Sell me this pen... Networking |
- Sell me this pen...
- Honeypots... Any real world success stories?
- Copper repeaters - Anyone have a recommendation?
- Leaving the Cisco ecosystem
- Improving documentation
- Zayo as an ISP
- Consultant proposing Meraki to my manager
- Wireshark no longer analyze Quic/Gquic protocol
- Site-to-Site VPN drops and latency significantly increases anytime files are downloaded behind Cisco ASA.
- Switch to Active-Active HA Firewall Pair
- the common Palo Alto PA-2050 slowness topic - are there any fixes?
- Instruction manual to install and use OpenDaylight on a Cisco Catalyst 3650-24TSA-E and OpenFlow
- Is it possible to share an internet connection amongst two companies?
- PoE Intercom with 4 wires?
- Any device fingerprint service?
- Layer 1 errors on a good cable
- Aruba switch stacking - assistance
- Expanding Two-Tier Network
- MT-bulk v2.2 - with security audit option - open source tool that helps manage multiple Mikrotik devices
- Cisco Fp1000 local management mode SNMP config
- Transceiver Question
- Cisco HW Leasing
- Anyone here used Prisma Access (VPN SAAS) ? What are its pros and cons ?
| Posted: 31 Oct 2019 02:12 PM PDT Sorry in advance for the novel. I need help. I need convincing. I need someone to sell me on SD-WAN. Because I'm just not seeing where it is truly worth the insanely expensive licensing. Some back story: We're currently an entirely Cisco shop. Running 2900 or 4000 series ISRs at large locations and 881/891/1100's at medium and small locations. Some sites connect via a single broadband, some have broadband and a QOS'd DIA, the largest of sites have dual MPLS and dual DIA/BB. We have a variety for sure. Of course front runner right now for us is Viptela because Cisco. A lot of our gear can already support the SD-WAN image. All we need is licensing. We're also, however, in talks with Silverpeak and so far I'm pretty impressed with them as well. Boost sounds great. They both offer a form of forward error correction which is great. It's all centrally GUI managed. Cool. Here's where I'm at: We are a life and safety company. Redundancy/uptime/fault tolerance, especially of our 911 communication centers, is number 1. Yes SD-WAN is great for lightning fast failovers, circuit aggregation, forward error correction, etc. But I can also achieve 99% of this using IOS images on newer series routers. Our current WAN solution for non MPLS sites is a dual DMVPN cloud. I run 891's with FVRF that route voice/internal traffic over the primary tunnel via the DIA, and internet bound traffic uses the cable Broadband. By using the FVRF design, we get full mesh (DMPVN phase 3). DIA dies? BGP fails, voice/internal traffic take tunnel 2 over the Broadband. It's not stupid fast (I use 2 6 timers), but that can be resolved with BFD. Broadband fails? IP SLA kicks internet traffic over to DIA. So you get decent failover and both circuits are active simultaneously. For MPLS sites, the big rub right now is that only one MPLS circuit is active at a time. This can be resolved with ECMP, and the faster failover can be achieved with BFD as well. For our largest sites with multiple internet circuits (not used for DMVPN), CEF load-sharing can be utilized. I understand that compression at this point wouldn't be an option (as far as my knowledge of IOS XE goes, I don't think it's possible). And I know I won't get the intelligent layer 7 based routing - but to be honest I don't really give a shit that at 2 in the afternoon, the path to AWS over my DIA had 3ms lower latency than the path over my Cable Broadband circuit. I guess the point I'm trying to make is that, for the price we'd pay in not only gear but recurring licensing, I don't see enough of a benefit to make the case for buying into it. Most of what SD WAN does can already be achieved with existing code/licensing. Sure, it's more to build on the back end and there's no pretty GUI interface, but with the time and know-how, a similar experience can be achieved. The rest of my team is pretty gung-ho about it and I feel bad that I'm essentially acting as a road block, but I'm not convinced. Yet. I would like to be so that I can stop feeling like the bad guy, but I need more people, especially those with experience (hopefully) with an environment of at least our scale, to chime in. More context: We have almost 200 sites in 5 states. 70% of those sites have a single broadband circuit or LTE where broadband is unavailable. For now these would remain on DMVPN. Another 25% have either an MPLS and Broadband or MIS and broadband. We've slowly been converting all of their MPLS to MIS and relying solely on DMVPN for these locations. The last 5% have at least 2 MPLS and 1 or more Broadband/DIA circuits. This last 30% would be the candidates for SDWAN due to their multiple circuits. The 25% would be getting 1111 routers. And the last 5% would get 4431's or something like that. Depending on circuit bandwidth. I get that this is the future. And I knowwwww that MPLS and DMVPN are on their way out (some might even say they're already basically dead). But I guess it just really feels disenchanting to hear "oh yea this will decrease costs because you can lower your circuit costs... also the licenses are astronomically expensive." TL;DR: I think SD-WAN is overhyped and I don't think it's necessary for large enterprises who have engineers who are capable of providing the same design/experience without the shiny "ooohhh ahhhh" of point-and-click configurations or a Power BI-esque dashboard - SolarWinds and NetFlow can do that just fine. [link] [comments] |
| Honeypots... Any real world success stories? Posted: 31 Oct 2019 12:05 AM PDT I'm about to deploy a bunch of honeypots internally across the network. They will all be sending logs to a SIEM, which will alert on suspecious activity. This is all fine and dandy. And in theory this should up our awareness. I'm looking for war stories. dos/don't or any feedback really. Cheers. [link] [comments] |
| Copper repeaters - Anyone have a recommendation? Posted: 31 Oct 2019 11:51 AM PDT Just traced out a non-working network run to the far end of a building and it came in at 398 feet. Looking to buy a par of range extenders to make the distance, it's just for a couple of HVAC controllers so not worth redoing it proper. Anyone have a recommendation of brand/model that works well for them? [link] [comments] |
| Posted: 31 Oct 2019 01:24 PM PDT I have a bunch of Cisco products going End of Sale soon. This is a great time for me to explore other options, however we have been Cisco top to bottom for longer than I have been here. Phones, Wireless, switching routing. Our first step away from Cisco was to get Palo Firewalls. This was an unbelievably positive experience, and has left me feeling bold about exploring what else is out there. I have 3 more Cisco centric products bought and paid for, at which point I'd like to stop buying what they have to offer and start buying the best product for our needs. Two items on the horizon where we will have to find a new standard are wireless, and switching. Wireless the obvious choice to look at is Aruba alongside the Cisco offerings. Switching is a little less obvious. Our needs don't seem extreme to me, I need POE on every port, stackable switches, and 10g uplinks. Branch locations will also need some basic routing. I have managements backing to explore other options, and we have some 9200L's on order so we can get a look at the future of Cisco's lower end, but even they seem too feature rich for our needs, and with the licensing will increase our cost of ownership significantly over the 2960x we have been using. I'm thinking we check out HPE and maybe Juniper. Anything else worth looking at in the enterprise space? Has anyone gone through this process before? It is really tempting to stay on the path of least resistance but between my lack of needing the features they are selling and our recent experiences with the quality of their releases, I am thinking it is worth investing some cycles in seeing what else is available. [link] [comments] |
| Posted: 31 Oct 2019 10:14 AM PDT Hello all, Like so many engineers my technical aptitude is amazing and I can make almost anything work, but my documentation skills are not so good. I'm getting better as I do more projects but wanted to reach and ask if anyone has picked up any tips over time that have made thier technical documentation better? [link] [comments] |
| Posted: 31 Oct 2019 02:31 PM PDT People who use them for their data services how has your experience been? We are a k12 environment and use them for dark fiber which we have never had an issue. They bid on an erate rfp and were substantially cheaper than the next vendor. I read a thread about them being acquired the other day and some people being concerned about that. Just wanted to get some info from people who have used them before we decide to make the switch from our current provider. [link] [comments] |
| Consultant proposing Meraki to my manager Posted: 31 Oct 2019 01:23 PM PDT Hello. For about the past month, we've been working with a network assessment team of consultants due to some issues taken with the performance of our department. We've been horribly understaffed since I arrived here about 10 months ago. Recently, our manager has been working with consultants to perform assessments of the network and server/storage infrastructure and provide a package of solutions to "make life easier". My gut tells me a number of things but the main ones are that Meraki will be a horrible idea across the datacenter and will not be a replacement for Cisco catalyst switching. My other gut feeling is this is the beginning of my network responsibilities being phased out for something or someone else. Would anyone be willing to give me some ammo against these consultants suggesting Meraki for everything? [link] [comments] |
| Wireshark no longer analyze Quic/Gquic protocol Posted: 31 Oct 2019 03:56 AM PDT Anyone can explain me why Wireshark no longer analyze QUIC/GQUIC protocol? I need to complete my university thesis and i can't continue. Since July or August, all worked fine. Thanks for your help! ps: i tried latest wireshark version, but no one found gquic protocol. [link] [comments] |
| Posted: 31 Oct 2019 12:00 PM PDT I have a Cisco ASA 5506-X that has an outside interface being provided internet from a fiber 100/100mbps line. Over the past month or so something odd has changed. Anytime I initiate a download on an inside client behind my inside interface OR even a laptop directly connected to an inside-test interface on the ASA (that routes out the same outside line), my VPN tunnel suddenly drops multiple packets and or ping requests are 800+ ms. This is normally 42ms. If I'm running constant 4.2.2.2 ping requests, these are normally at 6ms but will spike way beyond that. The second the download is stopped, traffic resumes back to normal. Per TAC I upgraded to 9.10(1)30. No Firepower services running. There are no interface errors. I have a backup internet line and if I connect to that interface there are no issues. I have yet to plug my laptop directly into the ISP as I'm having a hard time finding downtime but wanted to see if anyone had thoughts on what may be causing this. Seems very odd this hasn't always been a problem. When I can plan an outage I plan on connecting my laptop directly to the Outside interface and testing. Then plugging directly into the ISP without the ASA in the picture. Finally configuring the outside interface on a different port on the ASA. Any suggestions on what I can test before then would be appreciated. [link] [comments] |
| Switch to Active-Active HA Firewall Pair Posted: 31 Oct 2019 09:47 AM PDT If I have an HA pair of firewalls in active-active mode, how does the in (WAN) side know which one of the firewalls to send the traffic to? In my situation, I have Cisco switches before & after a pair of FortiGate 500e NGFWs. The source port only has 1 IP that is mirrored on both firewalls. If I change the firewall to an active-passive pair, traffic flows. I assume traffic flows because now only 1 device has the IP. [link] [comments] |
| the common Palo Alto PA-2050 slowness topic - are there any fixes? Posted: 31 Oct 2019 11:57 AM PDT My commits are now taking 3+ hours to go through on my single PA-2050. I'm planning on replacing it next year, but in the mean time it's killlinnggg me. A single typo costs me 6+ hours. All of the reading I've done I see people complaining about 15 minute commits...I'd love to have that. Calling Palo Alto gets me no where, they just say it's a known issue and I should upgrade. Are there any easy gotchas that I can look for in my config that would be slowing this down so much? [link] [comments] |
| Instruction manual to install and use OpenDaylight on a Cisco Catalyst 3650-24TSA-E and OpenFlow Posted: 31 Oct 2019 07:10 AM PDT Introduction For a school project, we made an instruction manual and -video on the topic: how to install and use OpenDaylight on a Cisco Catalyst 3650-24TSA-E and OpenFlow. We think that this topic is useful for this subforum, so we decided to post it here. Enjoy! Instruction video: https://www.youtube.com/watch?v=kxKEmo26AMs&feature=youtu.be Published manual: https://forums.anandtech.com/threads/how-to-install-and-use-opendaylight-on-a-cisco-catalyst-3650-24tsa-e-and-openflow.2572469/ Back-up when published material is not accessible: https://drive.google.com/drive/folders/1hPdcUTAH7q1xy8ob4M8_EOqa_1pQ5E9Z Summary of the content:
[link] [comments] |
| Is it possible to share an internet connection amongst two companies? Posted: 31 Oct 2019 07:20 AM PDT Sorry for the somewhat confusing title. My wife owns a small business, and the office space is shared with another small business. Two of the rooms in the building are hers and the other belongs to the other business. Is it possible based on one incoming Internet connection to provide high-speed Internet to each business? We would want the Networks to be separate, since each business does have somewhat sensitive data. I've searched on Google but the top hits keep seeming to be from articles from 2003. It appears what I would need to do is connect the modem to a switch and then that switch connects to two routers, one for each business. Is that correct, is it that simple? Are there any guides out there the show me how to configure the switch or the routers? [link] [comments] |
| Posted: 31 Oct 2019 08:58 AM PDT Howdy folks. I've got an intercom I'm trying to get working. I'm attempting to use 4 wires leftover from our access control system. The run is going through about 200' of conduit that I can't get a fish tape through due to multiple bends and what I assume to be a sleeve about 180' in since I can't get past that point from either direction. So using those 4 wires, I connected the wires to the WO/O and WG/G at each end. WG/G should be supplying my PoE power, and the intercom lights up, so it's getting power. But I'm not getting an IP for the intercom. Any suggestions on how to make this work? New conduit and wiring isn't a solution and I've only got 4 wires to work with. Thanks! [link] [comments] |
| Any device fingerprint service? Posted: 31 Oct 2019 11:53 AM PDT Hi I'm looking to feed my network steams to find what type of device is on network. I'm not looking for any commercial solution but some direct feeds. One I came across is "fingerbank.org" . Does anybody know any other? Thanks Angel [link] [comments] |
| Layer 1 errors on a good cable Posted: 31 Oct 2019 11:49 AM PDT HVAC system shows offline from the control machine. Working to rule out the network. The controller in question autonegs 100/full, but switch shows nonzero counters in rcv-err, single-col, multi-col and runts (<100 each for ~5wks uptime). Port intermittently flapped ~10x in the past 2 weeks. Fluke Linkrunner cable test and Cisco TDR shows all 4 pairs are good. Looks to me like a faulty HVAC controller, or is it still possible the cable/switch is to blame? [link] [comments] |
| Aruba switch stacking - assistance Posted: 31 Oct 2019 09:32 AM PDT Hi all I have searched and searched but unable to find anything specific, some say its possible with certain firmware, but has anyone had any experience with the Arbuba 2540 24G PoE+ 4SFP+ Switch and pairing / stacking two together Essentially we want 2 switches for redundancy. If not has anyone had experience with similar model that is capable ? [link] [comments] |
| Posted: 31 Oct 2019 01:52 AM PDT Hey there, This is the initial situation - a simple Two-Tier network. The gateway for all clients and servers is Switch A with some ACLs for restricting access from and to guest VLAN. Let's assume our fictitious company wants to build a second building, 50 m / 328 ft. to the existing one - and this would be the planned situation. How would you set up the connection between Switch A and Switch B? My thoughts on this:
I'm scratching my head and hope you can help me. Thanks in advance! [link] [comments] |
| Posted: 31 Oct 2019 05:13 AM PDT Released new version, maybe will interest someone. New features:
Minor changes and fixes:
[link] [comments] |
| Cisco Fp1000 local management mode SNMP config Posted: 31 Oct 2019 07:55 AM PDT Hi all, I am fairly new to firewall configurations and I am trying to figure out how to set up my FP1000 to send alerts to our SNMP server. I could not find an option through the FDM(FirePower device manager). If anyone could point me in the right direction that would awesome. Just wanted o be clear. There is a SysLog option in the FDM, but I can't seem to input community string [link] [comments] |
| Posted: 31 Oct 2019 07:17 AM PDT So I have a couple media converters (1000BaseTX <---> 1000BaseSX) connecting two switches in two different buildings. I'm doing some RFC2544 testing and it is failing on Jumbo frames. I know jumbo frames are supported on my switches, could it be the older transceivers/media converters causing an issue? Do those things have an MTU or do they just blindly convert electrical signals? Thanks! [link] [comments] |
| Posted: 31 Oct 2019 05:16 AM PDT Hello Does anyone have Exp. with Leasing Cisco HW? My upper mgt is on the "no money train" and they're going at full speed. ive read about Cisco Capital. but i wannt some first hand exp. with it. [link] [comments] |
| Anyone here used Prisma Access (VPN SAAS) ? What are its pros and cons ? Posted: 30 Oct 2019 10:59 PM PDT |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment