AMS-IX NY shutting down Networking |
- AMS-IX NY shutting down
- Help understanding VXLAN terminilogy
- FortiManager
- ISE Portal Builder Generated Portals in ISE Editor
- Cisco C3850 IOS upgrade fail ... please help
- Tools similar to Udpcast?
- Where to configure "bgp bestpath missing-as-worst" in JunOS?
- How to troubleshoot network issue on a mac mini that I don't have physical access to?
- [help] Setting up IP helpers for SCCM PXE UEFI boot
- Encapsulating CVLAN in SVLAN on same physical interface - selective QinQ
- SolarWinds Multi-Tenancy
- Preferring bgp learnt route over static?
- SDWAN with 3cx failing the firewall checker
- Forward all layer 2 traffic to default gateway
- Dual MPLS with additional Metro E WAN configuration
- CPU Help
- Help buying the right fiber optic cable + gbic module.
- Opengear - how to create an ipsec vpn when there's no "inside" network to use as left side.
- ASA5512 not pulling correct isakmp policy
- Dumb VLAN routing question
- Sonicwall GMS reporting
- Problem with VMs connecting via Cisco Nexus 5548UP.
- 802.1x User Auth but only on Domain Workstations
- [RARP]Can a workstation be used as a RARP Server?
| Posted: 02 Jul 2018 10:02 AM PDT So I got notified late last month that AMS-IX NY is shutting down. It seems like a relatively active IX, so I'm wondering why. It has the huge benefit for me of being reachable via megaport at no cost from my NY-based megaport session, which is especially nice since my physical pop in NY isn't a location where AMS-IX NY has gear. So I'm basically getting a metro cross connect to an IX for no cost which is sweet. I'm evaluating options for a replacement for our east coast IX connectivity but it looks like it's going to have to cost money. [link] [comments]  |
| Help understanding VXLAN terminilogy Posted: 02 Jul 2018 12:38 PM PDT Can someone please to explain exactly what a VTEP is when talking about VXLAN? I believe i is a "vxlan tunnel end point" Does that mean it is where vxlan encpsulation is happening? Also I have have 100 servers doing VXLAN with many VLANs does that mean i need a device that can handle 100 VTEPS to handle the routing? [link] [comments]  |
| Posted: 02 Jul 2018 06:56 AM PDT Hi all, I am part of an org that recently purchased Fortimanager. I need to open a support case, but our support SKU wasn't properly assigned, and I am unable to open a case (for now). While this is getting fixed, I figured I would ask here. How can I easly clone the configuration (interface naming, ip addresses, etc) to a brand new device? We are running 6.0, and coming from Panorama, there doesn't seem to be a straightforward way of doing this. I see "configuration templates", but I do not see anything that allows me to configure interface names, zone assignments, or even IP addresses in the template. I am trying to get around having to manually provision each firewall before it ships to its destination (using this tool) if possible. I understand, and know how to do security/object configuration easily, but this part is escaping me. Thanks! [link] [comments]  |
| ISE Portal Builder Generated Portals in ISE Editor Posted: 02 Jul 2018 12:50 PM PDT *edit 2* I think I may have solved it of course 30 seconds after I post. After opening the portal in ISE, under "Portal Page Customization"->"Text Elements"->"Banner title" the ISE Portal Builder seems to like to enclose the title in paragraph HTML tags. After removing those tags, it still doesn't seem to generate the flow diagram or page preview but at least I'm able to save the Endpoint Group change. I'm leaving this post up in case others run in to this same issue. So I'm trying out ISE and I think it's great but that they have a more in-depth portal builder website that you can export and then include on your ISE install. I'm running in to an issue when I try to open the portal and make small changes (not to design, just to functionality) in the ISE install. Basically, I'd like to be able to change some of the top level settings like which Endpoint Identity Group each portal uses. Every time I try to make the change, I get " Invalid input format detected. HTML tags, scripts or % characters are not supported". From reading elsewhere, it seems that you aren't really supposed to modify the portals built in ISE Portal Builder, but the Portal Builder doesn't seem to have the ability to enter some of these general portal settings like the Endpoint Group. I've looked in the files in the exported zip folder and don't see them there either... it seems the only place to do this is in ISE itself if it would let me. Anyone else run in to this and have a solution? *edit* I should also note that the if you open the portal in ISE, the flow diagram and previews aren't able to generate... the Portal Builder seems to spit out portals that ISE can't do much with other than to use/display at the default settings. [link] [comments]  |
| Cisco C3850 IOS upgrade fail ... please help Posted: 02 Jul 2018 01:05 PM PDT Hey guys ... so I'm trying to upgrade an old 4 member stack of 3850's to add a new member. The stack IOS images are oooooooooold: 03.02.01.SE. The new switch came loaded with 16.03.06. So i copied the most current over to the stack, and ran the software install command. Everything looked good until they reloaded, and they were all stuck in a loop. I had no other choice but to go into ROMMON and set the boot parameter to the rollback file "packages.conf.00-" This brought them all back up into the previous (working) IOS image. I've been doing quite a bit of reading and luckily/unluckily I'm not the only one who has this issue. I can't find any documentation on an upgerade path, but I'm wondering if I just cycle through a few upgrades if I can eventually get these things to cooperate. Does anyone else have experience with this nonsense? Sorry if I'm not providing enough info, this is my first upgrade failure and it's wearing me out. I don't want to wipe the flash because the IOS version running is not even available for download, so I can't get the .bin to recover if I need it. [link] [comments]  |
| Posted: 02 Jul 2018 11:11 AM PDT |
| Where to configure "bgp bestpath missing-as-worst" in JunOS? Posted: 02 Jul 2018 07:48 AM PDT Based on the last half-hour of googling, it appears not too many have run into my issue of needing to show the least preference to a path with MED missing. I have an IBGP peer screwing up my routes because its MED is 0. UPDATE: [link] [comments]  |
| How to troubleshoot network issue on a mac mini that I don't have physical access to? Posted: 02 Jul 2018 07:38 AM PDT I'm a DevOps Engineer and networking is by far my weakest area. There is a mac mini at the office of the company I work for (I'm remote) that has been having weird network issues. It's a jenkins build slave and build takes forevvvveerrrr on it. Like git clones take forever, and sometimes builds fail with 'broken pipe' errors. I've noticed that sshing into this machine takes a few seconds longer than sshing into other machines. There is another mac mini that is plugged into the same switch as this mac mini and it does not have these problems. We've tried switching out the ethernet cable, and I've used commands like 'mtr' and 'iperf' to troubleshoot, but the output of these commands looked the same between the problem machine and the functioning machine. Is there a way to rule out something being physically wrong with the machine? Both are brand new mac minis. It's difficult because I don't have access to the machine, but if I knew something to try I could ask one of the engineers at the office to do it. [link] [comments]  |
| [help] Setting up IP helpers for SCCM PXE UEFI boot Posted: 02 Jul 2018 08:14 AM PDT Hello! Sorry if this is absolute beginner stuff. I don't understand much about networking, I'm just an SCCM admin, so not very familiar with all this. I'd like to make it so computers using UEFI are able to network boot into PXE.
I googled a lot and found a few guides, but unfortunately I can't wrap my head around all of this. I did set up the DHCP vendor classes and scope policies like mentioned in the guides, but the clients still end up timing out. I understand if the client and servers are in different subnets, something called an IP helper/dhcp replay needs to be set up? So I guess the actual question is how a working setup should look like. What needs to be forwarded to what and where the IP helpers need to be set up in this scenario? Thanks! [link] [comments]  |
| Encapsulating CVLAN in SVLAN on same physical interface - selective QinQ Posted: 02 Jul 2018 06:15 AM PDT Hi, We're going to shortly run into a situation where we will need to encapsulate a CVLAN into an SVLAN, where both C & S VLANs are tagged on the same physical interface, almost like some form of loopback. We've been looking at devices that will give us the most flexibility and currently we are looking at implementing a Juniper EX series switch for this task. From what I've seen it supports selective Q in Q which will allow us to pick and choose ingress CVLANs from ports to encapsulate into a specific SVLAN. However, all of the documentation I'm finding gives examples where the CVLAN and SVLAN are on separate switch ports. As I don't have any hardware yet or other ways to simulate, I'm trying to determine if the Juniper hardware will be capable of doing this - I'm trying to avoid buying it and then finding out it won't do it. I've come across things like this which leads me to think it can be done, but it appears quite vague to me for my particular requirement. I get that an interface can have C and SVLANs on it, but will JUNOS allow me to process ingress and egress traffic on the same interface?
Has anyone attempted something similar, even with different vendor hardware? Is this a fairly standard thing that should be well supported? [link] [comments]  |
| Posted: 02 Jul 2018 03:37 PM PDT I'm looking to see if anyone has any experience with Multi-Tenancy in SolarWinds. I'd like to monitor several different devices but only grant certain users access to certain devices. Essentially enable a form of Single Sign-On if needed. I'm not seeing a way to do this just poking around myself. [link] [comments]  |
| Preferring bgp learnt route over static? Posted: 02 Jul 2018 03:26 PM PDT I have a customer who currently has a vpn into our DC(one hop away from our 4 router core running bgp/mpls). Closest core router has static routes pointing to the vpn device for the customers subsets, They want to bring in another circuit for resiliency, which again will be using static routes pointing to the carriers next hop to get to their subnets. How can I get the core router with static routes to prefer the bgp learnt route (which goes to the vpn device) over the other egress point out of our dc? I've tried with using preference but the other directly connected device ignores it. I have also tried using qualified next-hop but as the next hop is on a sub interface to the carrier it never goes down even if the customer-side router is down. All I can currently think of is converting the link between the vpn device and our core router into a bgp session and increase the preference on the new static [link] [comments]  |
| SDWAN with 3cx failing the firewall checker Posted: 02 Jul 2018 02:51 PM PDT Just wondering has anyone came across setting up a 3cx phone system with a SDWAN connection. To make things more interesting, the ISP's SDWAN is connected to our company firewall (Fortigate 200e) so that we can manage policy and rules. However, doing so leads to errors on the 3cx's "firewall checker". The checker lists port testing errors stating that (5060, 5090, 9000-10743) are not reachable. I am thinking this might be caused because the SDWAN doesn't know how to preserve the ports. I hypothesized this theory because if I decided to unplug one of the internet from the SDWAN box and hook it up directly to my fortigate, the test result will pass. However, we don't want to split the two internet up because that will defeat the purpose of having the SDWAN in the first place. [link] [comments]  |
| Forward all layer 2 traffic to default gateway Posted: 02 Jul 2018 02:29 PM PDT Hi everyone! I've asked a similar question before, but I was not getting any answers that worked for me, so it occurs to me that maybe the question was wrong all along. The problem we're having is this: We are a small ISP that often deploys networks to condo and apartment buildings, often using a switched network in a pretty conventional router-on-a-stick topology. We then isolate the users from one another using switchport protection or PVLANs on the edge and aggregation switches, such that, while all hosts are in the same broadcast domain, they can only communicate upstream towards the router. The side effect is that any attempt to communicate laterally, say, from one host to another, fails completely, as it is blocked by switchport protection/PVLANs. This is all well and good, except for one problem: the users cannot communicate with one another AT ALL. I know this is expected and normal behavior, but I would like for them to be able to communicate with one another at least as well as any other 2 hosts with public addresses out in the world could, in a layer 3 fashion. The most concise way that I can put it that would solve our issue, assuming this is possible, is this: Is there a way to get all of my switches to forward all traffic, even traffic that would otherwise be layer 2 across the network, to the router? The router would then see that the traffic is meant to go back down to the LAN and forward it back down. This would be ideal because the path of the traffic would be compatible with the switchport protection/PVLANs while still isolating the users from one another from a layer 2 perspective. [link] [comments]  |
| Dual MPLS with additional Metro E WAN configuration Posted: 02 Jul 2018 02:09 PM PDT If anyone can please provide me some insight on a best practice or use case configuration for the following scenario: We currently have a network with 15 ritical Remote Sites which all have a dual MPLS connection (Verizon/ATT). VZ is configured as our primary MPLS and ATT runs as a backup. We have 1 router per SP (two in total) which redistribute into OSPF with metric defined to prefer VZ. The VP for our company decided to add in a Metro E connection in addition to the dual MPLS connecting 2 of these critical sites (without consulting anyone from the network team). When I asked the reason for this new circuit I was told "to create a triangle". My current dilemma lies in that now I'm being contacted by the vendor or details on how to configure the p2p such as do I want vlan tagging or not etc. and I have no idea what the purpose for this circuit is (other than creating a triangle). My only guess is that that in the event that the 2 MPLS circuits fail at one site the P2P circuit could be used as a backup transit for the other site to access resources? Given that my company's VP is expecting me to read his mind and give him the solution that he wants to hear magically, I'm going to assume my initial guess is the use case definig this order. My questions are how should I introduce this into my network? Should I bring in an aditional device to terminate the ciruit or should I use an interface on either of my MPLS routers, or connect direct to my core? Once the termination point is determined I was thinking a floating default route one the core would be the simplete configuration. [link] [comments]  |
| Posted: 02 Jul 2018 02:00 PM PDT Were using brocade MLX chassis and keep getting high CPU spikes and random times during the day. The process that is using all of the CPU is the LP-IPC process. Any tips on how to resolve it? LP-1 OS>sh cpu Name State Act Wait Hold Time CPU $(idle) - A 0 0 3353 0.7 $con ready A 0 0 513 0.1 $mon wait A 0 0 14 0.0 $flash ready A 0 0 14 0.0 $dbg wait A 0 0 10 0.0 main wait A 15 55 93353 43.2 LP-I2C wait A 0 0 0 0.0 LP-Assist wait A 0 0 0 0.0 LP-FCopy wait A 0 0 0 0.0 LP-VPLS-Offld wait A 0 0 0 0.0 LP-OF-Offld wait A 0 0 0 0.0 LP-TM-Offld wait A 0 0 0 0.0 LP-IKE wait A 0 0 6 0.0 LP-Stats wait A 118 2 396 0.0 LP-IPC ready A 62 16 320363 55.5 LP-TX-Pak ready A 121 0 487 0.0 LP-RX-Pak ready A 121 10 6581 0.5 LP-SYS-Mon wait A 102 0 8 0.0 LP-RTD-Mon wait A 57 0 46 0.0 LP-Console wait A 0 0 0 0.0 SLOT #: LP CPU UTILIZATION in %: in 1 second: in 5 seconds: in 60 seconds: in 300 seconds: 1: 92 98 99 99 2: 93 98 99 99 3: 99 99 99 99 4: 99 99 99 99 5: 99 99 99 99 16: 95 99 99 99 [link] [comments]  |
| Help buying the right fiber optic cable + gbic module. Posted: 02 Jul 2018 01:21 PM PDT Hi all. I have a HP Procurve 2824 J4903A that has 4 mini-GBIC ports. Also the following nic, Dual Port Gigabit Ethernet Fiber LC SW 850nm PCI-e x4 (Sun p/n: 371-0904-03). Could you please tell me compatible gbic modules for the switch and also what kind of cable I need to connect the nic and the switch? Thanks in advance. [link] [comments]  |
| Opengear - how to create an ipsec vpn when there's no "inside" network to use as left side. Posted: 02 Jul 2018 01:19 PM PDT I'm using an opengear box for out of band management at a remote location, and to provide cellular passthrough to the remote location ASA. eth0 is connected to the public Internet, and has a corresponding IP address. Eth1 is used for the passthrough connection to the ASA. I'd like to be able to send syslog messages from the opengear box to my internal syslog server. I figured all I need to do is to create an ipsec VPN from the opengear's wired Internet interface to an ASA at one of my datacenters. The problem is that I'd need an IP address that's on the opengear box to serve as the "left" side subnet (interesting traffic in ASA parlance). I can't use the public wired IP address, and I can't use the cellular IP, and I can't use the dummy IP assigned to eth1 as part of the passthrough process. Opengear support confirms that the dummy IP address assigned to eth1 is not usable, but is trying to tell me I can use the eth0 (wired Internet) IP which would make the left side subnet the same as the ipsec endpoint IP address. That isn't going to work (is it?) Anyone ever set up an ipsec tunnel in such a manner? [link] [comments]  |
| ASA5512 not pulling correct isakmp policy Posted: 02 Jul 2018 01:11 PM PDT I have a vendor that needs the tunnel to use preshare, dh group 5, aes256 sha, 28800. I have the following on my asa: crypto ikev1 policy 15 authentication pre-share encryption aes-256 hash sha group 5 lifetime 28800 still getting error recvd Group 5 cfg Group 2 I know this post was terrible for formatting, I am on mobile. I apologize [link] [comments]  |
| Posted: 02 Jul 2018 12:46 PM PDT I have HP/Aruba 2920 switches on my network. The main switch is one of these 2920s and I want it to do internal routing amongst VLANs. Let's say it's IP is 10.0.0.2 for this switch on VLAN 1. My internet router/gateway is 10.0.0.1. I have several VLANs - 10.0.1.1/24 10.0.2.1/24, etc. On the switch, I have to set the default gateway as 10.0.0.1 (the router) for it to save the config. I want the default gateway for each VLANs to be the switch itself so that if the router blows up it'll still route everything fine internally. As it is now, if the router is taken down, I can't connect across VLANs. Is this possible? [link] [comments]  |
| Posted: 02 Jul 2018 11:32 AM PDT Does anyone else use Sonicwall GMS to generate automated firewall reports? We used them at our company and on the reports we have your basic network categories such has top data usage by IP, but other categories are less clear what they are actually reporting and when I spoke to sonicwall and asked for a list of category definitions they told me they don't have any. Anyone experienced with GMS reports? [link] [comments]  |
| Problem with VMs connecting via Cisco Nexus 5548UP. Posted: 02 Jul 2018 11:23 AM PDT I am having an odd issue with some ESX VMs connected to a Nexus switch. Here's a simple breakdown of what's happening: Host A - has a virtual switch with it's physical NIC connected to Switch A. Switch A is connected to the rest of the network. Host B - has a identically named virtual switch, with it's physical NIC connected to Switch B (the nexus 5548up). Switch B is connected to Switch A for it's connection to the rest of the network. While the VM is on Host A, all is fine, everything works as expected. If I move the VM to Host B, I can still ping everything I can think of (internal and internet address alike), I can access most things, but some things will not communicate. For example I can connect to some servers via port 443, but others I can't. With the VM on HostB (and on the Nexus switch) I can access our internal sharepoint (which uses https), but I can't access the vSphere web client on any of the ESX hosts, yet I can access it on vcenter. Once signed into vCenter through the VM on HostB, I can for example browse the datastores, but I can't download any files from the datastores. Yet if I migrate the VM back to HostA (using Switch A) everything works perfectly fine. I can't find anything wrong with the config, there is no internal firewall at play. The only difference between the 2 hosts is HostB has it's virtual switch connected to the Nexus, which connects to switch A. Where as Host A connects directly to switch A. Has anyone had this (or similar) issue before? Any suggestions? [link] [comments]  |
| 802.1x User Auth but only on Domain Workstations Posted: 02 Jul 2018 10:59 AM PDT I'm looking at putting 802.1x into our Access Layer and we specifically want to use User Auth for connections. It's gonna work in conjunction with a visibility tool. So far we are only using Windows NPS. But what I am realizing is that any user can just bring a device in and use their credentials to authenticate to the switch. Not exactly what I want. I'd like authentications to only be successful when done from a client that is on our domain. What kind of configuration am I looking for? Cert-based maybe? [link] [comments]  |
| [RARP]Can a workstation be used as a RARP Server? Posted: 02 Jul 2018 10:33 AM PDT The title explains it. When using RARP, the mapping of IP and MAC addresses are stored in a configuration file inside a host in the network; this host is called the RARP server. Could this host be a workstation, and it would store said addresses in the memory?I know this wouldn't be useful but i wan't to be sure. By the way, i know this protocol is obsolete, this is for a project. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment