East coast problems? Networking

---

• East coast problems?
• incredibly low level question about what part I need for this network rack to support some cable bundles...
• Recommendations for external dual band wifi antennas (Cisco compatible)
• Help understanding fiber optic setup
• What's going on with the service providers?
• Can Cisco privilege levels be used granularly within the 'configure terminal'?
• SSH/HTTPS Banners Pre-login or Post-login?
• IKEv2 for Native Clients (Win10, iOS, OSX, Android)
• SPAN Session on my 4507R+E
• Juniper QOS - Dedicated bandwidth for VOIP
• Question on permanent redirects (301) for http(s)
• cPacket Networks versus Gigamon

East coast problems? Posted: 02 Mar 2018 12:12 PM PST Does anyone know of anything happening on the East coast? Our monitoring software started going haywire about 20 minutes ago for our locations up and down the coast. They all vary on ISP's too, from Comcast coax to Lightower fiber. submitted by /u/Svoboda1 [link] [comments]

incredibly low level question about what part I need for this network rack to support some cable bundles... Posted: 02 Mar 2018 01:59 PM PST Very stupid low level question, but I've been unable to find something that looks like it will work. I have a 2-post network rack that has two big cable bundles coming out of the wall (not pretty I know). The cable braids were just supporting themselved but now they are kind of resting on a network appliance rack (as seen in the pic). What I am trying to find is some sort of cable support arm or something that I can hook onto the back and then add ties to support the cable bundles (something of that nature). So far, the best thing I've found is this: http://networkcableandpipe.co.uk/product/cs1-slotted-p-2663t/ as I would be able to kind of hoist the cable braids onto it and then secure them to it via cable ties.. submitted by /u/networkasssasssin [link] [comments]

Recommendations for external dual band wifi antennas (Cisco compatible) Posted: 02 Mar 2018 04:05 PM PST I'm looking for some recommendations from anyone who's used 3rd party external wifi antennas. Who's in this market that I can look at? I've only found Ventev so far. I've got a few high density rooms coming up and while I've always used Cisco antennas I'm looking into possible other/cheaper options. I'm hoping to find something close to the Cisco ant2513p4m however I haven't really found anything really comparable out there. Hope this within the 'rules'. submitted by /u/networknazi [link] [comments]

Help understanding fiber optic setup Posted: 02 Mar 2018 04:00 PM PST I'm starting my career in IT, and I'm supervising an installation of a small office communications rack. The company doing the installation is supposed to set everything up, yet I want to fully understand the set up. Fiber comes through the ceiling to an optical ethernet demarcation unit, which as i understand, has a transceiver. This in turn is connected through cat5 to a cisco switch. From port 24 (of 24) of the switch, a mikrotik router is connected. What i dont understand fully is why the ethernet demarcation unit is connected to the switch first instead of the router, and what exactly this device does (i have not been able to find much info online, nor any datasheets for the device, model minifiberlinx-ii). I'd love some help, either by an explanation or references. submitted by /u/not_user_telken [link] [comments]

What's going on with the service providers? Posted: 02 Mar 2018 12:52 PM PST https://www.geekwire.com/2018/widespread-outage-amazon-web-services-u-s-east-region-takes-alexa-atlassian-developer-tools/ http://pacific.sine.com/cgi-bin/smokeping.cgi?target=resy.draft-twc http://downdetector.com/status/spectrum/map/ Could this be related to memcache? Looks like there's wide spread network outages on the east coast and now moving west.. submitted by /u/NetworkLooper [link] [comments]

Can Cisco privilege levels be used granularly within the 'configure terminal'? Posted: 02 Mar 2018 12:28 PM PST I have looked without success for a way to create a privilege level on a Cisco switch that would allow a user to access 'config t' and then either 'no shut' nor 'shut' a switchport. We really only want the users to be able to do that one task. I saw that something like this was available through TACACS, but no luck on what commands, or if it's even possible. Thanks in advance. submitted by /u/rmavery [link] [comments]

SSH/HTTPS Banners Pre-login or Post-login? Posted: 02 Mar 2018 01:23 PM PST Having a spirited debate with a colleague about whether there should be a banner prior to a login or after a login. His stance is that we should minimize as much information being told to someone scanning and have the banner display upon a successful login. I suggested we should have a minimal banner displaying no company information, only a generic banner deterring anyone from attempting to login. I am of the belief that a post-banner doesn't hide anything, the port itself is going to appear open anyway. Thoughts? submitted by /u/Cekuro [link] [comments]

IKEv2 for Native Clients (Win10, iOS, OSX, Android) Posted: 02 Mar 2018 09:17 AM PST I am developing a VPN solution that leverages the native client built-in to all the modern operating systems. My VPN server is a FortiGate, and I am trying to authenticate against a Cisco ACS RADIUS server. I want to use username/password auth for now, no identity certs. The VPN server and RADIUS server have certs issued from our internal PKI. Right now, I have Windows 10 clients working as expected. The only cert I have on the client is the root ca in the trusted root store. Apple clients, not so much. They fail right away. Now if I change the auth locally to the VPN server, Apple clients can connect. The error that I see on the RADIUS server is that the EAP method the client is sending is not accepted (EAP-MSCHAP). When I look at the logs for the Windows clients, I see that they are using EAP-PEAP as the EAP method. From Apple's documentation (https://help.apple.com/deployment/ios/#/ior0f9aea818), the clients support EAP-PEAP, EAP-TLS, and EAP-MSCHAPv2. So my question to my favorite subreddit is: Does anyone have native iOS/OSX clients connecting to an IKEv2 VPN using EAP-PEAP with only a username/password (no identity/device cert)? If so, what should my .mobileconfig look like for this to work? submitted by /u/smilin_j [link] [comments]

SPAN Session on my 4507R+E Posted: 02 Mar 2018 08:52 AM PST I'm running a C4507R+E with a Sup 7L-E 10GE card and i'm looking into limits of SPAN ports to support a new security initiative for a SIEM device. I inherited this network and unfortunately the 4500 is our Core, Distribution and Access, so I have a ton of VLANs they are going to want mirrored and a few other physical ports. This sup allows me span up to 8 ports (which sounds scary in terms of stability) which i'm afraid won't be enough. Would network taps possibly help me out here or is the design of this Data Center just not creative enough to support what i would need done. submitted by /u/bicho6 [link] [comments]

Juniper QOS - Dedicated bandwidth for VOIP Posted: 02 Mar 2018 10:21 AM PST I operate an ISP and offer basic broadband circuits of varying bandwidth. I typically drop a Juniper SRX320 or SRX340 on-site to act as PE for my MPLS backbone. Some of my customers are having issues where they are maxing out their bandwidth and experiencing quality issues with VOIP calls (as expected) These customers are very non-technical and do not have the proper equipment on-site to properly split the bandwidth before it leaves their network. I would like to configure my PE device to use QOS to allocate a dedicated amount of bandwidth for VOIP traffic. So if they purchase a 20Mbps circuit, I will allocate 15Mbps for non-VOIP traffic, and 5 for VOIP traffic. Any configuration guides for JunOS that will get me on the right track? submitted by /u/neteng311 [link] [comments]

Question on permanent redirects (301) for http(s) Posted: 02 Mar 2018 10:33 AM PST Hello r/networking - this is my first post in this sub! Got a DNS question regarding an http 301. I set up the redirect for a domain name (using Google Domains). In the browsers I've tested, it works fine with the http protocol, but does nothing with https. I imagine setting SSL certs will fix it, but I don't want to go through all that if it can be avoided. Is there a concept I'm missing? Anybody know of a trick or an easy workaround? submitted by /u/quantumtom [link] [comments]

cPacket Networks versus Gigamon Posted: 02 Mar 2018 09:53 AM PST Does anyone here have hands on experience with cPacket Networks cVu hardware and are you able to give a comparison of it versus Gigamon? Pro's/con's? We are looking at a possible POC of cPacket Networks cVu 160NG for spanning traffic from Cisco Nexus 7009 (Core and DIST VDC's) and multiple Cisco Nexus 5548's (Internet, DIST for FEX'es, and MWAN) as well a tapping (4) AT&T SIP circuits and off-loading to multiple tools (LiveAction, Lancope StealthWatch, tcpdump packet capture server, Samplicator engine, etc). Gigamon is sooooo pricey and the cPacket Networks hardware includes a lot of what the Gigamon folks charge extra for (de-dupe, Netflow, packet slicing). submitted by /u/01Arjuna [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States