Rant Wednesday! Networking |
- Rant Wednesday!
- CircuitDB from Netflix
- TIL cisco brakets can be used for wall mounting.
- NetPi Plus - Raspberry Pi Based Network Analyzer
- Does anyone run pure BGP on core of network
- Cisco AnyConnect and dynamic access policies
- disadvantages of using a /23 on the internal LAN
- Pocketethernet and toner/probe tools question. Have never used either.
- Problem accessing website through a certain port on one device. SonicWall
- When you move to a Fast Ethernet (Cat5) cabled building, but you want Gigabit..
- SFP+ Modules, interoperability
- Cisco/ISE DACL Questions
- Aruba 2930F stack ring topology
- How to connect to my 3com switch's console port
- Juniper switch stack
- Network simulation curiosity
- What is your favorite Subnet Calculator?
- 4500s instead of multiple 2960x
- Logical LAN network Design
- ASN and BGP - Multihome
- Internet Outage - Possible Problems?
- Support both RADIUS username/password and MAC-based 802.1x on same network?
- VOIP - Managing 911 info
- Infrastructure Operations Learning
- Managing 2 identical access-lists (per VLAN) with FHRP
| Posted: 31 Jul 2018 05:17 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Posted: 01 Aug 2018 05:15 AM PDT https://twitter.com/dtemkin/status/1024037852622012421?s=21 I've never wanted something so bad for my job. [link] [comments]  |
| TIL cisco brakets can be used for wall mounting. Posted: 01 Aug 2018 01:16 PM PDT I've been in networking and telecommunications for a while and just today I learned you can mount the brackets fliped on the side of the switch for wall mounting. My mind was blown and I feel dumb for previously screwing rack shelves to backboards. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/hardware/installation/guide/2960_hg/higinstl.html I know it's an old 2960 but it still works on newer gear. [link] [comments]  |
| NetPi Plus - Raspberry Pi Based Network Analyzer Posted: 31 Jul 2018 09:20 PM PDT Hi folks, Just wanted to toss a very brief post that I've released the image for my Raspberry Pi 3 B+ network analyzer distro and build guide for it. Functionality includes: CDP/LLDP info, Ping/Trace/Speed tests, Wireshark, Network Diagramming, and a few pen testing tools. Preview Video: https://www.youtube.com/watch?v=YT4bwH3oYNg Build Guide: http://blamethenetwork.com/netpiplus/ Happy networking... keep the packets flowing! =] (Mods: I can put it in the blog posts sticky on Friday? if it fits better there). [link] [comments]  |
| Does anyone run pure BGP on core of network Posted: 01 Aug 2018 10:30 AM PDT First, the diagram. Above is a quick high level view of the network at the enterprise I work at. Historically the entire enterprise was run using OSPF. When I showed up they were OSPF peering to provider L3 MPLS circuits on both sides to remote sites, everything in area 0. What wasn't OSPF'd was static routed. And everything else was layer 2. There was a huge L2 domain sprawling across 2 datacenters (they're only like a mile apart so we have a ton of dark fiber between them). Our enterprise has grown quite a bit but the network never developed because of older engineers clinging to what they new. Until this year the core of the network was part of a L2 spanning ring loop that would occasionally roll and tank the entire enterprise. We're just finishing up a project that's converting the 2 datacenters to logically separate eBGP CLOS fabrics using Arista ToRs. EVPN+VXLAN overlay for physical servers and NSX for the large virtual environment. We're starting to turn our attention to the rest of the network now. This is where me and some of my colleagues have philosophical differences. We all agree that we want to run eBGP across all our circuits to our remote sites and allow them to run their own IGP on prem. This will allow us to better integrate acquired sites without a complete overhaul (something that happens often). Where we differ on is how the core and campus parts of the network should integrate with everything else. We're split about 50/50. I would like to see each functional portion of the network split off into it's own AS number and isolate IGP to that area. So on the above diagram each of the areas outlined in blue I would see as the border between BGP and whatever IGP is run in that area of the network. I would run the 2 core routers as 1 AS and then eBGP peer to each of the functional sections. One of our colleagues in particular does not like this design. Coming from a service provider background he wants us to put everything on the above diagram in a single AS, running iBGP on top of OSPF with route reflectors. The main argument I have for my design is fault isolation and organizational benefits. As well as reduced complexity (no RR, only 1 routing protocol). Mostly I'm applying the same concepts we used in the datacenter to the core of the network, using pure BGP as an IGP, separate ASs, etc.. His big argument is it's extremely standardized and he has never seen a network run eBGP internally. Any thoughts on either? Has anyone seen a network using eBGP in this fashion or am I crazy? My colleague is really big on whitepapers but it's hard to find good whitepapers that show an enterprise. Lots of whitepapers showing campus networks, or datacenters, but not a lot that I can find that show the interconnection of them all and how to design a core. [link] [comments]  |
| Cisco AnyConnect and dynamic access policies Posted: 01 Aug 2018 02:07 PM PDT I've got a dozen or so different AnyConnect profiles and need to limit access to a single profile to a handful of source addresses and networks. I was told to use dynamic access policies to accomplish this. Is there a better way? Has anyone used DAP to accomplish this? They're new to me and I'm pulling out what little hair I have left... [link] [comments]  |
| disadvantages of using a /23 on the internal LAN Posted: 01 Aug 2018 11:20 AM PDT hi we have a /24 subnet being used on the internal LAN and are getting low on IP address. the proposal is to change to a /23. In this day and age is there any disadvantage of doing this. The other option of course would be to configure a second VLAN using another /24. [link] [comments]  |
| Pocketethernet and toner/probe tools question. Have never used either. Posted: 01 Aug 2018 03:53 PM PDT I know I need a toner/probe to trace cables in a bunch but I'm not sure what the difference is between analog and digital toners and if I need something special to trace on "live"/"hot" links (cables are connected to a switch already) or if PoE is something to consider. I basically want to see where a port on the wall leads to on the patch panel and switch in another room. Cat5/Cat5e/Cat6 cables This looks awesome but not down to spend $2000 as I wouldn't use it daily anyway. NETSCOUT LRAT-2000-KIT LinkRunner AT & IntelliTone Pro Copper Fiber Ethernet Network Test Kit https://www.amazon.com/dp/B007FR6T6A/ref=cm_sw_r_cp_apa_7nJyBbC4CE7B4 I really like the https://pockethernet.com/ I've seen recommended here. I'll probably buy it because getting the switch name, port, and vlan info would really help my current situation. I see it has a toner function so would I just need a probe at this point? The Fluke Pro3000 looks decent to me but I'm a complete noob here. I just need to find some cables a few times a month or so. [link] [comments]  |
| Problem accessing website through a certain port on one device. SonicWall Posted: 01 Aug 2018 03:21 PM PDT Hi everyone! I'm having a strange issue on my sonicwall. Everyone in the hard wired , and Wi-Fi network is able to access a site through port 5003 except one machine. The only difference between that machine and the other is that it has a static IP of 192.168.0.xx set, subnet mask was initially 255.0.0.0, and I changed it to what the other were which is 255.555.255.0, gateway is 192.168.0.254. I checked the NAT policies and firewall policies and nothing looks out of place. All of the other devices on the network work just fine except this one. Any thoughts ? [link] [comments]  |
| When you move to a Fast Ethernet (Cat5) cabled building, but you want Gigabit.. Posted: 01 Aug 2018 01:24 AM PDT and you remember you have a rj45 crimping tool: https://imgur.com/iVjbRe1 (it's a temporary move, we should be out in a couple of months) [link] [comments]  |
| SFP+ Modules, interoperability Posted: 01 Aug 2018 09:08 AM PDT Hey All, We have a few media converters in-house currently that terminate our fiber runs to ethernet. I am looking at moving away from media converters into SFP+ modules in our existing and new switches. My question is, how can I tell from spec sheets if an HP 1910 switches SFP+ LC fiber module is interoperable with a Dell SG300 SFP+ Fiber module? Or a Meraki SFP+ Module or an Extreme Networks SFP+ Module? We have a pretty wide range of brands and products as we previously had MSP/Consultants bring in hardware in an ad hoc and unsupervised kind of way. I'm hoping I don't need brand/model consistently to move out of these media converters, but my fear is that they are here because I cant. Thanks for your help everyone, [link] [comments]  |
| Posted: 01 Aug 2018 09:15 AM PDT First time testing DACLs, pushing them from ISE to Cat9300s. Like other switch vendors, we're seeing that Cisco appends a "version number" to the DACL. When the DACL is updated in ISE and an endpoint authenticates, it has the modified DACL with differing numbers appended. So my questions are: Is it possible for the modified DACL to simply replace the existing DACL, so we don't end up with multiple versions of the DACL? If not, what is the solution? Set authentication interval so endpoints re-authenticate at some point and receive the new DACL? If versioning is a problem, another option may be to administer ACLs on the switches, and have ISE push a filter-ID referencing the local switch ACL. My concern here is maintaining ACLs across many switches and would need an easy way to make edits. Thoughts? [link] [comments]  |
| Aruba 2930F stack ring topology Posted: 01 Aug 2018 02:50 PM PDT Hi all, I have to make a stack ring topology for 6 aruba 2930F with sfp+. [link] [comments]  |
| How to connect to my 3com switch's console port Posted: 01 Aug 2018 01:07 PM PDT Hello, I have a possibly dumb question about my 3com 3824 switch. I bought it refurbished on ebay to keep as a spare. But it doesn't seem to work. (Insert long irrelevant story about not returning it) Because of that, I grabbed a CyberPower UPS's USB to Serial cable and tried to connect to the switch's console port. But I was never really able to connect in such a way that I could interact with the switch. I'd see some content, but then it would spam me with a bunch of broken characters and it wouldn't let me reliably type. When the USB to serial cable didn't work, I bought this dinky little adapter: https://smile.amazon.com/gp/product/7507825604/ref=oh_aui_detailpage_o08_s00?ie=UTF8&psc=1 Same deal. OK, this is maybe a newb question, but I haven't used a terminal modem since the 90s. Did I get the wrong type of adapter? I have definitely used the right settings in my terminal emulators. (I keep hearing about "Cisco cables" but I don't know what's different about them) What do I need to do to reliably connect to my switch? [link] [comments]  |
| Posted: 01 Aug 2018 12:25 PM PDT We are hosted at a third party datacenter, we have 20-30ish servers over there. A couple of weeks ago, one of the switch failed and we were down for a couple of hours. They told us that everything was redundant with two switch, but those two switch were stack together and this is why the redundancy did not kicked in. At this point I am wondering, is it not a good practice to stack switches that are supposed to be redundant together? Are we better off not using this capabilities? Does that even make sense? [link] [comments]  |
| Posted: 01 Aug 2018 12:03 PM PDT I have been wondering if there is any sort of network simulator that is web based. Sometime I am using my tablet that can't install packet Tracer or gns3 because it has a different architecture. Any information is greatly appreciated. [link] [comments]  |
| What is your favorite Subnet Calculator? Posted: 01 Aug 2018 11:29 AM PDT |
| 4500s instead of multiple 2960x Posted: 01 Aug 2018 10:50 AM PDT My job is preparing to open a third branch (SMB) which will be their biggest one. Approximately 125 wired devices, 53 which are wired user and the rest being mixed with camera, WAP, IP phones and IoT. I was thinking instead of purchasing several 2960x for the access layer, to purchase a 4507E+R modular switch with 4x 48G line card (2 of which will be PoE). Camera, IP phone and data traffic will be running on the network but isolated via vlans. About 7 or 8 vlans planned out so far. Is this worth the investment? Instead of getting several 2960x and 3800 series for IVR, get the modular which would allow for future expansion. Or would this be overkill? Thanks! [link] [comments]  |
| Posted: 31 Jul 2018 05:50 PM PDT Hi all, I'm pretty sure the criteria fits this rule:
But my task is to implement and explain a 'tiered logical LAN network design architecture' I have done some research but I cannot find "tiered" but I do find multi-layered but I also find 3-tier architecture I'm going off the assumption that "tiered logical" means 3-tier architecture. Upon more research, the 3 tier logical LAN involves; Core, Distribution and Access. Would this fit the criteria? The question also provides what I need to include which are; IP Addressing, Subnets, Naming Conventions, Segmentation and Departmental designs. What I am confused about is how to implement the 3-tier logical LAN architecture and involve the inclusions from the question. Thanks. [link] [comments]  |
| Posted: 01 Aug 2018 09:28 AM PDT If you have your own public IP block from ARIN, you have multiple ISPs, how do you go about advertising your IPs to each provider. More specifically, using BGP, do you have your own public ASN? Does each ISP give you an ASN of their's where you can advertise to? At what point do you have to maintain the public routing table for the internet? Are LIR's primarily colocation facilities? Thanks in advance guys [link] [comments]  |
| Internet Outage - Possible Problems? Posted: 01 Aug 2018 01:12 PM PDT Yesterday we had our internet go off due to not paying the bill. We paid it, internet came back on. We have a server farm with a webserver. Before this happened, the outage, everything was fine. Outage occured, everything was down, internet is up (I can access internet from web server), but the web server can no longer be reached from the internet -- just gives 'cannot reach page' error. The web server is running IIS with a citrix configuration. My question is, anyone know of any possible problems that could be caused by having internet outtage for a few hours? I really can't think of why it's not working, we have static IP's assigned to us that we use, literally NOTHING has changed on the webserver. They're all behind a firewall, but again nothing was changed on the firewall. Thanks. [link] [comments]  |
| Support both RADIUS username/password and MAC-based 802.1x on same network? Posted: 01 Aug 2018 02:33 AM PDT We use pfSense for our router, and Ubiquiti Unifi for our wireless APs and switches. Currently we're using the FreeRadius package on pfSense for RADIUS authentication on the wireless APs. However, I'm looking at moving to PacketFence, which I understand is a nicer wrapper around FreeRadius. Also, we'd like to introduce 802.1x on the wired side of things. However, not all of our clients will support RADIUS username/password. I understand that you can do 802.1x MAC-based authentication, where you send the MAC address in both the username/password field. My question is - is there some way of doing mixed username/password, where clients that support username/password will send that, but ones that don't will fallback to using MAC-based authentication? Or some other way of doing username/password with a MAC-address whitelist? (Yes, I know, MAC addresses can be spoofed, but not sure of another way to handle the legacy devices that don't support RADIUS). And is there a way to combine this with RADIUS-based VLAN assignment? [link] [comments]  |
| Posted: 01 Aug 2018 08:24 AM PDT Can anyone guide me in the right direction to update the 911 info on a couple of DID's in our system? We are running VPN connection to a second site and having the phones connect directly to our main sites CUCM infrastructure. Obviously, I need to update the DID's that live in the new building to display the new buildings address information when a 911 call is made. Our CUCM is running 10.x which doesn't support this natively as far as I know. I'm thinking we may need Cisco Emergency Responder? I was also thinking our DID provider (We use AT&T) could update this on our end, since we do 1 to 1 translation of internal extensions to external DID's. I've been waiting on AT&T to confirm whether or not is possible though for over a week. Any advice? [link] [comments]  |
| Infrastructure Operations Learning Posted: 01 Aug 2018 08:11 AM PDT Hi, a year ago I got the CCNA certificate and now I started with a junior student network engineer job. But it's more focused on DHCP, DNS etc. Even I tho was studying mostly about routing and switching, I have no use of these at the work. I have very basic knowledge about command line operations (traceroute, nslookup etc.). I'm looking for resources on this side of networking but all I find is classic CCNA materials. Is there any resources(book,videos,online courses) that you would recommend? Thanks! [link] [comments]  |
| Managing 2 identical access-lists (per VLAN) with FHRP Posted: 01 Aug 2018 07:51 AM PDT Hey r/netwokring! Today I come seeking advice for managing a set of identical access-lists (per VLAN) when implementing a FHRP on a pair of layer 3 switches. To me, this seems like a major nightmare, and I would rather just move the layer 3 functionality up to a pair of firewalls (Active/Standby), where I would only have to manage 1 set of ACLs and retain my first hop redundancy. Any tips or tricks when managing multiple sets of ACLs, such as tools to ensure that they are indeed identical? if I recall, there's actually a feature that can replicate the ACLs over to the other switch, but from what I remember it was buggy as all get out. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment