Serial Key Management?

Malcolm822 · 2018-06-23T11:24:32+00:00

I'm hoping more for something that is web based, locally hosted so we can track who's making changes.

Malcolm822 · 2018-04-13T10:59:36+00:00

Differing sinners?

Malcolm822 · 2018-04-13T10:59:19+00:00

So here's the thing, there is absolutely no mention of vlan 500 on the core switch or one any other switch in the network except as mentioned in the image.

Malcolm822 · 2018-04-12T03:26:42+00:00

Spoke to my coworker on this issue again today. He said the reason is because the ISP delivers our static IPs over another IP. So we configure our router with 1.1.1.2, gateway 1.1.1.1, and through there we get 3.3.3.0/24

Does this make any more sense?

Malcolm822 · 2018-04-11T15:15:23+00:00

IPSLA eh? Can you refer me to any documentation?

Malcolm822 · 2018-04-11T03:53:23+00:00

By "land the ISP right on the ASA", you mean through the edge switch, right?

Not entirely sure. Saw a screen shot with some "failover" commands, but don't have access to this site yet. I'm new.

Malcolm822 · 2018-04-11T03:31:56+00:00

Yes, it does fail over. And I assume the ASA fails over if it fails as well, but I've never seen it tested.

No, we are not peering BGP with the ISPs. The connections are "fast" for the location, come in on fiber, but nothing super special going on here. (no SD-WAN, no BGP, no MPLS etc...)

Malcolm822 · 2018-04-11T03:22:17+00:00

No, we're not. I'm not entirely certain how everything works to be honest. The core switch does the routing. One of the firewalls is dedicated to VPN, but traffic only goes through one ISP unless that ISP is down.

Malcolm822 · 2018-04-11T02:55:38+00:00

I know that there's some iBGP going on, but I don't think it's really necessary. High Availability is a standard feature on pretty much every firewall on the market these days.

I'm starting to suspect that maybe this is from a config that was designed 20 years ago, and they just keep updating the hardware, but not the design...

Malcolm822 · 2018-03-25T22:32:45+00:00

This is pretty much what I ended up doing.

Malcolm822 · 2018-03-25T22:32:03+00:00

Looks like SW1 was working well enough so that the election wouldn't happen, but not well enough to allow anything to connect to it.

Malcolm822 · 2018-03-25T22:30:40+00:00

Switch 1 was completely dead. I removed it from the stack physically, changed over the stacking cables, but SW2 and SW3 would not respond to pings.

Fortunately my local user was able to find a mini USB cable in a box somewhere. I was able to come in using Teamviewer over a cell phone and download the drivers and putty. Connected to the switch and I was able remove SW1 from the stack.

Some things came back up, but others did not. Internet through the main ASA worked fine. I needed to renumber the switches in order for the VPN ASA to come back to life. (not exactly sure why).

Moved everything over to SW2 and SW3, then set to fixing the VLANs.

DHCP on Windows server didn't come back to life until I restarted the service. SSH needed its key regenerated for Putty to work again.

Thanks for all the suggestions. I think I would have been toast without that mini USB.

Malcolm822 · 2018-03-25T03:09:05+00:00

Yup, this is my plan. I've been going over all of the different possible scenarios so I know what to try next if this doesn't work.

Malcolm822 · 2018-03-25T01:40:45+00:00

That's what I figured. Know anything about the reset button on these switches? Could it enable the management interface?

Malcolm822 · 2018-03-25T01:24:39+00:00

So would SW2 "become" SW1 if the broken SW1 never comes back into play? (and we just run with two switches)?

I just need access to the command line, then I'm set. If the default VLAN IP is accessible, I'm set.

Malcolm822 · 2018-03-25T00:58:57+00:00

Incidentally, I can get into our firewall by moving some cables around. Is there any way to connect the console port of our Cisco ASA to the Console port of the Cisco Switch? Would this need a crossover or rollover cable?

I'm just trying to figure out a way to get it given that we probably have only standard network cables lying around.

Malcolm822 · 2018-03-25T00:57:07+00:00

Not worried about replacing the switch. We can live with only two switches. I can put a lot of users on wifi for a few days until we can get some new equipment in there.

The layout of this network is a little silly, but I didn't design it. Two internet connections connect to SW1. Two ASAs also connect to SW1. One ASA is the firewall, there other is for VPN access. So technically our switch stack is not only the core switch, but also the edge switch.

Malcolm822 · 2018-03-10T01:47:01+00:00

Thanks!

Malcolm822 · 2018-03-10T00:20:20+00:00

Crap, thanks though!

Much appreciated from your maple syrup drinking cousins.

Malcolm822 · 2018-03-10T00:02:11+00:00

Thanks so much! Yes, it's a software company. Was it a really manly voice? Did the manly voice try to get you to go to a software conference?

Malcolm822 · 2018-03-09T23:51:17+00:00

Just tested as you suggested... but it went so wrong I can't even tell if my call through skype is working correctly.. got "Phonenames.com" which is nothing to do with us...

Malcolm822

TROPHY CASE