I have a new stack of three 9300s that seem to route traffic in some very confusing ways. I can reach the vlan address on the switch (10.214.184.1) from my workstation: # mtr -rnc 10 10.214.184.1 HOST: c00464.lereta.com Loss% Snt Last Avg Best Wrst StDev 1. 198.204.114.232 0.0% 10 0.3 0.4 0.3 0.6 0.1 2. 10.212.3.178 0.0% 10 0.2 0.3 0.2 0.4 0.1 3. 10.214.184.1 0.0% 10 47.8 46.7 33.0 65.3 9.4 Next I plugged a laptop to the new stack and it got an address (10.214.184.50) from the DHCP server. However, when I try to traceroute to the laptop the traffic does not get there or the return packets are not getting through. # mtr -rnc 10 10.214.184.50 HOST: c00464.lereta.com Loss% Snt Last Avg Best Wrst StDev 1. 198.204.114.232 0.0% 10 0.3 26.4 0.3 261.7 82.7 2. 10.212.3.178 0.0% 10 0.3 0.3 0.2 0.3 0.0 3. ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 If I ping the laptop IP from the switch it works fine. # ping 10.212.184.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.212.184.50, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/46/56 ms If I scan the laptop IP things start to get really weird: # nmap -A 10.214.184.50 Starting Nmap 7.60 ( https://nmap.org ) at 2018-05-16 14:07 PDT Nmap scan report for 10.214.184.50 Host is up (0.055s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 80/tcp open http nginx |_http-server-header: nginx |_http-title: Site doesn't have a title (text/html). 443/tcp open ssl/http nginx |_http-server-header: nginx |_http-title: Site doesn't have a title (text/html). | ssl-cert: Subject: commonName=IOS-Self-Signed-Certificate-909702223 | Not valid before: 2018-05-11T23:07:54 |_Not valid after: 2020-01-01T00:00:00 |_ssl-date: TLS randomness does not represent time | tls-nextprotoneg: |_ http/1.1 8090/tcp open http nginx |_http-server-header: nginx |_http-title: 502 Bad Gateway Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|specialized|storage-misc Running (JUST GUESSING): Linux 3.X|4.X (91%), Crestron 2-Series (87%), HP embedded (85%) OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3 Aggressive OS guesses: Linux 3.2 - 4.8 (91%), Linux 3.10 - 4.8 (89%), Linux 3.18 (87%), Crestron XPanel control system (87%), Linux 3.16 (86%), HP P2000 G3 NAS device (85%) No exact OS matches for host (test conditions non-ideal). Network Distance: 3 hops TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 0.35 ms 198.204.114.232 2 0.34 ms mx400-01.lereta.net (10.212.3.178) 3 64.13 ms 10.214.184.50 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 27.81 seconds I am absolutely certain there is no web server at all on the laptop much less nginx. When I use a browser to reach out to 10.214.184.50 I get the web management interface for the switch stack! I can log in and everything. What I cannot do is connect to anything beyond the stack and that makes no sense at all to me. In the old days I could stack 3750s or 3850s, define some VLANs, set some routes, and everything worked.  I cannot figure out what the 9300s do differently. (Some of the preformatted text above did not format clearly so I hope it is readable.) ... View more

I received a spec sheet for a P2P VPN between an ASA 5585 and our ASA 5525 with the above requirement. AFAIK, it is not an option for the Cisco ASA. I think I've seen such an option for Checkpoint but, thankfully, we don't do Checkpoint here.   OTOH, I could be wrong and would appreciate someone setting me straight. ... View more

I am trying to get a couple of Firepower 2130s registered with the management console.   First, I added a pre-shared key: > configure manager add co-fpwr01.lereta.net <alpha-numeric key> When I tried to add the device it fails and, to top it off, the web interface on the 2130 now returns an error 503. I am guessing that somewhere along the line I crashed a process on the 2130 and I cannot get it back.  Even a reboot didn't help. I hope this is fixable. ... View more