Netjitsu Dojo

Today I came across a customers 3750 switch stack which had a flapping stackwise link. The stackwise link was transitioning up/down around 3 times a second and causing massive issues with connectivity and EIGRP routing for the site. Previously I believed that I would need to physically remove the Stackwise cable in order to restore service by shutting the flapping link. It seems it is possible to shut the Stackwise port from the CLI although it is done from enable mode rather than Configure terminal. The command is.. Switch#switch 1 stack port 1 ? disable Disable stack port enable Enable stack port The first number 1 would indicate the switch number in the stack and the second number 1 after the port is the Stackwise port number you want to shut. Make a note of which switch and port you shut as it will not show up in the config or the show outputs which could prove tricky when you want to reenable it.. You can determine the status of the ports using the command below but not how ...

I have been working on building a resilient VPN architecture for our monitoring network. One of the stipulations was that it was not to use GRE tunnels and must be capable of terminating at any number of peer VPN devices on the customers network. Routing must work automatically and no manual intervention is required. The problem you get with using plain IPSEC tunnels is that first you need some way of knowing if the tunnel is up. Then you have to adjust the routing on the customer side so that traffic destined to your network exits their network via the router with the currently active IPSEC tunnel. This is not an easy task and has taken a while to come up with some workable designs to deploy. I have settled on IPSEC HA in our datacentre and using Reverse route injection on the customer network to push our subnets into their dynamic routing protocol. I will go through the RRI solution in the next post for now lets have a look at the IPSEC HA configuration. IPSEC HA is available on the ...