Blogpost Friday! Networking |
- Blogpost Friday!
- Question about loopbacks and routing protocols
- Server Room / Data Center designers: What are small things you wish you had?
- PSA Opengear in IP passthough, 4.3.1 code, Cisco ASA - there be dragons
- So I lost an argument about VLANs and subnets. I suppose a single switch CAN support multiple subnets without VLANs. But is there any professional who does this for any practical reason?
- IPSec Failover design
- A curious situation
- Team lead/managers - how do you split workload?
- Report on unused ports multiple switches
- Blocking/allowing HTTPS for PCI for URL's behind CDN without decrypting?
- Cisco WLC, Aironet APs and Dropping Zebra QLn320
- First-time VLAN user, could use some critiquing
- Multipathing via two LTE connections
- Legacy devices frying due to POE. Can anybody recommend a device that will block the signal?
- Case for not using STP?
- Question about E-waste...
- Cisco License Server, devices with Fuji 16.9.x
- Hyper-V VLANs break when guest firewall reboots
- Dual-WAN Load balancer
- Making the best out of the architect demands.
- How do I access net lab ?
- Branch Switches
- How do I set up a private network on an enterprise WPA2 one?
Posted: 27 Sep 2018 05:15 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments] |
Question about loopbacks and routing protocols Posted: 28 Sep 2018 08:37 AM PDT I'm trying to understand about the usage of loopback interfaces in routers. As far as I understand, whien I add a loopback interface and address in let's say, a Cisco router, I'm adding another address only accesible inside my device, like I've been reading lot's of posts and questions about this, my questions are:
I think the answer to these questions is that you can somehow advertise loopback addresses to another devices so they can connect via that address but I don't unserstand how that could be possible. Thank you all for the answers, now I think I understand. The key was that I didn't know that the common practice is to create a loopback interface on every router in a /32 subnet. I thought that the common practice was to put every loopback address in any subnet. So as far as I understand now, you need a routing protocol like OSPF and every router has to advertise the route to its loopback address network (a /32 network with only one host). Other routers receive that loopback /32 network route via OSPF. Directly connected routers have routes to neighboring loopback addresses with the destination physical address as gateway. I made a simulation on GNS3 and it's working. Paste of a example configuration: [link] [comments] |
Server Room / Data Center designers: What are small things you wish you had? Posted: 28 Sep 2018 10:45 AM PDT I manage a number of smaller server/data center environments, ranging from 2 - 20 racks of equipment. We are in the process of designing replacements for a few of the spaces. Besides the obvious requirements redundant power, HVAC, access control, etc, what are the small things you wish your spaces had? Looking for inspiration above and beyond the typical rack and raised floor. [link] [comments] |
PSA Opengear in IP passthough, 4.3.1 code, Cisco ASA - there be dragons Posted: 28 Sep 2018 06:08 AM PDT I just spent two days trying to get IP passthrough from cellular working with a Cisco ASA. It appears that the new Opengear 4.3.1 code introduced a bug. The Opengear broadcasts an ARP to get the MAC address of the Cisco interface. The first such ARP correctly has the source IP set as the IP of the cellular gateway. However, subsequent ARPs have the IP address set to the Opengear's management IP address. Since this IP is not in the subnet on the ASA's outside interface, the ASA will reject it, and communications comes to a screeching halt. The fix is to use this command on the ASA: arp permit non-connected I have verified that this appears to be a bug with Opengear support. [link] [comments] |
Posted: 27 Sep 2018 06:04 PM PDT |
Posted: 28 Sep 2018 01:46 PM PDT My company is looking to add a secondary LTE service to use as backup internet at one of our remote locations. We use IPSec tunnels to connect all of our remote sites back to our main location. We are waiting on equipment to get in to test, but my current plan is this. At the main location simply add the new LTE backup IP as the secondary peerin the crypto map for that tunnel. My next step is to setup OSPF with the remote vlans and the server vlans. Im hoping that OSPF will handle the routing over the IPSec tunnels back to the main site and dynamically adjust if the primary ever goes down. We don't have too large of a network so Im think we can use a single area for all routers. I have never done anything like this so my question is will this work? Im worried that the tunnel failing over at the main site may cause issues with OSPF. Will this setup work, or do you have a better idea? [link] [comments] |
Posted: 28 Sep 2018 03:29 PM PDT Alright, I want to first say that I don't know much about networking, and additionally I don't think this is the typical post to this subreddit, so I apologize. I live in a University affiliated apartment, which provides the University's WiFi. However, the rooms in this specific apartment don't have Ethernet access points. In the room there a ceiling-mounted Cisco wireless access point, Model # AIR-CAP1702I-A-K9, which is plugged into a typical Ethernet cat-5e wire. I disconnected the access point, and plugged my Tenda N300 wireless router into it, which resulted in a wireless connection with no access to the internet. I then plugged my computer into the Ethernet wire to get more information. The result was "Network 3, No Internet". Originally I was trying to install my own wireless network so that I could work on my software projects involving smart home electronics, but now I'm genuinely curious how an Ethernet wire can provide connection to this Cisco wireless access point, but no other devices. I've got the network connection details from my PC if they are necessary to provide. Also, I've googled extensively but I think I just don't understand enterprise networking enough to even phrase the search. [link] [comments] |
Team lead/managers - how do you split workload? Posted: 28 Sep 2018 10:04 AM PDT So I was just asked if I wanted a minion. In my 20yrs I have been the guy (er, girl) who is jack of all trades, never says NO and despite being single mom to fairly young kids for 11+ years routinely have worked 80+ hour jobs as the norm. My current record is the job that had to hire 8 guys to replace me. Lol. Previous job I took company from <100 locations to 350+, went from managed firewall and mpls to sdwan, 1k circuits, palos, new WiFi, etc all while doing systems, storage, security, exchange, and all the vendor management and tier 2/3 support (while the "systems" guy collected tickets until I played secretary and cleared them) I even "managed" my boss because otherwise shit slipped. Finally the last 9m or so I was randomly given a mid level, 2 helpdesk promotions, and 2 entry level contract guys. I wasn't told or asked. Guys just showed up asking me what to do and I'm like who the eff are you?!? Boss didn't want to deal with them and hid in office so I started cross training them all, triaging tickets, and rotating circuit monitoring. That's my skill that surprised me most answer now because I pickup tech stuff easy, but I always thought I'd be a shit manager. Lol. Current director just asked me if I'd be willing to manage a junior and I was like yeah cool, long as I get to do the work. The question I have for anyone who has managed is how do you deal with smaller workloads? I'm used to an extreme workload and admittedly a bit of a control freak and a perfectionist (for myself) I'd be awfully tempted to shift documentation, alert/monitor management, etc off on a underling and keep fun "fires" and hardware refresh type stuff for me. Lol. I HAD to start handing off some stuff at the 350 site place but it was mostly dealing with cable guys to fix cables, pots, Wap replacements, and circuit monitor and outage stuff. I was still doing 80% or shop level, and 100% of HQ and datacenter stuff. Took 5 guys to kick me down to an average of 70hr weeks. Hahha. I feel like (because I'd feel this way) giving all the shit work to a junior PFY would lead to a spork assisted suicide tho. [link] [comments] |
Report on unused ports multiple switches Posted: 28 Sep 2018 01:45 PM PDT I know how to clear counters and run the command to check for ports that haven't been used in a while, but I am wondering, do you know of any easy / automated solutions to run a report of this on multiple switches at a time, before I clear the counters, then run it again a week later to compare? We don't really have network management software at the moment. I am trialing Kiwi CatTools but it seems to not have a clean way to do this. Thank you! [link] [comments] |
Blocking/allowing HTTPS for PCI for URL's behind CDN without decrypting? Posted: 28 Sep 2018 11:58 AM PDT Hi all, I'm currently going through a PCI audit. The PCI audit requires all inbound/outbound from the network (considered the CDE) to be explicitly allowed, otherwise restricted. The tricky part is, a lot of the forms we use to enter in CC info, are hosted behind a CDN (akamai). As we all know, CDN's can serve up different IP's. Our Firewall (an ASA), can only block by IP. ACL's can reference a FQDN. But at the of the day, the Firewall sees the FQDN, does a DNS query, and inserts the IP into the ACL. We have applications like Umbrella/OpenDNS that can block all DNS requests excepts those that are whitelisted. But that would require us to allow all HTTPS from the firewalls perspective. At that point, it would leave us susceptible to direct IP traffic (ie command and control phone homes that bypass DNS). The only solution I can think of is decryption and an appliance that says... only allow explicitly defined URL's via HTTPS, otherwise block (including direct IP requests). Any suggestions? [link] [comments] |
Cisco WLC, Aironet APs and Dropping Zebra QLn320 Posted: 28 Sep 2018 11:02 AM PDT I have a warehouse with 23 AIR-CAP3702E-B-K9 and ten pickers with these custom machines and a Zebra QLn320. The QLn320 will randomly just drop. I figured it was an issue with the Zebra so I have been making modifications to the code inside. Its help but not a lot. Now I'm not sure if the issues are with the printer or the controller or an access point. I started a constant ping on three printers. Two with one user and one that was randomly going through the warehouse. I notice all the printers have weird cycle. This is from one of them. time=4ms ^this varies slightly Occasionally I get a request timed out in the mix, sometimes its a full drop for 30 seconds from time to time. I decided to ping google on my laptop to see my responses. time=17ms I'm at a loss of what could be causing these things to drop. Any help would be much appreciated. [link] [comments] |
First-time VLAN user, could use some critiquing Posted: 28 Sep 2018 10:50 AM PDT I run a small (20 user) office with a 2012r2 domain network, VOIP phones and a critical guest network (we have members in meetings all the time who need internet, not network). Having recently moved to a new facility I'd like to reconfigure some things to improve the system. I would like to set up VLANs to segregate the domain and guest users, phones, and assorted printers/hardware, but I have never used VLANs and so I'm not sure if my plan makes sense. My hardware: two ISP routers, one running through a Sonicwall TZ400 for data and one intended for phones-only; a TP-Link T1600 switch; a couple of TP-Link EAPs; Cisco SPA508G phones (pass-through connection to PCs); and various conference phones/TVs/etc. My intent is: VLAN 10 for user data; VLAN 20 for phones; VLAN 30 for guest data; 40 for printers/devices that don't like 802.11q; and 100 for management. To lay it out: 10 - All ports except guest AP, ISP router 2 20 - all ports with phones, phone system router, ISP router 2 30 - Guest AP and firewall ports 40 - as needed 100 - selected ports for admins (probably just me) Am I thinking about this right? Will this send phones through ISP2 and everything else through the firewall and ISP1, while limiting the guest AP to go straight to the firewall? Finally, do any of these need to be tagged? [link] [comments] |
Multipathing via two LTE connections Posted: 28 Sep 2018 10:17 AM PDT Looking for a solution to multipath over two LTE connections in a moving vehicle. Also cheap is good here (nonprofit) :) There are high-end vendors selling gear, but haven't really found out much in the opensource world. Was thinking of setting for example Raspberry PI or a mini-pc with two LTE dongles and then create GRE/something tunnels to our DC. I'm more concerned about the latency than the throughput. I have couple 150Mbps LTE connections from two ISPs but when you drive through a tough spot the other might be 10Mbps and the other 0,1Mbps. I'd like the connection to switch over to the faster in that case, even if the second one was alive. Usually all the cheaper end routers advertising "Dual SIM failover" have only one radio, and fail over after 10-30s downtime and then it takes a while to get the other connection up. That's quite a long time and the vehicle probably has already passed through the blind spot for the second ISP. I've heard a story about a guy doing this with a Mikrotik router where he just duplicated packets over both LTEs and then at the DC end just dropped the packets coming in later. Any ideas? Thanks! [link] [comments] |
Legacy devices frying due to POE. Can anybody recommend a device that will block the signal? Posted: 28 Sep 2018 03:17 PM PDT We have Brocade/Ruckus ICX devices that pass POE on the data pairs, unfortunately, otherwise I'd just strip the POE pairs. [link] [comments] |
Posted: 28 Sep 2018 07:00 AM PDT I found out the hard way that it isn't enabled on our edge switches..... or any of our switches for that matter. [link] [comments] |
Posted: 28 Sep 2018 06:00 AM PDT As someone who makes a living selling enterprise networking E-waste, How do you or your company decide on what to do with the old equipment? Do you or your company tend to donate or handover over to a company to sell on consignment? I have been interested in starting my own E-waste recycling company after being in the industry for almost 5 years under 2 different companies. Im just worried I could be too late to get a foot in the door if most companies tend to already have someone who takes care of their E-waste, then again I am from the Bay Area and there are many major companies out here. Thoughts? [link] [comments] |
Cisco License Server, devices with Fuji 16.9.x Posted: 28 Sep 2018 05:36 AM PDT Anyone using Cisco License Server? The new code we are testing 16.9.1 has a caveat "requires cisco license server" for our L3 switches with Adv Services code/ASA/ASRs. From the release notes: You can use the device-led conversion feature to convert all existing, traditional licenses, to smart licenses. As part of the conversion process, migration data is sent to Cisco Smart Software Manager. Cisco Smart Software Manager creates license entitlements and deposits them in your user account. I am concerned about our 3850/ASA/ASR after upgrading the code, losing the license until we integrate the new license server. Another issue, we have a air-gap testing environment with zero access to the internets, anyone use license server on a disconnected network? [link] [comments] |
Hyper-V VLANs break when guest firewall reboots Posted: 28 Sep 2018 07:36 AM PDT Issue below is seen in both pfSense and OPNsense I am completely baffled and looking for help. HOST Hyper-V 2012r2 Quad Port Intel NIC Port1 - OS shared with HOST for management 10.15.30.x subnet LAN SWITCH Port2 not shared with HOST OS tied to physical broadband connection Port3 not shared with HOST OS tied tp physical LAN SWITCH Port4 not shared with HOST OS tied to secondary broadband - not part of this GUEST setup VswitchWAN tied to Port2 VswitchLAN tied to Port3 RUCKUS R600 Wireless AP SSID1 - no VLAN SSID2 - Access VLAN20 Switches Dell PowerConnect series ALL PORTS set to TRUNK (There are two switches with LAG between them, also set to trunk) PowerShell on HOST - VswitchLAN set to trunk 20 with native 0 GUEST OS pfSense or OPNsense (both exhibit exactly same behavior) Add VLAN 20 Set interface parent to HN1 (LAN) Add DHCP server for VLAN Interface Everything works as expected. Wireless clients grab a lease from the VLAN subnet and are able to route to WAN REBOOT firewall and the functionality breaks. I see no traffic in logs or DHCP requests on the VLAN subnet Setting a host to a static IP on the VLAN subnet also does not work, no traffic. I am at a loss. Removing interfaces and VLAN DHCP and then adding them back restores functionality and leases are passed out and traffic flows until next reboot where everything breaks again. I am at a complete loss. Clearly I am doing something wrong with Hyper-V or the physical setup, but not sure what. FWIW - I Have tried adding additional vNICS to GUEST and configuring them to Access 20 - then adding the interface to pfSense or OPNsense - but I can not get traffic to flow this way. Looking for some help here - I really need to get this worked out. Thanks in advance! [link] [comments] |
Posted: 28 Sep 2018 08:00 AM PDT Hey guys and girls, I work in a company that does networks at events as a side business. Some of these events are quite big. Most of the venues where these events happen don't have fiber connections to the site. So most of the time were are stuck with temporary cable/DSL connections. Cable connections being 500/50 Mbps and DSL connections 30/6 - 100/15 Mbps. In some cases we are even stuck with 4G LTE modems, these have very unreliable speeds. Where we can get one connection we can get multiple. Now I have been given the task to find a good way to load balance two or three WAN connections as sometimes we need higher download or upload speeds than we can get from one line. The routers we use are Mikrotik, which I like for routing, DHCP and the likes but not for load balancing. I'm looking for a device that can load balance 3 WAN connections in multiple ways (round robin, one line is full ->use second,....). So far I have found that PFsense does this quite well. This would mean we could do it quite cheap with a NUC that multiple ethernet ports. Kemp also does this at a decent price. But I would like your input. What load balancers do you like. Note that we need a device, this can be 19" as our routers and switches are installed in portable 19" flight cases. PS. Sorry for grammatical errors, English is not my first language [link] [comments] |
Making the best out of the architect demands. Posted: 28 Sep 2018 01:08 AM PDT Hello again r/Networking, After much struggle on where to locate our outdoor MIST AP61 to cover a public square, the architect left us with the only option to put them under bench banks, around 20 cm up from ground level. We expect low to medium density most of the time, and for special occasions where high density will be required, ad-hoc APs will be deployed. My question is, how should I tilt the AP? Options are:
Any thoughts or recommendations are of course very much appreciated! Thanks in advance! [link] [comments] |
Posted: 28 Sep 2018 07:33 AM PDT My teacher says we have access to net labs, we use cisco networking academy but I literally cannot find out how. I asked him on thursday but I forgot and I don't want to ask again. Were supposed to have access to net labs for intro to unix through our school emails but I cannot literally find anything about it and it's not in the syllabus. I need more practice and would appreciate if someone could help me. We use netacad.com for our school work. [link] [comments] |
Posted: 28 Sep 2018 05:38 AM PDT Besides a few hq type building, my company is 99% retail stores with less than 15 people. The unique need is that each of those individual cost centers pays for their own stuff, so they're incredibly cost conscious. We manage router and up (Meraki) but were looking at getting into the managing switches game, so we can better support the field. Meraki switches are astronomically expensive compared to whats out there, so I want to see what alternatives are out there. These don't need to be best of breed, but reliability and cost are the big things. Ubiquiti's switches look nice, and the prices are good. I'm aware of the non-existent support, and am OK with that for the most part. How is the management of them? Are there any other guys out there that compete in the low-cost-but-decent-switch game? We have some Cisco SFs out there, and they seem decent. JUst trying to get an idea of what the low-end switch landscape looks like right now. [link] [comments] |
How do I set up a private network on an enterprise WPA2 one? Posted: 28 Sep 2018 08:19 AM PDT I am trying to connect my Google Home Mini and other smart devices to my university network. Like most universities in the UK, mine uses eduroam. I have ethernet ports in my room, and a WPA2 Enterprise wireless network. I have managed to successfully connect an access point to it (just an old ISP provided router), and it provides a wireless network to devices around me, however, when connecting to the network on a phone or computer (on my private access point), a captive portal is presented, and I have to log in with my uni username and password. Once I have done this I have full internet access through the private AP, however this cannot be done on a Google Home. Is there any possible way to avoid this, and just have a my private AP registered on the network, then use it as a bridge to just connect other devices to the network? Thanks [link] [comments] |
You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment