Training? Conferences? What do you folks do to "sharpen the saw"? Networking |
- Training? Conferences? What do you folks do to "sharpen the saw"?
- Last Input on [HPE Switch]
- [Showerthought] Cisco's target audience is no longer network engineers
- PCI-e 4G Network Card With Extrovert Antennae?
- IT Mgr Transition to Network Engineer ?
- Cisco ASA 5516 W/ FP, Complete loss of connectivity.
- Transition ISC-DHCP-SERVER to Kea?
- What industry has the most complex networks?
- RSTP - Edge vs. Portfast
- Nexus 3k vPC Redundancy Help
- VPN behind Double NAT issues
- Is PIM really required to route multicast between VLANs on the same switch?
- Modular Patch Panel suggestions.
- Cisco 4321 Management Port
- Questions about zero trust
- DMZ Dual NIC's best practice
- 1U Labeling Question
- JunOS control plane protection
- Cisco Bug Reports explanation
- Switch management traffic on untagged for Ubiquiti switches
- Cisco QinQ / Feature Navigator Advice
- Engenius ENS620EXT - wifi repeaters won't work anymore
- Cisco ASA Upgrading Asdm only
- Would this hardware bee a good replacement? (Ubiquiti)
| Training? Conferences? What do you folks do to "sharpen the saw"? Posted: 30 Oct 2018 12:55 PM PDT I'm trying to put together a "training" plan for the next couple of years (training includes conferences). I've got some web based on-demand training, as well as Cisco Live (San Diego) on the list so far. What do you folks do to "sharpen the saw" so to speak? Online classroom training? Online on-demand training? Conferences? What keeps your skills up? Anything I should be looking at? I'm not looking for boondoggles - company paid vacations to cool spots. I'm looking for serious nerd vittles. [link] [comments]  |
| Posted: 30 Oct 2018 01:12 PM PDT Is there an equivalent command to Cisco's "sho int <port>|Last Input" on an HP switch? I'm needing to find 3 unused ports on a full HP switch and, for the life of me, can't find (google) the command on how to see when the last input on a port was. [link] [comments]  |
| [Showerthought] Cisco's target audience is no longer network engineers Posted: 30 Oct 2018 01:39 PM PDT The impression I've gotten from this sub is Cisco has lost (or are losing) touch with their core customer base. I think that's probably a fair assessment. But what if that's not self-destructing. What if they don't care about us---not because they've lost touch---but because we are no longer their target audience. What if their target audience has become executives. And I'm not talking about their usual tactics of scaring CTOs out of buying a competitor's gear, I mean automating all engineering/architecture out of networking, and pocketing our salaries. Cisco's endgame could be:
Just finished one of Tim Szigeti's Cisco Live presentations on advanced QoS. He ends it with something like: "yeah, all that shit I just told you--you won't need to know that anymore. Throw out the 1000-page QoS book. Pretty soon you'll just drag Skype into this box on the DNA webgui, and the fabric will auto-provision QoS to prioritize it, end-to-end, automatically." Granted, it'll be a while before the DNA/SD* stuff really proves itself. And maybe that's only feasible for campus/access--the DC/ISP space might look different--but then again, maybe not. [link] [comments]  |
| PCI-e 4G Network Card With Extrovert Antennae? Posted: 30 Oct 2018 01:00 PM PDT Okay so I might have a really specific need here but here it is. I'm designing a remote-capable security system and I want it to be always connected to the internet or at least as possible as it can be. A telescopic arm will be a part of this product and I'd like to have both a WiFi and 4G antennae mounted on it. The WiFi is easy I can just slap a Ubnt nanostation on there and call it good but the 4G has been giving me some headaches. I've searched high and low and can't seem to find any sort of 4G networking card that can slot into a PCI-e and I'm not sure if I'm looking for the wrong thing or not. I could go with a USB 4G connection but I'm not sure how much I like the thought of that and of course I would rather have an extrovert antennae to be able to mount up in a high spot. [link] [comments]  |
| IT Mgr Transition to Network Engineer ? Posted: 30 Oct 2018 03:57 PM PDT Currently I'm an IT manager for small business. (1 man shop, yours truly and an MSP doing L1 help desk stuff) we have 700+ employees. I have been in the IT world as a SysAdmin and IT manager for the last 8 years, here over a year. My last employer was 10x the size and had much more networking, which I really enjoy and find fascinating. We had UCS's, Data Center, lots of route/switch etc... Here it's so simple its just plain boring...while the company is growing its not at a rate that will change my career path and there are very limited technical opportunities here. I hold a current CISSP and CCNA R&S cert, make decent money, $95k/yr, no bonus, no 401k in a moderate cost of living are - not complaining just making a note :) I'm a bit burnt on the one man show thing.... Does $95k/yr (no bonus/401k) seem reasonable in my current role? Is it realistic for me to expect to be able to transition into a network/systems engineer/consulting type role (with a VAR\big4 etc) making similar $ (or more) money if I pick up CCNP ? Any other thoughts or recommendations ? Has anyone out there done this - moved from management to technical ? Thank You! [link] [comments]  |
| Cisco ASA 5516 W/ FP, Complete loss of connectivity. Posted: 30 Oct 2018 09:24 AM PDT Hey Everyone, I'm having a reoccurring problem with one of my ASA's, it decides to block all traffic in and out of the network. I have opened a case with Cisco, but wanted to see if you guys have any pointers? The logs show no obvious signs of failure.
Like I said all traffic is blocked. There is no indicator that I could find on the ASA telling my something had gone wrong or why it was blocking the traffic.
Failing over to the secondary device and then rebooting the Primary. [link] [comments]  |
| Transition ISC-DHCP-SERVER to Kea? Posted: 30 Oct 2018 06:52 AM PDT I can't find any docs or material on transferring the flat lease files to Kea, or any sort of "upgrade path". Seems ISC is treating it as a completely separate thing with no regard to ISC-DHCP-SERVER existing that I can find. Has anyone found or done a move from isc-dhcp-server to Kea? I'm considering doing Kea for IPv6 at least, but figuring should move my v4 into it as well while I'm at it. Seems currently the only real idea is to slap it in a different range and let everything transfer over. Is that what others are doing? Looking to make some IP changes in my network of how things go, but don't want to make the changes too soon and shoot myself in the foot for DHCP server move. [link] [comments]  |
| What industry has the most complex networks? Posted: 30 Oct 2018 11:06 AM PDT I'm currently working for an SMB and the simplicity of the network is killing me. I love networking too much to stay for long and I really want more complexity to play with, so I'm curious what industries are doing what. So from your experience, could you tell us what industry you work in (healthcare, retail, higher education, MSP, VAR, ISP, financial, etc.) and what does your network look like (MPLS, VXLAN, EVPN, BGP, OSPF, Global or Domestic Network, Large Campus or Remote Sites, etc.)? [link] [comments]  |
| Posted: 30 Oct 2018 10:51 AM PDT My understanding is that both Edge and portfast transition the port directly into forwarding and suppress the generation of a TCN. So why would you still need to configure portfast when using RSTP? I'm assuming its to 'define' where the edge ports are? Otherwise the switch will somehow have to discovery that, maybe by waiting and not seeing a BPDU for X time? [link] [comments]  |
| Posted: 30 Oct 2018 04:20 PM PDT What I've got today: I am coming from a pair of 5548s with a bunch of 2K FEXs as my ToR. The FEXs are currently multihomed to each 5k, and I add a server into each of the 2 FEXs at the top of a rack and create a vPC for redundancy. vPCs are extremely self-explanatory with that gear. Proposed diagram: https://i.imgur.com/S0BPWM4.png So... it's almost 2019 and it's beyond time for a 40gb core and 10gb ToR. New switches here I come. I know I can do a vPC from the server to each 3172. What I am unsure of, is can (should) I do a vPC from a 3172 to each 3132 in the core? I would like to avoid layer 3 between core and ToR, since my VLANs are spread amongst many racks. Thanks. [link] [comments]  |
| Posted: 30 Oct 2018 03:49 PM PDT Been breaking my head over this one for a few days now, so figured I'd ask here as there seem to be quite a few knowledgeable people on here. A brief explanation on the topic at hand. Due to the way the "ONLY" ISP around configures their switches we're having to run our VPN behind a double NAT. The server side has 100/20 VDSL The client side used for testing has 80/20 VDSL but problems occur on fiber networks all the same. Ping is low (~10) at all times The modem is serving 192.168.2.x whilst the server behind which is the internal network is serving 10.0.0.x. There's no way to configure the modem in bridge mode because some equipment used for IP phones is also ran off there. Reason it's not behind the internal network has to do with some external management functionality that the ISP desperately doesn't want to give up on and seems to depend on the modem being in the state that it is, so there's not much room to wiggle there. Initially (about a year and half ago) this worked fine with proper port forwarding, etc. But about a month or two ago the modem was replaced and the external IP address changed. Ever since then it's been very problematic and downright awful. VPN is provided by good old Windows Server 2016. It's just a basic L2TP VPN with nothing fancy. Something that like I said, has worked well for a substantial period of time. Now I've isolated the problem down to the NAT interface in RRAS, without that configured the VPN is blazing and browsing through folders on network shares is a breeze. Opening files works like the server was right next to you. Obviously without NAT configured (the server has two physical NICs) there would be no internet access on the internal 10.0.0.x network so that simply has to run. But once I add the NAT interface the file browsing just stops dead in its tracks. Browsing the internet, watching youtube, etc. all works flawlessy (using the external gateway) but it takes well over a minute to open any folder on the remote network. Whilst opening a folder and waiting for it, the internet in the background continues to work flawlessly. Remove the NAT interface from RRAS and everything is all fine and dandy again. Now I'm aware that a VPN behind a double NAT will never work perfectly but this is a bit much isn't it? I've played with MTU sizes, tried a different protocol (PPTP), went as far as completely reconfiguring the on premise networking side of things (which means I'll now have to sacrifice a weekend to reconfigure part of the server..) all to no avail. Am I missing something blatantly obvious here or what gives? I should probably mention the server runs on VMware and as such is virtual. [link] [comments]  |
| Is PIM really required to route multicast between VLANs on the same switch? Posted: 30 Oct 2018 11:54 AM PDT We have multicast senders on one VLAN and clients on another VLAN. Multicast routing is enabled on the switch and IGMP querier is configured on the client VLAN. My engineers are saying that the switch will not route the traffic unless they also enable PIM on both VLANs. I always though PIM was only needed if there were multiple router hops in a network. They say they are seeing this on both Ruckus ICX and Cisco Catalyst switches. [link] [comments]  |
| Modular Patch Panel suggestions. Posted: 30 Oct 2018 03:03 PM PDT So I am in the market for patch panels. We already have some Monoprice PN 310 toolless keystone jacks, but from what I am reading you can't fully fill a 24port modular patch panel from Monoprice, due to the width of the jacks. We have a few panduits, but we want to get away from them, since they cost an arm and a leg. Do you all have any suggestions? What about the vertical cable 24 port blank patch panel that firefold sells? [link] [comments]  |
| Posted: 30 Oct 2018 01:59 PM PDT Anyone had any luck with re purposing a management port on the 4321 as a normal port that can pass traffic? [link] [comments]  |
| Posted: 30 Oct 2018 01:25 PM PDT Hi all, I am looking for examples that implement zero trust networks in enterprise environment. My current setup is basic:
I am trying to understand:
So basically, can I use zero trust for local networks? Thanks, really appreciate it! [link] [comments]  |
| Posted: 30 Oct 2018 12:37 PM PDT Hello All, From reading a few design documents my understanding is a DMZ should ideally have two NIC's inside each reverse proxy with one pointing towards the outside untrusted network and the other pointing towards the internal firewall each on a different logical segment. It appears there is information from SANS and other vendors such as Microsoft around following this advice. What is the advantage in this approach rather than having one NIC? Internet <----> OUTSIDEFW <-----> OUTSIDE VLAN <-----NIC1> Reverse Proxy <NIC2-----> INSIDE VLAN <-----> INSIDEFW <----> LAN Thanks [link] [comments]  |
| Posted: 30 Oct 2018 12:23 PM PDT Looking for a suggestion on labeling. On some of our 1u devices, there is not a great deal of room to place a label such as a hostname. Are there any alternatives to adding a label to a rack mounted device that you have seen? As an example, first thought that came to mind was a toe-tag off of the holding bracket…. [link] [comments]  |
| JunOS control plane protection Posted: 30 Oct 2018 04:21 AM PDT Do you guys usea firewall filter on your loopback to protect your router and switches? If you do, how did you get the ntp to work? I could not get the ntp to work. Also, I think it is-is is done over layer 2, but does it have a control plane protection for is-is? Also, any tips for bgp control plane firewall filter? [link] [comments]  |
| Posted: 30 Oct 2018 10:58 AM PDT I have a hard time exactly understanding the Cisco Bug reports. For example, this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh30461/?rfs=iqvred Shows for Known Affected Releases only: 8.2(1). Does that mean, that all other releases do not have that bug? (or at least it is not known, if they have this bug)? For example, there is indeed 8.2(2), this one should not have the bug, right? Since it's not in the "known affected release" However, at the same time, at Known Fixed Releases, they list 8.3(1). What does that mean? Only this release will fix this? This would mean, having 8.2(2) would not fix this, right? Then, well 8.2(2) should also be listed in "known affected release". It does not really make sense to me. Can someone please explain? Thank you. [link] [comments]  |
| Switch management traffic on untagged for Ubiquiti switches Posted: 30 Oct 2018 10:26 AM PDT Here's a weird one for you guys. I haven't been working with VLANs all that long and even less time with Ubiquiti devices, so I'm sure that I'm missing something here, but am not sure what. The scenario: three Ubiquiti switches managed by a Unifi controller on-premise. Their IPs are all currently on VLAN 1 in an environment I just inherited. I want to segment the network so that all switch management IPs are in VLAN 50. The existing configured-before-me trunks between these three switches are on the default All profile, which sets VLAN 1 as the native/untagged, and all other VLANs as tagged. This means VLAN 50 is currently tagged on all the uplinks between switches. One of the three switches acts as the core (call it Switch A), with the other two connected to it through these trunks. I picked one of the two non-core switches (call it Switch B) and moved it to an IP on VLAN 50 through the controller. The switch went offline in the controller and I could not ping the new IP. On a hunch, I changed the configuration for the port on Switch A that Switch B uses for uplink to a profile that has VLAN 50 as the native/untagged, with all other VLANs tagged. Switch B came online right away and I could ping the new IP. Why does VLAN 50 need to be untagged on the core (A) side for B to be pingable, and why doesn't it need to be untagged on the B side of the uplink? Does Ubiquiti send switch management traffic as untagged packets? [link] [comments]  |
| Cisco QinQ / Feature Navigator Advice Posted: 30 Oct 2018 09:49 AM PDT Hi, I'm looking for a cheap device (i.e. old hardware is fine) that can do QinQ, end of life is fine too. I ended up on Cisco feature navigator to look for a relevant device but the results don't make sense to me. Cisco 2960 and Cisco 1841 for example show up under "802.1Q Tunneling", but I don't see any way to setup dot1q tunnel on said devices. I'm thinking of a Cisco ME3400 or 4948E depending on the prices I get back but can someone advise other Cisco devices that can do QinQ or how to use the feature navigator to find what I want? [link] [comments]  |
| Engenius ENS620EXT - wifi repeaters won't work anymore Posted: 30 Oct 2018 09:42 AM PDT I've been searching for 2 days on this and its driving me a bit nuts... I have an Engenius ENS620EXT as my main AP and 2 TP-Link RE200 repeaters for wifi to ethernet bridging. Everything was working great until I updated the firmware on the ENS620EXT to v3.5.1_c1.9.04. Now, the repeaters say they are connected and they show in the AP connected devices list, but no data is getting through. Any devices on the repeater can only reach the repeater address and not the AP or anything else. Devices connected directly to the AP are fine with full network access. I can't seem to find any previous firmware on the Engenius site or if a downgrade is even possible for this AP. I don't remember what version it shipped with and didn't think to note it at the time. I already tried resetting both the AP and the repeaters to factory default and re-configuring them; the same issue remains. Does anyone have experience using this AP with repeaters? Could I be missing something in the configuration? [link] [comments]  |
| Posted: 30 Oct 2018 12:50 PM PDT Hi, I'm needing to upgrade several devices due to a bug causing ASDM to fail to load on the code version we are running on the ASAs (5500 series) I only need to do the ASDM image. I believe I can do this without any service interuption or a reboot but wanted to check. I would TFTP the new ASDM image to the required firewalls disk/flash and set device to boot from the new ASDM image when required. Any advice/suggestions would be appreciated. Many Thanks George [link] [comments]  |
| Would this hardware bee a good replacement? (Ubiquiti) Posted: 30 Oct 2018 05:04 AM PDT My business has 28 employees on a mixture of wifi and hardwired. We we are currently using a Dell Windows Server 2008 to handle DHCP and DNS. Sonicwall firewall. UNIFI AP Pro for wifi. We have 5 jetdirects connected to dot matrix printers that print on carbon paper, 2 large MFCs and a plotter. The most important thing people need is a strong connection to our Redhat server that handles all our business software. Latency can really throw a wrench in the cogs. We also have a couple of employees that work from home and are doing remote desktop to a couple of local desktops. We have a cheap Sams Club security camera system on the network that we want to replace with a poe system soon. The question is, can we replace the windows server and Sonicwall with something like this... https://www.ubnt.com/unifi-routing/unifi-security-gateway-pro-4/ [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment