How much overhead do VLANs add? Networking |
- How much overhead do VLANs add?
- Moronic Monday!
- Catalyst 9K - DNA Licensing Mandatory?
- What continuous traffic level (mbps value) in do you think is too high/saturated for a gigabit ethernet port ?
- Missing SNI in Client Hello
- Cisco Live - Anyway to see what sessions are full
- Cisco AAA and RADIUS
- Is there a way to scan a local network for the IPv6 addresses of connected devices?
- Converting to OSPF from EIGRP
- Nexus 9K L3 routing and dynamic routing
- WLC 5508 and 1562 outdoor APs still not joining after WLC upgrade
- Is "broadcast segmenting" still relevant in 2018?
- Technical and existentialism doubt (VXLAN)
- Spine and Leaf architecture questions
- Cisco WLC causing strange behavior
- What do the acronyms within a TID such as 1CW, 1AW, 1ZW mean?
| How much overhead do VLANs add? Posted: 30 Apr 2018 09:08 AM PDT I was having a discussion with my manger the other day, who is more experienced with networking than I am. We were discussing the setup of a new network for a site. I suggested we use a different VLAN tag each floor for isolation purposes. He said that VLAN tagging each floor would add unnecessary overhead to the switches and would cause network degradation. I disagree, I don't think it would cause degradation, at least nothing noticeable. My idea was a VLAN for Phones, Computers, Wi-Fi and Printers for each floor. I was wondering what is the ratio of adding VLANs and routing to a switch that would cause degradation. I know this is dependent on the hardware. I think most modern hardware is capable of this. (We have new Meraki stuff for this network) What are reddit's thoughts? Is a VLAN for each floor (~100 devices) a good idea to keep broadcasts and any potential attacks a bit more isolated, or will that add too much overhead to the switches and cause slowness? EDIT: Thanks for all of the answers, I think my manager's biggest concern is the routing overhead. [link] [comments]  |
| Posted: 30 Apr 2018 05:13 AM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| Catalyst 9K - DNA Licensing Mandatory? Posted: 30 Apr 2018 11:15 AM PDT We're looking at the new Catalyst 9300s and our VAR is saying that DNA licensing is mandatory. For example, when you buy Network Essentials you need to buy DNA Essentials. However, when I look at the data sheets it shows the capabilities in 4 different columns as if they are separate options. Has anyone dealt with this yet?? [link] [comments]  |
| Posted: 30 Apr 2018 11:51 AM PDT What continuous traffic level (mbps value) in do you think is too high/saturated for a gigabit ethernet port? Let's say this port is between two switches in business network. [link] [comments]  |
| Posted: 30 Apr 2018 01:50 PM PDT Hey So I'm having an issue with an application running on Win2k8 R2 not having the Server Name extension and thus SNI missing from the Client Hello's. Therefore when trying to match via FireSIGHT there's no URL data and it blocks. However we can successfully connect from the server using a web browser (IE, Chrome) and the SNI is present when attempted there. Aside from contacting the vendor of the application to inquire, is there anything else server side I could be looking at here? [link] [comments]  |
| Cisco Live - Anyway to see what sessions are full Posted: 30 Apr 2018 01:17 PM PDT So I have not registered yet and was wondering if there was a way to see what was full before I spend the $ and register only to find out stuff I want to attend is booked. Anyone know? [link] [comments]  |
| Posted: 30 Apr 2018 12:56 PM PDT If AAA is enabled on a Cisco switch and pointing to a RADIUS server, but set with a local failback, can a user still log in with the local account? Or can that local account then only be used in the event that RADIUS is unreachable? The RADIUS server kicks back with an access denied, but I didn't know if that is that, or if it also checks the local database as well. [link] [comments]  |
| Is there a way to scan a local network for the IPv6 addresses of connected devices? Posted: 30 Apr 2018 12:52 PM PDT I know you can use programs such as Angry IP Scanner to scan a range of IPv4 addresses, which is useful to see everything on the network. But, what I'm trying to do is obtain the IPv6 addresses of all connected devices. I don't think Angry IP can do this, and when searching Google for an application made for this type of stuff, I mostly just see port scanners, which isn't quite what I need. Is there a utility out there that scans a range of addresses (or a network address) to find the IPv6 addresses of locally connected devices? I mean I suppose I could run Wireshark, and just use the process of elimination to figure out which IPv6 addresses I see belong to what devices, but I feel like there has to be an easier way. Thanks in advance for any help, I'm certainly not a networking expert, but I do find this stuff really fun to work with. [link] [comments]  |
| Posted: 30 Apr 2018 12:31 PM PDT Figured i'd just remake this since I have a more concise, albeit basic drawing to help get across my concerns / questions. https://i.imgur.com/FbWZ1mZ.jpg Based off the diagram provided, we are adding new 6880's for distribution to our environment. This will have two L3 links to our two VPC 7k's. We are attempting to go from EIGRP to OSPF as another company that we are merging with uses OSPF. Everything black line is EIGRP, the green line is the static default route on our ASR pointing to our FW for internet access. Currently we redistribute our static routes into our EIGRP. The new subnets will be behind the 6880's (ex: 172.23.10.0 /24). The red lines are the links that would be advertised into OSPF - OSPF will be running on the 6880, both 7k's on the left, and the headend ASR. On the ASR I was planning on redistributing the static routes into OSPF as well for internet connectivity and "default-information originate" on the ASR to make sure the 7k's and 6880 have the default route within the OSPF process as well. I would also be redistributing EIGRP into the OSPF process as well. My concern is does this seem like the most feasible way to make sure the OSPF subnet (172.23.10.0) will be able to route to the internet, the old core environment (192.168.1.0 /24), our remote sites (172.22.0.0) and the server environment (172.23.0.0) and vice versa. The only other concern is, is there any downside or is it possible to have both EIGRP and OSPF enabled on the 7k interfaces? I did it all in packet-tracer and GNS3 and all pings worked properly... but that's of course just simulation. [link] [comments]  |
| Nexus 9K L3 routing and dynamic routing Posted: 30 Apr 2018 12:24 PM PDT Hi all, just looking for some advice which I have been asked to review our network setup for or DC. Firstly this was all done before me starting here. Current we have the following configuration. Layer 3 flow:
Layer 2 connecvity:
This works use to work ok but theres a couple of issues. The main one is the firewalls a bit dated and needs a upgrade to something more modern, as it having throughput issues. This will not happen any time soon due to budget. Secondaly the Nexus 9K is not doing anything but layer 2 which is a waste (the 9k was a new purchase). Some of our servers dont need to be behind the firewall, so what we was thinking of doing is having the nexus do layer 3 between different server networks and the firewall only dealing with DMZ and any traffic out via MPLS. So from layer 3 it would be
alt:
Things to note, the MPLS CE runs eigrp and ospf re injecting into BGP. Currently we eigrp between the CE and 385 on one AS, and eigrp between the 3850 and firewall on a different AS. Can anyone advice how best to go about doing layer 3 on the Nexus9K using VPC and EIGRP? From what I understand this should be possible based on: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/118997-technote-nexus-00.html If anyone has any better suggestions on what to do then that would also be great thanks. Thanks [link] [comments]  |
| WLC 5508 and 1562 outdoor APs still not joining after WLC upgrade Posted: 30 Apr 2018 07:58 AM PDT Over the weekend we upgraded our WLC to 8.3.133.10 because we have some outdoor ap models 1562 that weren't compatible with our current firmware. This was the version a Cisco tac recommended. He specifically attached this version because there is a bug in 8.3.113. and it's suppose to cover the 1562d models. The weird thing is that the 1562d models get an ip address and you can ping them for about 2 minutes and then you get request timed out. Show cdp neighbors still shows them on the network and identified with their ip addresses. and on the WLC i see ap join requests with no failures but there is no attempt to join. do you think the 1562ds have the wrong image? like maybe they were sent to us as standalone aps? I'm probably going to take one down and console into it. just wondered if anyone had any thoughts? thanks [link] [comments]  |
| Is "broadcast segmenting" still relevant in 2018? Posted: 30 Apr 2018 10:28 AM PDT We've all learnt that you should do VLANs and whatever to separate different networks with VLANs, because of the broadcast traffic. However, in 2018, is this still relevant? From what I've understood the newer OS versions don't really depend on broadcast traffic that much. So what kind of real problems someone could experience running something like /19 network with all kinds of different devices in the same VLAN? Compared to the common knowledge of havin max /22.l Something that has been proven and not just something that's in the Cisco Press books. Point being that if you just do a basic L3 switch with different VLANs you're not separating your networks security wise, just broadcast wise. Unless you do VRFs/ACLs Edit: and yes, this is quite theoretical question about how networking really works. No one would probably do larger than /22 anyways :) [link] [comments]  |
| Technical and existentialism doubt (VXLAN) Posted: 30 Apr 2018 09:51 AM PDT Hi guys. I have a big doubt about VXLAN and integration with legacy hardware . I have a vxlan LAN and we have the need of extending the L2 VXLAN across one Palo Alto NGFW 3050 model. the question here is, the PA3050 whoul allow the UDP tunnel to pass through and also the FW can see inside the UDP and made the L7 inspecction ? [link] [comments]  |
| Spine and Leaf architecture questions Posted: 29 Apr 2018 08:36 PM PDT Folks, want to explore doing a spine and leaf DC with Cisco Nexus 9364 as Spines and Cisco Nexus 93180YC-FX as Leaf switches. I want to replicate this setup I'm planning at Primary Data Centre to the DR site. Now between the Primary DC and DR site I have DWDM that can provide 100Gb interfaces. Question is: Should I put another set of Cisco Nexus switches above the Spine switches for doing this "WAN/ DWDM" connection or is it ok to connect the Spines together using DWDM fibre and the route directly between the Primary DC and DR site? [link] [comments]  |
| Cisco WLC causing strange behavior Posted: 30 Apr 2018 07:46 AM PDT I think, anyway. Backstory - I'm in the middle of a migration between 2 wireless networks at a client - a large manufacturing facility. When I started, they had 2 5508s in a ghetto-HA setup with about 75 APs. I pulled one of the controllers from that group, set up a new SSID on it for their new network and started adding APs. At present, about 80% of their network is connecting to the new SSID on the new APs. The old network is still in use in some areas for at least a few more weeks. Last wednesday, the controller on the old network started going offline briefly. It lasted about 90 seconds, all APs dissociate and the network interface in the controller does not respond to ping for about 60-90 seconds, then comes back up for 5 -10 seconds, then goes offline again for about another 20-30 seconds. This happens at least once per day, but it's not predictable. It doesn't generate any specific logs that suggest an error, that I've noticed, but I'll reply to this post with an excerpt of the logs I captured. The really strange thing is that when this happens, at the exact same time, the other controller (we'll call it "new") - which shouldn't be talking to the "old" controller as I removed them from the RF group etc, also goes down for about 30 seconds. It responds to ping and does not lose its APs, but it does not pass any traffic for that time. The "old" controller is running software 8.0.140 - The APs are 1130s, 1140s, 2602, 2702 The "new" controller is running software 8.3.133 and the APs are all 3802s and 2702s. I've checked the stats on the switch ports that they're connected to and see nothing strange. Both WLCs have redundant GB uplinks to their switches. Wireshark isn't showing any strange broadcasts or anything from either controller when it happens, and I don't notice anything else that might cause it. Wired network seems to be unaffected. Anyone have a guess? Neither controller is under support currently, and new controllers aren't scheduled to be purchased until June. I'm guessing that the 2 WLCs are talking to each other for something and that's why it impacts both, but what it is and why is still a mystery. The following is an excerpt from the message log on the "old" controller when the outage occurs. [link] [comments]  |
| What do the acronyms within a TID such as 1CW, 1AW, 1ZW mean? Posted: 29 Apr 2018 08:09 PM PDT What do they stand for? I get that 1CW is a router, but what about if it's 3CW. Any special meaning there or a dead giveaway on what the exact router is? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment