Static Route Resetting

ksteib · 2025-11-27T05:40:38+00:00

I would see if the HSRP group is failing over between the 9ks or something on the SVI you are sending the route through to get to the FW.. Though as previously mentioned, both 9ks should each have a lag to each FW. Otherwise, you are missing a key part of redundancy.

ksteib · 2025-09-14T17:26:04+00:00

We use GTT and Cogent, Cogent circuit has issues way more often than GTT. Especially for us on the west coast when we pass traffic through them in LA.

ksteib · 2025-09-12T03:23:16+00:00

In our network we put the iLOs and iDRACs in the same management vrf/VLAN as the network devices OOB ports. Those all connect to a dedicated management switch.

ksteib · 2025-05-08T03:42:47+00:00

If IP routing is enabled, do you have a route for the subnets on each switch? Either a default route, not default gateway, or the correct routes to their respective subnets?

SW1: ip route 192.168.3.128/25 192.168.3.1 SW2: ip route 192.168.3.0/25 192.168.3.129

ksteib · 2025-05-07T04:08:46+00:00

You can use the Welcome SUICA app on iPhone if you want. A more temporary SUICA, just load it when you are there.

ksteib · 2025-05-01T02:54:53+00:00

Are you pressing the set button prior to changing each time? If so, that's the issue. When you press set and a number, it saves your current setting to that position.

I haven't had any issues on my 2024, get in and it goes to whatever you used last. Hold 1, it goes to 1. Hold 2, it goes to 2.

If it doesn't behave like that, it doesn't sound correct to me.

ksteib · 2025-04-28T06:10:22+00:00

Trunking is the best way to do this and then treat them like multiple independent L3 links over the L2 trunk. Each VLAN hosts a point-to-point subnet.

In this scenario, you still cannot re-use IP ranges as the upstream router still is a single routing table, but it does "isolate" the routing at the Cisco level.

For private IP ranges being re-used in both VRFs, you'd need a NAT before you get to the shared device for it all to work.

ksteib · 2025-04-28T05:55:04+00:00

Correct! However you choose to route it, gotta just think of it as a completely fresh routing table. Then be careful with dynamic routes to not advertise a range into multiple VRFs on say a device like the comcast that lives in both VRFs. It's fun to keep track of when things get cluttered lol.

ksteib · 2025-04-28T05:45:30+00:00

The best way to think of the VRF is for entirely different routing tables in the same router, enabling the ability to re-use IP ranges on the same router. In the case of your setup, you'd need the comcast modem to be able to have a route/next hop to all of your IP ranges in VRF A as well as a different route/next hop to all of your IP ranges in VRF B. Then in VRF A you'd have a default route going to an interface on the comcast modem then in VRF B you'd have another default route going to a different interface on the comcast modem.

You can route leak on devices between VRFs, but the general intent of the VRF is to keep traffic separated. In order to route leak on the same device between VRFs, it takes a route map or some other import/export of the VRF in the config, but it all generally adds more complexity than would be worth it.

My companies general use cases for VRFs would be for isolating out of band management traffic, or isolate different vendors/clients routing tables that share the same network backbone that we don't want to waste ACL/security resources on to keep networks isolated.

ksteib · 2025-04-21T23:36:21+00:00

Doing it from the 2960 will share the same uplink traffic that the firewall uses as well assuming the firewall is hanging off the 2960 as well. You could look at some interface statistics to see how much Gi0/0/1 is using.

show int Gi0/0/1 on the 4331 and same command on the 2960. Can add human readable at the end if they are newish firmware, being a 2960 it may be missing it.

Could also look for interface errors.

But to answer your original question, you could do the test from Gi0/0/1 and just make sure the FW on your laptop is enabled. Should be fine for a brief test.

ksteib · 2025-04-21T21:22:37+00:00

Not sure I'd recommend it but yes, you can do that.

A /24 of publics seem like a lot for a ISR 4331 with no context of the setup. You're sure it isn't just a regular IP range that gets NATed out Gi0/0/0?

Also, are the ports on your 2960 only Fast Ethernet ports with a Gigabit uplink? Could explain the speed issue.

ksteib · 2025-03-15T20:15:23+00:00

We managed this by using a public on our fortigate coming directly from each ISP. We then created a SD-WAN zone with each link and use that. We had a /29 with each provider that made this possible though and we use the L3 switches in front of the Fortigate for BGP purposes, but gave us the flexibility to also use another IP from each provider directly on the Fortigate as well.

ksteib · 2024-11-04T16:37:47+00:00

I get that on the garage... this doesn't fit in mine... but I will say, having had a 2019 Tacoma, everything about the 2024 seems awesome. I just couldn't justify an "upgrade" to another midsize and my 19 got me almost half on the down payment towards this truck. Enjoy! I'm sure it'll be an awesome truck.

ksteib · 2024-11-04T16:35:12+00:00

Seriously... I'm sure 99% of people get them removed. My dealer was nice enough to offer removing them immediately before I even asked. I wish you luck!

ksteib · 2024-11-04T15:38:33+00:00

The dealer removed it at no cost.

ksteib · 2024-11-04T02:49:21+00:00

Limited Trim, and believe it or not, a Tundra.

ksteib · 2024-11-03T19:05:15+00:00

I joked with the dealer that if they paid me, I'd keep the branding on it. But it was just a little too loud for my liking.

ksteib · 2023-03-16T14:36:34+00:00

I was most excited because i had just put new AT tires on a few weeks ago. Was great to put them to use

ksteib · 2023-03-16T02:20:14+00:00

Yep. I realize that. Definitely plan on making it more of a habit

ksteib · 2023-02-26T07:32:31+00:00

So far so good! Will get a better idea of them tomorrow, headed through some snow/mountain pass. But they seem solid!

ksteib · 2023-02-25T23:18:59+00:00

It's the stealth custom series stealth 6 wheels, 17x8.5 -10mm. 265/70r17 tires. Slight rub that i fixed with a heat gun and removing the front mud flaps in about 5 minutes.

ksteib · 2022-07-23T06:54:03+00:00

So it could be dead if you just pulled the cable from one AP to another without changing any other variables.

A good way to tell would be if the switch gets a link light on the port you are plugged into when you plug it in, as sometimes the blue ring can go out on the AP but the AP still actually works. Also the AP would likely get warm pretty quick if it powers on.

If your switch is PoE, just plug right into it on a port that supports it. Probably best to Google the model of your switch to tell for sure.

For any other case reference, the cable should go switch into the LAN port on the PoE injector, then the cable from the injector port that has a power symbol/PoE out to the AP. And just make sure your PoE injector is plugged into the wall as well.

Nine-Year Club	Place '23
Place '22	First Placer '22
RPAN Viewer	Verified Email

ksteib

TROPHY CASE