Favorite CLI config typos Networking |
- Favorite CLI config typos
- ASR9001 : MPLS LDP missing?
- Question Regarding Layer 2 vs Layer 3 Switch
- Securing WiFi AD Auth
- UI to execute shell commands?
- IPsec tunnel DH question in ASA gui
- RT still shows up even it's being denied.
- Appending custom attributes to RADIUS proxy (FreeRADIUS)
- Cheap router with 2xLTE + 2xWIFI (or mini-pc?)
- Improving Redundancy in a Small Business Model
- MSS=1260?
- Help with OMNeT simulation
- anyone used the bluecat API to create DNS records?
- Is it possible to reuse the same extension with CUCM at multiple sites?
- Network Phone Identification
- ASA 5520 throughout
- VIRL compared to Real World - dual BGP routers to MPLS cloud
- Static NAT (port forwarding) Cisco ASA
- IPSec Site to Site Issues (PFSense/Cisco Meraki)
- Hyper-V & Dell R710 NIC (Mis)Labeling
- Google DNS IPv6 Design
- Help with network design/routing
- Anycast NTP on Nexus Cores
| Posted: 28 Jun 2018 06:57 AM PDT Just wanted to add some humor the sub, add your favorite typos when at the CLI. My top two are: no shit int rage [link] [comments]  |
| Posted: 28 Jun 2018 05:13 AM PDT I have installed the A9K-9001-AIP-LIC license and I'm using the Cisco IOS XR IP/MPLS Core software but for some reason I cannot seem to enable 'MPLS LDP'. If I type 'MPLS ?' then I get the below options but not MPLS LDP: I'm obviously missing something and I'm hoping it's not another license. New to IOS XR so it may be that I'm doing something silly. Actually more likely to be this :) Thanks [link] [comments]  |
| Question Regarding Layer 2 vs Layer 3 Switch Posted: 28 Jun 2018 08:31 AM PDT Hey, We currently have an ASA 5506 doing all the routing at our locations + ACLs. Im looking to deploy a managed switch just because we will be adding a lot more devices. From my understanding Layer 2 operates via MAC addresses via ARP table and Layer 3 operates via IP and does routing. Since our ASA 5506 acts as the DHCP/Routing/ACL control etc... should I just purchase a Layer 2 switch? Or should I spend the extra cash and get Layer 3 and use Layer 2 mode for future proofing? [link] [comments]  |
| Posted: 27 Jun 2018 08:51 PM PDT I'm setting up wifi on Aruba 305s, and have AD auth working via radius connecting to NPS running on Server 2012. Computers that belong to a specific AD group are granted access. Is PEAP the most secure option for EAP in NPS? For what it's worth, the clients are configured to verify the server's certificate. [link] [comments]  |
| Posted: 28 Jun 2018 03:06 PM PDT Say I wanted to build a web UI with simple options (checkboxes, combo boxes, drop downs, simple triggers) that execute shell commands on various centos boxes? For the purposes of exposing administrative functions to a less technical crowd and inherently build in only functions we desire to expose. What would be my path of least resistance? Gotta be a framework out there for it.. [link] [comments]  |
| IPsec tunnel DH question in ASA gui Posted: 28 Jun 2018 01:52 PM PDT Working on configuring an IPSEC tunnel with a remote place. Can't get the tunnel to come up. Let's say in ASA gui, I disable PFS but the remote end has it enabled. Does PFS need to be enabled at both ends for the tunnel to come up? [link] [comments]  |
| RT still shows up even it's being denied. Posted: 28 Jun 2018 01:52 PM PDT Hi, I've added routemap blocking RT:100:2873 from router1 and it's working. But, when router1 add's/exported another value the blocked RT(RT:100:2873) show up on the sh bgp vpnv4 unicast all *.*.*.* output? Router vrf rt export 100:2873 rt export 111:888 <- Newly added 321-PE01-R10#sh bgp vpnv4 unicast all 212.3.3.3/32 BGP routing table entry for 1888:1:212.3.3.3/32, version 5 Paths: (2 available, best #2, no table) Advertised to update-groups: 24 25 1888 222 2.2.2.2 (metric 30) from 2.2.2.2 (2.2.2.2) Origin IGP, metric 0, localpref 100, valid, internal Extended Community: RT:1888:111 RT:100:2873 <-- Still existing mpls labels in/out 17/29 Is it because it's ride on top of the allowed RT that why its being recorded? Thanks [link] [comments]  |
| Appending custom attributes to RADIUS proxy (FreeRADIUS) Posted: 28 Jun 2018 01:24 PM PDT So, for a proof of concept workshop, I'm trying to have a proxy RADIUS server append an attribute to the return Access-Accept packets. The device requesting the RADIUS authentication requires users to have custom attributes passed for levels of authentication. Has anyone done this with FreeRADIUS acting as a proxy? The RADIUS server I'm proxying for does not have that functionality. [link] [comments]  |
| Cheap router with 2xLTE + 2xWIFI (or mini-pc?) Posted: 28 Jun 2018 01:13 PM PDT I'm looking for a cheap router that would have 2xLTE + 2xWIFI, or a mini-pc with 4xmini-pcie slots to have those cards. Does such device exists? Price should be on the cheap side as it's for a non-profit. There seems to be many $100 or so mini-pcs with 1x slot + 1x wifi but haven't been able to find one that would have more. 2x wireless so I could use one as an uplink and one as AP. These would be installed in vehicles. If I would find that kind of mini-pc, is there a router OS that would support those and BGP or should I just configure it with some linux distro and run bird? As it's non-profit, time configuring it doesn't really matter that much as the price to purchase one :) Thanks for any ideas! [link] [comments]  |
| Improving Redundancy in a Small Business Model Posted: 28 Jun 2018 01:01 PM PDT I'm currently working on a project for school that I have to "implement" a network on a small to mid business. The servers would need to be always available (with minimum downtime possible), two possible ways to access the internet (already using fiber and 4g) and I'm also using a backup router with hsrp in order to guarantee access to the internet. How could I possibly improve the redundancy of it? Since I can't apparently post an image along the post, here's the link for the image of my current topology. [link] [comments]  |
| Posted: 28 Jun 2018 11:56 AM PDT Hello, In all the packets catpture that I perform I always notice this mss negotation, but I dont know what might be causing it.Isn 1460 the standard negotiotation=l for ethernet hosts? [link] [comments]  |
| Posted: 28 Jun 2018 11:30 AM PDT I'm currently an undergraduate researcher and I've been tasked with researching knowledge defined networking. The research in particular deals with very advanced code that's way beyond my minimal knowledge of omnet. The first instruction to build the network is to run the makefile (found here: https://bpaste.net/show/d26a592a563a) to generate the "networkRL" needed by the python script. I've imported all of the files needed for the simulation but whenever I try to run the makefile I get an error: "Error starting process. Cannot run program "C:\Users\Sierra\DRL\omnet\router\makefile": Launching failed" Or when I try to run the entire simulation it asks: "Enter parameter 'NetworkAll.node0.tcontroller.folderName':" I'm not sure if these are simple problems to solve and I'm just inexperienced, but any help would be greatly appreciated. I can post all of the source, ned, and header files if necessary. I didn't want to pack this entire post with 15+ code links if the makefile was the only one needed to solve this issue. [link] [comments]  |
| anyone used the bluecat API to create DNS records? Posted: 28 Jun 2018 11:24 AM PDT I'm trying to start using the bluecat API using curl to learn how their AIP works but, even in their docs, its hard to follow. Anyone have some examples? [link] [comments]  |
| Is it possible to reuse the same extension with CUCM at multiple sites? Posted: 28 Jun 2018 10:43 AM PDT Let's say each one of my sites had an intercom system that we wanted to be locally used by dialing "80" from any phone at the site. Could we do that? Or does each extension have to be globally unique? Is there like something we can do so that when a phone in the site's device poll dials "80" to have that translated to the 10-digit DN? Or is there a way that we can create a route-pattern that is specific to the device pool? [link] [comments]  |
| Posted: 28 Jun 2018 10:40 AM PDT Alright, so corporate is trying to take inventory of used and unused lines. I do not have a phone server that I have access to. So I need to check Polycom phones to see what number is directed to that phone. I have to go down he list and note where each number is physically. The problem I am running into is that each phone is showing the extension only. I did not set up these phone, nor are they allowing me to log into them. I am the head of IT for this branch, but corporate still handles a lot that it will not let me touch for my site. I need advice on how to fulfill the request along with what I could suggest for them to implement in the future. I am sorry if this does not fall into networking, not sure where it would if it doesn't. Please help. Thank you. [link] [comments]  |
| Posted: 28 Jun 2018 09:08 AM PDT If I am wanting to use a 5520 as my WAN gateway in a a satellite office, am I reading correct that the total throughout of the device is 450mbps? If I connect direct to a 1Gb ONT, it won't handle that full speed when routing? Or is this just VPN total troughout? [link] [comments]  |
| VIRL compared to Real World - dual BGP routers to MPLS cloud Posted: 28 Jun 2018 12:51 PM PDT I have labbed a scenario I'm trying to create at work for our Main Router "Router1" that connects to ISP MPLS cloud via BGP neighborhsip where all our branches will connect back to "Router1" as the way into our network. All branches have BGP neighborships to ISP and in order for them to either access the internet or anything, all traffic must come back into our DC here then go out our internet circuit. So I setup a lab I was able to get to work, by configuring "Router2" as iBGP neighbor with Router1 so in case Router1 dies or loses BGP neighborship with ISP, all routes can go in/out of Router2 for the branches and the branches won't lose connectivity to here the hub. These are connected to the same ISP, but we were able to get some diversity from the ISPby going through a different ciena router or POP or whatever they call it they gave us that connects to a different path...don't know too much about the details there. So my main question is, since I was able to get this to work in VIRL lab, how confident can one be that this works in prod environment connecting to almost 100 branches. Idk how to generate a ton of traffic on VIRL, but as my cheesey way of doing so I just ran 3-4 instances of pings from the core to a branch I setup in VIRL, the cutover lost no pings which seems kind of too good to be true. I'm afraid in the real world with MUCH MUCH more traffic, I will not be that lucky.. I'm more than happy to share the VIRL file, configs, drawings..whatever you would like [link] [comments]  |
| Static NAT (port forwarding) Cisco ASA Posted: 28 Jun 2018 09:05 AM PDT So, I have an outside interface with an IP of 66.57.3.20 (made up). I have a server on the inside interface with an IP of 172.16.1.100, listening on port 443. I want to set up a static NAT statement on the ASA to allow traffic hitting 66.57.3.20 on 443 to be forwarded to 172.16.1.100, 443, then allow the return traffic. I am running ASA code 9.1(2). 66.57.3.20 is object-name (outside-ip) 172.16.1.100 is object-name (inside-ip) 443 is service-name (https) I am use to this but it's not working nat (outside,intf2) source static any OBJ-66.57.3.20 destination static video-172.16.1.100 video-inside-ssl service https https [link] [comments]  |
| IPSec Site to Site Issues (PFSense/Cisco Meraki) Posted: 28 Jun 2018 08:45 AM PDT Hey All, Recently started a company and decided to integrate some dedicated servers on the web into our network through a site to site VPN - Please see crude diagram: First problem I encountered and inherited was this organisation is using a combination of Cisco Meraki MX60, MX64 and MX64Ws which suck. These firewalls are interconnected through a mesh VPN network – a connection into one allows them all to connect (from what I understand). I have successfully managed to connect the mesh VPN to the PFSense virtual firewall via an IPSec site to site VPN which is working. Current Rules: PFSense: • 500 UDP to Remote Office 1 • 4500UDP to Remote Office 1 Meraki: • 500 UDP to PFSense FW IPSec Config on PFSense 10.0.0.0/8 172.16.0.0/24 ◄ Inbound ESP Remote Office 1 -> PFSense FW 172.16.0.0/24 10.0.0.0/8 ► Outbound ESP PFSense FW -> Remote Office 1 Unfortunately I cannot seem to ping or reach any hosts on either side of the tunnel and I'm unsure of what else I can try – I was hoping you'd be able to give me some pointers, stern words or things to investigate/think about. There are other site-to-site VPNs connected to this mesh VPN to connect other servers to this network, which appear to have worked without too much issue. I understand this may be a little more tricky than this however. Would be grateful for any help you can give. [link] [comments]  |
| Hyper-V & Dell R710 NIC (Mis)Labeling Posted: 28 Jun 2018 08:18 AM PDT Weird question, although I have never run into this problem before: I have a Dell R710 running Server 2016 Hyper-V. Within the server manager on the host, the NIC labeling doesn't match up with the physical NIC label on the rear of the server. For example, eth0 in server manager matches up to eth3 on the back of the server. Is there a quick remedy to this other than masking tape and a sharpie?? :) [link] [comments]  |
| Posted: 28 Jun 2018 08:13 AM PDT Edit: In my limited understanding of Anycast services I would assume longer prefixes than /48 could be inside of service provider networks where Google potentially has DNS servers setup. Given the two Google IPv6 DNS addresses: 2001:4860:4860::8888 2001:4860:4860::8844 It seems odd to me that what should (?) be operationally distinct addresses are in the same /48 (ultimately the same /32,/48,/64, etc.) which is what I understand to be the longest prefix that is globally routable. Given that the two DNS addresses are in the same /64, both of their services will at least go partially down with one /48 prefix hijack correct? redacted#sh ipv6 route vrf redacted 2001:4860:4860::8888 Routing entry for 2001:4860::/32 Known via "bgp redacted", distance 20, metric 0, type external Route count is 1/1, share count 0 Routing paths: FE80::214:F600:2B4:65F4, GigabitEthernet0/0/0 MPLS label: nolabel Last updated 5d19h ago redacted#sh ipv6 route vrf redacted 2001:4860:4860::8844 Routing entry for 2001:4860::/32 Known via "bgp redacted", distance 20, metric 0, type external Route count is 1/1, share count 0 Routing paths: FE80::214:F600:2B4:65F4, GigabitEthernet0/0/0 MPLS label: nolabel Last updated 5d19h ago [link] [comments]  |
| Help with network design/routing Posted: 28 Jun 2018 07:45 AM PDT We have 2 sites (labeled SITE #1 and SITE #2 on the diagram). These 2 sites are connected together via a 1g link. We are partnering with 2 remotes sites (labeled REMOTE #1 and REMOTE #2 on the diagram). These remote sites manage their own networks and firewalls.
We have a need for an interpreting service from all 4 locations. The MPLS connection from us to them will be from SITE #2, and all 4 sites should be able to access the interpreter service through this site. Devices at any of the locations should be able to register their ipads/phones etc. using the interpreter service app and an IP provided by them. These devices should be able to access any IP in the 10.140.x.x range at the interpreter service location(s). For Site 1, Site 2, and Remote 1, this will not be an issue because there is no network overlap. For Remote #2, they already use 10.140.x.x, which is what the interpreter service uses. We are looking for a way to have Remote 2 be able to access the interpreter service while also limiting the NAT configuration on the SITE 1 side. Since we do not manage these remote locations, we'd prefer any additional config for this be on their end, but I fear this may not be completely possible. What are my options for allowing remote #2 access to the interpreter service applications (10.140.x.x) when they already use those addresses on their local network? [link] [comments]  |
| Posted: 28 Jun 2018 07:21 AM PDT Hi, I read a bit about anycast implementations and I'm trying one on two nexus switches in a vpc pair. I've created the same loopback address on both, and source my ntp from it. They both connect as clients to time.nist.gov, and peers to each others on another set of unique loopbacks (.1 and .2). All four loopbacks are being injected into their EIGRP AS. As of this standing though, only one of the two cores is synced externally. I'm assuming this is because only one can truly receive ntp updates because the firewall cannot differentiate the return path to the anycast loopback. What am I misinterpreting here? core 1: core 2: show status: Is this correct? shouldn't I see a valid stratum from at least my peer/time.nist.gov? Any help is appreciated [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment