Cisco just bought Duo for $2.35 billion Networking |
- Cisco just bought Duo for $2.35 billion
- Looking for a good resource for a non-beginner, non-intermediate guy that teaches networking from beginner to advanced.
- Using my mtp breakout cables.
- Can anyone identify what type of racks these are?
- Fiber question
- What am I missing or what is this vendor missing?
- Got my first network engineer gig, looking for advice!
- DNS question: What resource records are valid responses to a NS query?
- Multi-site with Comcast as ISP
- HP ProCurve 2824 Advice
- Issues with isolating Docker containers on a Synology NAS
- EPLAN - How is it supposed to work?
- Help please - WAN latency goes nuts as soon as anything uploads.
- Anyone using Ubiquiti APs anywhere in their network? If so, do you like it?
- When connected to any switch port, DHCP can get addresses from two different VLANs
- Cisco OfficeExtend Alternatives (teleworker AP)
- Anyone dealt with fax issues on AT&T IP Flex with an EdgeMarc managed router?
- Experience with Granite Telecommunications as a DIA Provider?
- Ping Monitoring using 2 NIC cards on same Device
- How to get Internet in remot(ish) locations?
- Is my 5512 acting weird or am I?
- Cisco ISE issue. Won't authenticate Console logins
- Advice on outdoor fibre installation
- If you expect to find "x network" in this location, go ahead and connect....
| Cisco just bought Duo for $2.35 billion Posted: 02 Aug 2018 05:15 AM PDT So now maybe we'll get a better 2FA experience with them and Anyconnect? Training my users to type "push" or "phone" in a 3rd password field has been a bit difficult. [link] [comments]  |
| Posted: 02 Aug 2018 01:10 PM PDT I'm a programmer, C, C++, Assembly and all the rest, Python etc but mostly concentrated on game stuff and so have learned some networking basics but have recently wanted to really learn in depth from the top down about networking, what all the terms mean, subnets, gateways etc. I underestimated just how insanely complicated this subject can get and how many branches there are to it. As a result tracking down a good book or video series that covers everything is tough. So far I've found a decent "ethical hacking" course but it makes a lot of assumptions about what I know. Since I never focused solely on networking I've picked terms up over the years so I'm not a complete beginner but I'm not solidly intermediate either, I'm in a weird position. I just want to learn what the hell all my network settings mean, where my connection goes when I go online etc. Then once I have that down start to learn about TCP/IP and any other protocols so I know what's going on on a low level similar to how I started programming with C then that helped me learn Assembly easier. I know this probably gets asked a million times but every time I search for past questions I get bogged down in various different specifics of networking that I know nothing about and so it gets overwhelming so I'm just curious if there are any good sets of books / courses / videos / Youtube channels for me to learn from the basics to advanced? Even if it's just lectures on some college Youtube channel it'd be great. I'd very much appreciate it. I'm sick of using networking tools and not understanding what they're doing exactly. If something goes wrong I'd prefer to know what I'm doing so I can fix it myself. Most of these networking video courses just teach you a list of tools to remember and I'm sitting there waiting for an explanation of what it does and why it works and it NEVER comes. So before this gets any longer I'll stop. Any help would be appreciated. [link] [comments]  |
| Posted: 02 Aug 2018 01:44 PM PDT I already have some mtp-lc breakout cables in my walls going to 10 gigabit edge switches. I would like to reuse them to connect to my main switch with LC connectors, so I need something. Nothing I have tried has worked. I tried a cassette. That didn't work. I asked the people at fs.com and they recommended a up-up coupler to go with another breakout cable and that's not working. Can someone help me? [link] [comments]  |
| Can anyone identify what type of racks these are? Posted: 02 Aug 2018 04:37 PM PDT Pics in post. I purchased these at auction for very cheap, the racks were 5$ each. They are not familiar to me with my limited time in datacenters. They also have solid steel bases, sides and are very very heavy. 50+kg. They have an odd hinged section on the lower part. Is it for shallow servers/networking equipment? Or possibly AV devices? Bonus question does anyone have any familiarity with nas infrastructure. They each have 2 14tb Raid5 Arrays as far as I can tell. I think they all link need to interlink together? https://www.open-e.com/products/data-storage-software-v7/ This is the software, but I can't find any diagrams as to how they might go together. If anyone knows of any good resources to learn how to operate them, I'd greatly appreciate it!!!! [link] [comments]  |
| Posted: 02 Aug 2018 12:48 PM PDT Can someone take a look at this and tell me if it's acceptable to keep fiber like this? [link] [comments]  |
| What am I missing or what is this vendor missing? Posted: 02 Aug 2018 04:10 PM PDT I'm not here to rip a vendor, I just want to make sure that I'm not missing anything obvious. The company I work for is having a vending machine installed that requires a connection to the internet to send inventory numbers back to the home office. I plan on putting this device in its own VLAN with rules blocking access to other subnets/devices. The vendor stated that all they need access to is http and https (obviously 80 and 443). We are not a large enterprise and we have never blocked outbound connections, however, I'm trying to change that as changes are made. Their vending machine is only sending data out, meaning, it isn't a web server that needs access coming in on 80 and 443 that you'd see with your traditional web server. I don't want to block all ports, outbound, except 80 and 443, since the port number that their vending machine will use to establish an outbound connection will be random and will never be 80 and 443. What am I missing here? [link] [comments]  |
| Got my first network engineer gig, looking for advice! Posted: 02 Aug 2018 07:52 AM PDT Got my first network engineer gig. Start in a few weeks. Coming over from software engineering and an electrical engineering background. Ill be the only in-house engineer, currently have all their faith in an MSP, they're trying to cut that dependancy over time and its on me. Any advice would be appreciated... which questions I should ask, tips n tricks? Kicked ass in the interview, got a CCNA, but I still feel a bit underqualified. Ready for the challenge though, thanks in advance! [link] [comments]  |
| DNS question: What resource records are valid responses to a NS query? Posted: 02 Aug 2018 09:59 AM PDT Our Server 2008 R2 DNS server is logging errors claiming that replies to certain DNS queries contain invalid domain names. I've captured the queries and replies in wireshark, and the domain in the reply is valid, and identical to the domain in the query. However, what I have noticed is that the reply contains only an A record - no NS record. Is this what's causing DNS to complain? [link] [comments]  |
| Multi-site with Comcast as ISP Posted: 02 Aug 2018 04:43 PM PDT We have three sites, each with Comcast EDI (Fiber). I'm told that traffic never actually hits the public open internet and latency should be quicker. Is this always the case? Or are there times where it's possible that it will hit public internet momentarily? I've ran traceroute and each time it seems to always stay within Comcast network. I'm trying to get an understanding of how ISPs route traffic. [link] [comments]  |
| Posted: 02 Aug 2018 04:28 AM PDT Hi everyone, Long time lurker, have a question about my ProCurve 2824. I know it's old, but I got it for $50 and it was one of the cheapest gigabit managed switches I had seen after about 1 month and a half of searching. Is there a possibility I can update it to a third party operating system? I can only access the one that HP makes through Internet Explorer due to it using specific Java plugins that many newer browsers like Chrome or Firefox no longer support (I'm a GUI person, I know). Any advice on how I can get the most out of it? Thanks guys! [link] [comments]  |
| Issues with isolating Docker containers on a Synology NAS Posted: 02 Aug 2018 02:36 AM PDT I'm having some difficulty isolating a few Docker containers I have running on a Synology NAS. The way DSM starts and manages the Docker daemon seems to be slightly different than a standard installation, and all troubleshooting steps I've tried so far have failed. Quick explanation of the environment:
The issue I'm having is that both of those containers have access to all of the ports running on the Synology NAS, including non-Docker ports (by simply visiting the container's own gateway IP, followed by the port of a service running on the NAS). In addition, the containers are able to reach the gateway IP's of the Docker network they are not mapped to, despite being on separate subnets. For instance, Container A has a service running on port 8080. Container A is on the 172.18.0.0/16 subnet. If I try to access 172.18.0.1:8080 from Container B, which is on the 172.19.0.0/16 subnet, I am able to do so. However, I can't access Container A directly via it's own IP address from Container B - Container A is only exposed via it's gateway IP and port. I don't want either of the containers to communicate with anything but the Internet. I still want to allow incoming connections to ports open on those containers, so long as those connections originate from outside of the Synology NAS (and as such must pass through the inbound firewall rules I have in place). To summarize, I want to make sure:
I've tried adding iptables rules to the DOCKER and DOCKER-ISOLATION chains, but they seem to be disregarded entirely. According to Docker's documentation, there's supposed to be a DOCKER-USER chain, which should be created as long as dockerd isn't started with --iptables set to false. Looking at Synology's Docker scripts, and daemon.json, it doesn't look like it is, so the DOCKER-USER chain should be there. I'm sure there's something simple I'm missing here, but I'm just not sure what it is. I would be content with a few DROP rules with the IP's of the containers as the source, but the rules I've already tried don't work for some reason. Any help is greatly appreciated! Edit: After much trial and error, I was able to figure this out! One quirk about Synology's DSM is that persistent iptables rules must go in the GUI's rule editor. However, it only shows LAN1, LAN2, PPoE, and VPN. Which means you can essentially only create iptables rules that implicitly apply to eth0, eth1, and tun0. However, you can set an "All Interfaces" rule, which bypasses this restriction and doesn't define an interface. The downside of this is that DSM will add rules to FORWARD_FIREWALL as well as INPUT_FIREWALL. Since the rules are also applied to FORWARD_FIREWALL, when I apply my block rules, I also block the ability to access the Internet from the container IP I was blocking. The solution was to simply manually create rules that only go into the INPUT_FIREWALL chain. This way, I'm only adding rules that apply to container-to-NAS communications, and nothing else. Since DSM will overwrite rules I enter manually, I created a bash script to check if my rules already exist, and if they don't, add it to the chain. I added a triggered task to call this script on boot, and just to be safe, once every hour (just in case a DSM update clears them, or if I modify firewall rules and forget to add the rules again). This isn't a very clean solution, so I'll probably revisit this later when I have time. But for now, this will do. [link] [comments]  |
| EPLAN - How is it supposed to work? Posted: 02 Aug 2018 03:46 AM PDT I have a client transitioning from an ATT fiber connection between their two offices to one provided by charter and Comcast. This new connection is an EPLAN and I have no experience with them previously. I've been told it's a port based connection so whatever goes in one side should come out the other, including broadcast. Is this not the case? Right now I have a router with a separate network set up. If I plug the cable into a laptop I get an IP and can access the internet, everything works. If I plug that same cable into the EPLAN they get nothing on the other side - can't even ping the interface of the router. We've tried testing it by just plugging the EPLAN into the main switch. Also just tried a single computer plugged in to the other end with a static IP and couldn't ping the interface of the router which is connected directly to the other side. Nothing we have done has been able to even get a ping across the EPLAN. The other side is just a small office with a switch and some computers and do not have a separate internet connection, they will be using the main location's internet. I've had a couple charter techs say it should work the way it is set up. I've had another charter tech now tell me both sides have to have a router.... Been waiting on charter support to verify the EPLAN for a couple days now, seems they have found a couple problems but it still doesn't work. The last mile being Comcast has really thrown a wrench in everything. Anyway, any help appreciated. Edit: reworded a part to add in the bit about the internet. Edit2: added the bit about testing. [link] [comments]  |
| Help please - WAN latency goes nuts as soon as anything uploads. Posted: 02 Aug 2018 01:29 PM PDT Hi All, If anyone can give me some ideas/advice on the below, I would be very appreciative. I have taken over looking after a customer with about 30 PCs on their LAN. They connect via a Sophos UTM (SG210) to a virgin media service (50/5MBit). I have found that the latency when pinging 8.8.8.8 from the LAN is normal (say 25ms) when there is no outbound traffic. As soon as any data starts leaving the LAN, the latency will jump up to well over 250ms. I tested the same from my LAN (we use Mikrotik firewalls), and found that even when I saturate my WAN connection outbound (with a speedtest), my pingtimes are still reasonable. I have no idea why this would be…today, in the QOS settings, I defined the outbound maximum bandwidth as 4.3Mbit to see if that makes a difference, and it doesn't. Thanks in advance for any assistance. [link] [comments]  |
| Anyone using Ubiquiti APs anywhere in their network? If so, do you like it? Posted: 02 Aug 2018 01:26 PM PDT |
| When connected to any switch port, DHCP can get addresses from two different VLANs Posted: 02 Aug 2018 01:21 PM PDT I've been managing a small network and the main devices include a Meraki MX84 as our router/firewall and two Cisco SG500 switches in stacked mode. The MX84 is our DHCP server for all VLANs on the network. The network only uses one VLAN for all devices, but I'm attempting to add a new VLAN that is entirely segmented from the other VLAN for lab and testing purposes. Let's say my main VLAN is VLAN 1 and the one I just made is VLAN 2. The MX84 runs a DHCP server for both. I have two ports on the MX84 that connect to each SG500 and only allow VLAN 1. I have another port on the MX84 that connects to a switch and only allows VLAN 2. Subsequently, I have 7 ports on a SG500 where the default VLAN is 2. All other ports are VLAN 1. The problem I'm having is that if I connect to the switch, it can grab a DHCP address from either the VLAN 1 subnet or VLAN 2 subnet, no matter what port I plug it into. This is a major issue because in my MX84, I have blocked traffic between VLAN 1 and VLAN 2. For the record, all ports on the both switches are configured as trunk ports. Is this the issue? Minus the ports that connect to the MX84, do the ports need to be access ports? We have another corporate network I've worked on that is configured a similar way with no issues (unless I got lucky). [link] [comments]  |
| Cisco OfficeExtend Alternatives (teleworker AP) Posted: 02 Aug 2018 12:01 PM PDT I'm currently looking for a solution for remote workers/groups like the Cisco OfficeExtend AP's, where we could give the group a preconfigured AP, and they simply go to their home or remote site, plug it into the internet and have all their corporate WLANs come up with VPN tunnels back to the office. The Cisco solution seems pretty good, except for two things:
Anyone have any other suggestions for this type of solution, that would allow wireless connectivity and support logging into captive portals? Thanks! [link] [comments]  |
| Anyone dealt with fax issues on AT&T IP Flex with an EdgeMarc managed router? Posted: 02 Aug 2018 11:48 AM PDT Last night I switched from an old (slower) IP Flex circuit to a new (faster) one. As part of the change the managed router went from a Cisco 2900 series to an EdgeMarc 4808. I'm now having faxing issue, primarily with reviving inbound faxes but outbound is less reliable (more attempts needed to connect). Prior to this change, I had 6 years combined of pretty much no issues on the old circuit and the circuit prior to that (both used same managed Cisco 2900 router) Physical connection wise, it's a somewhat unusual setup with a PRI conversion in the middle: AT&T Fiber into EdgeMarc 4808. PRI handoff out of 4808 to PRI interface on my Cisco 2851, and then GigE out of 2851 into the voice VLAN where the phone system sits (it's the fax server as well). I'm using g711ulaw on my end, ATT takes whatever I negotiate with, but they default to g729 first. Fax relay is enabled on my 2851 with fallback as pass-through g711ulaw. Engineer said my inbound test faxes start as g729 the re-invite to g711. He also said he's seeing it switch to T.38 on his router, but I never see that on my router for an inbound fax. When I outbound fax, I see g711ulaw and then switch to T.38 14400 What I am seeing on the surface is an inbound fax attempts comes in and it's picked up by the phone system, codec is g711ulaw. Your usual fax noises start from the fax server subsystem of the phone system and when I record the call, I hear them, but the call just stays like that. Eventually the sending fax machine quits and goes into retry. It seems like the sending machine isn't hearing tones properly and starting to send. I have my VAR involved who provided support on the phone system (Genesys PureConnect, formerly Interactive Intelligence CIC) to help nail down in the logs what's going on. Wondering if anyone has dealt with something like this where it's possible there is something specific to EdgeMarc routers that needs to be done different vs. the Cisco router AT&T used on the old circuits. Looking for things to throw back at AT&T when I get back on with the engineer. I've also asked for an escalation to get additional eyes on it from their end. [link] [comments]  |
| Experience with Granite Telecommunications as a DIA Provider? Posted: 02 Aug 2018 07:50 AM PDT For a new retail site the only provider the landlord will realistically allow us to use is Granite Telecommunications' Granite Grid. I've never heard of them and I'm wondering if anyone has experiences, good or bad, with this provider? We plan to just buy Dedicated Internet Access (DIA) from them, but I'm curious about experiences in general as well since they offer a range of MSP-like services as well. From what I can tell they are just providing fractional reselling of a larger fiber DIA from the local telco (Verizon) split among tenants. Their sales folks were not at all technically knowledgeable about the product, though I have an engineering call scheduled to try and get more details. It worries me that they are talking about connecting our new-construction detached building with a single Cat6 line into the main mall building and the sales folks thought that was totally normal. The only docs about Granite Grid online look like sales and marketing materials with no technical data and that compare it to DSL and DOCSIS rather than other enterprise or medium business providers of DIA and MPLS. Glassdoor and other employee reviews are pretty mixed, and are mostly for sales positions rather than for network engineers and technical folks. Typically we use Verizon or Lumos DIA at retail sites, and this feels nothing like buying from them so far. Thanks! [link] [comments]  |
| Ping Monitoring using 2 NIC cards on same Device Posted: 02 Aug 2018 10:25 AM PDT Hello, I need to monitor packet loss to the internet. I want to put a computer with two Network cards, one connected to the internal network and the other one connected directly to the modem bypassing the firewall. Is there a pinging tool that would let me run two simultaneous tests on the same computer but each test using a different network card ? Thank You [link] [comments]  |
| How to get Internet in remot(ish) locations? Posted: 02 Aug 2018 09:51 AM PDT Hello All, I have a client that has warehouses they maintain (surveillance, monitoring, etc). Most of these locations are in metropolitan areas but do not have network infrastructure coming into a building. The sites themselves are large lots (10+ acres, multiple buildings) and do not have copper lines or fiber for internet. The ISP's I have spoken with will do an install for $40K++. This sounds dumb, but I know about Ubiquiti Airfiber and cheaper variants; Can I just get some antennas set up on site, and make a deal(contract) with another business/ home owner to allow up to put up an antenna and internet connection? Are their ISP that would provide me service and point it at my Antenna? From a legal aspect, If I owned a house across the street could I buy internet there and beam it across the street to the facility? How do you all handle these scenarios? [link] [comments]  |
| Is my 5512 acting weird or am I? Posted: 02 Aug 2018 09:51 AM PDT Ok, I MUST be missing something here... I have a 5512 that isn't running show env or show tech commands. Is it to do with my priviledge level? I'm inputting at the usual # prompt level and I don't even get the commands appear in the suggestions when I ? it out. Am I missing something blindingly obvious? Would appreciate the help please, it's been a long day! EDIT: I initially tried show tech and when that didn't work, I informed the TAC engineer who suggested show env, so I'm pretty sure the command is available for the device usually? [link] [comments]  |
| Cisco ISE issue. Won't authenticate Console logins Posted: 02 Aug 2018 09:39 AM PDT Good afternoon. I noticed that our switches here weren't allowing login via Tacacs through the console. I have the switch configured right login authorization console, and authenticate through ssh just fine. My ISE server is directing me toward the wrong policy set though. It missed the admin one and goes right to default (which gives me the deny shell profile). My Policy set only matches the AD group, Device location, and device type. Looking at the tacacs log for a successful ssh connection and a failed console connection it differs on the process. The ssh starts with a "Recieved TACACS+ Authorization Request - AD Source name" The Console starts with "Recieved TACACS+ Authentication Start Request" and it never gets to authorizing. If I stick the default rule to have a good shell profile, it will let me in. So I know I'm hitting the ISE server and talking fine to the identity source. The only thing I can think is that ISE sees it coming in on TTY0 or something and is interpreting that differently. I can't find anything that would indicate this though. [link] [comments]  |
| Advice on outdoor fibre installation Posted: 02 Aug 2018 09:08 AM PDT Hi r/networking, I've been asked to assist with a network installation in a rural area to provide network connectivity to 35 different buildings that are ~200m from a PoP. We are planning on installing fibre switches at the PoP and media converters w/ SFPs at each building. I've done many installations of fibre but this scenario is a bit new to me and I have some concerns about the type of fibre that needs to be used and the termination of it. In the past I've used pre-terminated cables on indoor runs. Would any kind Redditor be able to shed some light on the following:
Any other general advice you may be able to offer me? :) Thanks! [link] [comments]  |
| If you expect to find "x network" in this location, go ahead and connect.... Posted: 02 Aug 2018 08:53 AM PDT When trying to connect to our corporate network for the first time our users see this message: "Continue Connecting? If you expect to find "x network" in this location, go ahead and connect. Otherwise, it may be a different network with the same name.
We use an ACS server to authenticate users to our internal corporate network through RADIUS. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment