Blogpost Friday! Networking

---

• Blogpost Friday!
• How my workday is going.
• Close to ripping out a Palo Alto 220 and putting the old ASA 5505 back
• Not sure if stupidity or genius
• QUIC
• Critique on my first rack job...Picture linked inside
• Timestamps
• Xrio ubm400
• System to send ISP notifications
• Grafana status for Cisco interface with Status Panel plugin?
• Network discovery tool
• ARP Broadcast Flood
• ospf redistribution and route maps help
• Fiber Patch Cable Resilience
• Router(HSRP) -> Redundant Firewall Connection
• Configuring a 10Gb switch via LAG to 1Gb switch
• Home router (ZyXEL EMG2926) listen on TCP port 263. Any tips to help me find out why?
• Let's talk VoIP phones
• Guest Wi-Fi Puzzle at Work
• Migrating Terminal Servers from 2801 to 4331
• unable to ping SVI interface
• Modem change and loss of MX connectivity
• VPN/database in Spain is slower than the government

Blogpost Friday! Posted: 26 Jul 2018 05:16 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. submitted by /u/AutoModerator [link] [comments]

How my workday is going. Posted: 27 Jul 2018 06:49 AM PDT A difference between Network Engineers and Project Managers: Project Manager: I only plan for when things go right. Network Engineer: I plan for when things go wrong. submitted by /u/Magician_Hiker [link] [comments]

Close to ripping out a Palo Alto 220 and putting the old ASA 5505 back Posted: 27 Jul 2018 02:28 PM PDT This is a small remote office but their SIP phones have been down for over a week now after replacing the ASA with the Palo Alto. I've spent hours on the phone with Palo Alto, Cisco TAC, and the provider but no solution. I'm pretty close to throwing in the towel at this point. I'm pretty sure the problem is with Palo Alto's shitty SIP ALG. Our Cisco CME is behind the Palo with the Palo doing the NATting. I've tried all the usual like doing an application override. Bi-directional NAT, ALG off and on etc and nothing works. Where we are at the moment. With ALG disabled: Outbound calls working fine Inbound calls fail as the SIP PRACK packet the provider sends is being sent to the Call Manager's internal/Pre-NAT address - so the packets never reach our firewall interface With ALG enabled: Outbound calls fail Inbound calls fail - this time the SIP PRACK packets are hitting the Palo Alto - but for some reason the Palo is dropping them. Anyone come across something similar before? submitted by /u/SlurmStyle [link] [comments]

Not sure if stupidity or genius Posted: 27 Jul 2018 09:31 AM PDT I discovered that a customer's entire network camera system is using the IP scheme 169.254.x.y.. It's a big site with probably over 100 cameras plus the video servers. I'm assuming that the installer used the default no connection IP when they connected the server since there's no DHCP. Even the cameras have a default 192 IP, so they would have been hardcoded each camera that way too. Sure, if someone plugs into the network, they're not going to realize that they could potentially connect to and access any of the cameras or servers but I would think this could potentially cause random network issues for the cameras. If a device is connected, it could assign itself to any of the used IP addresses and cause a dupe IP issue. I've never seen this assignment anywhere else, so surely this can't be something that's regularly done. submitted by /u/hulkwillsmashu [link] [comments]

QUIC Posted: 27 Jul 2018 02:20 AM PDT QUIC uses udp 80/443 What do you guys think about this protocol ? i checked that this behaviour is invoked once a user is using chrome, and go into any services that belongs to google The same on IE, it then runs on TCP via the nomal handshakes and data transmission.. I wonder how google measure those traffic in their peer links and steer away once they detect traffic is deteoriating any thoughts ? submitted by /u/virgiliohtc [link] [comments]

Critique on my first rack job...Picture linked inside Posted: 27 Jul 2018 01:57 PM PDT Did my first cabling and rack (small network rack for a lab) job, and I'd like some critique on the work that I did. I did my best with what I had, but I look at this picture often and think I could've done better. https://i.imgur.com/EmLRyQV.jpg submitted by /u/LoganLlama [link] [comments]

Timestamps Posted: 27 Jul 2018 08:53 AM PDT I have network devices all around the world. We use different time zones for each, which seems to make troubleshooting difficult. I'm tempted to switch everything to UTC to simplify troubleshooting so I don't have to constantly try do time zone math in my head. What does your organization do when it comes to timestamps, and do you do a single timestamp worldwide? submitted by /u/InternetPersonv6 [link] [comments]

Xrio ubm400 Posted: 27 Jul 2018 02:37 PM PDT Anyone configured one or got a basic manual on the setup of one. I need to setup 3 ports one lan and two wan load balancing. submitted by /u/terrybradford [link] [comments]

System to send ISP notifications Posted: 27 Jul 2018 09:24 AM PDT We provide regional ISP services to school districts. Looking to set up a notification listserv/notification system to notify clients of maintenance/downtime/etc. We have a few backup links from which we could send notifications in the event of emergency downtime. Is a plain listserv configured to use backup links still the go-to for this? Something else? submitted by /u/austindcc [link] [comments]

Grafana status for Cisco interface with Status Panel plugin? Posted: 27 Jul 2018 10:01 AM PDT I'm trying to find the best way to get a status for when a Cisco switch is offline from the network. I'm trying to use the field of ifOperStatus so when the interface is offline it goes red, green for when its online. I'm using Grafana/InfluxDB/Telegraf for my stack. Anyone else doing this and can share how to get it working? below is my conf file in the telegraf.d folder. [[inputs.snmp]] agents = [ "10.10.10.10" ] version = 2 community = "SNMP-READ" interval = "60s" timeout = "10s" retries = 3 [[inputs.snmp.field]] name = "hostname" oid = "RFC1213-MIB::sysName.0" is_tag = true [[inputs.snmp.field]] name = "uptime" oid = "DISMAN-EXPRESSION-MIB::sysUpTimeInstance" IF-MIB::ifTable contains counters on input and output traffic as well as errors and discards. [[inputs.snmp.table]] name = "interface" inherit_tags = [ "hostname" ] oid = "IF-MIB::ifTable" Interface tag - used to identify interface in metrics database [[inputs.snmp.table.field]] name = "ifDescr" oid = "IF-MIB::ifDescr" is_tag = true IF-MIB::ifXTable contains newer High Capacity (HC) counters that do not overflow as fast for a few of the ifTable counters [[inputs.snmp.table]] name = "interface" inherit_tags = [ "hostname" ] oid = "IF-MIB::ifXTable" Interface tag - used to identify interface in metrics database [[inputs.snmp.table.field]] name = "ifDescr" oid = "IF-MIB::ifDescr" is_tag = true EtherLike-MIB::dot3StatsTable contains detailed ethernet-level information about what kind of errors have been logged on an interface (such as FCS error, frame too long, etc) [[inputs.snmp.table]] name = "interface" inherit_tags = [ "hostname" ] oid = "EtherLike-MIB::dot3StatsTable" Interface tag - used to identify interface in metrics database [[inputs.snmp.table.field]] name = "ifDescr" oid = "IF-MIB::ifDescr" is_tag = true submitted by /u/zannic32 [link] [comments]

Network discovery tool Posted: 27 Jul 2018 08:36 AM PDT Does anyone have a recommendation for a good network discovery tool? We'd like it to produce a network diagram and run various commands along the lines of show run, show clock, show cdp etc. We've tried Solarwinds network topology mapper which was pretty decent, but before I go ahead and bite the bullet, i'd like to test some alternatives. submitted by /u/Work-Xlate-Scotch [link] [comments]

ARP Broadcast Flood Posted: 27 Jul 2018 08:52 AM PDT I have a bit of a unique issue on our network that is starting to stretch beyond my skillet to diagnose further. Wondering if anyone has any ideas? We have two stacks of Cisco 3500 switches on both ends of our manufacturing plant. We have several vLANS configured, but the two primary vLANs that get used are called OFFICE and PLC. OFFICE has around 60 WYSE thin clients and label printers working on it and PLC has around 70 various makes of PLC's connected to individual pieces of manufacturing equipment. This configuration has been working fine over the last year that it is in place, and network utilization is extremely low. Over the last month we have had a peculiar issue pop up with five pieces of manufacturing equipment that have Rockwell 5500 PLCs in them. Every 7-10 days an event is occurring that is impacting the communication from PLC to PLC within each of these 5 machines forcing them to crash. The equipment as a whole does not drop from the network, but the communication internal to the machine is impacted. What is further interesting is that it impacts all 5 of these pieces of equipment at the same time but nothing else running on the floor. There is no disruption whatsoever to other pieces of manufacturing equipped with PLCs or the PC/printers. These issues also do not occur if these 5 pieces of equipment are disconnected from the primary network. I was able to catch the last crash with WireShark and saw that in a 2 second stretch before the crash our Cisco switch sent out a storm of thousands of ARP Broadcasts looking for 3 IP addresses on the PLC vLAN. During normal traffic patterns we are seeing 5-6 ARP requests per 3 seconds. This flood of requests seems to be enough to impact these particular PLC's throwing them out of sync with each other and crashing the machine. Thus far I have tried: Enabling Storm Control on the Ethernet port these devices are plugged into. a. I set the threshold at 5% and the event didn't trip it. I searched the floor and found that two of the pieces of equipment had been plugged into ports configured for the OFFICE vlan instead of the PLC vlan. a. Can this generate the flood of ARP requests we saw? i. Our plant floor is fairly dynamic so pieces of equipment move in and out of lines at any time 24/7. b. There hasn't been a crash since making this change, but it has only been a couple of days. I have Wireshark still running and am hoping to catch another event when it occurs. Does anyone have any other thoughts on what might be going on or where I could look next? submitted by /u/BoMax76 [link] [comments]

ospf redistribution and route maps help Posted: 27 Jul 2018 10:41 AM PDT I'm reading up on this and i THINK i know what it does but not quite sure as how to implement it. So here's my scenario, i have an old core with a new core (hp) hooked up for testing. they're sharing routes via ospf, thru one ethernet port. old core has a default/internet route of 172.16.1.1, which new core is not picking up. i create the default static route, do 'router ospf', do 'redistribute static', then nothing changes. can anyone help? from the examples i've seen i think i need to put a route-map in and a prefix-list in. thanks again for your help. i've been posting a lot lately and you've all been very helpful. it sure is a lot better than reading articles, old forums, etc. i know im not great at this networking stuff but i'm trying. submitted by /u/d3adbor3d2 [link] [comments]

Fiber Patch Cable Resilience Posted: 27 Jul 2018 11:46 AM PDT We are getting ready to move from copper to fiber between our ASA and core. The issue that I am seeing, is that the cabinet in which the ASAs are mounted in are rather tight. When closing the door, the fiber cables would bend slightly. We could secure them so that the door wouldn't touch them, but it would result in a slight bend ( maybe around 25 or 30 degrees). I dont know much about fiber cables, but I don't figure having a door hit them repeatedly is good for them. We dont really have an option to get a different cabinet at this time. Is the fiber resilient enough to handle a constant, slight bend? submitted by /u/Kveak [link] [comments]

Router(HSRP) -> Redundant Firewall Connection Posted: 27 Jul 2018 08:14 AM PDT We are currently evaluating a design which will implement to redundant routers(A - Primary & B - Backup) that are currently using HSRP with two redundant firewalls(FA- Primary & FB - Backup). So the design is roughly the following: A -> FA B -> FB A & B are interconnected FA & FB are interconnected The firewalls are going to be in routing mode and will be sitting between 3 different subnets. After a lot of research it sounds like its best practice to have an L2 switch between the firewalls and routers. My question is if this design is practical or achievable. I'm worried that having two directly connected L3 devices(routers and firewalls) will have adverse consequences whiles using HSRP. However I don't have enough networking expertise to dissect this and I haven't been able to find enough information on this specific design. Any help would be appreciated. Thank you submitted by /u/Cwolf10 [link] [comments]

Configuring a 10Gb switch via LAG to 1Gb switch Posted: 27 Jul 2018 11:05 AM PDT hello. Our business has a Netgear XS716T 10Gb switch and a Ubiquiti 150W PoE 1Gb switch. I need to connect 4 ports via LAG to each for the CEO. On the GUI for the XS716T there (3) options via the documentation: 100Mb, 10Gb, Auto. I think the documentation could be missing the 1Gb option (you have to manually type it in on the GUI, not select the speed from a dropdown)....but it's definitely not in there. I know I can only link similar speed ports via LAG so I need to manually enter 1Gb for the Netgear side. Is it possible that I can keep it on Auto even when configuring them as part of a LAG? it would sense the fastest speed on the other side is set to 1Gb??? The lack of documentation about 1Gb manual setting is making me cautious. Just wondering if ANY manufacturer can be set to Auto for such purposes or does it ALWAYS have to be inputted manually. i appreciate any help. i just know my way around to be dangerous. submitted by /u/lokivonloki [link] [comments]

Home router (ZyXEL EMG2926) listen on TCP port 263. Any tips to help me find out why? Posted: 27 Jul 2018 10:55 AM PDT I'm currently playing with Python network coding and I created a very simple scripts to port scan my home router. I noticed TCP/263 is open (lan side) and I can telnet to it. When I hit enter the router sends me back some bytes... I have to evolve my script a bit to read those bytes. Searching the web, I found out TCP/263 is used by HDAP (High-Availability Directory Access Protocol) which is odd. I suspect a backdoor or some suspicious things is going on. Is there any tools or guidelines that could help me investigate this mysterious open port? submitted by /u/SalsaForte [link] [comments]

Let's talk VoIP phones Posted: 27 Jul 2018 12:13 AM PDT Hey r/networking! Those of you with voip experience, voip phones them selves, who do you love and who do you hate in terms of manufactures? The good, the bad, and the ugly, what makes you hate/love certain brands? submitted by /u/krys2015 [link] [comments]

Guest Wi-Fi Puzzle at Work Posted: 27 Jul 2018 07:32 AM PDT We're a small MSP that services small and medium sized businesses, so we're not necessarily pushing out the high-end enterprise grade hardware. I mean we do deploy Cisco ASAs, PoE managed switches, APs, etc. but at the same time we also typically just use the ISP Gateway or a SOHO Router as the main router for our customers' networks. My coworker has given me an interesting Networking puzzle that I'm not quite sure how to resolve. So typically we deploy something like this: ISP Modem/Router/Gateway > Cisco ASA > Switches and WAPs > Workstations and VoIP phones However we're wanting to implement a Guest Network functionality. With the typical SOHO router, you can just turn on Guest Network functionality and it's no problem, works fine. However the problem is that, most of the time, A) The SOHO router is too far away to be effective as the Guest WiFi WAP and B) The Cisco WAPs we deploy don't segregate Guest clients from the rest of the LAN, so theoretically anyone who's on the Guest WiFi has full access to the LAN, which we don't want. The Cisco WAPs do have a Guest Portal where guest users would have to log in, but this still doesn't actually segregate users from the rest of the LAN. AFAIK this is because the WAPs are just APs not routers, which is what we need. So the idea was to add a second SOHO router to the existing aforementioned config, connected to one of the switches, which would function as the "Guest WiFi router", which we could then connect more WAPs to if needed. However the problem here is that, even if we put this Guest WiFi Router on a different subnet than the LAN, Guest clients still have access to the LAN because the WAN Port on the router is just connected to the LAN switch and not the ISP Modem/Gateway. So is there a way that we can have a separate Guest WiFi Router that will allow traffic to pass through to the Internet, but will restrict access to the company's LAN? I was thinking it would have to be done with via some sort of Firewall rules or maybe VLANs but neither me or my coworker are quite sure if that would work. If anyone has any suggestions in this regard it would be much appreciated :) submitted by /u/muwaahid [link] [comments]

Migrating Terminal Servers from 2801 to 4331 Posted: 27 Jul 2018 07:27 AM PDT Hi all, We are planning to migrate our terminal servers from model 2801 to 4331 - can you advise please if there is anything configuration-wise that we need to take care of? Thank you. submitted by /u/NetworkMan2018 [link] [comments]

unable to ping SVI interface Posted: 26 Jul 2018 07:47 PM PDT what am i missing here? im trying to set up a portchannel to an exisiting 6800vss switch for a vmware server - created vlan99, SVI interface 99, port-channel 99 and added the interfaces to the port-channel, but still i cant ping 10.1.99.1. Is it a EIGRP routing issue ? it almost seems like the 99.1 range doesn't go into the routing protocol ? all the other vlans work fine (77.1, 88.1 ect) Show commands below Current config • router eigrp 100 network 10.0.0.0 • vlan 99 name DATA • interface Port-channel99 switchport switchport mode trunk switchport nonegotiate end • interface TenGigabitEthernet2/1/14 description DATA switchport switchport mode trunk switchport nonegotiate channel-group 99 mode on • interface TenGigabitEthernet1/1/14 description DATA switchport switchport mode trunk switchport nonegotiate channel-group 99 mode on • interface vlan99 description Data ip address 10.1.99.1 255.255.255.0 no ip redirects ip directed-broadcast ip pim sparse-dense-mode end • MY OUTPUTS sh ip route 10.1.99.1 % Subnet not in table • show etherchannel 9 Po99(SD) - Te1/1/14(D) Te2/1/14(D) • Port-channel99 unassigned YES unset down down Te1/1/14 unassigned YES unset down down • Te2/1/14 unassigned YES unset down down • show arp Internet 10.1.99.1 - 00c1.64a0.00c0 ARPA Vlan99 submitted by /u/hvcool123 [link] [comments]

Modem change and loss of MX connectivity Posted: 26 Jul 2018 05:13 PM PDT We are a super small rural school district and I am super green. We changed modems from Comcast to Century Link. It cut off our Meraki firewall. This is a screenshot from my test office network. If I leave NAT and DHCP on, on the modem then the Meraki works. If I turn off NAT and DHCP at the modem, since the MX does that, the internet dies. I tried putting the modem in transparency mode with a variety of VLANs. I was hoping to get away with the default vlan. I would be super grateful for any advice or help you have to offer. https://imgur.com/a/nNwmZdK https://imgur.com/a/Q2MmJga submitted by /u/M3atmast3r [link] [comments]

VPN/database in Spain is slower than the government Posted: 27 Jul 2018 08:15 AM PDT Hey friends, my background is BSEE and i work with an american company, i also have a fundamental understanding of how networking systems behave. We have a primary office in Spain that we must obtain historical documents (PDFs) from in order to do a lot of our work. The documents originated in Spain many years ago. We use a laptop here in the US which the IT team in Spain must set up as if someone working in Spain is using it, so it's on Spain time, and uses their OS enterprise licenses, etc with their VPN. When we connect to their database it's absurd how long everything takes to do anything. Is this a normal behavior for overseas VPN? Is spain a particularly poorly connected country? What could we do to improve the system? Sometimes searching their database can take 4 hours to find parts or download small to medium size PDFs, with the added problem of an automatic 4 hour timeout, making some tasks to find documents nearly 2 days worth of work. We have fiber to the building and 50u/50d connections per computer here in the US at my office. submitted by /u/MisquoteMosquito [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States