Rant Wednesday! Networking |
- Rant Wednesday!
- Vendor blames DOCSIS
- Cisco ise to authenticate with Microsoft azure mfa
- What's the difference of the CDN of CloudFlare and the CDN of Google Cloud?
- Options for site to site VPN
- IPSec best practices
- Question about BDPU’s
- DO NOT purchase Cybrary's Insider Pro Edition (Predatory Business Practices)
- WLAN and VLAN by departament
- Palo Alto - Mirroring all traffic to external DLP product?
- Purchase IP Space
- SBC for 10k+ calls
- High memory utilization on new FPR-2140 devices
- Radius over ipsec
- IPSEC VPN Questions
- fortiswitch 248e vs edgeswitch ES-48-750W
- Anyone else in Canada deal with Videotron as a ISP?
- Authenticate users behind NAT, some with RADIUS others with LDAP
- Security Object Syncing between Vendors
- TFTP for MacOSX
- 4500X VSS traffic
- Network Design with 20 remote buildings dark fiber and MPLS
- Advice on what to expect with new router.
| Posted: 28 Aug 2018 05:13 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Posted: 29 Aug 2018 10:02 AM PDT We support a few work from home employees, and a few have DOCSIS 3.1 modems. All locations are having performance issues, and they decide to blame the 3.1 modems. Am I correct in that for the most part other then things like MTU, it should not matter what protocol? I understand maybe a specific modem has bad firmware, etc. but an entire Spec? That seems like a scapegoat to me. Thoughts? Ref https://emstatuscenter.elliemae.com/ See bottom Right side panel. "We have been made aware that the new generation of modems being deployed by the Internet Service Provider may be causing freezing and poor usability of Encompass. We have pinpointed an issue with DOCSIS 3.1 protocol. SYMPTOMS OF ISSUE THAT HAVE BEEN IDENTIFIED: The typical behavior being reported is during an active Encompass session, or after an undetermined amount of time of Encompass being left idle, the user finds the application has become unresponsive or frozen and no longer accepts input from the user. Some users may receive a server disconnection message. This results in the user having to close the Encompass application via Windows Task Manager and start a new session. ACTION CUSTOMER NEEDS TO TAKE: If you are experiencing issues relating to this device. Please have your Network IT team contact your Internet Service Provider to report the issue and inquire about reverting the hardware, settings, or possibly the firmware version related to DOCSIS 3.1 protocol back to DOCSIS 3.0. ACTION BEING TAKEN BY ELLIE MAE: It has been determined that this is caused by hardware on the client side, related to DOCSIS 3.1 protocol. As Ellie Mae does not support customer on premise hardware nor do we make recommendations on hardware they have onsite, the customers will need to work directly with their vendor supporting that hardware. As a part of our technical review we have confirmation from multiple clients that swapping the hardware back to their previous setup resolves the issues with Encompass latency and disconnects. We continue to monitor and troubleshoot incoming cases. LINKS/PHONE NUMBERS THAT ARE HELPFUL: Here is the Comcast web-page outlining the new class of xFi hardware in question: https://www.xfinity.com/support/articles/wireless-gateway-compare Please refer to your local ISP." [link] [comments]  |
| Cisco ise to authenticate with Microsoft azure mfa Posted: 29 Aug 2018 10:36 AM PDT Been trying to get this to work. I'm running cisco ise 2.3 which currently authenticates with AD. Boss wants to have mfa working with it. I can't find literature or research of this being done before. Cisco tac agent said my configs are ok on the use machine. But I still get authenticate failure and radius token drops. Any help would be great [link] [comments]  |
| What's the difference of the CDN of CloudFlare and the CDN of Google Cloud? Posted: 29 Aug 2018 02:57 AM PDT We plan on setting virtual servers in Google Cloud. And using Cloudflare for protection. [link] [comments]  |
| Posted: 29 Aug 2018 11:23 AM PDT We have two facilities across the country we are needing to setup a site to site VPN between. One site has a 10Gig drop (not sure who supplies it) the other is a 1Gig drop from ATT. Realistically I know that we probably won't come close to sustaining 1Gbps between the sites since it's cross country but would like to minimize any bottlenecks if possible. We currently have a Juniper SRX 300 but that's only good for 250Mbps over IPsec. We were looking at the SRX1500 which is advertised to do 2Gbps IPSec. Are there any other options suggestions for hardware that could do this that would be clearly better than these juniper systems? [link] [comments]  |
| Posted: 29 Aug 2018 04:38 AM PDT Hello, We are currently reviewing the way we implement IPSec tunnels and I am wondering what are your IPSec implementation requirements and best practices? IKE version, algorithms, NAT policies... [link] [comments]  |
| Posted: 29 Aug 2018 04:38 PM PDT So; idk how to ask this question properly so I'll kind of just wing it and see what I can get out of y'all. Why is there a default setting of 6 BDPU's being sent under one hello time interval. Why 6 of them with the same message? I don't understand. Or are they the same message? [link] [comments]  |
| DO NOT purchase Cybrary's Insider Pro Edition (Predatory Business Practices) Posted: 29 Aug 2018 08:43 AM PDT So I decided to try cybrary.it Insider Pro trial to see how their virtual labs and practice exams were and if the $400/6mo price tag was worth it. The webpage at purchase emphasized that you won't be charged until the trial is over, you can cancel at any time, but you do have to provide payment info to get into the trial. Okay, that's pretty typical, let's give this a shot. I tried out the trial and the VLabs were alright, the practice exams were lackluster though and had a limit of two downloadable offline exams. I would rather pay for the practice exams and get a full product imo, so I decide to cancel within the same day that I got the trial. I sent a request to cancel on their website chat, with the advertisement "usually responds within minutes!" 30 minutes passes... I ping the chat again "Hello?". Still nothing an hour later. So I email their support line support@cybrary.it with my order ID and request for cancellation. 24 hours later, I get the following emails back and forth (name is spoofed): Support (Susan):
Me:
Support (Susan):
Me:
Support (Susan):
Me:
Then a few minutes later I get a message from the cybrary website because I had been refreshing my customer portal to see if the cancellation went through with Susan saying:
I responded:
I mean seriously, what crap is that? Not only are cancellation requests not an automated web service, but the person I interact with takes over 24 hours to respond, doesn't communicate clearly, and avoids my request for cancellation in liue of asking for user feedback? It's honestly a joke and I am no longer supporting Cybrary. That is a crazy way to run a business, especially when you are asking for a $400 payment. [link] [comments]  |
| Posted: 29 Aug 2018 03:49 PM PDT Hello. What is the best practices for implementation of WLAN with VLANs by departments? With same SSID. I think that the only options is multi-wlans or radius implementation, both with same SSID, but need confirm. [link] [comments]  |
| Palo Alto - Mirroring all traffic to external DLP product? Posted: 29 Aug 2018 10:56 AM PDT Hi Everyone, I'm trying to get mirroring to a Symantec DLP product working. So far, I have the SSL decrypt mirror working fine, and the DLP product sees all of the test traffic and flags it as expected. However, the problem I find is that it does not mirror EVERYTHING to the port, just encrypted traffic that has been decrypted by the Palo. It completely misses unencrypted generic HTTP, ftp, etc traffic because it's not sending it. What I have done to get around this, is to span the outside interface and the decrypt mirror interface of the palo using a switch, and aggregating that to a single monitor port on the DLP product. But now the DLP sees the encrypted traffic 2x, one encrypted, one decrypted and it's doubling up the processing time. I've already engaged PA tech support and product support people, but they say it's not on their radar of features to implement, which i think is pretty stupid since if someone knew they could send social security numbers, credit card info, etc over generic http, our DLP product wouldn't catch it unless it was employed with the workaround I did. Anyone get all traffic mirrored without needing an external switch? I've heard talks of a L2 V-wire, but that would double up the processing on the Palo itself. Just wondering if there were better alternatives. [link] [comments]  |
| Posted: 28 Aug 2018 10:47 PM PDT Just out of curiosity - is it possible for a small organization to purchase IPV4 space or a set small allocation of up addresses? I'm having an issue with a local provider that keeps accidentally dumping and re-assigning our static IPs that we don't technically "own", however, do pay for. It's happened enough times where it's worth exploring other options. Thanks! [link] [comments]  |
| Posted: 29 Aug 2018 09:57 AM PDT Apart from the Sonus 5200's what other sbc's can I look at which can handle 10k calls and higher? Moving away from ASRs and need to price up an SBC solution [link] [comments]  |
| High memory utilization on new FPR-2140 devices Posted: 29 Aug 2018 08:00 AM PDT I'm in the process of setting up a pair of new Cisco FPR-2140 boxes. They are running FXOS 2.3(1.111) and ASA 9.9.2.18. However, ASA is not currently setup and production at this time. This is a new base install with no traffic passing to/from/through it. I'm seeing on both devices that memory utilization for FXOS is averaging 80-95% at any given time. Each box has 64GB available. Is this normal behavior for these devices? I can't seem to find any sort of documentation that describes the memory allocation and how it may work between the limited FXOS OS and ASA platform on top. I can do a show proc memory and the stationary ASA is using everything but 1.8 - 2 GB of memory. I know in Palo Alto's, they optimize and use the available memory. Is that the same case here? [link] [comments]  |
| Posted: 29 Aug 2018 06:41 AM PDT Hello, I've got a Windows server 2016 running NPS and everything works fine on the radius side. However, I would like to encrypt the traffic between the nps server and my controller (Cisco WLC) via IPsec. Would anyone be able to tell me if that can be done ? Thank you [link] [comments]  |
| Posted: 29 Aug 2018 06:34 AM PDT I am not a networking guru and google is failing me. I have Palo's VPN'd to Azure, and to a 3rd party company. How do I get Azure VMs to talk to the 3rd party company via the Palo? So: Site A has S2S ikev2 tunnel to Azure Site A has S2S ikev1 tunnel to 3rd party network 3rd party doesnt support ikev2, otherwise, I would have established a tunnel from Azure to 3rd party. Can I maybe somehow NAT, the 3rd party's local IPs to my local subnet? This way azure will know how to talk to them? We are only talking about 2 IPs open on a hand full of ports. Sorry I'm stupid, networking is not my strongest. [link] [comments]  |
| fortiswitch 248e vs edgeswitch ES-48-750W Posted: 29 Aug 2018 06:19 AM PDT im looking for folks with experience with both of these switches and to let me know their preference and why. we use cisco catalyst line and are looking for a cheaper alternative for cost contentious clients. both of these switches seem to be L3 which is what we need. [link] [comments]  |
| Anyone else in Canada deal with Videotron as a ISP? Posted: 28 Aug 2018 04:42 PM PDT Been onsite the past few days ripping and replacing our network infrastructure. Their CPE is a cable modem and a Dlink router. I shit you not. Why the F do I have two two pieces of equipment for a single DIA circuit with no middle man and why is it consumer grade? IDK if it has a public IP on it but if it does I fucking hope it's patched if that's even a thing. Anyone deal with them / can I bypass it if I call them? Sorry, I'm venting at a bar trying to read a beer menue in French. [link] [comments]  |
| Authenticate users behind NAT, some with RADIUS others with LDAP Posted: 29 Aug 2018 04:58 AM PDT Hey fellas, Is this even going to be possible? All the users are natted by the fw and come to my bluecoat proxy from a single source address. Some of these users are domain users, so they can be authenticated with LDAP, but others are non-domain external users. I'm thinking I can create a RADIUS server and make accounts for the non-domain users but then the proxy would need two separate auth realms and policies. Also how would the proxy even know which request should be sent to the RADIUS and which to LDAP? I guess it would but the source for both would be same, so is it like it'll match whichever it hits first? Thanks for reading! [link] [comments]  |
| Security Object Syncing between Vendors Posted: 29 Aug 2018 08:22 AM PDT I wrote a Java application this past week that keeps ASA, FTD, SonicWall, and Fortigate objects in sync with eachother. So for example lets each site has an outbound rules bound to Group Objects and Service Object groups. As long as the firewall rule exists on the above platforms it keeps the objects synced together. So I cans have a group called "whitelisted_destination_addresses" and add it to a master location and it will sync it out despite the vendor. It also runs validation to ensure that designated groups have the same object representation. So a rogue Fortigate will notify if a group object is different. I was wondering if there would be an interest in a show and tell on it. [link] [comments]  |
| Posted: 29 Aug 2018 09:34 AM PDT Since High Sierra on MacOS, I have no working TFTP Server on my Mac. Does somebody know a working TFTP-Server Software for Mac? [link] [comments]  |
| Posted: 29 Aug 2018 03:31 AM PDT Anyone seen the issue where traffic is traversing the VSL in a VSS pair, even though there are stable uplinks on each switch in place? Seeing this on a VSS pair of 4500x with 80 gig uplinks from each switch northbound, no MEC right now and a 40 gig VSL We started with MEC but removed for tshoot purposes. Also seeing lots of output drops on the VSL traffic. Thanks for the help! [link] [comments]  |
| Network Design with 20 remote buildings dark fiber and MPLS Posted: 29 Aug 2018 03:06 AM PDT I'm working on a design for remote buildings and need some advices. I have 20 remote buildings with dark fibers between them. The physical network design of the fibers is currently based on the distance between sites. So we have rings and multiple path. So we need to bring network connectivity to these buildings and none of them will have a direct internet access. We will centralize and share the internet access in our datacenter. On 6 of these remote buildings, a network provider has installed some HPE with MPLS. The MPLS is used with VRF in order to be able to separate use cases. I'm not familiar with MPLS and it sounds like a complex solution (if we have to manage and deploy it), so i would like to have your thoughts, what can i use between with buildings (no internet access, only dark fiber, ring topology) ? We want to have connectivity to join our datacenter, be able to manage differents uses cases :
I looked at SPB / TRILL / Fabric / 802.1aq which seems to be simple but i dont really know how to handle the customers ? VLAN ? VPN ? SD-WAN looks "cool" but we dont have internet on each building so i dont really know which solutions could apply Basically we want something with centralized management, simple and cost effective :) If some of you have any recommandations ? Is MPLS the only way to go here ? Thanks! [link] [comments]  |
| Advice on what to expect with new router. Posted: 29 Aug 2018 11:25 AM PDT Hi all, I'm new to networking so go easy on me! I'm getting a new internet connection which will provide me with 5 static ip's, but AFTER I'd signed the contract they told me that the router they'll supply isn't capable of doing this and will need to be put into modem only mode and attached to another device. I want to run pfsense on a box I've got running proxmox, and if I could do some of the setup in advance that would help. What address would I use for the pfsense wan setup though? Do I use the public IP address, or would it be the new router's gateway address? Sorry if I haven't been clear! [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment