Rant Wednesday! Networking |
- Rant Wednesday!
- Fiber Optic spools were in the way...
- Director has given me a budget for a training session. What should I choose?
- End of Sale and End of Life
- Receiving Spam calls from our Cisco Phone system
- Free Range Routing - Who's using it?
- Network Segmentation without a vendor product or lock in
- Cisco per IP Policing
- Meraki Vendor in Hong Kong (or able to ship to HK)
- Avaya switch PLC compatibility
- Replacing Nexus 7K line card with configuration?
- Suggestions for managed desktop routers
- Problems connecting to work network from home compared to other wireless networks.
- WS-C3560X-48T-S can't accept IOS 15.2.2E ED or higher
- EIGRP with HSRP
- Cisco ASA 5508 flash problem
- Can two SSIDs be part of the same network?
- Teaming and VMQ issues with broadcom based network cards on Microsoft OS
- Windstream as a 3rd string transit peer...
- FTTH and voice issues
- ethernet-switching-options missing on EX4300 (v17.3)
- One way Packet lost between ASR 9k and HP switch
- Avaya ERS-4548GT CLI cmd to set DefaultVlanID?
- Multicast on l3 switch stub
- Client VPN with Azure AD support and Microsoft Authenticator.
| Posted: 30 Oct 2018 05:12 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Fiber Optic spools were in the way... Posted: 31 Oct 2018 12:49 PM PDT Our providers left a lot of fiber after terminating their connections, a common practice from what I've gathered, and these cables are not very flexible - you know glass and all. So I bought a garden hose hanger, and was able to hang the loops up off the floor, and out of the way from everything. http://imgur.com/gallery/z9m0yqm There are 3 different providers looped on the hanger in this picture. [link] [comments]  |
| Director has given me a budget for a training session. What should I choose? Posted: 31 Oct 2018 07:52 AM PDT He offered this course, which looks pretty neat, but I'm just not super excited about cyber security, is this the wrong attitude? https://www.sans.org/event/security-east-2019/course/intrusion-detection-in-depth I was thinking about maybe taking an AWS course. I manage our AWS environments now, but could totally use a full on course. [link] [comments]  |
| Posted: 31 Oct 2018 06:40 AM PDT Hello Everyone. Happy Halloween. How normal is it to have EoL/Eos devices running in your infrastructure some even playing the important role of critical device. Currently, in my environment, we have a few ASAs5510-5585 and Cisco 4900/4948. Ok that's a lie its more than a few. Its quite a lot. We're talking about an entire DC running of these switches. Has anyone worked in such a network where the refusal to purchase new/supported equipment is resisted to the extent that they rather run of unsupported hardware? Note that not everywhere in this network is bad but there is a crap ton of hardware like this that is EoL functioning as "Core routers". [link] [comments]  |
| Receiving Spam calls from our Cisco Phone system Posted: 31 Oct 2018 06:34 AM PDT Hey guys, maybe you can help me with this one. I've been receiving spam phone calls coming from our Cisco phone system. When I checked the logs from our phone system I see that a call came into it from the spam company and came out to my cell phone and several other numbers. How is this possible? Is there a vulnerability somewhere I am missing? Our design: - Subscriber and publisher communicate over MPLS [link] [comments]  |
| Free Range Routing - Who's using it? Posted: 31 Oct 2018 09:48 AM PDT I've been doing a deep-dive into Free Range Routing (FRR) lately, it's been very impressive so far. I'm curious - who is using FRR in production? What're you using it for? Happy Halloween! [link] [comments]  |
| Network Segmentation without a vendor product or lock in Posted: 31 Oct 2018 01:05 PM PDT Scenario: You have a flat layer 2 network with SVI's that don't block east/west traffic between any vlan. You have an upstream firewall that carries your north/south traffic to the internet. Your dev/test/build and corporate networks are inter-mingled. InfoSec says this is bad news, and you need to segment off parts of the network based on business use case. The only catch is you can't use any specific vendor technology or product that would cause a lock in. The ultimate goal is zero trust, where we define policy for every traffic flow and nothing is implicitly trusted. Given the above scenario, I'm inclined to move the firewall down in the topology to be where the L3 gateways sit. Of course this means scoping massive firewalls based on current bandwidth use and anticipated growth (+/- some buffer in case someone says we need something like SSL decryption). My thought with this is that it doesn't necessarily mean a vendor lock in, because we could rip and replace any firewall vendor and replace it with a different one if we decide we don't like our current one. It solves the immediate business requirements and increases security, telemetry, etc. Another solution could be to keep the SVI's at the switched level and simply add in access-lists based on Netflow data, but maintaining those may become a headache. Is there a better way to accomplish this that I'm not thinking of? [link] [comments]  |
| Posted: 31 Oct 2018 05:00 AM PDT Hello Redditors, I've got the following situation. Currently We have a situation where we have sets of IPs (that change over time, get bigger or smaller) that we need to police (rate-limit) when going through an specific interface, the catch here is that each IP must have assigned a maximum bandwidth (so we don't want to deal with shared values). So, for instance we have: 1.- 10 IPs that must be limited at 10 mbps each 2.- 50 IPs that must be limited at 30 mbps each Some times we have to move IPs from 2 to 1 or vice-versa, or just remove them altogether. We could achieve this using MQC, we kind of do it, but this means adding a class statement per IP, which is not something I want to do anymore (if possible), I'd like to have something like this: policy-map IF\AA_OUT) class class\10_mbps) match ACL\01) police each IP to 10 mbps class class\30_mbps) match ACL\02) police each IP to 30 mbps So adding, removing or changing bandwidth per IP would be a matter of just removing or adding entries to the ACLs. I've found something called flow micropolicer, but all the documentation refers to the Cisco 6500 (we need it to work on ASR1001-X and 7200), and also the documentation points that this can only be done in the ingress-direction, which won't work for us since we need to limit only outgoing traffic over one of the interfaces, not all. Any help on this? doable? or stick at adding class statements per customer? [link] [comments]  |
| Meraki Vendor in Hong Kong (or able to ship to HK) Posted: 31 Oct 2018 08:39 AM PDT (x-post from /r/meraki) We've been having a hard time finding a networking vendor in Hong Kong that sells Meraki equipment, or an international vendor that is used to shipping into HK? We tried purchasing some MR53's locally in US, configuring, and sending to our office in HK, but it was seized by HK customs and it's taken a month to get it even returned to sender. Any advice would be appreciated. [link] [comments]  |
| Avaya switch PLC compatibility Posted: 31 Oct 2018 07:42 AM PDT We have some ~10-20 year old PLC's that seem to have trouble communicating with a new switch upgrade. We change from the Avaya 4550 to the Avaya 4850, but we have been seeing some weird symptoms. Some of these PLC's will stop communicating at random times, until rebooted. I'm trying to get operations to reseat the ethernet connection to see if that can bring communications back. After issues in production we reverted back to the old 4550's and see the issue go away. The devices don't disappear. We aren't utilizing a majority of the security features on either of the switches, just RSTP on the edge ports. The old and new switches are configured basically the same. My only thought is that this is a problem with auto-negotiation, So i turned it off and manually configured the port speeds, but the issue still remained. Most of the PLC's run at 10 half duplex, with some at 100 full. I've done a bunch of packet captures, and all I can see is that the devices stop responding. Anyone have thoughts on this? [link] [comments]  |
| Replacing Nexus 7K line card with configuration? Posted: 31 Oct 2018 07:32 AM PDT After working with the nexus platform for some years, I just realized I never had to replace an active line card with configurations, so I hope you guys can answer my question with experience. So we have a F3 line card with some of the interfaces allocated to another VDC that needs to be replace since the current one is having issue. What would be the most efficient way of removing the current line card and inserting the new with minimum down time? I want to assume the supervisor will keep the configuration for the line card, and when the new one is inserted it will just fall in line, but in the back of my mind I feel like I will need to manually copy over the configuration to the default VDC and the VDC with the allocated interfaces Thanks guys [link] [comments]  |
| Suggestions for managed desktop routers Posted: 31 Oct 2018 03:36 PM PDT Hi, We are an IOT company that requires developers to have their own subnets for testing in. We are looking to get small managed desktop wifi routers that we can remotely manage to ensure updates are applied, wireless is properly secured, etc... We are a meraki shop so the meraki Z3 seemed like a perfect fit but 2.4G can't be disabled and its generally unusable in our environment. I thought that was basic functionality everyone had these days... Can anybody recommend something similar that they've had a good experience with? Thanks [link] [comments]  |
| Problems connecting to work network from home compared to other wireless networks. Posted: 31 Oct 2018 06:47 AM PDT Hello, I was recently hired for a company which provided me with a laptop and supports working from home on occasion. To connect to the internal work network, I must connect to the internet and use Pulse Secure. For some reason, when connecting to my router (wireless or wired) from home, and then connecting via Pulse Secure, when I do a tracert on a work domain I get a 92.XX.XX.XX IP. After talking with my work, this is their 'external' gateway and has restrictions on what I can do. It will timeout trying to connect to databases, things like that. If I hard wire directly into my Verizon modem and do the same tracert, I get a 10.XX.XX.XX IP, which is the correct internal gateway I need to use. I can do all my work with no issues this way. I have a backup wireless router and tried both to replace my main router and saw the same issue on both. I even reset my bakup router to its factory defaults and saw the same issue. Lastly, I went to Starbucks and connected to their wireless network and got the correct internal gateway, so I believe that narrows the issue down to my router. I'm a novice at best when it comes to networking and how DNS lookups work. Anyone have any suggestions on how to correct this issue? Thanks! [link] [comments]  |
| WS-C3560X-48T-S can't accept IOS 15.2.2E ED or higher Posted: 31 Oct 2018 12:55 PM PDT Hi I have to upgrade WS-C3560X-48T-S to 15.2.2E ED or higher version to fulfill requirements to use SFP-H10GB-CU2M in this switch (https://tmgmatrix.cisco.com/home) The switch run IOS 15.0.2-SE7 MD and accept upgrades till 15.2.2E ED (the one that I need to make H10GB to work). The last working is 15.2.1E3 ED. How I did? I downloaded .tar and coresponding .bin to this switch using this website: https://software.cisco.com/download/home/282979304/type/280805680/release/15.2.1E3 Upgrade is performing by using: archive download-sw /overwrite /reload usbflash0:blabla-ios-image.tar or manually uploading to switch .bin image (using tftp), veryfying md5 and set BOOT variable, then reload. All images (.bin and .tar) that I used have valid md5 (identical to presented in cisco website) What happened so? 1) When You have the old, good working one image in the flash (for example 15.2.1 E3) and the new one (15.2.2), the switch loaded the new one (15.2.2), then ditched it silently and loading and executing the old one (15.2.1 E3) 2) When You have the only new image in the flash, switch will load it twice and gave up to start with "Boot process failed" message and left You in boot-loader mode (to recover) The first thing, that I checked was to calculate md5 of .bin and .tar files and yes, they're the same like in cisco web site. I tried also with these IOS'es (in .bin and in .tar) format, still no joy. c3560e-universalk9-tar.152-2.E.tar I found two threads (different switch models) with the same/similar behavior: https://community.cisco.com/t5/switching/2960s-upgrade-to-15-0-2-fails/td-p/2452655/page/2 https://community.cisco.com/t5/switching/3750x-doesn-t-boot-after-upgrade-to-version15/td-p/2204929 PS: I have near 20 years of experience with cisco hardware (asa, switches, routers, ubr's etc.) and this is the first one that refused to upgrade IOS with no apparent reason .... PPS: In next post I will show attempt to boot image from boot rom (mode button was pressed for 30s after power on) [link] [comments]  |
| Posted: 31 Oct 2018 09:02 AM PDT Hi all, I'll try not to make this too long. We have two 7706 Cisco Nexus cores running vPC and HSRP on layer 3 VLANs as well as EIGRP running throughout our environment. We have an ISR 4k connected to both cores in a layer 3 port-channel. What is happening is the router connected to the cores is choosing Core B as the best path to get to other networks via EIGRP lowest metric. However, Core-B is the standby HSRP member for most of our VLANs including the one that is the gateway for the port-channel to the router. Core-A has a higher metric in EIGRP to get to the remote networks but is active HSRP member for most members. This is seen when I do a traceroute from the router to another network. I can see the first hop as the Core-B standby HSRP address (not the VIP). My question is... is this a problem? I think everything is routing as intended but more curious if by design I should have my EIGRP primary path and HSRP active line up together? Thanks in advance. David [link] [comments]  |
| Posted: 31 Oct 2018 12:40 PM PDT I have a cisco asa 5508 that wont boot up and I'm trying to see if I can recover it, appears that it's not recognizing the flash. There is no ios so I have to boot it from usb, which works fine. But once it's up, I can't copy that to flash because there is no space. Any ideas? ciscoasa# show disk0: all 0 bytes total (0 bytes free) ******** Flash Card Geometry/Format Info ******** COMPACT FLASH CARD GEOMETRY Flash Model: ATA Micron_1100_MTFD [link] [comments]  |
| Can two SSIDs be part of the same network? Posted: 31 Oct 2018 12:22 PM PDT Can I have two SSIDs on the same subnet? For example, if I create two SSIDs that are each on the same x.x.x.x subnet, will that cause any issues? [link] [comments]  |
| Teaming and VMQ issues with broadcom based network cards on Microsoft OS Posted: 31 Oct 2018 12:17 PM PDT We've had countless issues with poor performance, inconsistent performance, dramatic packet loss when using HP530T Nics (BCM957810A1008G) on Windows based OS (bare-metal) when using the teaming option. This as made the system team reluctant to use teaming and as been leading to bad architecture designs. Microsoft rep says it's common knowledge that these Broadcom based chipset NICs experience issues under MS windows operating system. We've tried different teaming solutions within windows, we've tried different drivers and issues are never fully resolved on windows server 2008-2012-2016. We've ordered Intel based Nics to see if issues will be resolved. When the teaming is removed, all issues disappear. We don't see any issue with the teaming when the cards are in a VMware ESX server. It's been hard for the network team to help diagnose the issue as we don't have access to the servers and the system team as been reluctant to install Wireshark on the production servers that are experiencing the issue. The problems are also very intermittent. One of the main issue is the application crashing when creating a collection of VMs on Hyper-V based VDI. As anyone encountered teaming issues when using Broadcom chipset based NICs? Did you ever resolve it ? [link] [comments]  |
| Windstream as a 3rd string transit peer... Posted: 31 Oct 2018 08:12 AM PDT I know Windstream (Paetec/USLEC legacy) is not thought of highly... But I got a really great quote for a 10G circuit from their wholesale team. I would be using it as a 3rd string peer, so its mainly for extra capacity if needed, extra redundancy, and some extra buffer space during a DDoS. I know their BGP is terribly managed, so I would filter what they send me (partial routes, filter <= /24). I've heard they let customers announce anything, and do little internal filtering, they even allow /28's and crap like that, etc.,. Is this circuit a potential hidden nightmare? It would be on a 2 year term. Legay wise, I believe its running on Cavalier fiber - thats the legacy footprint Windstream acquired in my telco building. [link] [comments]  |
| Posted: 31 Oct 2018 07:26 AM PDT Hello, Will try and keep this brief so its missing details but I hope the gist of the post gets across. I work at an ISP selling FTTH on a 100% fibre network (from router to core). The entire network is fibre with voice services from a RJ11 phone port from our router for normal phone services. Calls made from a analog phone are routed to a Asterisk server on our network then out to the carrier. In one case, a customer was unable to see the SSID from the router (router was replaced but issue persisted). After an outage, the fibre from outside was replaced (fibre was cut) and now customer can see the SSID. In another case, replacing the fibre (fibre cut) resolved an issue with noise on the line when on the phone. The problem is not being able to accurately troubleshoot these issues as there can be a lot of variables. With two identical connections (same switch, same drop-point, same router, same firmware, even the same phone), one might have crazy voice issues (DMTF and calls cutting out) while the other is perfectly fine. Its not to say that the actual fibre itself can cause these issues but I do not have the knowledge to be 100% on this. I'd like to know how much the actual transmission and frequency on the fibre actually affects customers. For example, how would a 0.10- intermittency in Dbm (both Rx and Tx) affect voice/data services? We have this kind of intermittency with some customers but zero issues reported. If theres anything out there with info about fibre to analogue and voice/data It would be great. I can't have fibre replaced to test this as management will question it, and I'd need more info before making the case. It might also be that I'm looking entirely in the wrong direction but I hope /r/networking can advise me on that. [link] [comments]  |
| ethernet-switching-options missing on EX4300 (v17.3) Posted: 31 Oct 2018 12:55 AM PDT [solved] thanks roydejager Hi Guys, sorry for the noob question. I am trying to configure voice vlan on the Ex4300 and I am using the latest JTAC release. The switches are in a virtual-chassis. When I try go into edit mode and the try "set ethernet-switching-options" the command is not found at all. Any ideas on what I am doing wrong? Auto complete only shows event-options but nothing about ethernet-switching-options. I am wondering if it has anything to do with the cli layout changes on 17x or a different approach when inside a vc. Thanks in advance. [link] [comments]  |
| One way Packet lost between ASR 9k and HP switch Posted: 31 Oct 2018 09:14 AM PDT Hi, I'm having issue with packet loss between 2 device point to point. HP to ASR no packet loss but when pinging ASKR 9k to HP I have a consistent packet ko of 7 out of 1000 but when using a smaller value of 400 datagram theres no packet loss. Both device connected via fiber optic. tried replacing the cable same with transferring to other port but got the same result 7-Packet loss when using value of 1500. Verification: Both supports higher MTU value, running hardcoded fullduplex/100, no interface error/drops, normal CPU and memory. No filtering, QOS applied on the interface. Any input about this? Thank you [link] [comments]  |
| Avaya ERS-4548GT CLI cmd to set DefaultVlanID? Posted: 31 Oct 2018 08:59 AM PDT Hi Redditors, I have been having a few issues with our Avaya stack GUI so limited to CLI at the moment, I am looking for the cmd to set the DefaultVlanID for a specific port on the switch. Note: I have already added the port to the VLAN membership, all that's left to do is actually set the DefaultVlanID for the port. Screenshot of the GUI tab for this is below (GUI is unaccessible for the stack I am currently trying to make this change on, screenshot is from a different stack which is exactly identical) [link] [comments]  |
| Posted: 31 Oct 2018 06:36 AM PDT So I've come at a wall that I seem to not be able to get over. I've got a network where multicast traffic is pushed over the dmvpn. What I am having trouble is that I cannot seem to figure out how to get the phones on the l3 switches network to join the multicast RTP stream. So the multicast server does reach the phones with text and it preps the phone just no audio. I refrenced this https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/15-s/imc-pim-15-s-book/imc_stub_routing.html as a guide to help me but it didn't work. Does anyone have an idea of where else I should look to solve this issue? As a reference multicast traffic is pushed over the DMVPN and this l3 switch route is pushed as a redistributed route from router its connected too. [link] [comments]  |
| Client VPN with Azure AD support and Microsoft Authenticator. Posted: 31 Oct 2018 06:29 AM PDT |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment