• Breaking News

    [Android][timeline][#f39c12]

    Tuesday, May 1, 2018

    Other than Visio, what does everyone else use for network diagrams? Networking

    Other than Visio, what does everyone else use for network diagrams? Networking


    Other than Visio, what does everyone else use for network diagrams?

    Posted: 01 May 2018 06:31 AM PDT

    We have Visio, but I was looking for something else possibly.

    submitted by /u/chunk_le_funk
    [link] [comments]

    Question about fiber.

    Posted: 01 May 2018 05:26 AM PDT

    I work in a rather large building that is 3 floors and is all wired up with fiber optic cables, going to from our communications room to a wall plate in each room, most with multiple runs of pairs of fiber. On the 3rd floor, we are constantly having fiber go bad and having to replace and re-terminate fiber jacks.

    A co worker of mine has the idea that the reason this happens is because of how tall the building is, the upper floor most likely gets vibration and swaying from wind and whatnot. He says all this vibration is causing the fiber to go bad and literally says it is disintegrating.

    I am rather new to the networking field. Is this a common issue? Could a slight vibration cause fiber to go bad over time? The stuff mostly sits there and is untouched by us, unless we are troubleshooting.

    Edit: Just so everyone knows, I personally do not think that vibration or wind is causing the building to sway and make the fiber go bad. I am just looking for others opinions on the theory. Thanks!

    Edit2: FYI I just found out that what we have is OM1 62.5 micron fiber that was installed in the 90's. Maybe its reached the end of its life span?

    submitted by /u/hhhax7
    [link] [comments]

    BGP Question: requires 2x /24's??!?

    Posted: 01 May 2018 07:17 AM PDT

    I'm going to setup BGP at one of our locations to advertise our /24 subnet. Its my understanding that I can advertise this route out 2 ISP's and then the best path will always be used.

    I just got off the phone with a "prospective" secondary ISP and they said they will need a second /24 to match our Comcast /24. What are they talking about? Am I just completely wrong?

    Thanks

    submitted by /u/Kid1ng
    [link] [comments]

    software to allow other IT departments to change port/VLAN (campus)

    Posted: 01 May 2018 10:55 AM PDT

    Hello,

    I wanted to check and see if there were other campus network departments out there that utilize software (commercial or homegrown) to allow outside IT departments to change their switchport access VLAN. If so what software are you using? If it's homegrown is this something you'd be willing to share?

    submitted by /u/enderusaf
    [link] [comments]

    Currenly using Redback (Ericsson) routers. Trying to avoid moving to SSR's, but need multibind...

    Posted: 01 May 2018 09:34 AM PDT

    We are quickly outgrowing our SE800s and SE1200s. We need to move to the next generation with 40g and 100g ports, but multibind is a must. Is this strictly an ericsson feature? We have multiple vlans all bound to the same interface and subnets. I can't seem to find a way to do with with alcatel/cisco/juniper without some overly complicated scheme. Any ideas? We were looking at the Ericsson SSRs, but the licensing is crazy expensive for a smaller ISP. Our reseller suggested the Alcatel 7750 SR12, but we need a feature similar to multibind...

    submitted by /u/SexyBrainMcDreamy
    [link] [comments]

    Cannot seem to get video calls to never have interruptions (Wi-Fi)

    Posted: 01 May 2018 09:33 AM PDT

    Hey all,

    Still working on this wireless stuff. We have a 5520 WLC, and now have all APs set to auto channel and TX power (I have a manual channel/tx plan I came up with in case auto does not work out for us, created with CAD files imported into Ekahau) and have disabled a ton of 2.4 GHz radios. We are using 40 mhz channel width, FT over the DS, and are running 8.3.x code. Our environment is filled with Apple and IOS devices.

    Now, I have issues with people using Zoom. The person across from me with a Macbook pro (we all have these) will go wireless and I'll go wired. He'll end up freezing now and again (packet loss?). It's not an internet connection thing or a switch thing, as being wired produces no issues.

    Here's the stats. I do not know why the connection score is 0% or the spatial stream shows up as 0%, it did not used to before goin to 8.3.x, Cisco seems to not understand how to report I guess.

    https://i.imgur.com/IR0gvES.png

    https://i.imgur.com/CXqzDsE.png

    I'll be performing an active survey soon here, and it's just going to return what I already know. Good coverage, low interference. Packet loss is inevitable on a wireless medium but he should hardly have any. There's no QoS being done, but QoS wouldn't even come into play with how low the utilization is on the AP (and it's always this low). Zoom using 1 mbps anyway, hardly anything. Thoughts? Ideas?

    I specifically went to this code to help with roaming on IOS devices too, but it made no difference. If you walk a bit brisk, you'll end up dropping the call. Walk slower and it's fine. Doesn't matter if it's FT over the air, or FT over the DS. Frustrating stuff.

    submitted by /u/hurricane1091
    [link] [comments]

    New job in an ISP/UC shop

    Posted: 01 May 2018 03:17 PM PDT

    Bagged a new role with a company specialising in providing hosted Skype for business/Cisco UC solutions who also own an ISP.

    Anyone work in similar roles? I'm looking to set up on stuff while working my notice period, currently working in an MSP predominantly dealing with LAN/Firewalls.

    What technologies would you recommend I get stuck into in preparation?

    submitted by /u/Theincrediblemeagain
    [link] [comments]

    IPSEC SA

    Posted: 01 May 2018 09:41 AM PDT

    Got a strange one here, a bit out of my depth if I am honest.

    I have a network that is unable to start an SA. The phase 1 tunnel is up but I can't get the phase 2 tunnel up. Other networks that are using the same phase 1 tunnel are working fine. I thought sending traffic to the network would bring up the tunnel but it hasn't done anything.

    when i run

    show crypto ipsec sa it doesn't actually show the phase 2 connection for these 2 networks at all. Any ideas on how I can further troubleshoot or force the phase 2 connection?

    Sorry if I am not making much sense here but as I said I am a bit out of my depth to be honest. (Or at least I feel it.) I'm learning though!

    submitted by /u/joe297
    [link] [comments]

    Faster aaa authentication

    Posted: 01 May 2018 02:27 PM PDT

    Maybe my brain is creating a false memory, but I remember reading something that you can have a local cache in the switch after a user has authenticated with RADIUS once via ssh,telnet... so that next time it doesn't have to authenticate with the server. Is it possible ? I can't find the information back on Google.

    submitted by /u/napsterpepper
    [link] [comments]

    If you could only use 3 metrics to monitor your network, what would you choose?

    Posted: 01 May 2018 10:52 AM PDT

    If you could only use 3 metrics to monitor your network, what would you choose? You can have as many sensors as you want, but you can only choose 3 metrics.

    If possible, define those metrics in your own words, and briefly explain why these metrics are the most important.

    I want to learn what I should be using for monitoring that perhaps I am not using, and what metrics I should be paying attention to.

    submitted by /u/joshgoldeneagle
    [link] [comments]

    Daisy chain Arris to Sonicwall issues & VoIP issues.

    Posted: 01 May 2018 03:31 PM PDT

    Currently the network is setup as do: Arris->Sonicwall->Cisco Switch->PC's

    I called Spectrum to make sure that the Arris router was in bridge mode so that when I did the setup on the Sonicwall router, it would do it via DHCP and pickup all the settings itself and then the Arris would send all the traffic to the Sonicwall and the Sonicwall would handle everything.

    Well everything was running smooth and then I went into the settings of the Sonicwall and edited the LAN to WAN & WAN to LAN. I also edited the UDP timeouts and the ALG settings.

    I followed this guide:

    main MegaPath VoIP guide

    I also found a more detailed step my stuff information page for Sonicwall VoIP settings.

    But when I restarted the router. The Sonicwall still had a connection through the Cisco switch. It just didn't have any internet at all.

    So I called after work and the person said that whoever I talked to earlier today set up the Arris wrong and that it has a static IP address still and that my Sonicwall is just sending all my Cisco switch traffic through the Sonicwall and actually still being handled by the Arris.

    So what do I do and also why do you guys think the internet access stopped after the input settings?

    Should I call back to tomorrow and get the arris actually turned into a bridge mode so that all the network is actually handled by the Sonicwall and reset the Sonicwall and try the VoIP settings?

    Or just get the Arris turned into a bridge mode and then try the phones again? Because maybe the settings I did are blocking connections to the internet since the Arris is actually handling the traffic right now?

    Any ideas and comments will help. But my goal is to make the Arris bridge to the Sonicwall so that the Sonicwall is the traffic handler and that the settings in the Sonicwall actually allow the MegaPath VoIP work.

    submitted by /u/CEOTRAMMELL
    [link] [comments]

    RISC and NETBRAIN

    Posted: 01 May 2018 02:16 PM PDT

    Hello,

    I have not been able to find much online. Netbrain and Risc seem to be a similar tools. I am wondering what the major differences are or why an institution would run both in their network?

    submitted by /u/10kezehn
    [link] [comments]

    Do I need a Router? [Corporate Network Design (University Assignment)]

    Posted: 01 May 2018 02:08 PM PDT

    I'm looking at FortiNet Firewalls and have learned that they can route data between WAN and LAN. And that having a firewall as the edge device instead of a gateway router is normal.

    Inside my LAN, I'm using a server for DHCP, DNS, and AD. All these connected through just switches and DMZ segmented by using FortiNet V-DOM.

    I have about 100 users and possibly 200-300 devices. But since my Server is handling DHCP and switches routing data between the Firewall, DHCP/DNS/AD Server, and User devices.

    Do I need a router? Have I made a silly mistake?

    submitted by /u/IReallyWantSkittles
    [link] [comments]

    Finding Categories for Websense

    Posted: 01 May 2018 01:55 PM PDT

    Hey guys,

    We use enhanced juniper web filtering which makes use of websense server to find the category of the URL. When i go to csi.websense.com there is a limitation of how many sites you can check a day(5) if you are not a forcepoint customer. Is there another way to find the categories of websites without having all sort of conditions.

    submitted by /u/ridingtheweedtrain
    [link] [comments]

    VeloCloud Opinions?

    Posted: 01 May 2018 12:12 AM PDT

    Anyone have any negative experiences with deploying VeloCloud or dislike the product? If so, why? Will be displacing Fortinet Firewalls with these soon.

    submitted by /u/peakochitv
    [link] [comments]

    Ethertypes and QnQ

    Posted: 01 May 2018 12:24 PM PDT

    Today I was setting up an old JDSU test set that doesn't allow setting an Ethertype value for untagged and tagged traffic, only for QnQ, and after mucking with it I decided I needed to research this further. I thought I'd write this up to either be helpful to the community and/or ask for any worthwhile additional information I may have overlooked.

    As of this morning, I understood VLAN tags have no field containing data about whether or not that tag is a C-tag or an S-tag. A router will strip off a VLAN tag and process the packet based on that, and the only difference is that it's possible to configure a router with QnQ, at which point the router then continues to look at the packet to see if there's an additional VLAN tag inside the first one, and if there is, act on that as well. As I understood it, if a router's not configured with QnQ the existence of any additional VLAN tags inside the first are immaterial. That being said, I remember configuring Cisco devices a few years ago where we also had to be aware of Ethertype settings. It's been a while so I forget the specifics, but I remember we had to know whether to configure our equipment to use Ethertype 0x8100 or 0x88A8. We never got clear information on what that was about, just that both sides had to match.

    Today I was working with a router whose port was configured to be an NNI, and the port was set to expect an Ethertype of 88A8. I didn't think our JDSU specifically needed to be configured for QnQ, I expected that it should be able to pass traffic with only 1 VLAN tag. From the point of view of an ISP I'd expect my customer actually should be sending untagged traffic across my circuit (assuming they have routers at each end, though not everyone does). But this didn't work. I had to specifically set the JDSU for QnQ and tell it to use Ethertype 88A8. Only then could it pass traffic. The inner VLAN was immaterial, but I had to set the JDSU for QnQ and 88A8 before the router would recognize the traffic. Based on what I wrote in my first paragraph I assumed this is because of the 88A8, not that the VLAN tags have any indication of one being an S-tag or C-tag, right?

    So I went to 'ze Googles'.

    This page seems to say 8100 = regular VLAN traffic and 88A8 = QnQ.

    However this page seems to indicate 8100 can also be used on double tagged frames.

    The wiki page for 802.1Q matches the first Cisco page I linked to (8100 = regular VLAN traffic and 88A8 = QnQ).

    Seeking consensus I keep looking.

    The wiki page on Ethertype says 8100 is for a "VLAN-tagged frame (IEEE 802.1Q) and Shortest Path Bridging IEEE 802.1aq with NNI compatibility" and 88A8 is for "Provider Bridging (IEEE 802.1ad) & Shortest Path Bridging IEEE 802.1aq". This seems to indicate that 8100 should be used for QnQ, not 88A8 (the reverse of what seems to be indicated above). It lists 0x9100 as being for "VLAN-tagged (IEEE 802.1Q) frame with double tagging" but that's not an option on the gear I'm working with.

    What's interesting are the pictures on that page. If a VLAN tag's needed it gets added before the Ethertype field. But it also says, "A QinQ arrangement would add another four octets tag containing two octets TPID using various EtherType values." I think that's poor English and is supposed to say "A QinQ arrangement would add another four octet tag containing a two octet TPID using various EtherType values." If I'm correct then I was right that Ethertype is not part of the first VLAN tag, but this page seems to be saying the Ethertype IS part of the second VLAN tag.

    Clear as mud, right?

    So off I go to read RFCs. RFC 5342 doesn't mention 8100 but states that 88A8 is for "Service VLAN tag identifier" which implies QnQ. This IANA page says 8100 is for a C-tag and 88A8 is for an S-tag.

    All the other sites I'm seeing are either not IEEE or they're RFC drafts, which not being the published version I wouldn't trust.

    So I guess I'm left with nothing concrete. Maybe some equipment automatically assigns the Ethertype based on whether or not you've configured it for QnQ while other equipment gives you the option to modify them separately. I guess the latter is better because it doesn't seem like you can trust the values. But apparently the bottom line is that both VLAN tag and Ethertype have to match or you're SOL, regardless of whether that's part of the VLAN tag or not.

    Cheers.

    submitted by /u/workrelatedquestions
    [link] [comments]

    How do you test the rules of a new firewall before pushing into production?

    Posted: 30 Apr 2018 06:02 PM PDT

    In some places, we don't always have the luxury of a full test environment. In those cases, how do you test a new firewall to ensure all of the holes are poked accordingly before moving to production? I've used nmap with an alphabet of strings behind it, tcpdump stuff, but is there an easier or different way to do it?

    For those of you who have to document something before it hits production, how do you do it? Is it a manual process to make the data look good or is there a tool you use?

    I'm just curious to see how other people test/store/present the process of implementing a new firewall/router in an environment where disruption is crippling.

    Everyone has a test environment, not everyone has a separate production environment

    submitted by /u/ccnp_
    [link] [comments]

    Looking for training on OSPF/BGP.

    Posted: 01 May 2018 11:12 AM PDT

    Hi all,

    I work for a financial firm as a LAN admin and I've been asked to brush up skills to get some WAN training so I can assist in engineering long term. I'd say that I'm at a ccna level right now as far as LAN goes but I'm a bit shaking on the WAN stuff. OSPF and BGP I have a slight understanding of so if there is any course online or somewhere that anybody recommends I can start it would be helpful. Much love!

    submitted by /u/nirvanachicks
    [link] [comments]

    What are you doing to test ISP leased line speeds?

    Posted: 01 May 2018 11:03 AM PDT

    I have multiple providers using Metro-E circuits. I would like some suggestions to test the line speed periodically either automatic or less manual.

    Here's how I'm doing it now. I transfer a 500MB/1GB file from my desktop (at the data center) to a workstations C: at a remote site. I expect a lot of overhead but given the lines 100Mbit bi-directional speed I'd be satisfied with 80/80 Mbit.

    I then record the date/workstations used/and file size/speed results in an Excel spreadsheet. This is very manual and time consuming, probably not that accurate. I do sometimes check link utilization if the speed is questionable.

    Are remote sites utilize on average 10% of the link, but sometimes users notice a slow speed if they need to transfer files.

    Troubleshooting link speed with an ISP it's usually their "policers" that are configured incorrectly.

    Since we experience issues with our services I try to be proactive instead of reactive to a complaint. Anyone out here have a better method to check link speed periodically? No downtime can be incurred so cannot run direct connections between hardware.

    Thanks for your suggestions.

    submitted by /u/Queue89
    [link] [comments]

    Need some guidance on a building extension.

    Posted: 01 May 2018 11:00 AM PDT

    Hello r/networking.

    My boss has tasked me to oversee an office extension/buildout of our new space (it's right next door). I need to make sure that the network portion goes smoothly. There is also a possibility of a dedicated fiber optic install that might happen (pending approval).

    Our current building (BUILDING A) has the following equipment: * Watchguard firewall - also does routing * HP 2530-48G * 2x HP Procurve 2510G * HP ProLiant Server/ESXI * QNAP (virtual storage)

    This is what I was thinking

    • Add a router such as this one with fiber capabilities. in BUILDING A.

    • Install 2 switches (such as the 2530) in BUILDING B.

    • Configure and install Ubiquiti AP's throughout BUILDING A and BUILDING B.

    • BUILDING B will have Cat6 cabling all throughout. I'm not 100% sure what BUILDING A/our current building has. This was before I joined the company (I assume Cat5e).

    • For all switches, will configure VLAN's on each, subnets will be /20 (except for a DMZ, that's a /24).

    My questions are these:

    • 1. Can I link up these two locations via the switches alone? And if not, what would be the best way to do so?
    • 2. Will I need to replace any of my equipment to accommodate the future fiber connection?
    • 3. Some contractors are asking how I want to terminate these connections. I'm not 100% sure, but I've been looking at this page & I'm assuming a standard connection would be ok. But I'm not exactly sure what I should be looking for in regards to my current setup.
    • 4. In regards to a fiber cable drop install, what should I be looking for, or what are some general items I should ask or know about?
    • 5. I'm also adding additional drops to our current space/BUILDING A as well, should I consider re-running existing drops as well to Cat6 (might be too expensive)?

    This is my first actual network buildout, and I do have a coworker in our parent location also giving me some advice. This isn't their first expansion, but I'd like to get things done the right way this time (lack of planning has led some of us to have desktop switches in the office). :(

    Thanks in advance to everybody.

    EDIT Formatting

    submitted by /u/Damnit_Scotty
    [link] [comments]

    Tips on Network Engineer Interview

    Posted: 30 Apr 2018 07:41 PM PDT

    Been a while since i've posted anything on this subreddit.

    I've applied for a Network Consulting Engineer Position and got an interview with a CCIE.... I failed my CCIE twice (second time i truly think i should have got my number and that the switches had a bug which wouldn't let me establish a trunk between my distro switches...) (mpls,vrf,redistribution,dmvpn,route-maps/route-leaks all where same as cisco wanted(utilizing the show commands) but couldn't do an end to end ping since my trunks were not up)

    Just wanted some input... i'm currently a system architect and i would say I do a lot of high level things but never diving into the CLI in almost 2 years(production network).... last CLI touch i had was my CCIE studying/test like 8 months ago... my current position is mostly theory and implementation dealing with executives and engineers on way ahead and dicating major changes in the network(actual networking,data centers and security)...

    I was wondering what i should do with my interview.... I can explain a lot of networking concepts but i'm truly (rusted)... Any advice?

    submitted by /u/WiseRich
    [link] [comments]

    Advertising private AS and new public AS to same peer?

    Posted: 01 May 2018 05:42 AM PDT

    Long story short, We are building a rural fiber network, We have been using a borrowed /23 from another rural ISP an announcing that to them via bgp using a private ASN, they strip the private and announce it upstream. We just got approved and now "own" a /21.

    I figured I could keep the setup for the borrowed pool and add another BGP profile and announce that via our real AS but the juniper won't let you announce a private AS and subnet plus a public AS and different subnet to the same peer (unless i'm missing something...)

    What is the best way to keep our "borrowed" IP space working AND get our new IP space working so I can get all the servers, equipment etc moved over to the new IP space without trying to "fuck it we do it live" and pulling an all-nighter?

    submitted by /u/remotefixonline
    [link] [comments]

    how to set up Juniper srx on GNS3

    Posted: 01 May 2018 09:17 AM PDT

    I have a PC with 8 Gb Ram. However it takes ages for vsrx to startup. Anything I need to tweak to make it spin up quickly?

    submitted by /u/wildpyr0
    [link] [comments]

    Are there any modern day uses for hubs?

    Posted: 01 May 2018 12:49 PM PDT

    I know hubs are outdated and not used anymore but I was wondering if there are any cases where a hub would be a fitting solution.

    submitted by /u/Rytpeps
    [link] [comments]

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel