FreeZTP: Zero-Touch Provisioning for Cisco IOS Networking |
- FreeZTP: Zero-Touch Provisioning for Cisco IOS
- What does everyone use to test LAN throughput?
- What would be the best way to have close to 30 Ethernet connected IoT devices spread over a large area?
- ACL to block networks from seeing each other
- VPN for home devices?
- Performance Issues on 10.0.0.0/8
- Very weird internet issue, beyond my ken.
- IPV4 /22 networks leasing to 3rd party
- Network Enclosure in X-Ray Room?
- Tools to create maintainable network diagrams?
- network design help 1
- Blackhole device WiFi traffic from 1 Cisco WAP - Looking for suggestions
- Access points installed in elevators
- Documentation Request - Application dependency firewall template
- Tip for documenting rack (rackdiagram)
- ISE Tacacs help!!
- Anyone doing SD-WAN with multi-connectivity into CoLo/peering/exchange sites ...
- nativ L2TP/IPSec not working after Windows 10 Spring Update
- Branch office PoE switches with little inter-switch traffic: 1x48 vs 2x24 port?
- FreeRadius BYOD auth
- Anyone remember the Microsoft bluetooth alternative from 2000?
- I'm paying $60/yr for Dyn Standard on an IP that might change once a year. Any alternatives?
FreeZTP: Zero-Touch Provisioning for Cisco IOS Posted: 18 Apr 2018 10:06 PM PDT I finally got around to publishing this project I have been working on for a while. It is an open-source zero-touch provisioning system for Cisco IOS which allows you to create unique configs for your switches by serial number. The GitHub page has all the info as well as a link to the install demo video. Check out the GitHub Page [link] [comments] |
What does everyone use to test LAN throughput? Posted: 19 Apr 2018 07:54 AM PDT I am testing an Wi-Fi AP. The datasheet says with Link Aggregation I can achieve speeds up to 2Gps, and I want to test that it will at least get above 1Gps as advertised. I have a 10G LAN. Thanks in advance for the advice. [link] [comments] |
Posted: 19 Apr 2018 01:39 PM PDT I cannot use any type of wireless technology for this project due to regulations. I'm thinking I'll have a Switch at the main data entry point and that will split off into the IoT devices. The problem is that many of them will be greater than 100m away from the Switch and there are no access points that far away. What would be an affordable solution to this? Some kind of ring structure where they are all connected with some kind of signal booster at certain points? [link] [comments] |
ACL to block networks from seeing each other Posted: 19 Apr 2018 10:18 AM PDT Hey All, Have a question about ACLs. I have one setup on the SVI of vlan 502 that does the following Extended IP access list DENY-NETWORKS-IN-ACL 3 deny icmp any 10.5.4.0 0.0.0.255 (133 matches) 4 deny icmp any 10.5.20.0 0.0.0.255 (54 matches) 5 deny icmp any 10.3.20.0 0.0.0.255 10 permit udp any any eq bootps (3726 matches) 20 deny ip any 10.5.4.0 0.0.0.255 (21572 matches) 30 deny ip any 10.5.20.0 0.0.0.255 (115978 matches) 40 deny ip any 10.3.20.0 0.0.0.255 50 permit ip any any (176199809 matches) On my core switch I have vlan 504 configured with a address of 10.5.4.1 and on my access switch i have vlan 504 configured with an address of 10.5.4.11. These are both the DGs on their respective devices with vlan 504. So everything works great, except that when I do a port scan from the 10.5.2.0 network of the 10.5.4.0 network I get responses from both DGs saying that ports 22 and 443 are open. I would figure that they would be completely blocked but they are responding to the scans. So my questions are... - Is this normal behavior since they are gateways? - Is there are way to create an ACL so that they arent responding to scans from the 10.5.2.0 network on 22 and 443? [link] [comments] |
Posted: 19 Apr 2018 03:51 PM PDT Is there any good products to protect home devices like console etc. Hardware or software I'm not bothered. [link] [comments] |
Performance Issues on 10.0.0.0/8 Posted: 19 Apr 2018 03:39 PM PDT I was called to help out a local church with some significant network stability problems; intermittent speed, timeouts, etc. Fairly large, they see around 800-1000 people in a service. Started digging around and discovered they were set up on a 10.0.0.0/8 subnet - I know this makes ARP attacks pretty easy, but could 16 million possible IPs be contributing to the network instability? [link] [comments] |
Very weird internet issue, beyond my ken. Posted: 19 Apr 2018 02:57 PM PDT Hi. We have a new internet circuit through Verizon (unsure of LEC), business class, 100/100. We get those speeds as long as we stay in the metro NYC area. Once we go out - to California, Chicago, etc - those speeds drop to 10/5. Latency cross-coast seems normal, but we aren't used to this. I understand as latency goes up, our throughput goes down, but it shouldn't be like this. My best guess is a BGP table entry error somewhere? duplicate paths once we get outside the LEC network? Or maybe a peering choke, but that shouldn't happen with such a small circuit on Verizon, right? I have no idea how to troubleshoot this, and Verizon says "you're getting your 100mb, not our issue". Thanks in advance. Scary edit: traceroutes. latency is 72ms. NY to LA: C:\Users\username>tracert -d 70.231.54.177 Tracing route to 70.231.54.177 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 192.168.1.3 2 2 ms 1 ms 1 ms 207.86.176.141 3 2 ms 2 ms 43 ms 216.156.16.212 4 2 ms 2 ms 2 ms 216.156.16.133 5 13 ms 3 ms 3 ms 206.111.13.246 6 79 ms 70 ms 71 ms 12.122.131.86 7 71 ms 71 ms 70 ms 12.122.1.2 8 73 ms 72 ms 70 ms 12.122.2.53 9 74 ms 71 ms 71 ms 12.122.28.77 10 74 ms 71 ms 71 ms 12.122.28.46 11 76 ms 71 ms 77 ms 12.122.1.185 12 72 ms 74 ms 71 ms 12.122.85.37 13 * * * Request timed out. 14 71 ms 70 ms 71 ms 75.20.1.78 15 * * * Request timed out. 16 73 ms 72 ms 72 ms 64.148.105.209 17 72 ms 72 ms 72 ms 104.191.67.108 18 73 ms 73 ms 72 ms 70.231.54.177 19 72 ms 72 ms 72 ms 70.231.54.177 Trace complete. LA to NY C:\Users\username>tracert -d 207.86.176.142 Tracing route to 207.86.176.142 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 192.168.3.3 2 <1 ms 205 ms 79 ms 162.195.124.1 3 2 ms 1 ms 1 ms 64.148.105.208 4 * * * Request timed out. 5 4 ms 7 ms 7 ms 12.83.38.201 6 6 ms 7 ms 7 ms 12.122.128.101 7 4 ms 4 ms 4 ms 205.158.79.241 8 70 ms 70 ms 70 ms 207.88.13.10 9 70 ms 70 ms 70 ms 207.88.12.182 10 70 ms 70 ms 70 ms 216.156.16.179 11 72 ms 72 ms 72 ms 207.86.176.142 12 72 ms 72 ms 72 ms 207.86.176.142 Trace complete. image of d/l test from various AWS points: https://imgur.com/a/ENNrJJn [link] [comments] |
IPV4 /22 networks leasing to 3rd party Posted: 19 Apr 2018 10:24 AM PDT Has anyone here used one of the 3rd party brokers to lease out an unused /22 ipv4 network before? Looks like the going rate is $350USD/month for these. Any idea on the procedures for doing this (i.e. do I need to notify ARIN or do anything with it?) [link] [comments] |
Network Enclosure in X-Ray Room? Posted: 19 Apr 2018 02:07 PM PDT Would the x-rays interfere with the equipment? I can't seem to find solid advice one way or the other. I've seen PCs in the suites before, but those won't take down a whole wing if they crash. We're looking at a wall-mount enclosure with patch panels and a few switches, and possibly a small NAS. The X-ray is a basic DR table - not anything high-output like a CT or fluoro C-arm. The client wants the cabinet to live there so they don't sacrifice any other space, and they are worried about the noise putting it in office areas. [link] [comments] |
Tools to create maintainable network diagrams? Posted: 18 Apr 2018 08:51 PM PDT I have during the years used Visio and/or Dia to create my network diagrams (mainly for documentation) but the graphical tools tends to take more and more time to deal with when you need to rearrange diagrams because you suddently added another device or for that matter when you end up with complex networks with plenty of network connections (that is physical network diagrams) or for that matter plenty of link aggregations - quickly it becomes hard to see which cable goes were (or Im just lacking skillz to properly use visio/dia ;-) Using something like graphviz is something Im looking forward to but I havent managed to get any good output from this. Anyone in here using graphviz (or similar that is textbased tool where you define the connections and then "compile" into a pdf or such) successfully and can share good examples? I recently stumbpled upon the diagrams made by Cumulus on their documentation pages but I dunno if the graphviz reference is purely programmatically (that is they cheated by creating the diagram in Visio anyway) or if the picture shown at "Basic Topology Example" (https://docs.cumulusnetworks.com/display/DOCS/Prescriptive+Topology+Manager+-+PTM) actually is rendered/compiled through graphviz? If not (that is they cheated) the picture of the topology example is what I would define as a good looking and easy to understand physical network diagram, any of you who knows if its possible to use graphviz to create such? It doesnt necessary need to have all the coloring (Im happy with black/white rectangular boxes as devices). [link] [comments] |
Posted: 19 Apr 2018 04:29 AM PDT Hi all, I'm hoping for some help, full disclosure this is for an assignment so please steer me in the right direction if i'm way off. Appreciate any help that i can get and try not to laugh at some of my questions :) Task: Redesign a corporate network, key points:
Here is a picture of what i've designed (rough draft): https://imgur.com/a/zKEzTpu Notes:
Suggested hardware:
https://www.cisco.com/c/en/us/products/switches/catalyst-9300-series-switches/index.html Security notes:
Questions:
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
http://study-ccna.com/cisco-three-layer-hierarchical-model/
Any links to best practices or designs welcome, i'm pretty green in this space. I'm just trying to get the high level stuff sorted and will drill down into further detail as i go. Thanks in advance. [link] [comments] |
Blackhole device WiFi traffic from 1 Cisco WAP - Looking for suggestions Posted: 19 Apr 2018 11:53 AM PDT Hello - I'm looking for suggestions and hoping to get some thoughts. My problem is that we have employees spending far too long in the restroom, we believe on the internet on their phones. Only 4 stalls for 100+ employees has made this a bit of a challenge. I've been asked to find a way to limit connectivity to the room, in hopes of limiting time people are spending in the stalls. We run a WLC 2504 with 3 access points covering ~12K sq ft (open floorplan). I was thinking about installing an additional access point into the room with the intention of forcing all WiFi connections onto that AP but am wondering how I could then just blackhole that traffic. I'm not looking to impact device connectivity throughout the rest of the space so changing routes/dns/etc. may not be feasible. Short of building a Faraday cage or a signal jammer, does anyone have any thoughts or suggestions? Thanks in advance! [link] [comments] |
Access points installed in elevators Posted: 18 Apr 2018 10:38 PM PDT Recently visited a customer that have APs physically installed in moving elevators. Now i never thought about it and to be honest, it is the first time that i see this. The rationale behind it was to ensure signal coverage of people inside the elevator, but i think it is actually going to create more problems than it resolves, because you have continuous movement of APs up and down Any experience? Thanks [link] [comments] |
Documentation Request - Application dependency firewall template Posted: 19 Apr 2018 09:19 AM PDT Hey /r/networking, One of the most frustrating things in my job is working with other teams (Dev, DevOps, Systems, etc) and trying to pull firewall rules for how their new App works, especially during acquisitions of smaller companies. I know there are paid software/client tools as well as physical appliances that do this... however what I'm looking for is just a documentation template or similar that I can hand to the other side of these projects and help walk them through the 'firewall conversations' that happen in their app flow like DNS lookups, outbound internet access, web tier (internet facing) to DB and to App tiers, DB to App tiers, etc. I did a few differently worded google searches but didn't find anything useful, if it doesn't exist maybe I'll try to make something and post it for consumption. Give me your thoughts, feedback and post any documentation templates! [link] [comments] |
Tip for documenting rack (rackdiagram) Posted: 18 Apr 2018 08:40 PM PDT Perhaps Im late on this story but I found out the other day that rackdiag (part of nwdiag which is part of blockdiag which is a python package) is a great tool to document rackdesigns and wanted to share my finding with the community (assuming more people than me will sooner or later end up having to document stuff). If you are on an Ubuntu/Debian installation you can do this to install the needed python-package: and then this if you want to use more familiar fonts: Then you create a file with a filename of your choice (example.diag) which you fill with (for example): Then to compile the above example.diag into a pdf-file you can use this in your command line: You can also output in png or svg by changing "-T pdf" into "-T svg" or such. The above will look like this: Documentation is available at http://blockdiag.com/en/ [link] [comments] |
Posted: 19 Apr 2018 02:29 AM PDT Morning guys, We have been testing tacacs using ISE. Got authentication working but when logging on at privilege level 15 it drops into user exec mode rather than privilege exec :( Been though all the settings but can't seem to get it to work. Any ideas would be much appreciated. [link] [comments] |
Anyone doing SD-WAN with multi-connectivity into CoLo/peering/exchange sites ... Posted: 19 Apr 2018 06:11 AM PDT ... vs traditional MPLS & Internet, i.e. is anyone dual connecting remote offices, globally, into large exchanges, where they bring the MPLS, Internet, cloud connectivity (and consume security services)? Additional Q: are you also hosting in those locations (Co-Lo)? [link] [comments] |
nativ L2TP/IPSec not working after Windows 10 Spring Update Posted: 19 Apr 2018 01:51 AM PDT Regular L2TP/IPSec VPN with PSK in Windows 10 to a Cisco ASA 5506-X. After the update, the connection is terminted directly after connecting successfully (phase 2). Anyone experience the same or similar issues with the nativ Windows 10 VPN Client? [link] [comments] |
Branch office PoE switches with little inter-switch traffic: 1x48 vs 2x24 port? Posted: 19 Apr 2018 02:05 AM PDT I'm debating 1x48 port vs 2x24 port PoE switch configuration for branch offices where I need more than a single 24 port switch. Space in rack, power outlets, and few ports lost going 2x24 would not be a concern. Switches will be HP 2530G. If I uplink each switch through the firewall (1 per switch), the only inter-switch traffic through the firewall's interface would be for printing, and that would only be for users on the switch not connected to the printer. No concern with traffic in terms of firewall load. All remaining traffic is out through internet, there are no other local services. Even if I uplink switches to each other than single GbE port out to firewall, I honestly don't have concern about the inter-switch traffic, as the internet connection at these locations is going to be 150/20Mbps or less, so there's just no way to max out a single uplink short of some local computer-to-computer transfer we may need to do for some random reason. I like the redundancy aspect of 2x24 switches, so that should one switch fail, at least I can keep part of the office up. That being said, there would be a SPOF in many other areas--firewall, power, internet, so it's minimal redundancy gained. I also recognize that in offices that only need a single 24 port switch, I have switch SPOF, and the majority of the office are single switch. Opinion on which way to go and why? [link] [comments] |
Posted: 18 Apr 2018 06:22 PM PDT Hi there, My company asked me to implement BYOD for our employees throughout our main location + 36 branches. They would like something pretty "simple" in the fact like : Employee creds: ok > mac@ known > connected to secure network or Employee creds: ok > mac@ not known > dump to BYOD network. I was thinking about using FreeRadius to do so however I have very small knowledges about it and I found that It is not very easy to find proper documentation online. Do you guys have any recommandations ? Cheers! Xzi. [link] [comments] |
Anyone remember the Microsoft bluetooth alternative from 2000? Posted: 18 Apr 2018 07:42 PM PDT I remember seeing a demo back in 2000, developed at Microsoft Cambridge (UK) with collaboration from Microsoft Harvard (USA) where they had developed a network that was superior to bluetooth. It was hugely faster, had a range 100s of times the distance, more reliable could even locate based on signal strength and was capable of establishing its own network. The demo i saw shown how stores would know you were outside that store and could message you with offers available in that store. Also shown two people private messaging each other from almost a mile apart just using this tech. Ive searched everywhere and can't find any info on it. All i remember is the lead on it was called John and he attended Cambridge university. What was this called and what happened to it? Can you imagine how advanced this would be now, this was almost 20 years ago, you dont just shelve this kind of tech. Ive searched the Cambridge phd papers too and can't find anything about it either. [link] [comments] |
I'm paying $60/yr for Dyn Standard on an IP that might change once a year. Any alternatives? Posted: 19 Apr 2018 12:43 AM PDT I also pay them $75/5yrs for a .net domain name registration. I like my domain name which I want to keep and maybe switch it to another registrar in a few years before it expires, preferably one with their own DDNS service. Otherwise, the only part of the "dyn standard" package that I really use is the DDNS service. I'm sure there's another DDNS provider that has better pricing and would make it easy to switch to while maintaining the domain name I have registered for. Any suggestions would be greatly appreciated, I don't have a lot of experience with domains and registrars, I have used dyns free service with a subdomain for many years before I wanted to get my own proper domain name. I basically just use this for personal and friends usage to access a couple of services on completely non-standard ports. [link] [comments] |
You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment