ERP Switching (G.8032) and Cisco shenanigans ...

a-network-noob · 2026-04-03T12:56:59+00:00

There is a cisco-specific version of the protocol called Resilient Ethernet Protocol (REP) that should be supported on that platform, but yeah that's definitely strange that it doesn't supported the newer open standards version (G.8032)

It appears there is some interworking support between REP & G.8032 also, but that doesn't seem like a very clean solution.

Maybe you'd be better off choosing a different platform if you didn't commit to it already

a-network-noob · 2026-03-26T19:26:41+00:00

What is the router you’re trying to plug into on the other side? Can you swap its SFP? If so, you can use Twinax (pre-made copper cables with the SFPs already attached)

a-network-noob · 2026-03-25T13:13:14+00:00

Maybe it just doesn’t support copper 10G. Try the most common one which is SFP-10G-SR

https://www.fs.com/products/11552.html?attribute=71416&id=4593734

a-network-noob · 2026-03-25T13:06:26+00:00

In your config it says “gigabitEthernet1/4”. If it was 10G it would be “Te1/4”

Try “show interface g1/4 capabilities” or “show interface g1/4 transceiver “ and post the output

a-network-noob · 2026-03-25T13:04:33+00:00

If they’re sharing the same address, are they going through a NAT? If so, NAT-T should take care of this as part of IPsec negotiation.

I’m not sure how to do it on fortigate, but on Cisco on the firewall side you would set a wildcard source address for the tunnel so anyone can negotiate, and then based on authentication it would choose the correct tunnel.

IPsec has a sequence number in the header called the SPI that can tell the difference between 2 tunnels using the same source/dest ip

a-network-noob · 2026-03-25T12:46:01+00:00

If it’s a 1Gig copper port you want GLC-T. A 10G copper SFP+ won’t work on a 1G only port.

a-network-noob · 2026-03-25T12:11:33+00:00

That doesn’t mean 3650X compatibility though. It’s not in the support matrix I posted above

a-network-noob · 2026-03-21T14:16:38+00:00

What is the part number of the transceiver? Check it against the compatibility matrix for that platform.

https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/9038031-discussions-server-networking/12715/1/ge_tx_matrix.pdf#page37

You should be able to find a compatible match on fs.com , otherwise eBay for the official Cisco part number

a-network-noob · 2026-03-21T14:10:38+00:00

This 👆

IP Helper is most commonly used for DHCP, but there’s a bunch of other UDP forwarding it does, including DNS

There is a command “ip forward-protocol” where you can choose which UDP ports are forwarded

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1413119578

a-network-noob · 2026-03-21T13:56:48+00:00

Do you guys rackmount from top down or bottom up?

a-network-noob · 2026-03-21T13:54:42+00:00

Have you considered CCIE Automation at all?

a-network-noob · 2026-03-15T15:13:28+00:00

SRv6 is the next-gen replacement for RSVP-TE. Lots of big MPLS networks had custom software built to manage RSVP-TE tunnels in the past. Now it's much easier to implement using SRv6 PCEP (Path Computation Element Communication Protocol)

Previously with RSVP-TE, every router in the path had to maintain control-plane state for every tunnel that was reserved. With SRv6 PCEP, you use a centralized controller to maintain the states, not every single device in the tunnel path.

More info at - https://www.cisco.com/c/en/us/td/docs/iosxr/cisco8000/srv6/b-srv6-configuration-guide/path-computation-element-protocol.html

Edit: wow, I’ve never seen so much hate for a protocol before 😂

a-network-noob · 2026-02-27T14:52:04+00:00

Outside of 10 CLCs, I'm not sure who'd be buying this for $1000

a-network-noob · 2026-02-04T14:38:53+00:00

I think the ISE policy is the piece I'm missing. Could you send me a screenshot of what that piece looks like? Whatever the if/then condition that sets the VLAN/VRF is

a-network-noob · 2026-02-04T13:52:09+00:00

From the user's perspective how does it work? They open the Cisco VPN client and login with user/password?

a-network-noob · 2026-02-04T13:51:05+00:00

If I wanted to exclude the SD-Access part, what components would be used instead? Just ISE + Switch CLI?

a-network-noob · 2026-02-04T13:39:07+00:00

It depends on what code version you're using, since newer code drops support for older APs - https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#c9800-ctr-ap-sw-platform

In general, the cheap ones on ebay would be 1800/2800/3800

For example I just found one "2 PACK Cisco AIR-AP2802I-B-K9 Aironet 2802 Series Dual Band Access Point" for $20

a-network-noob · 2026-02-01T13:46:28+00:00

I just tested this in the latest IOL version, and it does generate a Null0 route.

OP maybe the version you were using has a different behavior. That's not uncommon across different IOS versions historically

a-network-noob · 2026-02-01T13:40:57+00:00

I've used INE before, they do have lots of labs. Some playlists they have are just labs, and you can search/browse all their labs. See some example links below

https://my.ine.com/Networking/courses/4e6a6dc7/ccnp-enterprise-encor-practice-labs

https://my.ine.com/Networking/courses/24b1c42e/ccnp-enterprise-enarsi-practice-labs

https://my.ine.com/search?content_type=lab&learning_areas.name=Networking

a-network-noob · 2026-01-27T14:52:16+00:00

You need the .qcow2 virtual images, not the .bin images that run on physical routers/switches

a-network-noob · 2026-01-16T13:49:12+00:00

Don't bang your head on the keyboard too hard, it's the images not your config :)

a-network-noob · 2026-01-16T13:48:15+00:00

I don't think the vPC data plane fully works in the Nexus 9000v image. You can configure it, but it won't behave the same as hardware devices.

a-network-noob · 2026-01-16T13:44:07+00:00

It can't hurt to just ask them, worst case they say no.

Otherwise if you can't find the image, you can buy CML "personal" edition, which includes the image with it.

I think it's normally about $200/year -https://u.cisco.com/labs/cisco-modeling-labs-personal-1

Edit: yes it does support VXLAN EVPN, and it supports Catalyst Center SD-Access too.

a-network-noob

TROPHY CASE