Search results

I've done a couple FP deployments. I love it. Not sure who told you Nexus "isn't as fast as it could be". It's all wire-speed/non-blocking other than L3 on the 5K, which people shouldn't be doing anyway. Post any questions you have.

Put some WAN optimization appliances in the middle or manually play with your window sizing in the registry.

ACLs are the solution here.

wat

I've never heard anyone define QoS by how many groups of traffic are touched. "QoS" is just a group of technologies used to treat subsets of traffic different from other subsets of traffic. Policing, shaping, marking, etc, etc, fall under the QoS umbrella (I feel like a broken record). Saying...

How do you figure? That's like saying you can use OSPF without it being routing. QoS is just a generic term for a subset of technologies.

Exactly.

No they aren't.

Let me know if you end up going.

I'll be there again. Pretty stoked.

You need to redistribute into OSPF.

As above, RRI is what you're looking for.

Not true.

It's probably a PVID mismatch. You should see a log message fire.

A router isn't going to show you how many TCP connections are flowing through it unless you enable a stateful firewalling process (CBAC, ZBF, etc), which wouldn't necessarily be recommended - also, I don't think the 6500/7600 supports it.

I was going to say the same thing, but I think the dude is talking about the same subnet in two DCs doing an active/standby. It essentially blackholes one DC at a time, but I suppose it could work.

Can't speak to any Juniper solutions, but I'm finishing up a customer's DC move using OTV on some ASR 1Ks to stretch L2. IMO, this is the best method (or FabricPath, if you had dark fiber) as it limits your failure domain. We have 20 or so VLANs bridged and it's been rock-solid so far.

The cost of Cisco (or other vendor) optics is completely ridiculous. When my customers see a BOM where populating a blade with optics is 3x the cost of the blade, they get a little annoyed. Sadly, we can't sell third party optics, but I'd be all over it if we could. The failure rate shouldn't...

Sounds like you're talking about a management VRF. Just configure a default gateway and be done with it. Some of your 4948s might have ip routing enabled while others don't, which cause some to work with the ip default-gateway command with the others needing ip route 0.0.0.0. Verify that the...

Glad it's working.

This. Ignore everything else said in this thread.

Why?

VLAN64 is shutdown...

Where's the rest of the config? sh ip int b sh ip route (wondering if you have ip routing on and no default route)

I've heard good things about fluxlight. No experience with Axion though.

5510s are going EoL, so you'd want a 5512-X (or 5515-X) if you went with an ASA. IMO, Sonicwall, Watchguard, etc, are garbage. Look at Palo Alto, Fortinet and Cisco.

Devices should still be able to block via DNS lookup (or snooping) on traffic heading to 443. Though I guess this isn't being implemented widely.

Filtering != interception though.

What kind of sicko wants to block Google searches?

My company does TONS of E-Rate. Obviously the rules are interpreted differently if ToX (and our customers) can run 3750X (or 3560X) instead of 2960S. My point is there are a lot of reasons to take the 2960 off the table and blanketly saying otherwise is ignorant. ISE is covered under E-Rate last...

So only 1% of the schools in the US are going to use ISE with advanced features? Only 1% are going to use more than four switches in a stack? Only 1% want redundant power at the edge? What you're saying is completely false.

Take off the blinders. What you support isn't the whole world. Your statement was broad and ignorant. I work for a very large VAR and I see a lot of value in 3750s over 2960s - for reasons I listed above that you all but ignored.

You have no idea what you're talking about.

There are a lot of reasons to go with the 3750X over a 2960S. Bigger stacks, more features (ISE could be a big deal here), dual power, etc.

rofl

You can't just separate devices at L3 while keeping them on the same subnet.

Try out ISE if you want to do it right.

My phone is nice, I just suck at pictures, lol.

Those are for taps.

My latest project, a DC build. As usual, excuse the shittiness of the pictures.