apps so far is like: "hey, this is going to use another 881k of disk space, is that ok?"
kuaharaand I'm like, "how the hell are you doing that with only 881k of disk space?"
kuaharaok, I used putty to ssh into the linux machine. all is well until I use screen to access the router and now I am getting very similar behavior
kuaharalines are only half showing up. Stuff I type does not show up right away or does not show up at all
dadrctry using tmux
collescreen has done that for me too
colleuse tmux
kuaharafortunately I already went and installed tmux
kuaharawill look up the how-to on that
kuaharaI don't get it... tmux just seems like another version of the terminal window
kuaharastill forcing me to use screen or some alternative to access the router
colletmux and screen do almost the same things
kuaharabut how do I tell tmux that I want to connect to my router?
colleeum, what?
colleuse ssh or telnet?
kuaharaok, if I have a regular terminal window open, I'd type screen /dev/ttyUSB0
kuaharaand from there I can log into my router
kuaharaif I instead type tmux
kuaharaI just get a new CLI for use with the linux os, not the router IOS
kuaharaso I sit there at a command line doing nothing unless I, perhaps, type screen /dev/ttyUSB0 within tmux
kuaharabut that just gives me the same problem I had with screen before I involved tmux
collenever done that with tmux
colleminicom started from within tmux should do the trick I guess
freaxerrr sorry winblowz has no telnet
kuaharait does, you just have to turn it on
kuaharait's under windows features
collekuahara: http://acidborg.wordpress.com/2010/12/30/how-to-connect-to-cisco-devices-via-serial-port-using-gnulinux/
collethen you don't have to deal with screen at all
twkmfreax: incorrect.
twkm"deal with". screen is very handy, especially if you are remote and there is any chance you'll lose your connection.
colleyes, but read the scrollback
twkmi have.
colletmux works far better for me
twkmkuahara: tmux has no similar facility.
collewe already know that
collehence my link
colleminicom + tmux
ALucas__morning gents
kuaharaI have minicom configured
kuaharait doesn't seem to do what I expected. I saved the config as cisco, then exited and ran: sudo minicom cisco
kuaharajust takes me back to minicom and the only thing I can do is continue editing the config
ALucas__Did you write mem it? ;P
kuaharaI used "save setup as..." and named it
kuaharathen ran the named file
twkmsounds like you actually ran minicom -s cisco.
kuaharatyped it exactly as shown on the link colle shared
twkmin general you want minicom -o ciso.
kuaharadidn't use -anything
twkmthen you should not have been put into the menus, it should be a mostly blank screen waiting for output to display or input to send. (i tend to use -o defensively, in case someone restored all the modem init crap)
kuaharaon the lower right it still says offline
twkmas long as you don't have a menu pop-up on screen, just try pressing ^U then enter.
kuaharacan't type anything
bhuddahso you mean it does not work?
twkmat minimum you need to verify the serial port and comms particulars. 9600n1 in general, unless you've done something "odd" (e.g., to upload an image more quickly).
bhuddahhave you tried connecting with screen? (yes, just to make sure the ttyS0 works)
kuaharayes, but screen is garbage
kuaharawhich is why I am trying to use minicom
kuaharatwkm, it is 8600 8n1
bhuddahdefine garbage?
bhuddahdid you get a connection?
kuaharaerr 9600 8n1
twkmgood. no flow control, of either kind.
kuaharabhuddah, it doesn't echo everything back. I get half of a line of text that should have shown up. Most to all of what I type never shows up in the CLI
twkmand of course whatever your serial port really is.
kuaharaif I want to see the results of an issue command, I have to exit the session and screen back in again
kuaharayea, the port is correct. /dev/ttyUSB0
kuaharasame one I used with screen
bhuddahthis sounds terrible
kuaharait is
twkmmaybe try a different dongle.
kuaharaI am doing all of this over an SSH session
kuaharanot that that should make a difference
kuaharaI mean if I go directly to the laptop, I can screen in and everything is fine
bhuddahyay. just make it MORE complicated ...
kuaharabut over xrdp, it is horrible
kuaharaand screen over SSH exhibits the same behavior as it does over xrdp
kuaharaso the problem seems to be screen
kuaharasomeone else, a few min ago, said they get the same behavior with screen
twkmbut you've got poor results using minicom, so that's out. perhaps try some other serial port program.
kuaharagoing to try cutecom instead
kuaharawell, cutecom is out too
bhuddaheventually we will come to the realization that your problem is something else.
colleit sounds like a charset problem
colleor maybe $TERM
twkmso three serial port programs won't work. "try a different dongle"
kuaharatry a different dongle? not even sure what that means. if you're referring to the usb to rs232, it's the only one I have
twkmoh well.
bhuddahthen get a different one...
kuaharaI got minicom working
kuaharasame fing behavior as screen
bhuddahi think around 80% of all cheap rs232 dongles just don't work right.
kuaharaone of the settings I kept changing in minicom kept reverting back to default.
kuaharaI saved it under the cisco profile, changed it again under the dfl profile
kuaharaand logged in again and it kept going back to default
kuaharachanged it like 4 times in a row, saved, and kept checking until it stopped doing that
twkmminicom is fairly sucky too. anyway, you seem to have ruled out serial comms programs, so that leaves other things (e.g., dongle, cable or device).
kuaharathis is the kind of crap that keeps happening when I try to use screen, minicom, etc.. http://i.imgur.com/wcOAPfB.png
colletry changing terminal charset from utf8 to iso8859-1
kuaharathe cursor stops exactly where you see it in the screenshot, the line does not fill, and I can't type anything
colleboth in putty and your linux host
kuaharalooks like it is already iso8859-1 in putty
collechange that to utf8 then
bhuddahthen better get your UTF8 going first.
bhuddahit's about time :)
colleubuntu defaults to utf8 I think
collebut putty does not
kuaharachanged it to utf-8 in putty and reconnected. same behavior
bhuddahhave you verified that utf8 works right now?
kuaharathe cursor is just freezing up at random parts of the line
bhuddahwhich locales are installed on that server?
kuaharaI'm changing it under translation btw.. it says, "Received data assumed to be in which character set:"
bhuddahyeah. but that is only one part of successfully enabling utf-8
kuaharawhat is the other part?
bhuddahgoogling and following a howto for your linux variant.
colleis it only through putty that this is not working?
colleif you use the local linux machine directly, is it ok then?
kuaharaI have only used putty for ssh, but before I use minicom or screen, everything appears to work just fine at the terminal window
bhuddahemphasis on _appears_
kuaharawell, if I type dmesg for example, I can see everything I type
kuaharaand when I hit enter, I get pages of text
bhuddahcan you walk up to that machine and try it?
colledo you have a keyboard and screen directly attached to the linux machine?
kuaharait doesn't unexpectedly cut off and stop echoing at some random char on some random line
colleif so, check locally first
kuaharathe linux machine is the laptop that is sitting right next to me
bhuddahwhy are you using ssh then?
colleokaay and if you run the command in a terminal on that laptop...
kuaharascreen works just fine on the laptop
twkmyou use putty for ssh. *boggle*
kuaharaheh... it DID work fine earlier
kuaharascreen is acting like shit on the laptop right now as well
bhuddahmaybe we can simplify the setup to test each part on it's own?
hjohnsonwhat's wrong with PuTTY?
kuahararestarting this stupid router rq
kuaharalooks like I am back to square 1
kuaharaearlier when I'd restart the router, all the startup shit would appear on screen just fine
kuaharanow even that garbage is cutting off
bhuddaheither the router or the cable or the serial adapter is the problem.
bhuddahprobably neither putty nor ssh
kuaharabhuddah, yea, before I ever got started with linux, I assumed the usb to serial adapter was trash
kuaharathat adapter does not work in windows AT ALL
bhuddahthen why don't you try a different one?
kuaharaI only have this one
kuaharait is a prolific piece of shit
bhuddahwhat do you mean by "does not work in windows"?
kuaharanone of the drivers will work with this thing in windows
kuaharawe've been through 30 or so
bhuddahbut it's shown up in the hardware screen?
kuaharait will either code 10 or code 1 on all drivers
bhuddahhave you googled for the device and vendor id?
kuaharayea, device manager sees that it is there, but always reports that the device can not start or that the driver is missing
kuaharayea, this would be my 3rd day troubleshooting this
bhuddahwell. bad luck. a working adapter is only like 5€ ... not worth the trouble. just order some and find one that works for you.
kuaharauntil xous suggested doing this in linux earlier, I'd never gotten into the router at all
kuaharawas surprised to see it worked just fine in ubuntu earlier
kuaharaat least for a while
kuaharawish shit would have been kept simple and we still made laptops and motherboards with serial ports on them
bhuddahsure. buy a new computer... not gonna be cheaper.
hjohnsoneh, the new USB console ports on cisco gear work pretty well
hjohnsonthough I wish they had gone with micro-USB instead of mini-usb
kuaharaI'd need a usb port with 2 male ends
kuaharausb cable
kuaharaboth type A I mean
kuaharaand of the dozens of usb cables I have, none are those =/
blackOffanyone up to date on the new CCNP Security courses?
bhuddahusb with two male ends is forbidden.
hjohnsonwell, all USB cables effectively have male ends
hjohnsonit's just that you have master and slave connectors
hjohnsonthat are different
hjohnson(unless it's a USB extension cable of course0
kuaharayea, male A to male A is what I was referring to
Norgsyupgrading switches... yay!
blackOffcan't find any material on those certs
NorgsyI'm using ftp this time
Norgsythere is a lot to do and I didnt get time to upload the code today
blackOffwondering if i should just cram for 2 months and grab the current certs
Norgsyand some I am being lazy and updating direct from ftp
blackOffi've got enough time to get the current certs
kuaharaok, so gtkterm works just perfectly on the laptop
Norgsy25 mins later the switch stack returns.
Norgsywow, those stacks of 8 will take a while
Norgsythat was 3
kuahararesetting this thing back to factory defaults
freaxhahahha owned http://pastebin.com/NXTHwEUw
freaxrootsec rulez
freaxand i ethically removed the ip's
freaxhad any 0days lately
kuaharawell then
kuaharaso I reset this piece of junk back to factory defaults and everything seems to be working fine now
kuaharaclosed the laptop, went back to putty > ssh'd in
kuaharaeverything is working as expected
kuaharaI'm wondering why when I do a "sho run", it appears nearly all of the pre-existing config was wiped out with a few exceptions
kuaharaunder "logging message-counter syslog", there's a line that reads "enable secret 5 $1$238r8923rf8eawe932"
kuaharaor whatever the pw is, just mashed random keys there
kuaharaappears I had only 1 good session
kuaharaclosed that and SSH'd back in, old behavior again
kuaharaACTION sighs
kuaharait has to be this adapter
kuaharagtkterm isn't working anymore either
oister_try a windoze box
kuaharaoister_ I got this far switching from a windows box after 3 days of assuming this cable was just broken
kuahara(which it only appears to be partially working in linux)
kuaharaintermittently working rather
kuaharathere are no drivers for it that will produce anything other than a code 1 or code 10
blackOffanyone have any info on the new ccnp security exams?
eirirs_Scrye: still driving?
kuahara(missing driver or device failing to start)
blackOffi don't really want to do the new exams
blackOff300-20x exams, ccnp security
void64new or recert?
blackOffi sorta want to cram for the current ones
void64how many exams on the security track?
blackOffi could do one every 2 weeks, or read the books a couple times, and practice for a month, then read each book before taking the exam
blackOffor i'll have to wait for the new books
ReGiStRaSany channels for chat about checkpoint security products? :x
twkmReGiStRaS: #help might be able to help you.
eepr0mviva la vida loca
Giant81CCNP SWITCH test today
RoqGood luck
Giant81we'll see how it goes
myndgl Giant81
hendrikzgood luck
bhuddahgood luck
Giant81either way pass or fail I'm moving on to ROUTE after this
Giant81I already attempted SWITCH once before and just barely did'nt make it, so I'm hoping for better this time
Giant81but either way I'm getting burnt out studying it
void64lol thats the way i felt after ie … burned out!
void64but back on the horse again
void64chasing DE
^NaLiN^Giant81, i did switch last year and i was short of time
Giant81see I never ran out of time, I just got more questions about things I hadn't studied as closely
^NaLiN^depends how are you doing the sequence of the request stuff is not working or you cannot see it the output
Giant81I was expecting it to be pretty STP / FHRP / SVI's etc... heavy and it had more wirelss and dot1x in it then anticipated
Giant81oh I know
Giant81it doesn't work like IOS
Giant81I tried removing some extra commands I didn't want, and I could'nt get them out of the
Giant81'sh run'
^NaLiN^yes i i made a default interface and typed again and i was not working :(
Giant81no idea if I got that one right or not
Giant81only time in a lab I've ever used the comments section
Giant81where you can leave comments for the test creators
Giant81no surprised
Giant81KAS is charged wtih protection...lol a russian company protecting against russian hackers
Giant81unless they are in on part of it
Apachezwell and yet KAS was the only ones who informed about stuxnet, so you do the math =)
MrPocketzSo I'm reading through this to figure out how to configure active / standby failover on an ASA 5505, but you don't NEED two seperate WAN IPs configured for active / standby as they have in this example, do you?
Giant81oh I like KAS tbh, we use it at work
Giant81works well, doesn't seem to interfere with too much, doesn't crash, easy to manage, and their suport is a little funny but they do get back to you quickly and they do get things fixed
blackOffwhen the CAM is filled up and you send to known MAC addresses, does the switch still flood?
Giant81that is a good question, I would say no
blackOffi think they do
Giant81it's worth looking up
blackOffI'm looking right now and don't know
Giant81so if the CAM is filled up it stops using the CAM table?
Apachezsuccessfully entered HUB mode
Apacheza packet with a mac which the switch doesnt know where this mac is at will be handled as a DLF packet
Apachezdestination lookup failure
mgeorgelooks like a bunch of snipers took out a power station in california but it was never covered on the news
Apachezsuch packets will be broadcasted on all interfaces which belongs to this vlan except the interface the packet arrived at
mgeorgenews was too busy with the justin bieber scandal
Apachezmgeorge got an url for that except for the regular conspiracy sites?
mgeorgei would imagine a couple of cordinated sniper attacks on the grid could easily take down the grid.
Giant81it wasn't somestic terrorism
Giant81it was a bunch of drunk rednecks taking pop shots at something
KenMatlockjust find 1 heavily-used line, take it out, and let the grid collapse upon itself trying to resolve it
mgeorgeyeah ken, the grid is very vulerable to attack and the gov does not care
mgeorgetaking out 3 key spots simultaneously in the eastern grid would cause the entire eastern grid to implode
KenMatlockheh, the grid is 'unstable' in it's normal state, it's constantly having to be re-balanced as loads go up and down
SuperNulli haev a load to balance.
mgeorgethese locations are heavily protected from intruders
mgeorgebut not bullets
MrPocketzAnyone set up ASA's for failover?
mgeorgeno one in this channel has ever setup an asa failover pair
Lalufuwe all do SRX clusters secretly
mgeorgewe all hang out here and talk about other shit
Giant81I have aSA failover pairs
blackOffdo we rely on the grid?
Giant81it's simple
Giant81oh but there is one gotcha
MrPocketzSo if I set up two ASA5505's as active/standby, does the standby ASA *need* a seccond WAN IP?
Giant81the ASA pair will use the phycisl MAC addresses of the Primary, so if the primary fails, the secondary will use the primarys MAC addresses
Giant81which is fine
MrPocketzthe way i understand it they each have a wan ip on the external interfaces, and if failover occures, the 2nd ASA is activated, but it'll use the 2nd WAN IP. Is that correct?
Giant81if the primary goes bad, and its replaced, and you install a new primary with new MAC addresses, as soon as the secondary sees a new primary
Giant81it will immediately switch to new MAC addresses and casue an interuption of traffic
KenMatlockno, whoever is active has the primary MAC and IP, whoever is standby has the standby MAC and IP
Giant81the solution is to use Virtual MAC's for all links
KenMatlockif a failovwer occurs, the IP and MAC swap to the new active
KenMatlockso you need 2 IP's, but only one carries traffic
MrPocketzFuck, getting a call from a client. Sorry. One moment.
Giant81it's the MAC thing that pisses me off...... oh well, live and learn, always use virtual MACs on ASAs
KenMatlockmeh, as long as the MAC isn't duplicated I really could care less what it is :)
Giant81ahhh yes but if your primary fails
Giant81you can't get a new primary in place without a down time
Giant81which is complete FAIL for something that does stateful failover and recovery
Giant81well you can actually... you can static the virtual MAC to whatever it's using now
Giant81that's how i did it but still
Giant81it doesn't gratuitious ARP when it does it either.... so you could be down as long as it takes for your OS/network to ARP timeout
Giant81"including more than 100 fingerprint-free shell casings similar to ones used by AK-47s
KenMatlockcan't say I've ever experienced that behavior. I've replaced ASA's before and the gratuitous ARP worked fine for me
Giant81lol you know what else is "similar" about every rifle cartridge known to man
Giant81KenMatlock, when failover over it works great
blackOffthat different guns can use the same bullet
KenMatlockonly terrerists use bullets like this!
Giant81but I wasn't going to take the chance of loss of traffic during day hours
Giant81everyone is a terrorist!!!!
Giant81terrorists everywhere!!!!!
KenMatlockwell, technically anyone that doesn't like the status quo of the govt can be classified as 'terrorist' :)
Giant81you know that toothless neckbeard redneck drunk that shot up your mailbox? TERRORIST!!!! it was an attack on federal property
KenMatlocktechnically it was :P
Giant81KenMatlock, that would include about 80% of americans
KenMatlockGiant81: exactly :)
MrPocketzKenMatlock, that makes sense
MrPocketzso if it DOES fail over, it take the prmary's MAC, thereby acting as the primary, and our mail and dns records that point to primary IP #1 are uninturrupted.
MrPocketzif just needs a 2ndary WAN IP for giggles, more or less?
KenMatlockthe MAC is ok to change, that's taken care of during a failover
KenMatlockbut yeah, the other IP is there to be able to manage the standby box, and failure detection (monitor interface <x>)
KenMatlockso if you have .1 and .2 and .1 is the primary IP, whoever is the primary box will always be .1
KenMatlockand the standby will always be .2
KenMatlockif you swap the active/standby the IP's move so .1 is always primary
MrPocketzgot it
MrPocketzThanks man.
MrPocketzshould it be possible to impliment this without downtime if one of the ASAs is already in production?
myndtanner: gots a question for you 'bout cme and translation patterns
KenMatlockMrPocketz: not sure, I've always done them in pairs from the start
MrPocketzA) I'm 2.5 miles away from the client site
KenMatlockMrPocketz: I'd plan on at least a short 'blip' as it figures the failover out
MrPocketzB) one of them is already in production
MrPocketzand C) I've never done this before
MrPocketz..it'll be fun
KenMatlockyeah, I'd see if there are docs out there going over he process. I've never done it like that before so I don't know the quirks
myndtanner: if i put a translation pattern on the incoming pots dial-peer and then we fall into srst mode, which has its own translation rule
KenMatlockfor the first time I'd want to be consoled into them just in case :)
myndtanner: the translation pattern on the dial-peer still takes effect, correct?
MrPocketzI think ima just try to learn / understand it as much as possible, then schedule an evening to drive out there and knock it out on-the-fly after hours
oisteryou're wanting to enable failover remotely? Do you have console access?
myndtanner: think i just talked myself through the solution
Giant81remote console devices are sexy
Giant81Digi CM32 = best thing ever
oisterGiant81: does it require special cables?
Giant81well accept for the console server + remote PSU I found
Giant81no the CM32 just goes from RJ45 to cisco console with a patch cable
Giant81which is AWESOME
Giant81we got another digi and it needed a custom pinout.... HUGE pain in the dick
Giant81but that other digi modle has been discontinued.... no surprise
N3tw0rKanyone have an 1841 they could grab a working cookie from? I dont think im specifying something correctly
oisterwe use avocents which can do that too
Giant81the ohter ting with the CM32's is that they sell a fuck load of them, and you can get them for fairly inexpensive on e-bay
oisterworks with either rollover or straight through serial with an RJ45
oistercan auth ports to tacacs too which is cool
Giant81oister, nice
Giant81yeah if you can't go patch/rollover to a cisco device, you fail
Giant81damn now I can't find it
myndGiant81: i used a Digi32 (I presume older model) and had to do the custom pinout
Giant81it was sexy, was an 8 port console server, built into a remote PSU, so plug in your shit, and you get console server + remote PSU in one package
myndput worked like a charm afterwards though
Giant81really? my older CM32 I bought on ebay used patch cables
Giant81now the one we had to pin out was a ConnectPort LTS 32
oisterolder avocents had to do custom pinouts too
myndGiant81: not sure of the actual version, but i wrote a blog entry on how to use it: http://justnetworked.wordpress.com/2011/12/05/digi-etherlite-32-as-a-terminal-server/
myndGiant81: ahh ... mine were Etherlite's
myndwe used them as reverse telnet's on our old dialers with dumb terminals
KenMatlockheh, I used to use the Livingston PM2's
KenMatlockbut those were DB25 serial ports :P
Nispr0trying to setup eth-channel. I have set one port channel to lacp and mode active. Now when I try to create another portchannel with lacp and mode on it says already part of channel with diffrent type of protocol even doh It is seperate interfaces and port-channels. What am I doing wrong?
Giant81yeah exactly what a pain in the ass
Giant81custom pinout console servers make me want to punch babies
Giant81it's just a ploy for them to sell adaptors
Giant81so I just put a 24 port patch panel into the rack right above it, and punched down the panel with like 3ft cables, tipped them, and now I just plug patch calbes into the patch pannel
Giant81Nispr0, I would do a 'show etherchannel' and see what it says
KenMatlockGiant81: well, those livingston PM2's were circa '93 or so :P
Giant81it should tell you wha tis at what level
KenMatlockthey were meant as dialup modem boxes
Giant81the next thing is to shut donw all ports you ar eusing for the port channels first
KenMatlockbut you can repurpose them as 30-port console servers
Giant81then set it up, then bring it up, ortherwise it was probably defaulted to 'dynamic desireable' and aut-negotiated a dot1q trunk
Giant81or it auto negotiated a PaGP tunnel
KenMatlockbah, go with ISL :P
Giant81well hes talking etherchannel and I was talking both
Nispr0Giant81: thanks, will try that
envirocbrErrrrr, my ASR 1001 is setup but a: show otv vlan lists my vlans but they're not "Authoritative"
Giant81my ISP hates me I'm sure
Giant81setting up my own linux mirrors
KenMatlockenvirocbr: do you have 2 OTV boxes on the same vlan?
Giant81so far at 450gb of traffic downloaded in the last few days
envirocbrKenMatlock: I have an ASR 1001 in one site
envirocbrWhich has a 4510 with a trunked interface to the ASR gi0/0/1 interface
envirocbrOn the other site I have a 7009
KenMatlockenvirocbr: ok, do you have OTV adjacencies?
envirocbrThat shows up
KenMatlockand the ISIS adjacencies are up?
envirocbrusdc1-core-OTV L1 Ov1 UP 56 usdc1-core-OTV.01
envirocbrthat is a show otv isis neighbors
KenMatlockand are you learning isis 'routes'?
MrPocketzso aparently I completely misunderstood this initiative
MrPocketzthey never went through with the 2nd ASA. instead, they got a 2nd ISP connection
envirocbrKenMatlock: I see nothing in: show otv routes
KenMatlockare both ends stuck at not 'authoratative'?
KenMatlockthat's odd, you should get an AED on each side
envirocbrKenMatlock: In my 7k, the vlans are active
KenMatlockdid you set up the service instance, and tie it to the OTV interface, and trunk the vlans to that port?
envirocbrKenMatlock: I will paste my ASR configuration
KenMatlockok, I'll have to go from memory, since we don't do OTV here :)
KenMatlockbut I did OTV at my last place
void64Someone help me out, whats the big to do with OTV, isn't OTV basically MPLS over GRE?
KenMatlocksorta, it has some intelligence to it. it uses ISIS as a 'routing protocol' for MAC learning
envirocbrKenMatlock: http://pastebin.com/WdmMRZV9
KenMatlockkmcelroy1: well, quite slick actually, since ISIS supports TLV's, you can announce anything you want :)
kmcelroy1right, pretty cool sounding, but strange :P
void64Just trying to compare it's benefits vs something like l2tpv3 ?
envirocbrKenMatlock: On the 7k, the VLANs, 7 and 30, are "active"
kmcelroy1IS-IS seems like a good choice for that sort of thing
envirocbrvoid64: Doesn't allow broadcasts to saturate the links
envirocbrit "routes" the mac addresses
envirocbrallows for FHRP to be "active/active" at each site
envirocbrquite slick
envirocbrKenMatlock: Did I do it right?
void64I'll check it out
KenMatlockenvirocbr: hang on, going through it :)
KenMatlockreally, OTV is *an* option for L2 extension
void64So good or practical to use say point-to-point 10GE links to connect physical sites and use OTV as backup ?
KenMatlockwith unicast mode, it removed the need for multicast end-to-end as well
mrwangmastervoid64: as mentioned no broadcasts to worry about... also no pseudowires to manage. control plane/learning is all multicasted.
kmcelroy1sounds interesting
kmcelroy1i never mess with DC shit
KenMatlockvoid64: the main issue you have to address is 'tromboning' of traffic
TitaniumOTV encapsulates broadcasts in multicast
envirocbrkmcelroy1: I love it, just wish I didn't work for a place who wants you to stand something up on a platform you haven't done it on before
KenMatlockyeah, traffic for a vlan going to the 'wrong' datacenter, and having to traverse the OTV link instead of hitting the right DC to begin with
envirocbrTitanium: Yes, but if the MAC address is local to the site, it doesn't allow it across the link
void64the INE topic on OTV seems to be very limited
Titaniumtromboneing is when you have traffic coming in from elsewhere
Titaniumand the destination moves
envirocbrthe NX-OS and Cisco Nexus switching guide has a great chapter about preventing that
Titaniumthe traffic still goes to the original location, and then must go over a tunnel to the real location
KenMatlockenvirocbr: at first glance it looks right, le mt see if I can find my old config on it
envirocbrInbound traffic conditioning
Titaniumits handled by LISP
envirocbrKenMatlock: Thanks
KenMatlockenvirocbr: did you give the otv site-id on both sides?
bildzquestion... In regards to two-factor authentication. Would having 2 different login-IDs to manage an application qualify as two-factor?
Titaniumsomething you know
Titaniumsomething you have
Titaniumsomething you are
Titaniumpick 2
Titaniumthen you have 2 factor
KenMatlockenvirocbr: the bridge-domain and site-identifier?
envirocbrKenMatlock: Yes, 0x1 for Nexus, 0x2 for ASR
pffsI'll give SonicWall something
envirocbrDo I need a bridge-domain for the Nexus side?
KLineManHi, id like to start getting some cisco certs -- but I dont learn well in a classroom, what is the easiest and legal path to get access to ios images to run in a simulator for labs?
Titaniumthis ignores that fingers can turn from something you are, into something someone else has :(
pffsit's easier to parse through 100 very poorly labeled tunnels in there than in a Cisco
KenMatlockenvirocbr: dunno, I did mine on ASR1k-ASR1k
pffsFuck naming conventions amirite
pffsjust randomly throw shit in there
pffswhy the fuck do I have 100 isakmp policies.
KenMatlockenvirocbr: but in my configs I had http://pastebin.com/f2ZLA0m2
bildzTitanium: i need to access the VPN to manage a server. The VPN uses an RSA soft token. If I dont log intp the VPN, I cannot access the server.
KenMatlockenvirocbr: that's multicast mode, but should be almost the same
bildzthat sounds like a factor to me
KenMatlockenvirocbr: gotta run to a meeting, but that's a 'working' ASR1k OTV config, multicast mode
Titaniumi consider a soft token something you know
Titaniumits software
Titaniumbut people will disagree
LalufuIt's something you have. You don't know your token code.
Titaniumit can be copied
Titaniumits not a thing
Titaniuma hardware token is a thing
Lalufuso can a key.
Titaniumsecure keys are designed to not be copied
LalufuAnd we know how well that works.
KLineManwith a fpga i bet you can copy, but its not worth the time
Titaniumno, it takes a logic analyzer
Titaniumor an osciloscope
Titaniumthey are designed to not be copyable, to copy them you need to find a flaw that allows power analysis attacks, or decap it and probe it
Titaniumboth of which are har
KLineMantrue enough
Titaniuma key is supposed to be hard to copy
Titaniumit just doesnt do a good job
Giant81not to mention if the little RSA keychain things are probably epoxy dipped so getting to the electronics would be hard
Titaniumanyone with a camera and a file can make one
Lalufuor... you just take the shared secret from the server. Like at RSA.
Titaniumlol true
Titaniumit pay them to use an insecure algorithm
VLanXhmmmm guys a little question: I have two router that are supposed to be redundant, but both master and backup advertise the same ospf networks so I tought I could increase the metric of the backup router... would that be good policy?
Titaniumdo you want them to share load??
Titaniumor have it switch from one to the other if the primary fails?
Titaniumthe answer to your question is specific to you
VLanXTitanium: no, whitout balancing
Titaniumthen increase the metric
Titaniumwhat type of LSA is it?
VLanXTitanium: not sure if I need to increase the metric on the backup router or on the routers that receive its networks
Titaniumthere are 2 ways
Titaniumyou can increase the metric on the interfaces leading to the router (on both sides)
Titaniumor you can change the metric when you redistribute into ospf, or on the summary LSA
VLanXI don't use redistribution
Titaniumso all type 1/2 in area 0?
VLanXbesides both master and slave are coming from vlan4
VLanXso I couldnt set the metric there
SuperNullas a not black man i am offended by your use of master/slave.
kmcelroy1just set a higher metric on the interfaces to the backup router
kmcelroy1SuperNull: you would be
SuperNullkmcelroy1 dont hate the game, hate the player.
VLanXkmcelroy1, Titanium: this is the problem: http://pastebin.com/uqzW1L2U
kmcelroy1SuperNull: i hate both
VLanXboth vlan4
SuperNulli hate the analogy.
VLanXmaybe I should have vlan3 for master and vlan 4 for backup
VLanXmaybe I should also summarize
VLanXmaybe I should also use different ospf areas
kmcelroy1maybe you should just increase the metric on the backup like i said
VLanXmaybe I should just go to study ospf
VLanXkmcelroy1: this doesnt work, I've already tryed
kmcelroy1you crazy jack
VLanXkmcelroy1: Id doesnt help since it's not a cisco router
kmcelroy1you even more crazy jack
Titaniumits not a cisco?
VLanXhow about ip route null0 ?
VLanXblackhole the fucker
oister0 subnet mask?
pffshow the fuck does arp on vrfs work
pffsI have a GRE tunnel on one vrf
kmcelroy1same as all other arp
pffstrying to figure out what IPs aren't used in that subnet
kmcelroy1if you want to see VRF arps, sh ip arp vrf yadayada
pffscan't find it in that vrfs arp table
pffsyeah I did that
pffsthe tunnel end points start with 172, and all the entries are 10.
pffsthe tunnel interface shows up in the vrf when I do a show ip vrf
diozholy fk sometimes i just wanna take her swimming and hold her under water
diozshe contradicts everything i say just for the sake of contradicting everything i say
diozSO annoying
kmcelroy1sounds like fun
VLanXoister: wildcard?
diozyesterday i said i'm riding my snow skate all day at the mountain
diozshe's like "i thought you'd want your snowboard"
diozi said "no i'm riding my snowskate"
oisterVLanX: ciscos dont use wildcards for route entries
diozshe says "i thought you'd ride your snowboard"
diozround and round we go!
diozit's like talking to a subscriber
koroziondioz: "let me say it again, maybe you'll understand me this time"
pffswhat the dick is a snowskate
kmcelroy1or you could just not argue and just do it :P
Giant81no it goes "sure honey, I'll ride my snowboard' .... <leaves it in the car>
diozthen she asks me about a BILLION questions about everything
dioz"what are you wearing on your feet? what are you wearing for base layers? what hoodie are you wearing? what mits are you wearing?
KLineMancanadian for ski?
hendrikzjust a interrogation lol
diozOMG #$@$%#$%^%$ can't we just go snowboarding?
Giant81I suspect a snowskate is a snowbobile?
KLineManahh that could be
hendrikzits a skateboard, without wheels/trucks
kmcelroy1canadians say weird shit
hendrikzbut its made of plastic/fiberglass
hendrikzsome wood..
Giant81so a snowboard
hendrikzbut your not strapped in
KLineManshort snow board
diozhttp://www.lib-tech.com/snowboards/snowskate-39-complete/ <-- snow skate
Giant81ahh ok
hendrikzso you can do flip tricks and what nott
Giant81so snowboard sans bindings
pffssick snow kick flip brah.
KLineManthat sounds like you would spend a lot of time rolling down the mountain
Giant81oh fuck yeah bud
Giant81ok time to go
Giant81off to my test
VLanXcisco is so inconsistent about masks and wildcard shit
Giant81later all
KLineManbreak a leg!
pffsVLanX: there is a small amount of logic
dioznaw. it isn't that bad. it holds good edges
diozand my old lady is horrible on a snowboard
Giant81you want to know inconsistant
VLanXpffs: teach me master
diozso this way i have to go slower
Giant81try priorities
pffsmask is contiguous bits wildcard isn't
diozand we can stay together
Giant81some are lower = better
Giant81some higher = better
Giant81fuck you cisco for such dick move
pffsor at least I think that's pretty uniformly true
pffsi.e. you can have a wild card mask that matches only even IPs
pffsbut that wouldn't make sense for a mask
Giant81like HSRP higher priority = better.... STP = lower priority = better
pffsyeah priority preference is fucked
pffs"it has lower preference so it has higher preference"
diozhendrikz: you at work??
pffsJust saying we like it because it has a lower priority or preference is annoying
oister_or BGP metric lower = better or preference higher = better?
pffsyeah the BGP selectors are annoying
hendrikztraining some guy
pffsnot even consistent
dioz08:37 <@pcpnut_> From some random forum: "Half-and-Half" Lobster (approx. 1 in 50 million lobsters develops this, and all are hermaphroditic)
dioz08:37 <@pcpnut_> http://zaxy.files.wordpress.com/2006/07/lobster.jpg
Titaniumbut what does it taste like?
Apachezlooks fake
Apachezthe lobster gets its red color from boiling
Apachezso they put only half of it in boiling water those bastards
KLineManwasn't cruel enough the normal way
diozhttp://2.bp.blogspot.com/-CFaTgTMFz2s/UTs5Kpaw4uI/AAAAAAAADFU/iX7L-6yUezM/s640/lobster_boil_human.jpeg <-- made me lol
diozsame with when they skin catfish live
diozshit is taint
diozpoor aminals
diozimagine being skinned alive
myndi'd hope i'd pass out before it got too far
Titaniumboiling is nothing compared to skinned alive
Titaniumgiven the choice i choose boiling
Titaniuminstant death
diozgiven the choice i choose natural death
KLineMani'd hope to get ahold of the knife and get some vengance before it went too far ;)
Titaniumthats what the rubber bands are for
myndf* all that, i'd jump from a plane w/o a chute
KLineMantry to land on your face...
KLineManotherwise i bet there is still lots of pain
myndwell the plane would be a few thousand feet up, so hopefully it doesn't matter how i land
Titaniumit doesnt matter
Titaniumterminal velocity
KLineManwhat is the minumum certification / training I need to get access to the ios images on the cisco site?
KenMatlocknone, all you need is to pay them for smartnet
Titaniumi never paid for smartnet and i have access
KenMatlockTitanium: how long ago did you make your account though? :)
Titaniumit was auto generated
Titaniumthey paid me for smartnet lol
KLineManahhh i see, okay well thats an option... looks like its still once device at a time through smartnet though
KenMatlockit used to be you could create a CCO login and have access to everything. these days they lock it down (for the most part) to 'entitlement', meaning you only can access what images you have smartnet for :(
KLineManahh wow
KLineManits not cheap at all either
KLineMani thought certain certs got you acccess to everything...
KenMatlockbecause Cisco's morphed into a software, not a hardware company
Titaniumyeah it is cheap
Titaniumccie has some priviledges
Titaniumbut not free software
kmcelroy1not images though
KenMatlockccie's get all the chicks :P
KenMatlockchicks dig certs
kmcelroy1not the chicks you want
myndKenMatlock: i find it annoying to be say the least. many a time I find links in the cisco forums that require me to login. Everytime, and I mean everytime, it says I don't have permissions to view said file
Titaniumwhy would you buy cisco gear without a support contract?
KenMatlockmynd: go to google, search for the title and "site:cisco.com" and view the cached version :P
myndKenMatlock: no title given though :(
myndjust a link
KenMatlockoh :(
myndexample: http://www.cisco.com/en/US/tech/tk652/tk653/technologies_tech_note09186a00800ae2d1.shtml
KenMatlockmynd: I can see it just fine, not logged in
myndi cna't view that bloody article and its supposed to be about the custom tones on POTs lines
myndapparently, it's letting me now
myndahh i see
KenMatlockyeah, cisco moves shit around all the time on the website
myndwhen i click on it within the forum, i cna't get there
Titaniumhow else do you look like you are doing something :)
myndbut if i copy-n-paste it works
myndgo figure
KenMatlockprobably the referral-id
KenMatlockor whatever that is that says where you came from
myndahh ... the linked URL adds "partner/" after "US/"
myndbut the text (what I just copied and pasted) doesn't have partner ... interesting
KenMatlockyeah, /partner is only accessible if you're account is flagged as a partner account
myndwell shit ... a co-worker sent me a link a while back that I couldnb't access ... removing "partner/" from it, i can see it
Titaniumisnt that considered a violation of the CFAA?
Titaniumyou just hacked cisco's site
KenMatlockConfederate Flag Association of America?
TitaniumComputer Fruad and Abuse Act
Titaniumit only applies to computers related to interstate commerce
myndTitanium: i was all shaking in my boots
Titaniumwhen you sent the packets, did you cause someone else's traffic to be delayed that might have been engageing in interstate commerce?
myndTitanium: potentially
myndi mean if the pipes were near full, i could have cause their packets to be queued
Titaniumor by visiting cisco's site, did you not instead visit another site that is across state lines?
myndi'm sure
Titaniumand then miss out on some adds
Titaniumthen i think it covers you
myndnot many sites hosted here in ohio
myndso i'm sure i'm crossing all kinds of state boundaries
myndso how is the net neutrality going to work with CFAA?
pxedanyone know if theres a reason not to have radius on a dc?
socommon a dc?
myndpxed: to me it makes sense, that way it's all centralized
KLineMandomain controller
pxedmynd someone in ##windows-server just linked the official decree which says its kosher. but yeah that was my thought as well
pxedbut MS is pretty upity about whats okay to be on a DC.
pxedso i figured id make sure
straterraAre you guys aware of any issues with using 5k + FEX + DHCP Helper on 6.2.2?
myndpxed: heh we put file shares on our dc :)
pxedmynd HAH bad life choice
pxedbut not entirely surprising
envirocbrI see the mac address in the OTV route table
envirocbrbut my 4510R doesn't learn the address on it's trunked interface
socommmynd: boss won't shell out for more hardware?
garrettskjpxed: it should be fine. if you're going to put NPS/IAS on a DC
garrettskjjust make sure it's one with global catalog.
garrettskjsince why put it on a DC, if it hasta continously page other DCs for authentication info
Sedoroxif it helps, I have NPS installed on two domain controllers... one physical, one virtual. So far, no issues
pxedgarrettskj Sedorox thanks :)
myndsocomm: been here <1yr and hired on for their netowrk and voice. first time touching voice, so i haven't had much of a chance venture outside that and the network
mgeorgeso apparently subway uses azodicarbonamide in their bread
LalufuIn Europe they don't.
kmcelroy1wait, so a shitty sub chain uses a flour bleaching agent? say it isn't so
SuperNulltheir food makes my stomach upset like woah.
SuperNullany of it.
SuperNullsadly... its still probably the more healthy thing around
mgeorgesadly its not worse then mcdonalds using pink slime lol
mgeorgeevery major food chain uses chemicals that are KNOWN to cause cancers and health problems
Sedoroxpxed: I also don't have a huge load on it right now.. it's for VPN on the ASA (which maybe 10 people access, but not at one time), and 802.1x wifi, which is only used by ~3 people atm
mgeorgethe only way you can eat healthy now days
mgeorgeis to grow your own garden
mgeorgeor buy from a farmers market
kmcelroy1subway sucks, give me a real deli
KLineManbetter start reading the labels of your ferts ;)
kmcelroy1and honestly, who is still eating mcdonalds? :P
oister_kmcelroy1: you should try jimmys in dallas
kmcelroy1my deli in dallas is weinburgers
kmcelroy1downtown grapevine
kmcelroy1chicago german deli, fuck yea
KLineManmmmm texas has whataburger
oister_jimmys is an italian makret.. fucking awesome
kmcelroy1where is it?
oister_bryan street
kmcelroy1last italian market i had closede
kmcelroy1shit, that is right by the colo :P
kmcelroy1we were just there yesterday
kmcelroy1but i am all the way in frisco, hell of a drive for a market
rez410GraNNy-, hey so I was able to restore my 5.4 backup to 5.5. Now I have another problem. After I run #application start acs it never comes up. when I check the status it just says status not yet available. any ideas?
oister_kmcelroy1: they make awesome sandwitches and stuff
kmcelroy1yea, the one i used to go to was an italian family from jersey
mgeorgesadly azodicarbonmide is banned in nearly every country as a food ingrediant except united states
kmcelroy1that lady knew how to make italian food, jeez
kmcelroy1her friggin subs, good god
polloHello everyone
KLineManhi pollo
KLineManyou like chicken?
polloI need some info/directions planning a PBX project
terabithe likes "breaking bad"
KLineManah yeah probably
polloPollos Hermanos, yeah
pollowould you guys recommend me an embedded solution?
polloor simply an Asterisk server hosted at the office...
rez410anyone have any ideas why I can't get acs app to start after an upgrade and restore to 5.5?
polloshut up rez, I was first
myndpollo: what are you trying to do?
kmcelroy1make phone calls i assume
myndwell there's that too
pollojust setting up a PBX at the office
polloI'm just a developer and my boss told me "You are the IT guy! go get som VoIP stuff"
rez410pollo, rtfm
polloi know, iknow
rez410or get an IT guy
KLineManim not a voip guy but i bet sizing information is important for recommendations
myndtanner is the resident voice expert
kmcelroy1if he told you to just get one, shit, pay a vendor, not worth the headache of learning it, ha
kmcelroy1voice sucks :P
kmcelroy1or you can do hosted voip
kmcelroy1then you just dump a phone on the desk and move on with your life
KurlonIs there a config parser for ASAs that can de-spahgetti the config? I'm spoiled by JUNOS's XML style, I'll freely admit it.
terabitmight wanna also ask in ##networking
polloI know I should RTFM, and so I'll do. Now I just want to know your opinions about different solutions for small business
tannerACTION kicks kmcelroy1 
kmcelroy1you should be happy i hate voice, less competition, ha
kmcelroy1tanner will install one for you
kmcelroy1just pay him money, he makes it happen
tannerlike magic
kmcelroy1just like magic
kmcelroy1except you have some guy named tanner hanging around
myndpollo: knowing the size (number of users, simultaneous calls, etc) and what is expected (auto attendant, conference calls, multi-line phones, voicemail, etc) is pretty important
tannerI can dawn a cape and magic hat for an extra fee
kmcelroy1or free if you catch him on the right day
pollomynd I have all the specs
pollonumber of lines, and all that stuff
hkklwhat, tanner uses some other clothes than cape and wizard hat?
kmcelroy1but honestly, it is likely cheaper and easier to just find a solid vendor and let them do it, you will save money in the long run
kmcelroy1tanner is a vendor and knows what he is doing
tannerkmcelroy1 its not even about saving money. the platform should be doing that for you in the long run. it's about it getting done right the first time
kmcelroy1that is more what i meant
kmcelroy1rather than jack with it for months and months
kmcelroy1huge headaches, wasted time
tanneryou save $30k on PS by doing it in house, then spend $60k next year getting a vendor to fix it all
kmcelroy1just pay to have it done and deal with your primary function instead
KLineManpollo, just buy a case of magicjacks
kmcelroy1pass them out like oprah
myndthat's funny shit
kmcelroy1what can i say, i am a delight
polloi think i will quit my shitty job and find another one where I can code quietly
kmcelroy1pollo: :P
kmcelroy1or that
kmcelroy1just send your boss to tanner then quit
oisterKurlon: write one
envirocbrIn an OTV setup, the non-OTV device behind the edge, is it supposed to see the mac addresses that show up in the: shot otv vlan command?
tannerpollo is your company looking for a new voice platform?
envirocbrerr, I mean: show otv route
tannerpollo number of users, locations? call center? whats your budget look like?
Kurlonoister: Ideally, this is the only time I'll ever have to look at an ASA. IOS configs I don't mind reading, this ASA's dump however makes my head hurt for some reason. That said, it would be an interesting project, dunno if my perl is up to the task or not...
oisteris it really that hard?
pollo15 users, more or less...
oisternot much different from IOS
pollobut scalable
polloit is not a call center, just a small software factory
pollowe develop mobile apps
pollomy budget is small, very small
kmcelroy1it always is :P
pollono more than 4K
tannerpollo for your budget you're going to want to look elsewhere than Cisco
Kurlonoister: nested object groups and names are making it so I'm spending more time backtracking than parsing.
tannerpollo depending on your needs you might be better off with any number of hosted solutions
pollowhat would be a suitable budget?
SuperNullpollo most of your budget alone will get eaten by handsets
kmcelroy1we sell hosted voip phones :P
SuperNulltalk to kmcelroy1
kmcelroy1like $30 a seat or something
myndKurlon: there was this app a while back that you could upload your config to and it would shoot out what it's doing. I think it was more built for hardening the config, but it could be used to see what's going on too.
tannereven at $300 a pop you're at $4500
myndcan't think of the name atm, but tbh, as oister said, just read though it
oisterKurlon: so its easier to parse junos style? i find that hard to believe
SuperNulleven used handsets are gonna eat most of that..
pffsmy fxo cards are showing in my show inv but not my show voice port summ
SuperNullhow many lines per phone pollo ?
Kurlonoister: For me yes, but I also spend much more time in it now so that's partially just familiarity.
oistersh access-list | i whatever will give you whatever you're looking for even with nested objects
oisterthen when you find the object sh run object-group | b <object>
kmcelroy1well, if you want nested shit, you want to do s instead of i
pollo1 line per phone, only one of them needs more than 1
oisterpretty damn easy
kmcelroy1oh wait, that is ASA
pollowe are a small business
KurlonI'm playing third party support on this one, I don't get access to the device, just the conf and I have to gleen why it's not working.
oisteri like the way asa does it
oisterdont have to use section
kmcelroy1ASA has regular grep
oistersh run acess-lists just shows the acls, etc
kmcelroy1i prefer the way NX-OS does it honestly, ha
myndoister: for sure
SuperNullpollo expect to pay $150-200 per handset .. probably. for something 'true' cisco expect MOARRR
kmcelroy1every grep you ever wanted all the show runs, no newline on ? or tab complete
SuperNullwww.voipsupply.com for proof of price.
kmcelroy1pollo: just do hosted phones, cheap and easy
myndhosted phones??
pollohosted phones... interesting...
SuperNullkmcelroy1 did i see you charge $30 per phone ? a month ?
kmcelroy1yea son, hosted PBX boyee
kmcelroy1i think that is the price
kmcelroy1somewhere around there
razorzIf you need phones come to me
kmcelroy1it isn't much
SuperNullincluding calling ?
SuperNullso like $500 a month.. with calling for 15 lines..
SuperNullkmcelroy1 you guys do queuing and stuff to ?
kmcelroy1SuperNull: you mean like call center shit?
Kurlonrazorz: You wouldn't happen to be from Florida, at one time operating a scrap recycling business that allowed you to collect some cool old *NIX Iron?
kmcelroy1yea, it is full featured
kmcelroy1broadsoft man
razorzKurlon: that's me, I remember your nickname lol
kmcelroy1it can do pretty much everything a PBX can do and more
KurlonHah, long time no see!
kmcelroy1call center, voice mail, conference
razorzNo shit, not on undernet anymore?
pffsokay actually for real
kmcelroy1reroute calls from the web interface
kmcelroy1so if your DIA dies, you can reroute to cell phones without carrier intervention
pffswhy are my FXO ports not showing up
polloallright, it was a pleasure to learn from you guys
polloI'm going back to my business
tannerkmcelroy1 hmm I never really figured, it'd cost about $37/mo for 15 users over 3years
KurlonNah, haven't been for a few years now. Work switched over to being an ubuntu / windows shop so I eventually stopped hanging out in #freebsd
tannerkmcelroy1 that's actually not too bad
kmcelroy1tanner: for what?
KurlonKilled my 386, been playing with arm boxes for fun lately.
tannerkmcelroy1 for a Cisco setup for someone like pollo
razorzlol, nice
SuperNullkmcelroy1 any pbx eh?
kmcelroy1it shouldn't be too bad to host your own
SuperNullbut asterisk can .. like
SuperNullmake my coffee
kmcelroy1broadsoft kills asterisk :P
razorzI got out of computers for awhile, but now I'm in the biz so my whole office is filled with archaic shit and routers and switches and shit
SuperNullim just messing.
kmcelroy1that is what it is made for, kicking ass and chewing bubblegum
SuperNullfeature wise its locked up but .. relability
tannerkmcelroy1 I don't really want to be in the hosting game. I want my company to known for contact center and related application development/integrations
SuperNullkmcelroy1 its funny you say that..
razorzDidn't we both run irc servers for awhile?
kmcelroy1tanner: yea, makes sense
SuperNullim on another channel that nieros brought me to for car nerds..
KurlonI've switched to road racing outside of work.
SuperNullmy opening statement was 'im here to annoy nieros and chew bubble gum, and im all out of bubble gum' lol
KurlonYup, ngircd for the win! :D
kmcelroy1love They Live
razorzscary, good times
SuperNulli havn'
SuperNullseen it yet.
kmcelroy1the fuck, really?
SuperNullyeahhhhh but i know the scene.
kmcelroy1that shit is awesome, it is on netflix, make it happen
SuperNullyou would imagine a conspiracy guy like me would see it eh?
kmcelroy1it is great, ha
SuperNulli bet mgeorge saw it ;) LOL
kmcelroy1rowdy roddy piper
kmcelroy1it is so entertaining
tannerkmcelroy1 i'm going to have to remember that when I start doing outbound prospecting
kmcelroy1tanner: i think they allow you to still use your PBX with enterprise level stuff and then just use the broadsoft hosted features like rerouting and that
kmcelroy1so standard sip trunking but nice easy rerouting and that
kmcelroy1so a mix of the two
tannerkmcelroy1 or I could just use any number of SIP providers out that that do it for pennies a month :)
kmcelroy1yea, i think a lot of them do
kmcelroy1but then again, some of them are terrible :P
tannerkmcelroy1 I use one for my business, Flowroute
tannerthus far pretty happy with them
SuperNulli might be having a caffeine induced anxiety attack uhts.oh
tannerSuperNull do you have orange juice around? drink a big glass
tanneror take some vitamin c supplements
pffstanner: is there something special I need to do in order to turn an FXO card on?
SuperNulldoes that work tanner?
pffsit shows up in a show inv but can't configure the ports with a voice-port whatever
tannerpffs well you have to activate it
SuperNullwould snorting crushed vitamin C work quicker?
tannerSuperNull I doubt it, damn druggie
kmcelroy1SuperNull: sounds like it should, test it
pffsI don't see anything in my backup that looks like it activates a card
tannerSuperNull vitamin c dampens the effects of most amphetamine types, might work for caffeine as well
SuperNulloh man.
SuperNullbut that would ruin my adderall high.
SuperNullhahaha jk
kmcelroy1you normally don't have to activate the FX cards
void64fuck java
kmcelroy1only voice wics normally
SuperNullagreed, fuck dat java.
void64java = bloatware
pffsI know you have to activate the t1 vwics
pffsI wasn't aware of anything like that for an FXO
kmcelroy1sh diag, do you see it showing up properly?
kmcelroy1or show inventory
pffsit's in a show inv
kmcelroy1show diag, does it show up working properly?
kmcelroy1and do the interfaces show?
pffsand show diag
pffsJust the card
pffsactually I don't see a dsp
kmcelroy1you need DSPs for that i believe
hexhaxtronI've got some CBT Nuggets about Cisco. Is it worth for me to learn Cisco when I don't have any Cisco device?
pffslooks like they didn't move the pvdm
kmcelroy1that would explain it
pffswould that keep any voice ports at all from showing up?
kmcelroy1they require DSPs to work
tannerpffs voice-port ? does it let you do anything?
pffsonly 50-50
pffsI'm thinking it's they didn't move the PVDM to the new router
kmcelroy1that should be it then
pffsI'm kind of annoyed an RMA'd voice gateway wouldn't have come with the PVDM
pffsthey sent the vwics
tannerPVDM's are stupid expensive
pffsI guess
razorzI have a shit ton of them here
pffslike 100 bucks?
razorzPVDM3-64 is $695
razorzdepends on gen and how many channels
pffsthis is a pvdm2-16
pffscan't be that much
tannera brand new PVDM3-32 will run you $1000, $1600 retail
razorzNever buy retail
pffsso under 100 bucks
tannernever pay retail :)
Apachezare there any limits on which ip address a loopback interface can use ?
tannerits ~$1000 my cost for a new one
Apachezim thinking if I already have lets say ip address configured on an vlan interface.... can the loopback0 be ?
Apachezor must it be a completely different ip ?
rstymake sure you advertise loopback0 as point to point so it only advertises one subnet, assuming the loopback is a 32 bit mask. or else you might have reachability issues
envirocbrKenMatlock: You back?
instigatorhey all when creating a openssl certificate, does the challenge password get store in plain text or is it encrypted?
KLineManI think the csr would be plain text
squibbyhave no fear. epicdouche is here
pffswelp, TIL
instigatorKLineMan: so that means it could easily be sniffed?
KenMatlockenvirocbr: sorta, still working on a few things, what's up?
SuperNullsquibby we are all still gelly of your epicdouche host name appearance
SuperNullmaybe just me.
squibbynickserv registered and everything. yeah buddy.
envirocbrKenMatlock: I can see the mac addresses of each side in the: show otv route
envirocbrbut if a guy on (in DC1) tries to ping his gateway (in DC2), we get nothing.
SuperNulli only cared enough to make comment but not actually try to change mine.
envirocbrI see the mac addresses in the OTV routes, am I supposed to see them on the internal 4510?
KLineManno, the csr is what you give to your certificate authority -- the challenge pw is storred on the certificate authority only i believe
squibbychallenge pw?
myndApachez: that won't work. you can't have an interface assigned an IP within the range of another on the same device
KenMatlockenvirocbr: yes, to the 4510's it should look like any more behind a multiport device
KenMatlockenvirocbr: so the 4510 should see the MAC of the other side on the port going towards the ASR/Nexus
oistermynd: vrf?
pffswhy is it on the one day I'm supposed to work from home on boring tunnel shit everything breaks and they need me
pffsnot fair.
myndoister: i think that'd do it
myndnever messed with it tbh
void64compiling openjdk from source is worse than watching paint dry on a wall
squibbythis is such fucking nonsense. http://www.usatoday.com/story/news/nation/2014/02/05/no-jail-for-teen/5242173/
myndsquibby: yea heard about that before
myndhe's going to get "treatment" though
myndfor his "illness"
envirocbrKenMatlock: Weird, I am not seeing it
TheJeebcome on guys, he was the victum
KenMatlockso it's his paren'ts fault? send the parents to jail
envirocbron the ASR, I see the VLANs from the 4510
envirocbrbut no VLANs on my gi8/34 interface on teh 4510
KenMatlockenvirocbr: and on the 4510 it's a trunk port, and allowing those vlans?
envirocbrYes, I have allowed all VLANs just to be sure
KenMatlockand a 'show int trunk' shows the vlan in the list under 'spanning-tree forwarding state and not pruned'?
KenMatlock(for 8/34)
envirocbrall forwarding
envirocbrspanning-tree portfast trunk too
KenMatlockenvirocbr: and on the ASR, you have the overlay and ethernet port tied through the same bridge-group, same service instance?
oistersquibby: we love our corruption here in TX
squibbywhat's the deal anyway? do people suspect she received money? is there pressure not to piss off rich people?
envirocbrKenMatlock: http://pastebin.com/vmsu9zew
envirocbrBefore I couldn't get them to sync becaues the Cisco documentation was screwed up
envirocbrI have one guy with a constant ping from DC1 to DC2
TheJeebIf I recall the Judge was close to retirement, and probably will do so comfortably, but that's just my opinion.
envirocbrto the VLAN SVI
envirocbrand no dice
straterraHah..what a random issue in 6.0.2
oisterif you're rich enough you can get away with murder... dallas cowboys player josh brent just got off with a light jail sentence for killing his team mate
straterraip helper + fex doesn't work for PXE..but works for normal clients
KenMatlockenvirocbr: dunno man, looks ok to me, and that pastebin I sent earlier was a known good otv config for multicast, which should be functionally identical to unicast
envirocbrKenMatlock: yeah, I got it working sonce I saw the site-VLAN needed to be added and trunked to the internal interface
envirocbrboth ends came right up
envirocbrBut still no connectivyt'
envirocbrfor end hosts
envirocbrlet me check something
KenMatlockstupid question, windows firewall disabled on the devices on both ends? :P
razorzPiece of shit SM-NM-ADPTR
SuperNull equallogic san management interface go fail.
envirocbrKenMatlock: Yes :)
ALucasI get it's buggy ^^
envirocbrKenMatlock: The issue is, when I do a: show mac add int gi8/34 on my 4510 (interface towards the OTV internal on the ASR) I don't see any of the addresses learned
KenMatlockok, and the ASR on that side sees an ISIS 'route' for the MAC on the other side?
bschipanyone have a good way to block all website (expect two) from a a user. The kicker is the user is on a terminal service server with other users.
KenMatlocksure, get a full proxy
envirocbrKenMatlock: how would I see that?
envirocbrIn a: show otv route?
myndbschip: proxy or utm firewall
myndproxy is prob better tho
KenMatlockenvirocbr: yeah
envirocbrKenMatlock: Yes
garrettskjlol bschip web proxy!
envirocbrIn the Nexus 7k, core VDC, I also have the smae issue
envirocbrwhen I do a: show mac add vlan 7
hjohnsonouch, yeah, this is the best use for the DSL... our midpoint station only gets 30 minutes or so of uptime
bschipweb proxy only one user though?
envirocbrI don't see the learned mac addresses from the internal interface on the OTV VDC
ALucasor just http://www.tunnelsup.com/cisco-asa-identity-firewall/
garrettskjbschip: if you need per user, on a shared box
bschipyes that is what I need
myndbschip: proxy all users, but use auth to and limit said user
garrettskjbschip: then you need a web proxy configured on that person's machine.
ALucasbschip, Squid is a good free proxy you can try
KenMatlockenvirocbr: http://packetpushers.net/cisco-otv-101-legacy-multicast-mode-mac-learning-process-walk/
KenMatlockenvirocbr: http://packetpushers.net/cisco-otv-implementation-troubleshooting-legacy-multicast-mode/
KenMatlockfor the most part the troubleshooting should be the same
KenMatlockjust ignore hte multicast portions
envirocbrKenMatlock: I pass all those tests
envirocbrI just don't see why I am not seeing the mac table for VLAN be populated with the OTv learned routes from the ASR or the OTV VDC in the 7K
peter_hey, when you ping from a switch, which interface does it exit from?
peter_it has multiple vlan interfaces
razorzthe default route one?
Bejglipeter_: the one closest to the destination
peter_so i have a route
peter_so im trying to set up ntp on my switches, which means i need dns resolution to work aka pool.ntp.org
peter_i se tmy dns servers to and
peter_but i get no response
peter_im trying to figure out which interface the requests are coming from
peter_so i can adjust firewall rules as needed
squibbyhow could they not let Matt Damon play Robin? this is tragic
squibbypeter_: explain that
peter_like, which interface is the dns request coming from
peter_there are 5 vlan addresses
squibbypeter_: the interface closest to the destination
squibbycan you read?
razorzNice, just got an order from nascar.com
KenMatlockenvirocbr: for some reason the service-instances (which are basically bridge-groups under OTV) aren't forwarding them out, or the L2 switch is ignoring them, dunno which
KenMatlockon more dumb question, on each ASR yo only have 1 'OTV' port (the port going towards your L2), and you've verified it's the right port? :)
envirocbrKenMatlock: Well, I have on ASR1001
envirocbrther other is a 7009
envirocbrmy "OTV" port
envirocbrYou men, overlay 1?
envirocbrthat is bound to my join interface
KenMatlockok, let's take a step back
envirocbrKenMatlock: You must be referring to my OTV Internal interface?
envirocbrgi0/0/0 is the join interface
envirocbrgi0/0/1 is the internal
KenMatlockyou should have 2 distinct interfaces, an 'OTV' interface (that talks L2 only) and an OTV 'join interface' which does the OTV adjacencies and such
envirocbrIn overlay, I selected gi0/0/0 as the OTV Join interface
KenMatlockok, and the OTV interface you're 100% sure goes to the 4510 on G8/34?
envirocbrYes, I verified the picture they sent and the CDP information
KenMatlockin overlay? are you configuring this through a GUI? :P
envirocbrHell no :)
KenMatlockok, *phew* :)
envirocbrCLI FTW
bschippeter: don't use the DNS name use IP
bschipand also
KenMatlockenvirocbr: is this box set up to act as the adjacency server? (under hte overlay interface do you have 'otv adjacency-server unicast-only')?
envirocbrThe configuration I pasted is exactly what is on the ASR
envirocbrKenMatlock: The 7009 is he adjacency server
envirocbrshoudl they BOTH be?
KenMatlockno, only 1 end
envirocbrOk, the 7009 is the server
KenMatlockwell, you might be able to do a backup one, hang on
KenMatlockand is up/up on the 7009, correct?
KenMatlockand the ASR can ping that IP?
envirocbrI can ping across
envirocbrthey see each other as adjacent
KenMatlockok, and what MTU is supported end-to-end?
envirocbrOn the MPLS?
KenMatlockjust end-to-end, from ASR to 7009
envirocbrI set mtu 1600 on the join interfaces
KenMatlockand is that supported end-to-end?
envirocbr1500 on the OTV internal interfaces, because the 4510R doesn't have jumbo frame enabled
envirocbrShould I just reset it all back to 1500?
KenMatlockwell, is the minimum MTU from the ASR to 7009 at least 1600?
KenMatlockand also pastebin a 'show otv vlan' on the ASR please
envirocbrKenMatlock: I will just set ti back to 1500 to be consistent
KenMatlockshesh, that all looks right
KenMatlockyeah, just to make sure
KenMatlockwhat vlan are you trying this on?
pffspasswords that use only two fingers suck
pffsmuch typos
pffsthis password is a stupid combo of just 12qwaszx with varying cases
KenMatlockand now it will only take 32 guesses to get it :P
SuperNullbetter idea..
SuperNulluse pastebin urls as your password.
bmoraca_worktwo finger password
pffsthose fingers are better
SuperNullboom: e5R5qwHQ
KenMatlockI prefer hunter2
envirocbrKenMatlock: 7
pffsthe pinky middle combo is awful
envirocbrI have a TON on the ASR side
envirocbrtwo machines on the 7009 side
SuperNull******* is the ultimate password KenMatLock
pffsKenMatlock: you use ******* as a password?
bmoraca_worki wrote a program that takes a huge dictionary of words and chooses two, capitalizes the first letter of each, puts two digits between, and a special character at the end
bmoraca_workworks awesume
pffsseems insecure to only have on character
SuperNulltake my 4 seconds of quicker reaspone
MrPocketzStupid question
MrPocketzbut with no ACLs on an ASA
SuperNullACTION feeds pffs 4 seconds
MrPocketzwhat does it do?
pffsI had to count my astericks :(
oisteruse sentences for windoze passwords.. length is the most important
MrPocketzlike, with no outbound ACL, it'll permit all outbound traffic, right?
oisterMrPocketz: depends on version
KenMatlockenvirocbr: dunno dude, almost smells like a bug or new config option in later codes. the box it taking the OTV packet, but not spitting it out the L2 :(
myndMrPocketz: allows higher level to lower level, but nothing lower to higher can be initiated
pffsdoesn't help that I never use my right shift
myndoister: didn't know it depended on version
pffsso the !@ fuck my hand position
MrPocketzmynd, thats where the "Security level 0" comes i then yes?
myndMrPocketz: yes
oistermynd: > 8.3 there is no nat control... before on 8.2 you had to have a nat entry for traffic to route
KenMatlockenvirocbr: everything I'm seeing says it should work just fine. you have an adjacency, eaqch side knows it's the AED for the vlan, it learns the MAC, but doesn't bridge the packet to the OTV interface
oisterbefore 8.3 i mean
myndoister: ahhh ... makes sense. i recall running into issues without a NAT entry that stuff wouldn't route
oisteryou could turn off nat control on < 8.3 though
oisternow with 8.3 its just off by default
oisterthe acl rules apply though.. only needed for low sec to higher
myndoister: gotcha
KenMatlockenvirocbr: I assume you've tried to do the MTU?
KenMatlockenvirocbr: I know it's a long-ish shot, but OTV on the 7009 doesn't support fragmentation, so make sure you can get 1542 (1500 + 42 byte MTU) end-to-end
subz3r0im just curious... is the ccna security worth its money?
pffsif it gets you a job
subz3r0got my ccna... now got the offer to make the ccna security
pffscerts are only really valuable to you if they get you hired somewhere. Do you desperately need to get hired?
subz3r0i do my apprenticeship atm
subz3r0ccna was first cert, then lpic1 now the mcsa 2008 + upgrade on 2012
subz3r0after the mcsa we will have some freetime... so we got the offer to make the ccna security
loceuranyone know the gns3 founder guy? he doesn't roam around in here does he?
subz3r0since my heart beats for routing and switchting, guess it can be that bad to do the security,too? :>
eirirs_Scrye: wake sesame
subz3r0heh :p
hjohnsonI wonder if one of my netgears is biting it.
hjohnsonwouldn't shock me
subz3r0pffs: but im thinking of the future, too... maybe ccnp or cissp when i got the money ;>
pffssubz3r0: certs typically help get interviews
pffsso does networking though
subz3r0or a good company which wanna pay it for me
pffsso if you hate people or suck at making friends
pffsgo rack up as many certs as you can
envirocbrKenMatlock: set the MTU on which interface?
envirocbrthe OTV and the join?
subz3r0but im wondering how this rankings can fit... those say you can earn easily 90k bucks just with the ccna...
subz3r0that would mean about 70k euros here in .de
KenMatlockOTV needs 1500, the join, through the MPLS, to the join on the other side need at least 1542
KenMatlockCCNA's in the US don't get that much, unless it's in CA or NY
KenMatlockand for those areas, that's almost minimum wage :P
subz3r0pffs: so be a misanthrope wont be good? :P
subz3r0KenMatlock: what does it mean in numbers? :P
KenMatlocksubz3r0: for most places in the US I'd say $40-$50k is normal for a CCNA-level
envirocbrKenMatlock: Yeah, but wouldn't it not form adjacency or at least not populate the tables?
hjohnsonfuck something has gone really unstable...
KenMatlockif you are in California or NY, the cost of living is MUCH higher
hjohnsonI hate it when this shit happens
loceurany of you guys backing the 'new' gns3 development?
KenMatlockenvirocbr: I'm not 100% sure. I know OSPF relies on the MTU when forming adjacency, dunno about hte ISIS implementation in OTV
pffs90k with a ccna and 5 years experience maybe
hjohnsonI'm running into fun, slow oscillations caued by a network switch, a UPS, power outages, and the controller that the network switch connects to.
pffsor 10 years
subz3r0KenMatlock: im wondering. since i found some certification rating which says about 90k
peter_can i force my dns requests to go out a certain vlan interface on my switch?
KenMatlocksubz3r0: if you can find that man, go for it :)
hjohnsonso the UPS is probably completely drained at this point. When it turns on, it starts charging its batteries and won't actually turn on its outputs immediately
subz3r0-rating +ranking
myndpeter_: if said switch does routing and you use PBR
hjohnsonthis is good,b ecause I don't want to fire up the loads normally until the batteries are somewhat charged
subz3r0KenMatlock: first need to finish my study ;9
hjohnsonthe problem si that the load is a computer system and a network switch
Giant81well fuck that I'm done
pffssubz3r0: being a dick generally hurts your job chances, yes
Giant81I'm burnt out and failed
Giant81748 and I needed a 790
s1sko_peter_, ip domain lookup source-interface may work
hjohnsonthe computer switch controlls one of the biggest electrical loads in the village, and if that turns on when it shouldn't, that will knock the power out.
pffsGiant81: which test?
subz3r0790 for?
hjohnsonit goes back to defaults after it can't contact the master controller.
hjohnsonafter 10 minutes
pffssecond time?
hjohnsonit takes 10 mintues for the UPS to fire up.
hjohnsonyou can see the problem here.
Giant81yup second attemp
pffsI'm going to start studying for that
Giant81so $400 later and fuck it
subz3r0Giant81: get some beer and rest :)
pffstake some shots
Giant81yeah I've got a buddy coming over this weekend we'll get blitzed and get some sleep
Giant81probably didn't help I had maintenance Tue night so up till 2am, then email migraiton yesterday so sitl in the office
Giant81I slept pretty good lastnight
Giant81it was just little shit that got me I'm sure
Giant81hte devil is in the details
subz3r0pffs: i want to work with routers and switches not with ppl... if so, i would work as salesman...
imemyself_my understanding is the IS-IS adjacencies will not come up with the MTU is mis-matched
myndGiant81: it took me three tries on the bcmsn
pffssubz3r0: you always work with people
myndthird times a charm :)
subz3r0pffs: ofc... just kidding ;)
imemyself_I think it sends some of its messages are padded to match the size of the MTU
pffsjust making sure
Giant81well fuck it I'm tired and bured out on this right now
pffssome people don't
Giant81been thinking of switching gears to ROUTE
Giant81then come back to it later
pffsI liked ROUTE
pffsrouters are awesome
myndi imagine the hard part about switch is you need physical gear to test on
subz3r0pffs: im glad that i found a company where i can be as volunteer for 6 month with is specialised in cisco stuff. hope i can learn a lot there
myndcan't really use gns3 for it
subz3r0pffs: also working on my first ASA then :p
Giant81I've got access to some gear
Giant81but it's 2x 3550's and a few 2950's
Giant81hell I work as a network engineer of 3750's, 2960's and nexus 5k's
myndthe company i worked for was a partner, so i was able to login use their labs when needed. I barely passed on the third attempt, and iirc it was wireless where i missed the most
pffsI have two 3550s and some usb NICs
Giant81but we don't do anything more advanced so that's what I get bit on
myndalso, passed about 1 week after ccna expired :(
pffsand an SRX210 which is sorta switchy
Giant81look at the bright side
Giant81I can't afford to take the test anymore times so I guess it forces me to study more until I can
SedoroxI've been studying SWITCH for a while now... haven't had much luck on the practice exams :/
myndGiant81: not sure if it was cisco or pearson, but they had a promotion going on at the time (~2008) that if failed you can retake the exam at no cost
Giant81mynd, don't think they do it anymore
Dez_Bryantanyone here
Dez_BryantGiant81: do you know how to program?
Giant81my practise tests have been ok... 70-75% and I need an 80 to pass, most of the time I've taken practise tests they were harder then the real test
Dez_Bryanti'm trying to find the best language to learn to do net eng slave tasks
Giant81got a 75 on the real test
Giant81depends on the language
Giant81perl can do anything
Giant81it might not be the best at everything, but it can do anything
Giant81i <3 perl
Dez_Bryantisn't perl complicated syntax wise
dcslvthe trick is to just pick one and run with it
Giant81defind net eng slave tasks
Giant81perl is as complicated as you make it
dcslvperl is a swiss army knife
Giant81it can be simple, or hard, it grows with you
dcslvit'll do whatever
Dez_Bryantlog into a .txt of 600 routers and pull stats, mass configurations, etc.
Dez_Bryantshit like that
Giant81the better yo uget, the better your code gets, but even with less complicated code, yo ucan sitll get shit done
Dez_Bryant.txt of 600 router IPs ****
dcslvi started with bash doing that
dcslvmoved to perl when it got out of hand
myndDez_Bryant: sounds like something for an NMS
Giant81manipulating txt??? that's what perl is designed for
myndnagios or whatsUp ... or something similar
Dez_Bryantmynd: no
Dez_Bryanti want to do thing with the output
myndsounds dirty
myndidk, depending on what you're trying to do, an NMS could help. Nagios has tons of plugins and you can even build your own
SuperNullyo momma so slow she use internet explorer four point ohhh
hjohnsonit's all about the pentiums?
Giant81with todays computers, IE 4.0 is probably really fast
myndSuperNull: that was super random
Giant81yo mamma so dirty, she went to Sochi and gave THEM viruses
SuperNullmynd... i only have one thing to say to that sir...
SuperNullBeep boop Beep boop.
SuperNullbeep ?
kmcelroy1watch it bitch
Dez_Bryantyou know what
Dez_Bryantim gonna go with python
Dez_Bryantthat shit looks easy as fuck
SuperNullyou wnat easy as fuck dez ?
Giant81yo MAMMA!!!!!
SuperNulli was gonna say kmcelroy1s cousin but..
Giant81perl is for real men
SuperNullbut i will allow it
SuperNullperl is for men from the 1980s
Giant81python is for skiddies
SuperNullas in .. used it in the 1980s
Giant81well I Was born in 1981
SuperNullPHP is for hipsters baby.
Giant81real men use COBOL
SuperNullGiant81 based on your height, we have determined that its impossible to grow that all in that short amount of time.
Dez_Bryantwho is python for
Giant81yo mamma
SuperNullloose bitches.
SuperNullzooschool man.
Giant81use Ruby on Rails
onefst250rgarrettskj: are you guys getting snow down yonder?
garrettskjonefst250r: yessir. just starting to accumulate
yqruby isn't high level enough
yqpython is more high level
SuperNullwhere you guys at?
SuperNullwith the snow fall
Giant81I still think perl is the defacto swiss army knife of programming/scripting
garrettskjit's funny you say that
Giant81you can do anything you need in perl
garrettskjI have a tool kit written for our network engineers
garrettskjall done in Perl
garrettskjand it's title is "the swiss army knife'
SuperNulli have libraries for key things all in PHP classes.
Giant81it's not the perfect language for everything, but it can do anything!!
SuperNulli hate some of perls.. syntaxes. in other languages it means one thing in perl it goes full retard.
SuperNullPHP has its fails of course.
SuperNulllike the whole 'needle,haystack' and 'haystack,needle' issue.
Giant81I neve ruse OO perl
Giant81just straight perl
SuperNullone of our previous admins did and im like 'wtf how does this all link together'
Giant81I like the way they do things with $ @ # etc...
SuperNulli like the $ only.
Giant81it makes it easier to read
SuperNullhopefully i didnt just call scrye by accident.
Giant81an array is @, a scaler is $ a hash is % done
SuperNullfunny cause in php ...
SuperNull$array, $scaler, $hash.
SuperNulldat consistency.
Giant81is hard to read
SuperNullperl has a lot of .. hard coded syntax for hashes/arrays that dont exist.
SuperNullGiant81 have you worked on a large c/c++ project?
SuperNullyou're argument is invalid! SIR!
MyssTmm perl.. perl -e '$_ = q ;4a75737420616e6f74686572205065726c204861636b65720as;;for (s;s;s;s;s;s;s;s;s;s;s;s){s;(..)s?;qq qprint chr 0x$1 and \161 ssq;excess;}'
Giant81I like perl cause I can tell what the object is it's referencing by looking at the way it's called
Giant81ok obfuscated perl is nuts
SuperNullnot like you could use a useful variable name or something.
myndsrst is a pain ... let me tell you
MyssTwho's gonna be the first torun that !?
kmcelroy1SRST is lame
SuperNullin C/c++ they have variable prefixes for what it is type wise..
SuperNullif you work on a 'large' open source project hat recognizes it you will see stuff like 'sz' in the variables and stuff
Giant81yeah but I might WANT to have a $value, @value, and %value an dhave them be different things
SuperNullthen perl is a winner for you sir
SuperNulli came a little late to the party for perl to be used by me..
SuperNulland i started as web dev
Giant81read the book 'learning perl'
Giant81great book
SuperNullanyone remember 'Personal Web Server' for windows 98?
Giant81omg never played with it but I know of it
SuperNullit was mini IIS
SuperNullonly even worse.
Giant81I belive it worked up till 2000 then in XP they took it out
Giant81PWS and access
SuperNulli used to run PWS on my dialup which i would connect to from my high school ..
SuperNullbling bling.
envirocbrI swear, this is frustrating
hjohnsonfucking netgear and their busted-ass spanning-tree
baristaTam_is not setting up management on a managed switch gonna fuck shit up?
kmcelroy1just means you can't really remotely manage it
Kruggerno, but it does feel like a waste
hjohnsonyep, looks like one o fmy netgears has gone kerblooie
hjohnsonare we surprised folks?
hjohnsonI'm not.
baristaTam_just trying to rule out possibilities of another issue
kmcelroy1who buys netgear switches though? :P
onefst250rhjohnson: it had a good life. give it a nice send off.
hjohnsonkmcelroy1: my predicessor?
hjohnsononefst250r: 12ga or .306?
baristaTam_I tried so hard to talk my company out of this netgear switch, but they wanted cheaper
hjohnsonit's a GS108T
hjohnsonit seems to have gone awol
onefst250rhjohnson: neither. use that exploding target mix stuff you can buy at gun stores.
hjohnsonthe links are up, but it's not doing lldp even...
hjohnsonand I can't pass traffic through it
hjohnsonthe lights are on but nobody's home
Kruggerimagine a switch with a couple of vlans, and you connect a cable to a port that is configured as switchport access vlan 17 and switchport trunk native 67
hjohnsonthe power has been goign out every hour or so because of it as well
Kruggerthat takes out the switch
Kruggerwhat might have happened?
KruggerI will have to go to the datacenter as I lost remote access
kmcelroy1Krugger: sounds like something broke
onefst250rhjohnson: http://tinyurl.com/qbbbfgz
onefst250r5 lbs ought to do
Kruggeryup, I even asked the guys to turn it off and on again
hjohnsonand this, my friends, is why you don't base mission-critical infrastructure on netgear
myndKrugger: depends if either access or trunk mode are staticly set
Kruggerand that didn't work
myndeither way, the non-tagged traffic will go over either vlan 17 or vlan 67
Kruggerthe idea was to have vlan 17 as the default vlan and then have vlan 67 as the tagged vlan
kmcelroy1native is untagged...
myndwell that's not how you configure the port
kmcelroy1so the idea was wrong :P
kmcelroy1and you can't have access and trunk
kmcelroy1so what you want is a trunk with native 17
myndkmcelroy1: you can configure it and if it fails to com eup as a trunk, it'll be an access port on vlan 17
squibbywhat are these randomly generated nicknames in here - 31NAAEE9T , 5EXAAJOQK , 6JTAA6EEN ?
kmcelroy1right, but that isn't what he described as wanting at all
squibbyshould we be concerned about that?
kmcelroy1you also can't have access and trunk at the same time, so the statement stands
KruggerI usually just assign a vlan to a port this having a default vlan and a tagged vlan was something new
MrJayPCsquibby, it's only your boss monitoring you
squibbyI was just gonna ask if it's the NSA
NightstaarHi all, question about equipement I'm wondering someone can help me with.
NightstaarDoes anyone have any recommendation for testlab gear?
Kruggerand in the manual I can configure it because it will trunk and if the trunk is ever removed it will use the default configuration
NightstaarI'll be doing my CCNA soon (and continuing on from there)
myndkmcelroy1: a port can't be in both states at the same time, but you can configure "switch acc vlan X" and "switch trunk X" all day long
KruggerI mean the default vlan
kmcelroy1mynd: right, never said it couldn't
squibbyNightstaar: pick up two catalyst 3550s for the switches and two 1841s for the routers
myndkmcelroy1: reckon i'm not knit picking :-)
squibbyNightstaar: honestly you're probably better off with just gns3 for a ccna lab
Kruggerso what is the correct way of doing this? defining a default vlan and then adding a tagged vlan?
NightstaarWell I've heard that a lot squibby
NightstaarI want to get some stuff that'll last for the other certs as well
Nightstaarheading towards networks and security maybne
KruggerI was even looking into q-in-q, but that seems not the way to go
NightstaarAlso I want to use it for personal use if possible
myndKrugger: i think you're getting your terms mixed
myndKrugger: what are you trying to do
squibbyNightstaar: yeah then you should invest in the 1841s and some 3550s
NightstaarCool cool.
kmcelroy1Krugger: i told you, for what you asked for, trunk with 17 as the native
squibbymaybe 3560s or 3750s. depends on what's available out there.
Kruggerwe are connecting to a provider network and that is what is in the email
Nightstaarsquibby: I have a 877w that I got from an old job. Keep or sell do you think?
squibbyNightstaar: no reason you can't continue with gns3 for the ccnp labs though
kmcelroy1a provider is telling you to trunk to them?
NightstaarYeah of course
myndKrugger: ohh ... let me get out the email
Kruggerthey didn't tell me to trunk
Kruggerbut I will go with trunk with 17 native as suggested
garrettskjKrugger: go get trunk
kmcelroy1if they told you to tag a vlan, they told you to trunk :P
NightstaarPerhaps I'll keep the 877w for my ADSL and wireless functions
Kruggerand see if I can reach somebody out there :P
kmcelroy1which is extremely weird
lo0QinQ for a CE? Without you requesting it? Whaaaaaaat?
myndtrunking to a provider is odd ... unless it's MetroE or something
lo0Owait, misread. Disregard <:
myndleast that's the only time I've seen my equipment setup to trunk towards the provider
myndi'm sure there's other use cases out there
kmcelroy1usually only if the carrier is retarded
kmcelroy1XO for example
Kruggerwell, the provider is giving us temporary ipv4 and ipv6 block and server while we migrate stuff
Kruggerso we are in the middle of their network
kmcelroy1if they are giving you a block, have them route the damn thing to you and move on
lo0That feel when your organization won't purchase IP space through ARIN because it's, "Too hard to figure out."
Kruggerour network gear consists of a switch and borrowed servers
Kruggerwe are improvising, adapting and overcoming :P
kmcelroy1you guys sound like a class outfit :P
Kruggerwe have lots of borrowed stuff
Kruggereven the gbic are borrowed from another organization
kmcelroy1maybe you should buy stuff, like a business does
KruggerI would, but there is no budget. So we are getting creative
kmcelroy1i think the best part is you are doing a migration with other people's shit
kmcelroy1what do you have to migrate if you don't own anything?
Kruggertoday was building servers with pentium 3 and 4 processores
kmcelroy1oh, we have these mission critical P3 servers running our pong server
Kruggerto supplement cisco content switches
kmcelroy1can't let the pong server go down too long
kmcelroy1the rabble gets restless
KruggerI think I better not say what the servers will be load balancing, but if it fails it will be on the evening news
kmcelroy1this sounds like the worst business ever :P
kmcelroy1based on what i have gleaned so far, it sounds like it will surely fail somewhere
mastermindP3 servers?
KruggerI am sorting what runs and what doesn't
Kruggerwhatever runs will be put into production until it fails
hjohnsonman, it annoys me to plan on deploying 3560-24s when I really only need 8 or 12 ports
hjohnsonbut the costs just don't justify the smaller switches
Kruggerat least you have room to expand later
Giant81look at the bright side
kmcelroy1this sounds like the worst business in history
Kruggeror you could lacp it :)
kmcelroy1no budget, P3 servers
Giant81when they go EoL atleast there will be a good supply of 24 porters
kmcelroy1borrowed equipment
KruggerThe trick is to keep borrowing from different people
Kruggeror do lots of proof of concepts
hjohnsonGiant81: yes, but it means having fans and so forth in dusty locations that are rearely visited
kmcelroy1seems like the trick is to quit the company and find a better job, ha
hjohnsonnaw, do the office space thing and get laid off. :P
Kruggerwell I am sub sub sub contracted
onefst250rACTION votes for the quitting thing
hjohnsonso I got laid off... the one guy formmy group left is about to be let go for telling the company that they've changed to producing shit
Kruggerand what happened is they said they had some networking issues I might help out with
onefst250rhjohnson: its not that im lazy hans, its that i just dont care
kmcelroy1"some networking issues"
hjohnsonthat's where my buddy is at my former employer
kmcelroy1the issue is they don't have a network :P
hjohnsonand turns out a bunch of customers have left because i'm no longer there
onefst250rdid they call you?
hjohnsonteh customers?
Kruggerbasically there are switches and everything is connected to everything
hjohnsonyeah, but it would be very difficult for them to hire a single forigner
onefst250rleave there, call you :)
Kruggerbut I am making it better
onefst250rget a couple of foriegners then
hjohnsononefst250r: what I'm working on is partnering with one of their other suppliers to do the contracting through them
Kruggerjust would be nice to have a couple more IT people around
onefst250rhjohnson: or theres that
SuperNullwho posted the 90 percent gay comic ? wtf.
Kruggerthere are also the server and the applications...
SuperNulloh .. reddit did.
hjohnsonthe other problem is maintaining some of my qualifications
SuperNullhttp://www.pidjin.net/2014/02/06/ninety-percent-gay/ enjoy.
SuperNullits totally not about nieros beard.
Kruggercurrently using 3 datacenters
Kruggerwith basically no IT staff
mastermindKrugger: sounds completely insane
Kruggerthey have 2 windows guys and 2 helpdesk guys
Kruggerin my first week I expanded the linux applications server by an additional 100 VMs to support the failing applications
hjohnsonKrugger: years and eyars ago, I knew of a company... their primary web server was IIS
hjohnsonthey named it Titanic
hjohnsonthe backup was running Linux/Apache... they named it Carpathia
Giant81sounds like a bad ohmen
kmcelroy1they have 3 data centers and P3 servers?
kmcelroy1what the fuck?
KruggerI would like to point out the obvious problem, windows guys + linux applications servers
KruggerI am pulling things out of the old parts warehouse
hjohnsonGiant81: well, it was named due to the stability, not the other way around
kmcelroy1i don't understand how this company functions
KruggerI need load balancer, radius server, proxies
Kruggersyslog server, nagios
Giant81so far it seems our jboss on windows servers are the unstable ones
hjohnsonI have to admit I'm pretty damned happy with Active Directory and NPS for my centralized authenticaiton needs
KruggerI have ran out of storage space, now going for ultra scsi-2 disks
hjohnsonACTION decides to put some pants on
pxedhjohnson ++ i never touched radius before, but was able to get it configured in a few hours this morning without too much hoopla
Kruggertrying to build a decent network here, but running short on everything
hjohnsonand it's easy for my on-site tech monkies to manage
hjohnsonKrugger: heh, my own situation, except that I'm doing it for a non-profit
hjohnsonso half the equipment is donated by yours truly
KruggerWe have tons of equipment in storage, the problem is nobody knows what is there
kmcelroy1you should just build a shitty network and let them go out of business
kmcelroy1kill the beast
hjohnsonfucking netgear
Kruggerfound fiber SAN switches there
hjohnsongod damned peice of shit
Giant81Krugger, nobody knows it's there = great for a home lab
KenMatlockACTION thinks Krugger works with Dilbert :P
lo0So, EMC gave me a 176 page step by step guide for deploying Avamar.
lo0And my boss thinks it's DR.
lo0Why is today a thing?
mastermindEMC sucks
Giant81dude Avamar is something yo ulet EMC setup
Kruggeractually dilbert comes to mind several times a day
Giant81fuck that' it's a moster to deploy
Giant81but once it's setup, it's nice
hjohnsonfuck.. I need to change the licensing on my AD servers too
hjohnsonthis is going to be hell
mastermindbut proper FC is nice and "just works"
hjohnsonwe're on Server 2k8 Standard, which has a 50 seat limit on radius clients
hjohnsonI'm up to 40
Kruggerbut why do the FC disk die so fast?
Kruggermaybe it is because they are old
dcslvfreeradius ftw
Giant81what gen avamar did you buy?
mastermindKrugger: do they?
SuperNullfreeradius yeahhhha baby.
KruggerI was trying to ressurect a SUN fiber storage arey and the disk keep dying
dcslvbeautiful software
mastermindACTION likes the new Hitachi HUS-VM we have hear
mastermindthe GUI sucks
mastermindput performance is stellar
garrettskjhjohnson: srsly
garrettskji didn't realize there was a limit on radius clients
garrettskjon 2k8
Giant81it's windows standar
Giant81it limits EVERYTHING
garrettskjyou have a doc that has the different versions and their limitations?
Kruggertoday I found a box with qlogic fiber adapters, but the don't fit in the 1U servers :(
Giant81as a way to suck more money off of you and force you to ENT
hjohnsongarrettskj: there is in 2k8 standard
hjohnson2k8 enterprise doesn't ahve the limit
imemyself_how does it count the radius clients? I know you can specify a prefix instead of an individual IP
lo0Krugger: dremel
imemyself_might be able to give up a bit of security to make it work beyond the limit
hjohnsonimemyself_: in the case of 2k8 standard you can't specify a prefix
hjohnsonimemyself_: you have to specify each client individually
imemyself_oh...that sucks
hjohnson2k8 enterprise lets you sepcify a range
hjohnsonimemyself_: it's just one of the licensing things... it is what it is
hjohnsonthe annoying thing is that I have 4 licenses for 2k8 enterprise
hjohnsonbut you can't shift the license of an AD server while its promoted
hjohnsonyou have to demote it, change the license, and re-promote it
KruggerI know it feels like chaos, but I actually enjoy working as this place. I mean I can pretty much do anything I want with the equipment
Kruggerand seems like the servers uptime has increased drastically since I started
hjohnsonfucking hell
Kruggerso managment is very happy
Giant81Krugger, so can I but I work at a place with millions of dollars of equipment in a DAtacenter
hjohnsonok, switch came back once I forced a topology change
Giant81brand new Nexus / ASA / UCS / Netapp
Giant81hell the crap we pull out and I use in my lab are 2811's, IBM 24 ore 128gb ram servers, 3750's, etc..
hjohnsonso instead of connected to the gigabit trunk, it's conencted over its backup 100mbps link, which is running over about 500 feet of cat-5
Giant81well sitll waiting on a 3750 to come out
Kruggerwould like to have that
Giant81but when it does its into my lab
Giant81my GNS3 server has 128gb of ram
Giant814 sockets and 24 cores
Giant81it's a fucking monster, I run GNS3 and full VMS of centos / 7 / ubuntu / etc... on it for labs
KruggerI think that would sum up one of my 48U rack cabinets :P
Giant81I'm going to start spnking the fuck out of it as I start playing with CCNP ROUTE
KruggerI actually suggested it would be more energy efficient to buy new servers
Giant81I'm burned out on SWITCH so fuck it, going to just let it soak in and move to ROUTE for a bit
Giant81it would be
KruggerI mean I am using lots and lots of power
Giant81get a single server, P2V all those machines, use less power, better preformance, no logical netowrk difference
hjohnsonyeah, for the nonprofit, they bought a nice hP server, and were just going ot use it for a single task
hjohnsoni basically said "uhh guys, ever heard of vmware?
Giant81ESX baby
Kruggeranyone using xen?
KruggerI have some esx 5.5 and 4.0 and hyper-v
Kruggerand xen might be added soon
Kruggerto make it more diverse :)
Giant81no I've been using ESX mostly but wanted to play with KVM at home
void641ESXi here
void641Anyone playing with OpenStack at all ?
void641or have it in production even ?
garrettskji just saw a nice article on it?
garrettskjdoes that count? ;)
void641Just want to know how it compares to say vSphere, etc
VLanXguys, I have two wan ospf routers that advertize the same networks with the same cost to my gateway router; is it possible to change the metric? I cannot use " ip ospf cost 1000" because they're connected to the same vlan.
garrettskji'm confused.
void641VLanX: Same SVI ?
garrettskjand you can't/won't seperate the vlan
kmcelroy1he won't tell you this now, but one isn't a cisco
VLanXgarrettskj: I would, but the WAN routers share a virtual IP
kmcelroy1you get to play the detective game
Kruggerdamn, just realized how wrong my configuration was
garrettskjthey share an HSRP ip?
hjohnsonesxi is what I play with
hjohnsonmostly because it does the job
VLanXgarrettskj: CARP: they're not cisco routers
hjohnsonHyper-V is a joke in a mixed platform environment
Apachezrsty: but other than that it shouldnt be any problem to have loopback set to if you already have a vlan interface set to on the same box ?
garrettskjkmcelroy1: and there we go
Apachezanyone is free to answer that by the way :)
kmcelroy1garrettskj: told ya :P
kmcelroy1i went through this earlier when he brought it up, ha
garrettskjkmcelroy1: tips hat.
garrettskjACTION tips hat rather
void641Apachez: why would anyone want to do that ?
SuperNullour one technician delays calling the company who can support him best until the very last option wtf. we pay for support.. no one here knows this software.. yet... he waffles around on calling the support line.
SuperNullwhat the fark.
VLanXapparently you can't set the cost based off the IP of your neighbour
void641VLanX: Cost is by link…
kmcelroy1it isn't cisco, run!
void641VLanX: if they share the same link, it will be equal, what are you trying to do ?
VLanXkmcelroy1: actually it is, I have to set the cost to the cisco side
VLanXvoid641: one router is supposed to be just a backup, so it shouldnt advertize shit unless it's the master, but I cant change that
void641what platform are your routers running carp ?
void641which bsd ? lol
VLanXfreebsd 8.3
kmcelroy1all the BSD
mastermindcarp is not a bad thing...
RedShifthey guys, suggestions for accept BGP routes based on IP SLA tracked objects?
VLanXmaybe I could set up a script but I tought it would be easier to increase the cost
void641No carp is great….
RedShiftor am I going about this the wrong way?
Giant81man if you can get the company that BUILT the software to SUPPORT it and it's already paid for? why would'nt you?
mastermindwe use openbsd based boxes running carp for a lot of stuff...
void641VLanX you can check out the port "ifstated", it will do actions based on conditions...
kmcelroy1RedShift: what are you trying to do exactly?
wpRedShift: ehm wut? :D
void641are you using quagge for OSPF ?
Apachezvoid641: well because its a device placed on internet perhaps ?
Apachezand the loopback ip needs to be accessible from internet aswell so cant do a rfc1918
void641Apachez: why not put the /24 to null0 and create two loopbacks for the /32's ?
VLanXvoid641: yeah, quagga
Apachezthe case is that this device already has 3 vlan interfaces
RedShiftstill on my two internet connections, both DHCP internet connections
Apachezlets say and (as example I know these are rfc1918)
RedShiftso I've got VRF A, which leads to ISP A, VRF B to ISP B, and VRF C to the local network
Apachezthe problem with this is if the link is down then the ip isnt accessible
RedShiftVRF C should be getting itself default route to depending on which VRF has internet at the time
Apachezso I need to setup a loopback int to make some ip always accessible
void641VLanX: you can use ifstated to check carp to see if it's the master or the standby, and then choose if ospfd runs or not ?
Apachezas long as at least one link is functional
RedShiftso I've got an ip sla track running in VRF A to test if internet is working, and one in VRF B
kmcelroy1RedShift: you have BGP on DHCP connections?
Apachezbut it seems that then setting the loopback to an ip from a range that already exists is a bad thing to do?
RedShiftkmcelroy1 no, but you have to use BGP to leak routes between VRF's
VLanXvoid641: wouldnt that increase latency for the backup to become master anyways?
RedShiftI think it's called VRF lite
void641VlanX: It would anyway if you're not sending any LSA's
kmcelroy1you can leak without BGP
VLanXvoid641: ok so you suggest me to do it pfsense-side
RedShiftwhatever, I need some way for VRF C to accept its default route depending on the ip sla track
hjohnsonI wonder if the 1803 supports HRSP
VLanXI'll try... I guess
VLanXhjohnson: they should if you have the right IOS
kmcelroy1why are you using VRF lite here?
kmcelroy1this seems retarded
RedShiftok, how would you solve this?
hjohnsonVLanX: yeah, CFN indicates as much
kmcelroy1i would stop using VRFs for a dual DIA/LAN setup :P
void641VlanX: The other thing is if you can control the next-hop sent via the LSA"s to the router to always be the VIP…. then regardless of what LSA's it gets it would just route to the VIP anyway
sartanwhat's a vlan for?
RedShiftkmcelroy1 well I can't figure out how to not do it without VRF's if both connections use DHCP :-(
hjohnsontoo bad there's no pastebin type setup for doing quick network diagrams
VlanXXXvoid641: which one should I go for?
kmcelroy1why don't you just do two default routes out and let it CEF balance between the ISPs?
RedShiftbecause one is strictly backup and doesn't have much bandwidth
kmcelroy1then set a higher cost and do a tracked object
void641VlanX: Not sure on the ospf side with quagge I've only ever used bgp with it
hjohnsonnot sure if HSRP is the right solution here though
kmcelroy1either way it is really simple
hjohnsonstupid modems not supporting dyanmic routing protocols
RedShiftand CEF will still route out to a gateway even if it doesn't have internet
RedShiftI'm supposed to check a host on the internet to determine the alive-ness of the link
kmcelroy1depends how you want to do it
void641VlanX: are your route quagga routers all in the same OSPF area ?
hjohnsonRedShift: i'm doing that in my config
kmcelroy1but you can just use a public DNS server or something
kmcelroy14.2.2.2 is a good one to hit
VlanXvoid641: yes, for now
kmcelroy1or use a route reflector
hjohnsonthough I just ping the router at the other end of my satellite link
kmcelroy1they are pretty much always up
kmcelroy1or find a node in the provider network, use that
hjohnsonor google's DNS
kmcelroy1or that
kmcelroy1works fine
kmcelroy1you have literally taken a simple problem and made it the most over engineered solution ever :P
RedShiftI must be missing something here :-\
void641VlanX: I would check to see if you can control the next-hop in ospfd … if you can your neighbor would be the actual server IP, but if you can set a different next-hop in the LSA you can just set that to the VIP.. the upstream router should see both…
void641VlanX: seems like a bit of a hack, not even sure it would work but might be worth a try
RedShiftguess I'll have another crack at it tomorrow
kmcelroy1put in a default route to the primary, put another one in to the secondary with a higher metric. do a tracked object with an IP SLA and just use like as the endpoint or some other reliable destination
kmcelroy1you can set it up when the SLA object fails, it brings the tracked object down and pulls the primary route
VlanXvoid641: ok thanks. I'll try to get it to work
RedShifthow will it come back then?
squibbyor you can go straight to this page - http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_rel_stc_rtg_bckup_ps10591_TSD_Products_Configuration_Guide_Chapter.html
squibbyI WIN
void641VlanX: seeing a small topology of what you're trying to do might help
kmcelroy1yea, just use squibby's
void641VlanX: Like if you're routing through the CARP routers to different interfaces
VlanXvoid641: https://www.dropbox.com/s/766dfycn26f0r41/network.png
void641VlanX: but it sounds like you're trying to control OSPF routing based on active VIP on CARP…
void641VlanX: So .2 and .19 are your carp routers?
VlanXvoid641: CARP routers are Aldebran and Bellatrix
VlanXvoid641: Fomalhaut is LAN's L3 switch
void641VlanX: Ok… so why not just increase the cost on the links going to Fomalhaut ?
void641VlanX: at least traffic would be preferred through one router and not the other…
VlanXvoid641: which router should be the one to incerease the cost?
void641vlanX: whichever router is the standby carp router ?
VlanXvoid641: changing the cost on Bellatrix does not affect the cost on Fomalhaut
ALucasAnyone have a TV setup with like a interactive network map? they just installed a TV in our office and i want to put something cool on it, any thoughts? Any cool software for a network diagram?
kmcelroy1we have fullscreenradar.com
kmcelroy1shows map and weather and shit
kmcelroy1oh, network map
kmcelroy1we have solar winds :P
ALucaswell, we are supposed to have network related shit... lol
hjohnsonhttps://www.dropbox.com/s/risjmyg0jjj0wli/Screenshot%202014-02-06%2013.25.56.png so that's my network
hjohnsonthe problem is that the switch in the dining hall only runs for about 30 minutes on a power failure
kmcelroy1thought you were just looking for something to toss up there
ALucasWhich solar winds product? I think they are pretty expensive right?
kmcelroy1they are reasonably pricey depending on what you get
kmcelroy1but baseline they aren't bad
hjohnsonACTION is pretty happy with OpenNMS as his NMS
kmcelroy1we have unlimited license and a lot of the modules, it was like 50k for us
ALucasI use observium and nagios right meow
hjohnsonnice and extensible
ALucasI would like to use Zabbix
peter_anywhere i can go for some best-practice security commands for my prod switches/router?
kmcelroy1i like that i don't have to dick around with solar winds
hjohnsoneyah, I have to dick around in XML for a lot of shit in OpenNMS
ALucasIt just works? impossible
Apachezany of you who have used static routes to push traffic for a specific ip into a specific l2 vlan, that is when using private vlans ?
hjohnsonotoh, the price is right
hjohnsonI used to use WhatsUp Gold for some stuff
kmcelroy1pretty much, you just add the node and you are pretty much done
kmcelroy1like 99% of anything you need is already setup for you
Giant81for weather I found a nice fullpage NOAA page
kmcelroy1which is how i like my monitoring
ALucasApachez: We used static routes for pre-bgp migration and having two outside interfaces.
squibbyALucas: gtfo meo
kmcelroy1cause i don't want to fuck around with monitoring customization for the rest of my life
hjohnsonheh I once rigged up a system in the NMS that would kepe track of one of our systems' GPS coordinates
ehnderule 1 /.*/ /64718809/ i'm trying to say "take any internal DN and translate to 64718809" did i do that right?
Giant81I use static routes everywhere in our organization
hjohnsonif the system dropped off the air, the system would download the latest weather radar, and then check to see the weather.
hjohnsonehnde: that's "take any number"
hjohnsonnot internal
hjohnsoner not just internal
ehndeah ok
ehndethat would still work
ehndemaybe i didn't apply it correctly
ehndedebug msgs look like this From: <sip:2225001@sip.flowroute.com>;tag=24933DC4-1330
Giant81for our weather page on the dashboard
ehndei'm expecting it to be 64718809@sip.flowroute.com
hjohnsonGiant81: in my case I wanted something more specific since I wanted to be able to programmatically spot the red zones over where the node was
RedShiftACTION feels experimental and just loaded up c181x-adventerprisek9-mz.153-3.XB12.bin on an 1811
hjohnsonanyhow, that was a long time ago now
VlanXvoid641: omg I think I've managed to get the script on pfsense's side to behave
VlanXI think I might shit myself
hjohnsonRedShift: heh... alas my 1803 doesn't have enough RAM to run the latest IOS
hjohnsonI need to get it a DIMM
VlanXI'm hard right now
RedShiftI took an SO-DIMM from an old laptop
VlanXoh god yes
RedShiftholy crap it's working
Giant81oh baby, baby yeah... oh it works so good
RedShiftIOS 15.3 on an 1811, I'm the boss
hjohnsonVlanX: you'll love this
hjohnsonRedShift: slower than snot? :P
RedShiftactually no, it booted pretty quickly
Giant81it's got to be like running windows 7 on a pentium D
RedShiftcli works fine
RedShiftI don't know about the features but it boots and that's good enough for a lab
Giant81or because of the mudularity of it, maybe it just has less modules running so it runs well
Giant81sinde you arne't using many of them
Giant81does 15.3 not load and run modules that are not needed? or is it just modularity in the licensing modle?
RedShiftisn't that IOS-XR?
RedShiftplain old IOS is monolithic as fuck
Giant81well I know NXOS runs 'features' I'm wondering if it loads the module for that or not
kmcelroy1the license model doesn't apply on the older ISRG1 routers
hjohnsonone of the troubles i'm having is monitoring our poop-pump
kmcelroy1even on 15, it is still the old style
Giant81ACTION runs to put 15.x on his 3750 stack
Giant81why not
void641There is a "modular" version oof IOS< but as AFAIK it only ran on 6500/7600
RedShiftthe licensing model sucks
hjohnsonkmcelroy1: I thought cisco had abandoned much of the licensing stuff because it was suh a pita to administer?
kmcelroy1i put 15 on my 4500 :P
void641NX-OS loads features as modules
hjohnsonand boom, power's out again
kmcelroy1they love licensing cause they make actual money instead of people just downloading any image off the internet :P
void641IOS-XR you install what modules you want
void641But XR also dynamically loads them based on if you're using them
hjohnsondamn they're not having good luck right now
Giant81they should
void641So you can install multicast-routing, but if you're not doing multicast it won't start the process
Giant81fuck it's all built on a fuckin *nix kernel
Giant81shoudl be able to dynamicall load/unload kernel modules for different features
void641Well XE is bascaily IOS on unix
void641on linux rather
Giant81and help streamline it when it's not doing much
hjohnsonman I wonder what they're doing
void641XR is on QNX..
RedShifthey kmcelroy1 back to my dual ISP and DHCP thing
kmcelroy1did you read the link squibby gave you? :P
RedShifthow am I going to do static routes that are tracked if I don't know what my next-hop will be?
squibbygo read that link meow
kmcelroy1alright meow
kmcelroy1kinda one in the same
garrettskjOK. i got a question.
garrettskjwhich I'll prolly lab up if no one has the answer
garrettskjCisco DHCP server
Giant81what link
Giant81labbing is good
garrettskj... does it hand out addresses in order 1,2,3,4,5,6 etc
Giant81labbing = learning
RedShiftyes obviously, I'm going through it, I was just illustrating this meme: img.pandawhale.com/47132-I-came-here-to-laugh-not-read-yc6J.jpeg
kmcelroy1but cisco DHCP is evil
garrettskjif 1 is released to the pool
garrettskjwill connection #7, get ip of 7, or of 1
kmcelroy1it normally does try to go in order
Giant81but does it back fill released addresses?
Giant81no idea
garrettskjme either.
kmcelroy1i believe so
garrettskjI thought so too
Giant81remember I failed my CCNP SWITCH test again
Giant81so I guess it proves I don't know shit
garrettskjwell it's not just switch..
garrettskjI'll find out.
kmcelroy1damnit Giant81, get your shit together :P
Giant81no shit
Giant81fuck it
Giant81I'm moving on to ROUTE
kmcelroy1turn off all that static routing and get working on Route
kmcelroy1then move to switch
Giant81I'm burnt out on switch
kmcelroy1route is worse though, cause you are all staticed :P
Giant81I'll fuck with ROUTE for a bit
hjohnsonVlanX: so get this... I have two links to the intertubes
drkatroute is worse
hjohnsona primary and backup
Giant81meh by doing ROUTE I'll inpliment OSPF or EIGRP
kmcelroy1switching was the worst when i did CCNP, but that was a long time ago
drkatfor ccnp?
kmcelroy1not sure about now
Giant81I can lab orute easier then I Can lab dot1x with radius authentication
hjohnsonVlanX: the fundamental problem is that both uplink subnets use the and both gateway routers are
RedShifthttp://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_rel_stc_rtg_bckup_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1065528 <- this article does not explain how you do it when both primary and backup links are DHCP
RedShiftit's always one DHCP and one static (and I can do that) but what if both are configured using DHCP
hjohnsonso I have figured out a failover mechanism... it involes a VRF, double-NAT, and hairpinning a GRE tunnel between the VRFs
hjohnsonit makes me dirty thinking about it
drkatdhcp route is installed by interface speed iirc?
hjohnsonbut it's the mother of all hacks. :)
rstySo I have a Line Group set up, and it rings 5 phones. When one of the 5 phones answers a call that originated from that Line Group, all calls going forward only flash on the remaining 4 non-busy phones while the first phone is busy, on the phone from the orginated call. Any ideas?
Giant81you Mcgyvered something together
drkatip dhcp client default-router distance 200
hjohnsonI really should just change a couple of things though to make it more reliable
VlanXhjohnson: holy fuck dude
drkathjohnson are u labbing this
hjohnsondrkat: no, it's in production
RedShifthjohnson that makes me think dirty in a sexual way
VlanXRedShift: midget porn?
RedShiftdouble NAT
VlanXhmmmm double nat
hjohnsonthe problem is that the backup link is a hughesnet modem
routerproanyone have any 3850 rack mount kit available for purchase?
hjohnsoner hughesnet satellite which is locked to 192.168.0.x and does nat
hjohnsonand there's no way around it
hjohnsonand it can't handle anything other than 192.168.0.x
_bradkhave you got your ccnp kmcelroy1?
hjohnsonmy primary link (also satellite) is stuck on 192.168.0.x for historic reasons, and doesn't require nat
hjohnson(I do nat later on in the chain)
hjohnsonso yeah, it's ugly as sin
hjohnsonbut works
drkatugly like a fat chick on her wedding day
RedShiftit's not dirty, it's disgusting
envirocbrKenMatlock: HEY DUDE!
hjohnsonwhen the main link goes down, the SLA goes down, causing the router to kill the primary default route
RedShiftI am no longer arroused
drkatfuck I need my desktop setup
kmcelroy1i'm still aroused
envirocbrKenMatlock: The problem...F2E card is supported as an internal interface only
drkatIm doing it this weekend
envirocbrwhich is why the control plane was up but the data plan wasn't working
hjohnsonso the main VRF then gets routed over the hairpin GRE tunnel to the VRF
KenMatlockenvirocbr: ha! so you have to swap the two?
hjohnsonthe VRF is configured to NAT that traffic, and send it out via the hughesnet modem
hjohnsonwhen the primary link comes back up, the track object re-aserts the main default route, and the traffic once again flows over the primary satellite link :)
hjohnsonif I dind't have to deal with the two 192.168.0.x I could have done away with the GRE and the vrf
garrettskjjsut labbed it
garrettskjCisco DHCP always takes the first available address
kmcelroy1thought so
RedShiftok so hypothetically, can BGP be configured to accept certain routes based on ip sla track results?
RedShiftjust for ehrm fun
hjohnsonRedShift: I don't know about BGP
hjohnsonRedShift: but if it's rebroadcasting local static routes, then sure
Giant81that might be something I learn about in ROUTE
hjohnsonI run OSPF for my dynamic routing needs
hjohnsonmakes my life easier
Giant81I'm sorry
hjohnson(and I didn't want to figur eout how to setup BGP)
envirocbrKenMatlock: I have to get another ASR or an M series card
envirocbrhjohnson: BGP is easy
envirocbrEasier than OSPF IMO
hjohnsonGiant81: well, the dynamic routing is between a 3825, a 4948, and a 1803 :P
Giant81ISIS so far as I've seen is better then OSPF
kmcelroy1RedShift: No, you would have to see if you can do anything with communities, but I don't think you can
hjohnsonit's more that i jsut got sick of dealign with the routes
KenMatlockenvirocbr: you can't just swap which interface in hte OTV and which is the jiun interface?
KenMatlockholy crap my typing sucks
hjohnsonACTION beats the IT guy for rebooting the core switch again
drkatarent you the IT guy?
RedShiftI think you can leak routes between VRF's using OSPF too
drkattell him not to reboot the netgear
RedShiftthat might be worth a shot
hjohnsonactually when I have the chance, I should move the 3825 up to where the modems are... now that it doesn't have the 36esw in it, I'd just need to repatch a bunch of analog lines
Giant81wasn't there a cisco live breakout video online about leaking routes between VRFs using BGP?
hjohnsondrkat: I'm the network designer/overseer.
hjohnsonbut I'm not on site
drkathjohnson so why you using netgears?
drkatwhen you get hired?
hjohnsonI'm just a volunteer who knows what he's doing
drkatso you're still on the line like me huh
hjohnsondrkat: non-profit org
hjohnsondrkat: naw I'm actually a director of the organization... they couldn't bring me on as anything other than a volunteer, would be a conflict of interest
drkatoh so you make money though?
Giant81yeah I think it might have been that
hjohnsondrkat: no
drkatthen umm..
hjohnsondrkat: i'm currently unemployed
drkatyeah.. that what i meant
drkatthe unemployment line
hjohnsondrkat: it's a non-profit/charitable that I care about deeply...s o I help out where I can
hjohnsonjust so happens that I've picked up a lot about campus/satellite networking, and in the end I now run their network
hjohnsonnext spring we'll be deploying fiber for a bunch of the interbuilding links
hjohnsonI'll basically wind up with a gigabit fiber ring :)
hjohnsonand all cisco, so I can run rapid-PVST and put different roots for different VLANs where it makes sense
Giant81hjohnson, MST
hjohnsonGiant81: either or
kmcelroy1oh god, layer 2 network, it burns!
drkatone big /8?
drkatdark fiber
kmcelroy1never rely on spanning tree for anything other than covering your ass :P
hjohnsondrkat: naw about 5 VLANs
Giant81oh wait I forgot I don't know anything about MST, I failed...lol
drkatjust make sure to always configure the root ;)
kmcelroy1fuck that garbage
kmcelroy1layer 3 boyee
drkatso.. why would I want my vlan 2 root bridge not my vlan 3 root bridge?
drkatcuz I'm routing!
hjohnsonwell, hopefully I'm going to be deploying 4 or 5 3560s so I could go all layer 3
hjohnsoner do much more layer 3
kmcelroy1awwww yea
drkati mean honestly how often do we have a real alternate path to switch2 when we're doing a collapsed core?
hjohnsondrkat: in this case, it's more of a ring
drkatwell p2p routed sounds better
drkatjust saying..
hjohnsonthe likelyhood of a switch going down, especially at this time of year is pretty high
drkatlike.. big tits.. or little tits
hjohnsondrkat: yeah, but I do need to ahve a couple of broadcast domains all over the village
drkateveryone has a choice ;)
Giant81I like little tits.... A and B cups
drkatGiant81 me too
kmcelroy1some of us have service provider networks, so we have many alternates, ha
Giant81women with bodies like HS/College cheerleaders
drkatkmcelroy1 pssshhhh
drkatGiant81 nah
hjohnsonour SCADA/power grid control system depends on being on a single broadcast domain
drkatass that will swallow up a g-string and up top? 2 bee stings
Giant81tight, nubile, athletic,
hjohnson(so it's off on its own VLAN that no one else can access)
Giant81ok I'm out
kmcelroy1Giant81: same here
drkatmake your l2 so much better :)
drkatok im just joking
Giant81almost thought about using pvlans in production for storage traffic
drkatwell apparently there some considerations when using iscsi
drkati never knew such things
Giant81put all our SQL servers and other things that need access to storage on an isolated vlan and put the storage ports as the promisuous ports
hjohnsonanyhowyeah, I'm not doing any of that shit
RedShiftmmm promiscious
RedShiftI like that
hjohnsonI finally got them to replace the EMC/iomega NASes with a Synology
drkatmeans its easy
hjohnsonwhich is a step in the right direction
drkatoh big spender
kmcelroy1they should call it a whore port
Giant81like those B cup cheerleaders
drkator nfs
hjohnson(I really like my synology at home)
hjohnsonACTION hides his GF from Giant81 
drkatplease tell me iscsi
drkatare you guys virtualized?
Giant81our ESX is NFS
Giant81but our SQL boxes are using iSCSI
kmcelroy1mmm, small titties and tiny little hips, i am on board
hjohnsondrkat: I have an ESXi host
drkatnfs to vnx?
hjohnsonbut it's using local storage
drkatoh ok
drkatso what about HA?
Giant81later all
hjohnson(she's 4'11", chinese)
drkati bet you feel like a black guy!
hjohnsondrkat: its' HA enough for us :P
TophatIs there a packet generator available where I can adjust the QoS values in a packet for verification?
RedShiftTophat iperf can do that
kmcelroy1let me finger your mom?
trash80Tophat: https://code.google.com/p/ostinato/
hjohnsonit's a good question though... should I move my 3825
drkatfuck your mom
kmcelroy1did i get it?
drkatding ding.. he won
Tophatdrkat :P
drkatheres an asshat
hjohnsonsince we're not going to be using the SHDSL in production now
hjohnsononly reason why it needs to be where it is is because of 5 FXS ports
hjohnsonbut I have 8 pairs of phone wire I can use
Tophatthanks trash80 and drkat :]
onefst250rTophat: cat karat/ostinato/scapy
hjohnson(I also feel dirty for using 13 FXS ports in my voip setup)
onefst250rcat karat is really neat if you dont need tons of pps
onefst250rmostly beacuse its stupid easy
Tophatsweet ty
hjohnsonACTION nearly types in debug all
hjohnsonthank god they put a y/n on that
sartanu all | tee flash.txt
squibbyyeah u all is pretty foolproof
Tophatmy boss did that and tried to play it off... 'oh it'll finish'
hjohnsonso you want fun? here's what our AC power has been doign over the past 24 hours: https://dl.dropboxusercontent.com/u/91153284/graph.png
onefst250rsad part is you own the "power company"
hjohnsononefst250r: yeah
hjohnsononefst250r: well, when it's been significantly below freezing for the past 2 weeks, and you're depending on a water supply coming from high in the mountains
hjohnsonthis kind of thing happens
onefst250rget some big ass hair dryers
Tophathjohnson: you using cacti for your APCs?
RedShiftI wanna see the wolf of wall street but I don't have a girlfriend and I don't wanna go alone :-(
kmcelroy1if only you had friends
onefst250rRedShift: get a high dollar hooker?
RedShiftthey all have girlfriends so whenever I send an interrupt request I get ignored
squibbyRedShift: what do you mean, watching movies alone is awesome
garrettskjRedShift: just go.
garrettskjRedShift: lots of tits
RedShiftare you kidding? nobody does that here
kmcelroy1just jerk off in the back of the theater
squibby"here" ?
RedShift"did you see the guy that was sitting there all alone"
kmcelroy1be that guy
squibbydude that's why you go during the matinee
squibbygo to a 2 pm
squibbyit's actually kinda nice
lo0Just got a ticket about the N5K management interface not being reachable from the network.
lo0VRF context was missing a default route
onefst250rshould i use one of the core routers to put in my resignation letter?
onefst250rhave it send the email out?
kmcelroy1sounds fun
RedShiftwhy not, I mean, that is what routers do... route messages
kmcelroy1i like to send weird emails with eem :P
onefst250rhrm. how to do it on junos...
kmcelroy1not sure
garrettskjonefst250r: LOL what
garrettskjsrsly, like old school telnet $ip 25
garrettskjwho has raw smtp anymore
RedShiftI believe 587 is now the standard?
onefst250rnot sure how it woudl work. would be hilarious though.
RedShiftACTION zzz
kmcelroy1is this a thing now?
dissolve-Where's the channel with the sub netting trivia
kmcelroy1the trivia is can you fill in the blanks
onefst250rwas expecting something cool
kmcelroy1weren't we all
pffsI was expecting something
pffsdamn you all for making me disappointed
hjohnsonhrmm.. does the root swithc in spanning tree see a topology change when one of its directly connected leafs switches to a different route?
rostamHI I use snmp to download the running-config to my server, i.e: http://paste.ubuntu.com/6888032/ . Then I change a port configuration and download the file back to switch. The change does not take place why? thx
pffsyou have it set up to download the config over SNMP?
pffsthat's terrifying.
kmcelroy1rostam: do you upload it back to running?
hjohnsonrostam: don't do that
kmcelroy1also, very terrifying
Apachezrostam use "replace config" or reboot your device after you uploaded it back
Apachezalso you should upload it into startup-config
pffsRW community strings are scary yo
kmcelroy1why wouldn't you just make the changes directly though? :P
kmcelroy1seems weird to change a text file, then load it on
rostamafter reboot or replace config the change will take place?
hjohnsonhehe for some reason no one wanted to have cisco jabber on their iPhones
lo0p-p-p-private as a RW string?
hjohnsonlo0: what could possibly go wrong?
onefst250rhjohnson: your loopback0 gets haxored
hjohnsoneverything redirected to goatse.cx
rostamkmcelroy1, The switch 3560-c will be managed in field through our server, we will not have cli access to system, only snmp..
lo0Heh.. reminds me of when customer's internal domain was a TLD that they didn't own, so when they took their systems off-prem, browsing to a sharepoint server would redirect to porn.
kmcelroy1rostam: the question was why
hjohnsonlo0: haha
hjohnsonrostam: that's insanely insecure
hjohnsonrostam: ssh access would be far, far more secure
lo0Their elegant fix was to deploy a GPO which modified the hosts file of all systems on the domain. I lold so hard.
hjohnsonlo0: lol
rostamhow about snmp -v3, would that be more secure ?
hjohnsonI'm still annoyed that windows doesn't do wired dot1x by default
hjohnsonrostam: only marginally
kmcelroy1you are dodging why you are doing this :P
kmcelroy1just SSH into the damn thing and make changes
hjohnsonkmcelroy1: then again, a former IT guy at a former employer thought SSH was highly insecure because it allowed "port forwarding"
hjohnsonof course this was the same guy who was affraid of VLANs
rostamkmcelroy1, I hope I can explain the why question. We have a server which will have one port connected to this switch, private network.The switch will be connected to android devices which will communicate to the server through switch. The configuration of switch at each customer site might be different, so I need to configure the switch through snmp. I hope that explain it.
kmcelroy1IT guy, stop listening
hjohnsonso all the switches in the company, including their M&C interfaces were onn vlan1
kmcelroy1still seems dumb, just do a management port
hjohnsonrostam: that's an incredibly stupid design
kmcelroy1no, seriously
kmcelroy1it is fucking retarded
kmcelroy1like you would have to really work to make a worse design
rostamokay I agree, so your suggestion is to use ssh ?
kmcelroy1i have quite a few of those switches in the office, SSH for me
rostamokay I need to script the ssh access to the switch, are there any references how to ssh to a switch and configure it? thx
onefst250rread a ccna book
diozhjohnson: i work at a place where they had a security person come and talk to me about ssh
diozand when he asked me about it he started by telling me it was telnet
diozi said "nope it's ssh"
diozthen he wrote it down on his little piece of paper "s.s.h"
diozi lold'
trash80"security people" are a mixed bag
squibbydioz: the fuck?
diozyah he said "we don't usee ssh around here"
diozthen is tarted asking him about http over ssl
diozand he said "we have ways to see what's going on with http over ssl"
diozi said "oh DO you"
diozthen that is where the conversation ended
squibbya CISSP?
Kruggerso why do you say he is a security person?
diozhe had a red badge and he said "my name is so and so from security"
Kruggerwas it on his tshirt?
Kruggerah, a badge
Titaniumbuilding security
hjohnsoneh, badges are nothing.
Titaniumnot security :)
Kruggerhave to put CEO on my card then
hjohnsonif you want to get into a building, just put on a set of coveralls, a hardhat, and carry a clipboard
hjohnsonthat will get you anywhere.
civilliandon't forget the hi-vis vest
diozwhen i think about pretending to be maintenance i picture cerial from hackers
diozunder peopls desks
hjohnsonok yeah, so totally borked cable
diozwith the big belt full of toools
hjohnsontoo bad I can't tet an envmon trap
hjohnson(and yes, right now, I'm relying on spanning tree to make my network resiliant)
garrettskjdioz: red shirt
hjohnsonACTION puts on the asbestos undies and hides)
garrettskj i picture cerial from hackers
sartandioz: I have ways of seeing what's going on with http over ssl
diozsartan: so do i
diozi just thought it was weird how candid he was about the whole thing
sartani don't like security people for the most par.t
diozhe said it so "matter of factly"
sartansubsequently people at work odon't always like me either
diozthat iwas like "oh DO you?!"
sartanoh DO you
sartani mitm all my outbould httsp
diozit isn't hard
sartanit is, if you don't control the box
diozthe machines are corp machines
diozthey control everything
sartani'm snacky
sartani had a lightl unch a few hours ago, tummy rumbly. maybe i should go to mcdonalds and love some it
diozrotten ronnies
sartanmcdicks is reserved for change nights when i stumble out of the office at 4 am and there is nothing, nothing, nothing else open.
sartanat that point, a chicken mcsandwich or whatever is seriously awesome
diozno 24/7 walmart?
diozi'd rather a box of miniwheats and a 1 litre of milk
diozholy fuck is cowtown cold dude
diozi came here to snowboard
garrettskjlol cowtown?
diozand i've basically froze my bag off
diozcalgary california
diozi lol'd one day when i called a company that was shipping me stuff
sartancame here?
sartanthat's current-tense stuff. are you in cowvillage?
diozyeah i'm here right now
sartani thought i smelled something fetid
diozjust got back from nakiska 15 minues ago
sartancool, how long is your vaca?
diozmy dads bday on saturday so i'm leaving saturday morning
sartanit's much warmer today than it was the last few days, you picked a good time
diozi've been here since monday
sartanand you didn't say anything!
dioz*shrug* i think i did but i don't know
sartani would have remembered something like that
diozi got taco some canada olympics mittens
sartanthe bay?
diozyah. the guy from here who sent me the aux to utp transceivers
snackysartan: hi snacky
snackyI am snacky
diozi finally got him something
sartanACTION feels snacky up
sartanhm we should have a beer or something while you're here.
sartanIf you don't smell bad
diozhe's from arizona
diozidk what he'll need mittens for
diozbut *shrug*
diozyou never know
sartanit's funny :)
hjohnsonwell, next time you folks are out in lotus land
diozsartan: i'm right off old banff coach road
diozright by firgus and bix
sartani know someone who died on that road =(
diozaspen stone area
dioza guy i know who tests for xbox wants to mee up tonight
diozidk what to do tho
sartana professional manchild video gamer?
diozhaha yes
diozi've wondered how much someone would make testing videuh games
diozi couldn't see it being much
diozi imagine anyone would do it
squibbysartan: I think you mean esports athlete
squibbysartan: hey man don't knock progamers that shit is serious business. I mean, if you win 1st place MLG prize you get $50K
squibbyfor the whole year
squibbythat's my test to see if my web client is still functioning
squibbyit has reliability issues.
epinkyospf in svi not working
VlanXdo you guys see me flapping?
garrettskjVlanX: neg
VlanXI'm testing the redundancy
pffsflapping so hard you're like a damn humming bird.
VlanXsome states do fail
VlanXI love humming birds
squibbyepinky: turn on OSPF debugs
diozso with stateful firewalling
pffssquibby: play testing professionaly sucks
pffsthey assign you one tiny chunk to play over and over and over
pffsand you don't get paid very much
epinkysquibby: no activity at all, all ospf debug turned on
diozwhat should i get my dad for his birthday?
squibbyepinky: you checked for a passive int default statement in your ospf process?
diozhe's a mechanic
diozhes 57 years old
garrettskjdioz: howabout a wrench
diozhe likes the montral canadians
diozmontreal canadians
garrettskjok, howabout maple syrup
diozmom said to get him something for hiss "man cave"
diozidk wtf to get him tho
garrettskjapple tv
diozi don't think he'd use a apple tv
pffsinflatable doll
diozyou got me thinking about my dad having sex and such
diozyou pervs
pffsget one custom cast from your asshole.
garrettskjwhats even worse is imagine him telling your mom
garrettskjthat he wants to put it in
garrettskjpffs: LOL
diozmy mom looks like barbie
garrettskjdioz: pics or it's a lie
pffstits or gtfo
onefst250rACTION lols at "maple syrup"
pffsmaple syrup AND a flesh light
onefst250rthey call that the "canadian experience"
diozlast year i got him like $200 worth of booze
diozi was told it isn't appropriate tho
garrettskjthat's after dioz gets him the asshole cast fleshlight
dioz"alchol is not a gift"
pffsget him a keychain
garrettskjthat's the "canadian experience"
pffsdioz: by whom?
diozme ma
pffsdid you dad complain?
garrettskjdioz: srsly pics of your mom
garrettskjor v&
pffsalso lol v&
pffswhat is this, 2005
onefst250r/me wonders what v& is supposed to mean
VLanXpretty sure I flapped there
diozwhat does v& mean?
pffsit's retarded 4channers who can't even abbreviate banned right
dioznot clicking
pffsoh, I don't think I actually ever looked up what it really meant
pffsI just thought they were retarded
pffsit's still retarded
pffsbasically it's being arrested by the FBI
dioz4chan was blocked at work
diozbut reddit wasn't
pffsbecause you're a moron on 4chan doing illegal things
MrPocketzLets say you have a fiber WAN connection that'll allow you to pull as many DHCP leases as you want, but you can't get any statics.
pffscp/bomb threats/etc
MrPocketzcould you configure an inside host to 1-1 NAT with a DHCP obtained IP?
garrettskj?? how would you do it?
diozcaptain pickard?
garrettskjproxy arp for leases?
pffsyou can do an ip nat inside static blah int blah
diozMrPocketz: you could do a layer 2 vpn
diozwith a bridge
MrPocketzLayer2 vpn?
garrettskjlol not even a layer 2 VPN
garrettskjyou could just bridge it
garrettskjand then transparent firewall it
garrettskj(if you wanted to firewall that is)
MrPocketzfair enough
MrPocketzwas really just out of curisoty than anything
_bradkgarrett is the man with the plan
MrPocketzI've got on-premise fiber, and the way this condo is patched, all the ethernet runs in the walls go to a switch in the wiring closet in a bedroom, directly to the modem
diozi thought he was asking about how to get the ips on other machines
diozinstead of 1:1 nat
MrPocketzso if you're not a geek, and haven't fucked with it, anything you connect to the keystone jack in the wall pulls a routable address on the fiber WAN
garrettskjok sounds like lots of service provider setups for multi-tenant housing...
MrPocketzMany do that?
MrPocketzisn't that kind of, dangerous?
garrettskjif those are in pvlans, they can't talk to each other, who cares.
MrPocketzsee, here they're not.
MrPocketzthis shit is jus, 100% routable.
garrettskjyou need to correct your terms
garrettskjrouteable addresses are available from everyone
diozcorrect them
garrettskjyou plug into your cable modem
garrettskjyou usuaully get a 100% routable IP
garrettskjif you're talking about the fact that you have access to everyone on the local segment
garrettskjwho is attached at the same service provider PE
MrPocketzI have access to and from anyone on the local segment, as well anyone over the internet.
garrettskjthen it's just poor configuration on their part, but really not much more dangerous than any other ISP
garrettskjit's not a big deal, just put a firewall on your device and be done.
garrettskj*your side of the connection that is
MrPocketzThats precisley what Ive done.
diozor take theh whole switch down
diozand wreck it for everyone
garrettskjgood job!
garrettskjlol dioz go buy your dad a moose
garrettskjand some jeans.
garrettskjmaybe one of those hats with flaps
MrPocketzA Yazoo.
dioza slide whistle
diozwhat should i eat?
diozi hate feeding myself
MrPocketzYeah, being an adult sucks.
MrPocketzHeres another question then, garrettskj.
MrPocketzIn the living room, there is a single fucking ethernet run.
diozthatisn't a question
MrPocketzThe modem, has two ports. One for data, the other for televiison.
diozalso not a question
garrettskjdioz: <3
MrPocketzConundrum, I have a switch on the livingroom's ethernet port delivering network connectivity to the PC, Xbox, etc... off that port, but the TV's cable box *must* be hard-wired to that 2nd port on the modem.
MrPocketzAny ideas?
MrPocketzOther than replacing both switches with cheap managed switches like SG-300s and Vlaning the traffic?
garrettskji'm confused
diozi'm confused too
MrPocketzSo for the TV to get TV, it needs to be connected to that single livingroom port, which has to be patched into modem port2.
diozthe scenario is changing
garrettskjok. what about port 1
MrPocketzport1 is internet.
MrPocketzand they're meutually exclusive (aparently)
garrettskjok so still missing the issue here
MrPocketzI can't hardwire PC in the livingroom AND the TV
MrPocketzand have the appropriate services wired to them, respectively.
garrettskjso make your PC wireless ;)
garrettskjand use a WAP
garrettskjlots of ways to do this man
diozi thought you said you had two ports
MrPocketzthere really isnt any reason why I couldnt.
diozone for TV one for internets\
MrPocketz802.11n bridge
MrPocketz(PC, voip phone, xbox, all need network connectivity)
MrPocketzdioz, on the modem. not in the living room.
MrPocketzi *could* splut the pairs on the run and only have 100 meg to the data-closet
diozoh living room only has 1 jack
MrPocketzwhy, Why WHY??!!! idiots.
MrPocketzbut, rewiring this brand new condo isn't really an option right now
nemithi did 4 drops to each room in my house and i wish i would of done 6 :)
garrettskji ran conduit to every room.
diozi want a MILLION drops to each room
MrPocketzI could sell a bunch of the shit i don't use, get two SG300s and vlan the stuff.
MrPocketzthat'd be baddass.
MrPocketzor wifi brige the TV. I tried it with a WRT54G + OpenWRT, but the shitty router couldn't support the throughput the TV needed aparently.
pffsI vote ripping open walls and running 10G instead
sartanyou can come over and wire my hose
sartanall you 10g guys
sartanas long as you drywall paint and shit after
nemithI am not touching your hose
pffsis wire your hose some sort of inneundo?
pffsnemith: why do you need that many drops for each room?
sartanhouse! heh
pffsI'm looking to run cable here soon and wasn't really planning more than maybe 2 max
nemithpffs: I like cables over wireless. I can graph and see traffic ona a port. So Living room I have: Roku, TV, Receiver (which doesn't have wireless). Office I have 2 PCs, printer and a roamer port
nemithI will admit i have rooms with no connecvity yet
nemithOH i also have some PoE phones
nemithand wireless (although I plan on mounting them on the ceiling soon
sartanso jealous= (
sartanfully finished basement
pffsnemith: why so many ports instead of one into a switch?
pffsI figured I'd just get a cheap unmanaged gigabit switch for my living room
pffswell not every switch sounds like a jet engine
squibbyI have an ex4200 at home that I specifically avoid using because of the noise
nemithpffs: less switch ports to buy. I run managed switches for the reaons above
pffsmy other gigabit unmanaged switches have no fans
nemithI got two EX2200s
pffsYeah I don't have any large gigabit switch
pffsnothing bigger than 8 ports at this point
pffsall my lab shit is old 100 meg stuff
nemithsartan: I have a finished basement as well. I went up through the basement, through the wall to the attic and dropped from the attic down tot he rooms
sartanheh, syslogs coming in with receipt end time 1 Oct 0174 17:14:05 MST
nemithit was a pain in the ass with only one box of cable and by myself
sartanand i'm wondering my rules aren't firing properly
_bradkyou're a time hacker sartan
nemithtook a week for 4 rooms
sartani haven't bothered to crawl up to the ceiling yet
nemithtime hacker
nemiththat sounds like a b-rated movie
squibbynemith: too bad you're not an LA city government official - you could have hired a private contractor with public funds to do it and then not even have to explain yourself
_bradkonly if there is a hot tub time machine
sartanfriends don't let friends get into hot tubs without women being around.
onefst250rsausage stew?
pffsI haven't figured out how I'm going to run the cable
pffsMy wiring closet is upstairs
pffsso I can do through the attic to rooms upstairs
onefst250rhave cable between the two?
pffsbut I'm going to probably have to run it in the wall downstairs
onefst250ri use some MOCA adapters at home to get from the ONT to the office where my firewall is
pffsI don't have any walls that overlap between upstairs and downstairs
pffsreally the only decent way is to run it through the wall to the stair case, down the wall there, and then through the ceiling
mInrOzOk, im taking the CCENT in 12hours... im nearvous as fuck and I have a feeling that I am not quite prepeared. Any tips for the next hours?
_elgatoget some sleep
mInrOz_elgato: Good advice...
chumpopen the study book
_bradkhave a few beers
garrettskjmInrOz: seriously don't worry about it.
garrettskjmInrOz: you can always retake the exam
garrettskjit's not a big deal
garrettskjno one will ever know you failed
garrettskji failed my CCNA 3 times when I tried in 2001
mInrOzgarrettskj: True, I just dont like wasting the money :)
_bradkat the end of the day, as long as you know the content the certifications don't really mean much anyway
_bradke.g. someone who knows bgp without their ccnp > someone who doesn't know bgp with their ccnp
envirocbrAnyone got a ASR 1001 laying around for sale?
nemithexperiance > any cert
envirocbrnemith: AMEN!
_bradkexcept if you work in my office
nemithcert just used to help moronic HR and recuriters to filter through a stack of resumes
nemithand helps moronic managers justify shit
_bradkwhere certifications are the currency of the gods
nemithyou should probably leave any company that values certs over experiance
envirocbrnemith: Then don't work for partners
mInrOznemith: True, but I have no real life experience with Cisco. Im taking the cert since I want some more documentation and its fun to learn new stuff :)
envirocbrThey want certs; however, the good partners want experience too
_bradkyeah, we partner with providers
nemithenvirocbr: hah.. partners are different since those are sales tools and requirements from vendors
envirocbrI have met some partners with paper engineers and some with EXCELLENT resources
_bradki think i've told this before but we have 1 guy here with their ethical hacker, ccent, cissp, mcsa 2008 and couldn't find out the validity date of an ssl certificate on a website
envirocbrI really have no respect for CISSP
envirocbrPerhaps I have met too many who thought they were technical when they were actually full of shit
envirocbrI get it is a management certication, but recnognize what it is
_bradki've met a few people who have their CISSP who don't feel the need to remind you that they have their CISSP
_bradkthey are pretty good
_bradkthe guy who tells you every 5mins is not
envirocbr_bradk: We have had different experiences
envirocbrHowever, I do work with one guy who has it and I never knew, he is also SUPER smart
_bradkthey are the people who know their stuff rather than just having the piece of paper
pffscissp just seems so high maintenance.
squibby_bradk: haha somebody busted out the Ph.D card in an argument with my wife the other day
squibbywho does that
squibbyI have never once seen anyone try to plant an argument up on having a ph.d
pffspretty sure that's a logical fallacy
sartan%C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te5/1. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
sartan....oh, fuck
sartantwo of them
sartannetwork is configured properly, the two other ports in the same port-group are 10G. shit, shit
pffsArgumentum ab auctoritate sayeth the wiki
onefst250rdirka dirka
sartani think i was sold counterfeit optics =(
pffschinese knock offs
sartani bought them from cdw
sartanthey look like cisc, bark like cisco
trash80are they cisco branded?
sartanya X2-10GB-SR=
sartanwell, fuck
sartanat least these weren't the dwdm ones
sartanonly $2500 !
pffsthat's what you get for buying from cdw
pffsor something.
trash80i would be counterfitting 100g optics
trash80if i counterfitted optics
onefst250rshould have bought directly from china. they probably would have worked fine.
pffswhat are you fitting them counter to?
nikogonzoplease excuse my noob question, but are vlans 0-indexed? I'm running ios Version 12.2(50)SG6 on a cat 4948 and have an access port on vlan 20, but tcpdump on the host decodes CDP with native-vlan 19. :S
sartanno, nikogonzo
pffs WORD ISL VLAN IDs 1-4094
sartanok, afk.
nikogonzojust changed the native vlan to 21 and CDP reports vlan 20. I think this switch is toast.
mInrOzBut then question becomes... can it have sex with another toast and make toast babies?
mInrOzDelicous toast babies
onefst250rtoast sex makes grilled cheese sammich
squibbydo different countries have overlapping airport codes? uh no, right?
squibbywhy does this naming convention make sense country-airportcode-layer/function
_bradk[11:58] <squibby> _bradk: haha somebody busted out the Ph.D card in an argument with my wife the other day
squibbywhy do I need country if I'm using airport codes
Harlockcountry is not apparent though with 3 char codes
squibby_bradk: she herself has a masters degree and so has been exposed to academic types her whole life, first time she's ever encountered that either
baristatamguys if you have a PhD it means all you have is cold, sad remorse and bitterness and your only option is to be an asshole
squibbyyou have to be pretty insecure to use the ph.d card
Harlockand that might be usefule info on the fly
baristatamSo Much Drama in the PhD
squibbyanyway back to my naming conventions question
squibbywhy bother specifying country code if you're using airport codes
trash80Pretty Huge Dickhead
Harlocki just said
trash80most phd's we have at my company are also cockbags
_bradkmy preferred convention is <airportcode><number><devicetype><number>
squibbyHarlock: but isn't the airport code itself always unique
Harlocksure, but are you goign to memorize every code?
_bradke.g "syd1cs01" would be core switch 01 located in sydney
nikogonzosquibby: maybe because there aren't cohesive enough standards bodies to organize airport codes across all countries, only enough cohesion inside of each country?
GraNNy-PhD - Pile Higher and Deeper
squibbyHarlock: I guess not - but why would I have ever country code memorized
_bradk[12:13] <Harlock> sure, but are you goign to memorize every code?
_bradkit wouldn't be that hard
Harlockif it is a letter code for country it's usually apparently
_bradkand in the event that you have offices in multiple countries you would really only need to worry about a few at a time
_bradkcrash 'n burn m8
Harlocki'm just trying to come up with a plausable reason
Harlocknot defending it or something
onefst250rbaristatam: someone needs to make a "So much drama in the UDP"
Harlockthe ICAO 4 char codes have country built in
baristatamonefst250r, I wrote an IT rap once
onefst250ror maybe "So much drama in the NTP" given current events
baristatamonefst250r, do it
onefst250rwe can have scrye record it
onefst250rhim singin the lyrics
baristatamwhat I wanna sing
baristatamhe can be backup
squibbyin mah aston martin wit mah UDPs...
Harlockonefst250r what's going in the ntp world?
onefst250rHarlock: lots of amplification attacks
onefst250rsquibby: you noob. the am was gone a while ago.
Giant81_hmmm I wonder if I can get console redirect to serial on my server
Giant81_then I can plug it into the same console server as my lab
Giant81_and run everything from one place
jamesdGiant81_: they make terminal servers for that...
Giant81_eyah I know I want consol redirection os when I restart it can get into the bios etc
Giant81_well it is an IBM, I can jus tuse the remote management card I guess
Giant81_but I typically hate that java crap used for remote KVM through a web browser
MrJayPCHmmmm apparently theres another nice storm heading for the UK yay....
_bradkbut you should be used to bad weather, right? :P
baristatamdamn it where did squib go, I wrote a rap starting with his first lyric
MrJayPCIf we get much more rain I think we'll sink ¬_¬
onefst250rcry about it a lttle more and you'll push it over the top
garrettskjsnow in PDx
garrettskjcity shut down lol
onefst250ris it supposed to be bad tomorrow too?
onefst250rwas considering driving down to salem for the weekend
garrettskjonefst250r: look at the traffic lol
garrettskjthe entire city is broke.
onefst250ri dont drive a ton in portland, so i dont have a big frame of reference
onefst250rseattle traffic is shit in comparison to pdx
onefst250ris the snow just for tonight though, or is it supposed to hit more tomorrow too?
onefst250rspecifically, tomorrow evening
xousI love CC terms
xousNot Covered:
xous13 . Nuclear reaction, nuclear radiation, or radioactive contamination;
xous . Exotic vehicles, meaning vehicles such as Aston Martin, Bentley, Bricklin, Daimler,
xousDeLorean, Excalibur, Ferrari, Jensen, Lamborghini, Lotus, Maserati, Porsche, Rolls Royce;
onefst250rwhy the hell woudl they care if you bought an exotic car?
xouscard comes with free rental insurance
onefst250rassuming that you had enough of a limit
onefst250rthats for rentals
onefst250rthat makes sense
xousI was more making fun of the nuclear .*
xousI called in to get my credit limit raised
xousthey sold me a different card. ://
onefst250rthey want you with a whole bunch of cards!
xousI only have two
xousone backup
xousone primary
xousI've been spending like $500-1000 of shit on work related expenses
xousand I put everything on my CC
xousso I was close to hitting the 3k limit
_bradkxous: wait till you have a wedding...
xousfuck that shit
xouswhy would I want to give someone half my stuff?
xoustoday was 'clean up my banking shit' day
xousapparently I had a bunch of money I forgot about.
onefst250rbetter than the other way around
onefst250rfind bills you forgot about
xousin the last month I found like 3.5k I forgot
onefst250rhow do you have 3.5k you forgot about when you work for monkey salary?
xous1.5k in rent I overpaid
xous2k in some bond shit I had at another bank
onefst250rlesson learned? dont bank drunk?
xousonefst250r: I don't care too much about money.
xousI made probably 70k last year if you include all the under the table shit.
onefst250rsuppose thats not too bad
onefst250rnice part about side stuff is you dont pay the man :)
xous15k is OT though.
xousso that's kinda brutal
hjohnsonACTION misses not having hazard pay
hjohnsonhazard pay let me make bank
onefst250rdont you mean "not having pay, period"? :)
hjohnsonwell, that too :P
xousonefst250r: I've charged $200-300/h
xousfor side jobs
_bradkat least you get OT pay
onefst250ryeah, ot would be so fucking nice
xousI still get OT
hjohnsonI just didn't work OT.
_bradkwe get time off in lieu here
onefst250rid probably be making 200k if i made ot
xousI just did the math. I've spent 69k in rent in the last 3 years.
hjohnson6? I'm out the door.. doesn't matter if the project isn't done, it just wasn't worth it
_bradki would be so much more inclined to do more outside hours work if i was getting OT
xousI will never do a salary job.
xousfuck that shit
hjohnsonand jealously guarded my day soff lin lue for when i was on the raod over the weekends
TimberWolf_what if they paid you more than what you make in OT?
hjohnson(and it would help if I could spell)
xousTimberWolf_: there'd have to be a fixed limit on after hours shit.
xousor flex time
xousspend a weekend pulling 16 hour days
xousdon't show up next week
xouskinda thing.
TimberWolf_you should come work for us
terabitthem new tld's
TimberWolf_thats pretty much how we roll
xouswork for americans?
_bradk16 hour days on the weekend?
_bradkscrew that!
xous_bradk: I did last weekend
hjohnsonweekends are mine
hjohnsonunless it's a major disaster
TimberWolf_na comp time
xousworked friday from 12:00 - 08:00
hjohnsonfuck that shit
TimberWolf_we rarely work weekends unless something has really blown up
_bradki don't mind doing occasional work but fucked if i'd waste my whole weekend
xousthen 23:00 - 07:00
xousand again sunday/monday.
hjohnsonyeah only time I really worked on the weekends in the last little while was when a customer of mine fell off the air
xous_bradk: I was fucking with the core network. heh.
terabitat old job worked weekends but had 2 weekdays off
_bradklike hjohnson said, weekends are my time
hjohnsoncompany bought 40 hours a week of mine time
TimberWolf_i have been lucky so far. Both of my bosses have been against working on weekends unless we really need to
hjohnsonso this idiotic discovery show "Moonshiners"... I don't get it.. wtf don't the cops just sopena the production company to bust 'em all?
xousheh. shit was broken and we needed to get shit off two switches that were fucking up.
hjohnsonI've lost a long ethernet cable between two buildings
_bradkxous: sounds like a during office hours job ;D
hjohnsonI think that's what's going on... or an ethernet port has gone wonky
xous_bradk: core switches
_bradkxous: still sounds like a during office hours job ;D
_bradk"did the network just go down?"
xous_bradk: I did the same shit tuesday night and wednesday
_bradk"xous: yeah, that bloody spanning-tree!"
xous_bradk: we do hosted voip and internet
xousclients would be like "MURDER!"
TimberWolf_wooo broadcom
xousyou should have seen the rats nest in the cable management shit
xousI got so pissed off towards the end I'd just cut the fiber cable
diozzoh nice this does work
diozzsup xous
xouswe were throwing 'em out anyway
xousdon't have the shit to clean/inspect them
xousso it just goes in the trash
diozzi wonder how much data this uses
diozzsprinkler puking
diozzdrag your girlfriend into the washrooom whilst you poop
diozzlook into her soul and let out a nice long grunt
diozzgrab her gand and hold it tight
diozzeight oh two dot eleven see
hjohnsondioz: I really don't need to see that far into your fantasies.
onefst250ryeah, we dont want to know what glands you're grabbing either
_bradkthere is something disturbing about this channel but i can't quite put my finger on it
onefst250rstand in front of a mirror and point at it
onefst250rzomg http://seattle.craigslist.org/see/sys/4321831987.html
onefst250rwonder if there is more than 50 dorra of prescious metal on it
mgeorgewhat does the democrat say?
mgeorgeyap yap yap yap yap yap yap
mgeorgebla bla bla bla bla bla bla
mgeorgetax tax tax tax tax tax
jamesdmgeorge: and palin, is an expert on foreign policy she can see russia from her backyard, and mitt romney is a normal family guy who rents vacation house for 20k for the weekend
mgeorgei never said republicans are any better lol
mgeorgethey all need to be fired except for a select few
jamesdso we should move to a 20 party system like parts of europe?
snackywe should make it illegal for there to be any laws that are bad.
mgeorgedefine bad?
snackyit's like good, but the opposite!
snackyI guess that means it's unlike good. but you get the idea.
_bradkso the guy who thought switches by default don't have any vlans is giving network training to the junior engineers
_bradki think someone should stop him :/
onefst250rmgeorge: s/democrat/politician/
civillian_bradk: I suppose strictly speaking he is right
_bradkcivillian: vlan 1 is still a vlan :]
civillian_bradk: I think he means a basic switch, in the true sense of the word switch. Not a Cisco switch.
_bradknope, the conversation that we had was "i didn't configure a vlan 1 on that switch so there are no vlans running on it"
_bradkit was a cisco catalyst
civillianRighto. Yep toss him out.
_bradkalso, he changes vlans by plugging the cable in and out a few times
_bradk"i plugged the cable in and it didn't work, it was configured on another vlan so i removed the cable, put it back in, removed it, put it back in and then it worked"
_bradkme: how do you know it was on another vlan and did you make any config changes?
_bradkhim: nah, just pulled the cable out and put it back a few times, i knew it was on another vlan cause i couldn't ping straight away
_bradkme: ahhh...... nice work man.
_bradkpoor guy
civillianHow do these people get into teaching positions
_bradkwell, he's not really a teacher, he's supposed to be a consultant who mentors the junior consultants
_bradkit's usually pretty funny
_bradki sent an IM to one of our other network engineers who sits on the other side of my desk "i think brian mcgahan is in our workshop, listen to him talk about vlans!"
_bradki'm horrible..
Giant81_omg they let people like that near networking gear?
Giant81_and here I was down on my self for not passing the CCNP SWITCH test today
Giant81_mabye I should have just tried unplugging and plugging the cable back in a couple times
Giant81_here I feel bad for getting a 749 and needing a 790 but that guy makes me feel very secure in my job
_bradk[15:28] <Giant81_> mabye I should have just tried unplugging and plugging the cable back in a couple times
_bradkit's a known fact that unplugging and re-plugging a cable in multiple times removes any access vlan configuration on the itnerface
tairikuookami2ACTION blinks. clearly out of context
drkat_well it does
dioz_russia is better than the usa
drkat_fuckign NP
dioz_sup drkat?
drkat_just finished my hours sheet
drkat_i hate reporting hours
dioz_at woork?
drkat_side work
drkat_im officially unemployed
dioz_working is over rated.
Harlockas much as i don't want to live in the usa i want to live in russia far less
drkat_in soviet russia, girl fuck you
dioz_harlock any valid reasons why?
dioz_i am pretty conservative
dioz_i really hope russia mops the floor with the usa this year
dioz_time will tell tho
Harlockstandard of living, corruption, climate
dioz_what corruption are you making reference.
Harlocki'm sure there is plenty otherwise too
dioz_more corrupt than the usa for example? heh
Harlocknow i forgot some more bullet points
hjohnsonyuck.. just had a huge hunk of earwax come out of my ear
Harlocki wish i had asian earwax
hjohnsonlol why?
Harlockit's flakey not sticky
hjohnsonwell, yeah
hjohnsonnaw, it's a pretty standard mutation in asian and asian-derived peoples
dioz_anyone watching the olympics?
Harlocksticky is dominate gene though
Harlockso my daughter is "stuck" with sticky earwax too
dioz_my ear wax is usually brown/yellow and very thick
hjohnsonHarlock: yeah so if you have kids with an asian chick, your kids will have the wet type
Harlocknot if
hjohnsonahh, heh
Harlocki have it bad too
dioz_so bored
Harlocklike have to get it water syringed
dioz_i spent a night playing with freebsd jails now i wanna play with linux containers
Harlocki'd go for an eu eastern europe nation long before russia
Harlockbefore the usa too i guess
dioz_bah the internet is boring tonight
Harlockbut that is because i can do paper work in poland to claim citizenship there
_bradkit's nearly beer'o'clock
_bradkthe internet gets better after beer'o'clock
hjohnsonfriend of mine.. her kids all had the mongolian spot
dioz_poutine is voted the most powerful man in the world now
dioz_knocking obama to number two