Moronic Monday! Networking |
- Moronic Monday!
- Help understanding Windows NAT Instances vs NAT Objects and their relationship to Internet Connection Sharing (ICS)
- Cisco UCS rack extension
- Local ISP in Dallas-Fort Worth area, has anyone used these before?
- What are higher ed type environments are doing with NAC?
- Modelling a Network and documenting from a Project Manager perspective
- Used Meraki Gear Question
- Is Cisco Anyconnect the only way to do this?
- Access switch best practices
- VSS horror stories?
- Cisco Prime - useabillity
- Certain traffic over MPLS very slow
- Multi-Homed Public IP within a Private Network.
- ACI APIC/switch firmware issues?
- Basic CSR 1000v Spec Question
- Disadvantages to using longer power cables for networking equipment?
- How much resources take your labs in in GNS3 and other related emulators?
- Length of fiber patch in same box?
- Firesight network destination list
- pull remote config of nx-os switch from linux
- Basic help with VLAN for network video recorder with IP cameras connected
- Need help creating a VPN connection on Amazon-VPC using a Zyxel USG20.
- How do you guys do IPSec Data Center HA?
| Posted: 19 Mar 2018 05:12 AM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments] |
| Posted: 19 Mar 2018 11:43 AM PDT For context, we're exploring using Docker For Windows for developer machines, and I've been tasked with determining if things have matured enough on Windows to actually be of use to us. There's a lot networking behavior that docker does on windows that is...less than transparent. Without getting into the minutia, my current hunch is that the rosetta stone to this behavior has something to do with understanding "NetNat objects" versus "NetNat instances". I know this is a long shot since I'm guessing most folks on this subreddit don't do Windows work, but here's hoping. In short, after a Docker For Windows installation, there is definitely Network Address Translation happening as evidenced by the output of the Given that there is NAT activity happening, I would expect to see NAT objects returned by the To add to the mystery, if I add NAT myself via some PowerShell: ...the Get-NetNat cmdlet does, in fact, show a NAT object: ...and it works as expected. (EDIT: To clarify, nothing is / was ever broken, I'm just trying to understand how docker can perform NAT without creating a NAT object like the above PowerShell does). So my question boils down to - what is the difference between "NAT instances" that don't seem to need "NAT objects" to perform Network Address Translation and "NAT objects" (and their corresponding "NAT instances") that perform Network Address Translation? Another related mystery that is bothering me. If you look at the output of [link] [comments] |
| Posted: 19 Mar 2018 11:54 AM PDT So I have a cage full of racks but I did a poor job of future proofing my infrastructure rack. I have 4 UCS chassis and the Fabric interconnects in the first rack. It is filled up with storage devices as well. I need to expand to another rack but the next available one is about 20 ft away. The core switch (nexus 9k) is in the rack right next to it and I just have my uplinks from the FIC plugged into it. I believe I made a mistake by plugging storage devices into the FIC instead of the Nexus (will have to fix this later). How do I extend my new rack that I plan on putting more storage and UCS chassis into back to the first rack? Do I just run my IO modules on the chassis back to the original FIC (thats a lot of cables)? Or do I need to buy another set of FICs? I am probably planning on buying like a nexus 2k to extend back to the core for the storage expansion devices in this new rack instead of plugging them into the FIC. What is best practice to expand a UCS rack? Edit 1 - I am using twinax cables for all data traffic and cat5 for mgmt ports. New rack would be too far away to keep using twinax. [link] [comments] |
| Local ISP in Dallas-Fort Worth area, has anyone used these before? Posted: 19 Mar 2018 12:24 PM PDT Hi all, I hope it's okay to post this here, otherwise let me know and I'll move this elsewhere(where?). I'm looking into ISP's in the Dallas-Fort Worth Texas area, I have found few reviews on 3 ISP's that I have my eyes on. So I figured to ask if anyone has experience with either of these, and what it was like?
Thanks in advance! -edit- This is for a business, looking to get fiber @ 500 Mpbs up/down. [link] [comments] |
| What are higher ed type environments are doing with NAC? Posted: 19 Mar 2018 08:22 AM PDT I'm at a stage where I'm looking at potential long-term software replacements. One of the areas I'm looking at is NAC... we had Cisco NAC and then went to SafeConnect. My issues with SafeConnect are no IPv6 and that it doesn't really integrate to the level I'd like with our Cisco wireless system and Prime Infrastructure. ISE would be an obvious choice to improve in both of these areas, however, endpoint posture and enforcement seems pretty expensive with the Apex licensing. Currently, we require Windows and Mac endpoints on our wireless and residence network wired/wireless to install the policy key which allows us to enforce on banned software, OS versions/updates, AV status, DNS settings, etc. There is no policy key install for Linux, gaming consoles, mobile devices, etc so they pretty much get a pass other than having to sign-in every so often. I asked one of our Cisco SEs about it and he seemed surprised we were doing that level of enforcement in a BYOD environment. I'm curious what other education environments, especially ones with on-campus housing networks, are doing in this area? edit Please excuse the badly worded title... probably should have double checked that before submitting. [link] [comments] |
| Modelling a Network and documenting from a Project Manager perspective Posted: 19 Mar 2018 08:32 AM PDT I am attempting to model a Campus Network and that portion is quite easy I use Visio and just pull in the parts of the Network I need documented. The issue I have is fluffing out documentation, we are using this (Systems Development: A project Management Approach) and its about as bland as cardboard crackers and I can't seem to figure out what my professor is looking for and the man pretty much speaks in riddles. [link] [comments] |
| Posted: 19 Mar 2018 09:06 AM PDT I apologize if this is not the right sub for this quesiton. If so, please recommend an alternate. Thanks! A school I support recently removed Meraki equipment in favor of Fortinet. They had 3x Meraki MX100 firewalls and were hoping they could sell them to recoup a small portion of the replacement equipment cost. Due to the subscription nature of Meraki equipment, is this even possible? If so, how would one go about it? [link] [comments] |
| Is Cisco Anyconnect the only way to do this? Posted: 19 Mar 2018 01:15 PM PDT I'm working on a project to implement user and machine authentication with ISE. Machines will authenticated via their machine accounts, and users need to be authenticated via certificates on a smartcard. I know that it can be done with Anyconnect, although I understand it can be a bit finicky. Almost all discussions I can find are several years old, and have stated that AC is the only supplicant that could do it then. Looking at the Windows supplicant (W10 home, 1709), I still don't see an option for user+machine authentication. I'm guessing both, via EAP chaining, still isn't available in the Windows supplicant at this time. If that's true, are there any others out there? [link] [comments] |
| Posted: 19 Mar 2018 12:39 AM PDT Which features you usually add 'by default' for your access switches? We have L2/L3 at the distribution level so the "L2 area" is somewhat limited, for example STP isn't spanning the whole enterprise This is the first list of things I came up Do you use port security? Or anything else I should consider as default? Thanks! [link] [comments] |
| Posted: 19 Mar 2018 06:42 AM PDT Hey Our team is thinking about putting VSS in our super importand data-centers. I know a few storries where VSS has taken down both boxes in the pair, but I am sure there are more spectacular stories out there. What are your VSS horror stories? [link] [comments] |
| Posted: 19 Mar 2018 04:56 AM PDT Hello im testing Cisco Prime 3.3 for Wireless and Wired. im curious if here are some people who actually has Prime in use and could give me some feedback about it. i need some real usecases where prime is a major factor for you. like troubleshooting, overview of your infrastructure and so on. [link] [comments] |
| Certain traffic over MPLS very slow Posted: 19 Mar 2018 02:00 PM PDT Our main office is connected to several smaller sites using MPLS circuits (1gbps handoff here at the main office, shared with 9 smaller sites each with a 1gbps handoff) All network services come through the main office (voice, lan, internet). On occasion we get complaints about slow internet at the sites. I have done iperf testing from our main office to the sites (and vice versa) and found speed to be within an acceptable range. However, I recently found a repeatable way to show that there IS actually a problem. There is a 60MB file hosted on icloud that is almost impossible to download at any of our MPLS supported sites. I can download this file from our main office without issue, it takes only a moment to download the full 60MB file. With 100% consistency, when I attempt to download this file over the MPLS circuit it never completes or takes a LONG time. I have ruled out our content filter as the source of the problem. Most other internet traffic seems to work just fine (certainly there must be more problem traffic I just have not identified it). Any ideas? I used wireshark to capture traffic but I am not well versed in packet analysis. It looks terrible though, tons of black. TCP Out of order, TCP retransmission, TCP Dup Ack, TCP Spurious Retransmission. Filtered based on the IP of the host and of Apple 17.x.x.x it's over 3mb for 17seconds of interesting traffic. [link] [comments] |
| Multi-Homed Public IP within a Private Network. Posted: 19 Mar 2018 05:05 AM PDT It's a question I have been pondering on. Research has proven futile and I would merely like to know whether or not it is possible for a Multi-Homed Server to have a Public and a Private IP. The situation stemmed from a problem (a mere study project) where I need to get servers into a DMZ. Simple enough to map out, I hope. However, these servers also need a private IP for use by the admins. [link] [comments] |
| ACI APIC/switch firmware issues? Posted: 19 Mar 2018 12:53 PM PDT This all started when we upgraded the APIC to 3.1 then did a remove/re-register attempt on some spine and leaf switches before upgrading them to 13.1. This lead to the switches coming back online as unsupported. We managed to upgrade them using the oob management, but they still come back as unsupported. I've attempted to do some setup-clean-config.sh to get the switches back to default state. Within the APIC fabric membership section I can see the wiped switches as blank registered switches waiting to be added to the fabric. On the switch itself however, a few minutes after reload the switch seems to revert to it's previous configuration (hostname changes from none to XXX-Leaf101, etc). It seems to be downloading this from the APIC, as I've reloaded the switch once after disconnecting it's connection to the spine and it came up blank and stayed blank, only to suddenly rename itself once the spine connection was restored. Any ideas? [link] [comments] |
| Posted: 19 Mar 2018 02:59 PM PDT I've never worked with CSR 1000v before and I've just got a basic question in terms of specs. I see that the device is licensed by throughput level and feature set. Since this is a virtual device with its actual potential performance based off of RAM/CPU availability, should I expect degraded performance when running certain types of traffic, encryption, NAT, etc.? Or to put it more directly: If I license a CSR 1000v for 500mbps with Security feature set, should I expect real-world 500mbps IPSec throughput, since the "physical" limitation of the device is significantly higher than 500mbps (assuming I allocate appropriate RAM/CPU)? I've been trying to dig around for actual real-world numbers, similar to these studies for the physical ISRs, but have not been able to find much useful info on this subject regarding CSR 1000v in particular: ISR G2 Performance Overview Any info is appreciated, even anecdotal. Thanks in advance to anyone who can provide some insight! [link] [comments] |
| Disadvantages to using longer power cables for networking equipment? Posted: 19 Mar 2018 02:29 PM PDT I'm setting up a Catalyst 9300 stack (2 switches) that use two 350WAC PSUs per switch. The supplied power cables are 18 AWG. I need to plug them into PDUs that are about 11 feet away from where they are racked. Will I face any noticeable electrical resistance by using 12ft 18 AWG power cables to these switches? Maybe go with a lower AWG like 14 AWG? [link] [comments] |
| How much resources take your labs in in GNS3 and other related emulators? Posted: 19 Mar 2018 02:25 PM PDT Gonna upgrade my pc soon. At work using EVE-NG but the client-server solution won't last too long because of a sys admin that will convert my ESXi lab into Hyper - V So I'll learn at home and wanna know how much strong computer do I need - how many cores and especially memory. BTW, still beginner but once I'll be advanced, too [link] [comments] |
| Length of fiber patch in same box? Posted: 19 Mar 2018 10:35 AM PDT We have some fiber distribution panels where several buildings terminate in the same box and need connections to each other. I'm trying to figure out the best method to connect them. I have some 1/2 foot single mode jumpers left over from another project that work nice but are hard to get quickly. The other method is to come out the box, go through the cable management, and go back in. This feels dumb but works with the smallest common lengths of 1 and 2m. Am I missing a better way? [link] [comments] |
| Firesight network destination list Posted: 19 Mar 2018 12:59 PM PDT I have users who will spin up temporary systems in Azure and make SQL calls to them. Since it's not HTTP/S related there's no SNI and therefore I can't filter on URL. Stuck with using only the IP it seems. I'll need to allow the entire region to prevent issues? Any recommendations on how to tackle this? Rather not build 250+ network objects and continue to manage it. [link] [comments] |
| pull remote config of nx-os switch from linux Posted: 19 Mar 2018 12:52 PM PDT like ios switches you can do like scp user@switch:running-config backedupfile I have not yet to figure out how to do it with NX-OS anyone got any tips? [link] [comments] |
| Basic help with VLAN for network video recorder with IP cameras connected Posted: 19 Mar 2018 04:25 AM PDT Good morning everyone I'm in the final stages of planning an ip camera system at a relatives house. I have already purchased a Hikvision NVR ( network video recorder) and the ip cameras. Originally I planned to just plug it into my router and set a strong password on the nvr. After doing some more reading I see I should create a vlan to add an extra layer to protect the video feed. Video will mostly be viewed within the lan but we would like smartphone app access while outside the house as well. Can someone please post a couple links that can help me get up and running to create a vlan and what extra equipment I may need? The nvr has 8 ip ports that supply power and deliver video from the cams. I've done some looking around and I can't find specific info for my situation. I thought it would be easier to look up. Maybe I need better search keywords so if you can suggest those too. I have excellent electronics technician skills but only moderate networking skills Thanks! [link] [comments] |
| Need help creating a VPN connection on Amazon-VPC using a Zyxel USG20. Posted: 19 Mar 2018 07:50 AM PDT I need some direction on how to create an IPsec VPN connection from my Zyxel USG20 to Amazon-VPC. We currently have a Zyxel USG20 in a Location connected to the internet. A Zywall 110 located in the office connected to a server running squid on centos. The Zyxel USG20 connects to the Zywall 110 via an IPsec VPN connection. The squid allows me to connect to the Zyxel USG20 via a central IP and a port number which directs to which ever Zyxel USG20 containing that port. So far I've created a VPC with a private subnet only and VPN access. I've put the IP of the Zyxel USG20 (the LAN1 IP) as the custome gateway IP. Then i downloaded the config file set up the VPN connection on the Zyxel USG20 using the config file from the VPC. Now on the Zyxel it says that there is a connection to the VPC. Now I'm at the stage where I'm not sure where to go next. Do I need to attach the VPC to a EC2 instance install Squid3? How do I route the connection from the Zyxel USG20 to the VPC so I can connect it via proxy? [link] [comments] |
| How do you guys do IPSec Data Center HA? Posted: 19 Mar 2018 01:10 AM PDT Hi all. We currently have a primary and redundant DC, both with an SRX as our external firewall which we use to terminate our IPSecs, however if our primary were to die we'd lose all those IPSec connections. So I was curious, is there a best practice for setting this up? [link] [comments] |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment