I say *fix*, because it does kind of cripple your RB. While doing some digging last night I saw where some people were complaining of heat issues with RBs in outdoor enclosures. Their RBs would get extremely hot under high load and reboot. To repair the problem, you can underclock the CPU on your RB. I had no idea you could do such a thing, but here is the command.
Set frequency to something less than max.
1 | /system routerboard settings change-frequency frequency=266 |
A friend of mine was telling me about an ASA issue he was having. His LAN-to-LAN tunnels would establish and cause intermittent connectivity issues. He would be able to only get to some subnets on either side of the tunnel. It wasn’t always the same subnets, nor would it always happen. His ACLs were the same on either side, as well as his crypto map sequencing.
Below is similar to what his maps looked like:
1 2 3 4 5 6 7 8 9 10 11 12 13 | crypto map global_map 10 match address outside_1_cryptomap_1 crypto map global_map 10 set pfs crypto map global_map 10 set peer 1.1.1.1 crypto map global_map 10 set transform-set ESP-AES-128-SHA crypto map global_map 10 set security-association lifetime seconds 28800 crypto map global_map 10 set security-association lifetime kilobytes 4608000 crypto map global_map 15 ipsec-isakmp dynamic global_dyn_map !!!!here is our dynamic!!!!!!! crypto map global_map 20 match address outside_2_cryptomap_2 crypto map global_map 20 set pfs crypto map global_map 20 set peer 2.2.2.2 crypto map global_map 20 set transform-set ESP-3DES-SHA crypto map global_map 20 set security-association lifetime seconds 28800 crypto map global_map 20 set security-association lifetime kilobytes 4608000 |
The issue was that he had his dynamic mapping in the middle of his crypto sequence. Once he moved it to the end, all was well:
1 2 3 4 5 6 7 8 9 10 11 12 13 | crypto map global_map 10 match address outside_1_cryptomap_1 crypto map global_map 10 set pfs crypto map global_map 10 set peer 1.1.1.1 crypto map global_map 10 set transform-set ESP-AES-128-SHA crypto map global_map 10 set security-association lifetime seconds 28800 crypto map global_map 10 set security-association lifetime kilobytes 4608000 crypto map global_map 20 match address outside_2_cryptomap_2 crypto map global_map 20 set pfs crypto map global_map 20 set peer 2.2.2.2 crypto map global_map 20 set transform-set ESP-3DES-SHA crypto map global_map 20 set security-association lifetime seconds 28800 crypto map global_map 20 set security-association lifetime kilobytes 4608000 crypto map global_map 65535 ipsec-isakmp dynamic global_dyn_map !!!!our dynamic at the end!!! |
Every example I’ve ever seen had these dynamics at the end, but I didn’t think it would affect your L2Ls this way.
Thanks for the tip Brian!
What is this and why do I need it? Here’s the scenario. You have a central office with five remote offices. You run Cisco CallManager at the central office and you simply deploy phones out at the remotes to use the central Callmanager. This saves you money by using a single call server. Now imagine the link that connects your Dallas office back to the central site, fails. No one in your Dallas office can receive or place calls! Now, imagine that the link from the central office connecting you to all of your remotes fails, and then none of the five remote sites can make calls! This could be devastating. What does one do?
Central Callmanager no SRST
You install some SRST (survivable remote site telephony). This is basically a fall-back phone system for your remote sites. Going back to the Dallas office, if the link fails with an SRST gateway present, your phones simply register with the local gateway and continue to function. They will often have limited functionality at this point, but you can still make and receive calls!
Central Callmanager with SRST
Now, imagine you have 64 phones at each remote site. Cisco will tell you that you require Unified Communications Manager Express running on a 2851 ($~5K) and a VWIC (voice WIC ~$300) for each site. This at five locations will be somewhere around ~$27K. Now imagine you could get the same functionality for easily less than $1K per site! Seems like a no brainer, right? What if I also said, you could have it automatically update the SRST site with the phones that belong at the site. How you may ask…if you are asking, you should have read the title of the article a little closer…use Asterisk!
A few easy steps and some scripts I’ve written will do all the hard work for you.
Click the link below for the full article!
read more…
I noticed that Ubiquiti now has some 3.65 cards. This sounds like a great idea for backbone links in some congested 2.4 or 5.8 areas. The only real downside I can see is that the price for the card is ~$250 and the range must be licensed in some areas. Any of you guys running these? If you have any just laying around, I’ll takem off your hands 😉
First, Asterisk is an opensoure PBX (phone system). I’ve deployed several systems with great success. I generally use the digium hardware, which is the company that originally developed and later opensourced the Asterisk system. They have tremendous community support, of which, voip-info.org is my favorite.
So, what is Trixbox? I’ve been using Trixbox since it was Asterisk@home. It is basically a prepackaged install of Centos with Asterisk on a single CD. You pop in the cd, reboot the machine and let it do the rest. It formats, installs and configures your packages. After that, you need only to login and get started. They have a commercial version now as well as an appliance, but I like the tried and true CE version. This is packaged with a great GUI and most common packages. You can add an extension with phone mail in about a minute or two!
The easiest way I’ve found to find a null value is to search for (whatever=\00). The “\00” is the escape sequece for null.
I’ve had problems resetting the password on a 7606 Sup720-DFC-3BXL. I would do the normal break and confreg 0x2142, but it would continue to boot with the old config, refusing to bypass. The fix is that there are two places to issue the break sequence. At the initial boot, but also when it says “Download Start !!!!”. When you see the download start, do the normal break sequence and follow the normal reset process.
System Bootstrap, Version 8.1(3)
Copyright (c) 1994-2004 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 1048576 Kbytes of main memoryAutoboot executing command: “boot disk0:c7600s72033-advipservicesk9-mz.122-33.SRB1.bin”
Loading image, please wait …monitor: command “boot” aborted due to user interrupt
Exit at the end of BOOT stringrommon 1 > confreg 0x2142monitor: command “confreg” not found
rommon 2 > resetSystem Bootstrap, Version 8.1(3)
Copyright (c) 1994-2004 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 1048576 Kbytes of main memoryAutoboot executing command: “boot disk0:c7600s72033-advipservicesk9-mz.122-33.SRB1.bin”
Loading image, please wait …Self extracting the image… [OK]
Self decompressing the image : ########################################################################
############################################################## [OK]Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706Cisco IOS Software, c7600s72033_sp Software (c7600s72033_sp-ADVIPSERVICESK9-M), Version 12.2(33)SRB1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 01-Jun-07 09:32 by prod_rel_team
Image text-base: 0x401012FC, data-base: 0x4186E610*Mar 6 23:32:22.055: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.
*Mar 6 23:32:21.447: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor
*Mar 6 23:32:22.055: %OIR-6-CONSOLE: Changing console ownership to route processor
System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2004 by cisco Systems, Inc.
Cat6k-Sup720/RP platform with 1048576 Kbytes of main memoryDownload Start
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!
!!rommon 1 > confreg 0x2142rommon 2 > boot
Please reset before booting
rommon 3 > resetSystem Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2004 by cisco Systems, Inc.
Cat6k-Sup720/RP platform with 1048576 Kbytes of main memoryDownload Start
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Download Completed! Booting the image.
Self decompressing the image : ######################################################################
#######################################################################
#####################################################################
#####################################################################
######### [OK]Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 01-Jun-07 09:23 by prod_rel_team
Image text-base: 0x401012FC, data-base: 0x437069B0This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email to
[email protected].cisco CISCO7606 (R7000) processor (revision 1.0) with 983008K/65536K bytes of memory.
Processor board ID FOX104612L2
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
1 Virtual Ethernet interface
74 Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.65536K bytes of Flash internal SIMM (Sector size 512K).
— System Configuration Dialog —
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
If you wipe the config completely, when you reboot you will most likely need to enter
“boot disk0:IMAGE-NAME” as in:
boot disk0:c7600s72033-advipservicesk9-mz.122-33.SRB1.bin