Blogpost Friday! Networking |
- Blogpost Friday!
- Legit CCIEs of Reddit... Is the exam as impossible people make it out to be?
- Portchannel - Stacked Switch
- What motivates you?
- [Update] Cisco ASA 5516 W/ FP, Complete loss of connectivity.
- Access Switches (Ruckus vs HP/Aruba vs Juniper)
- Cisco ASA 5505 Default Config Random Sites Not working
- VPN Tunnel Goes Down During IP Sec (Phase 2) Auto Re-negotiation
- Public IP
- Huawei MA5800-X15 MPLA Active/Standby failure after config load
- Cloud cert / reading for Network Engineers
- Newbie question about iSCSI MPIO with mixed 1Gb and 10Gb
- Shaping Outbound Internet
- Cisco Firepower IPS - Dynamic Rule state
- MXtoolbox blacklist check down for anyone else?
- First Jr Network/Cloud Engineer job
- 2-Port Switch
- Connecting 4 physically separate networks via Fiber backbone
- Lab Networking setup has connectivity issues I have not run across before. Any help is appreciated!
- Recommend an IPAM
- Tomato router: multiple static IP devices w/ same IP address on the same router?
- Cisco Networking - AP - WLC - VLANs
- Connecting datacenters between US West Coast and India - Need advice
- Is there -any- logical reason for my ancestor to have done this?
| Posted: 29 Nov 2018 04:16 PM PST It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| Legit CCIEs of Reddit... Is the exam as impossible people make it out to be? Posted: 29 Nov 2018 06:18 AM PST I've been told by a few people at work that the exam is impossible without cheating. Could those who got their CCIE legit without using any cheating tell your story (how long did you study, how many times did you fail, was the exam fair?) [link] [comments]  |
| Posted: 29 Nov 2018 05:12 AM PST I have a Cisco 3560-CX that I want to connect to stack of 2960X's. Can I setup a portchannel and run one trunk to Gi1/0/49 in the stack and the other to 2/0/49? Essentially, I'm wondering if I can run a portchannel to two different switches within a stack. [link] [comments]  |
| Posted: 29 Nov 2018 05:13 AM PST I was just asked - randomly - by someone above me, "What motivates you?". Totally caught me off guard - but wondering what motivates all of you? [link] [comments]  |
| [Update] Cisco ASA 5516 W/ FP, Complete loss of connectivity. Posted: 29 Nov 2018 12:01 PM PST Original Port here After quite a bit of trial and error and a second occurrence of the issue. Cisco found the issue to be caused by Snort crashing on the FMC modules. The solution is to remove the module from Firepower, Re-image and finally add them to Firepower. The Cisco Doc can be found here: https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html [link] [comments]  |
| Access Switches (Ruckus vs HP/Aruba vs Juniper) Posted: 29 Nov 2018 12:59 PM PST So for the past ~5 years we have been a brocade/ruckus shop. We had previously used cisco but dont see a need to go back in that direction. At first it was the ICX6430, then 7250, and now 7150. The horizontal/closet stacking is very useful to us, and allows us to design a lot of redundancy between our different swtich stacks (LACP/LAG's), etc. Obviously the ride has been interesting, considering we went from Brocade > Combined with Ruckus acquisition > Broadcom (Temporarily) > Arris > now Commscope Certainly the ICX is a strong product line and they have continued to develop and release new models, however obviously there is continued uncertainly. I know many folks that have left that i worked with there previously. We have also had issues mentioned in other threads (POE firmware corruption) and RMA problems. We have the need for 60+ switches next year so i want to look at comparable options. Our primary needs are the SFP+ stacking and layer 2 access only, do not see a need for anything layer3. For HP/Aruba, i believe that would be the 2930F model . I am waiting on bulk pricing, but obviously they are a leader in switching and have tons of options available. For Juniper, it would either be the EX3400 or EX2300. Obviously the 2300 compares more to the 7150 we are using now, and for us is right around the same price. EX3400 is a reasonable amount more and could be used selectively where the case justifies the dual power supplies. We have never used Juniper products before and thus do not know Junos. However everywhere i read folks love it, and looking at the syntax it will be an adjustment but one i am sure we can make. For Ruckus, it would be the ICX7150 that we have been using. There are some differences in support. All have limited lifetime hardware replacement and software updates. Ruckus includes 3 years of tech support, HP is as long as owned, but Juniper is only 90 days. Juniper is also RTF after 90 days, where as Ruckus and HP are NBD for the limited lifetime of the product. However we typically do on site spares for branch offices and ship internally then RMA and restock, so that is not necessarily a huge issue. Obviously from my reading i assume Juniper would be the most popular choice which is sort of what i am leaning towards. I did see someone mention about more common PSU failure on some models, so any conversation about folks experiences would be appreciated! [link] [comments]  |
| Cisco ASA 5505 Default Config Random Sites Not working Posted: 29 Nov 2018 03:52 PM PST An example of two sites that won't load, or load halfway are BankofAmerica.com and PCMAG.com Here's a picture of how the website looks after it "loads". I configured the ASA 5505 using the youtube video from soundtraining.net "Cisco ASA 5505 Firewall Initial Setup: Cisco ASA Training 101" ASA Version 9.1(6) ; ASDM Version: 7.5(2) When using packet trace from inside IP to BoA's website IP, I'm getting packet dropped because of nat-xlate-failed. I'm not knowledgeable enough to get any further than this.. any help is appreciated. Thank you. [link] [comments]  |
| VPN Tunnel Goes Down During IP Sec (Phase 2) Auto Re-negotiation Posted: 29 Nov 2018 02:10 AM PST Hello all, I hope this question is acceptable here. We have a SonicWALL NSA 2600 at main site and a SonicWALL FV-400 at remote site. A site-to-site VPN tunnel between them had been working flawlessly for about 2 years. Approximately one month ago, we began having an issue where the tunnel would go down, at around the same time of day everyday, and then it would magically heal itself and come back online in about 15 minutes. After a few days, we realized that it went down at the exact same time that IP Sec (Phase 2) was set to auto re-negotiate. That meant we could now predict precisely when it would happen, but we still didn't know the cause. It didn't make sense that the tunnel worked for 2 years straight and then randomly started having this issue. We have SonicWALL support on both devices, but they are absolutely useless and clueless about their own equipment. I've had them make minor tweaks here or there on the tunnel settings, but they were all guesses and never fixed the issue. I've called 5 times now to get this figured out and each time, they make minor tweaks and tell me to call in again if it keeps happening. Well, it keeps happening, and it's severely impacting our business now, not to mention my reputation with our business owner. It baffles me that after a month, SonicWALL is still in the "guessing stage" with our issue. They've done numerous packet captures and log exports, etc... They have NO CLUE what's happening. I was at least able to be escalated to a senior level tech today, but he and I spent 2 hours on the phone today and he still didn't know what was going on. One thing we DID discover today, however, is that when we change IP Sec proposal protocol from ESP to AH, it instantly starts working. But when it's on ESP, it takes 15-45 minutes to start working. During that time, absolutely no traffic passes between the two subnets, however both SonicWALLs show a green light indicating that the tunnel is up. I've been using ESP protocol for 2 years just fine. Why would it suddenly start exhibiting this behavior, seemingly out of nowhere? No changes were made to either router when the issue presented itself. However, since the issue began, we have updated to latest firmware on both sides in an attempt to resolve the issue. No luck. Also, I have TZ-105 at my house with an ESP-based tunnel going to both sites, and that tunnel is rock solid. Stays up at all times. So when SonicWALL tried to suggest that perhaps AT&T was blocking ESP, I was able to refute that because; 1) It worked as ESP for 2 years. Why would AT&T suddenly start blocking that with no warning? 2) If ESP was suddenly being blocked by ISP, it wouldn't start working again after 15-45 minutes post re-negotiation. It just wouldn't work, period. 3) If ESP were being blocked, the ESP tunnels I have at home, going to both the remote site and main site, would have to be affected too, right? So for now, I have put a band-aid on the problem, by setting my negotiation between remote and main site to occur every 24 hours at midnight (8 hours is default), so the issue still exists, but no one's in the office to notice it. It's bugging the hell out of me and am open to suggestions since SonicWALL is utterly useless. Thanks everyone! [link] [comments]  |
| Posted: 29 Nov 2018 07:21 AM PST Question for the folks who run their network using public IP - no NAT whatsoever. Do you have your router to router links in public IP? Do you have in your network that you use private IP? If you do, what type of network it is that you decided to give it a RRC1918 IP? [link] [comments]  |
| Huawei MA5800-X15 MPLA Active/Standby failure after config load Posted: 29 Nov 2018 04:17 AM PST I have 2 Huawei MA5800-X15 OLTs with 2 H902MPLA boards each, one on my desk and one working in production. Initially, both boards of the OLT on my desk were running fine. One of the boards had ACT led ON and the RUN/ALM led was blinking green (0.5s) on both of the boards, as it should be when things are running correctly. I've exported the config from the production OLT via tftp running: After that I've loaded and applied this configuration into the OLT on my desk using: After that, OLT on my desk has rebooted successfully and loaded new configuration. Then I run "save" command to save config and data. Then I decided to reboot the active board (board1) with: During the reboot of board1 the ACT led on board2 has switched ON (green) and the RUN/ALM led on board1 started blinking red every 0.25 sec, which is normal during reboot. Unfortunately the board2's RUN/ALM led never became green again and ACT led has never blinked again. I left everything for a couple of days and nothing changed. Complete OLT reboot did not help. I know that none of the boards are faulty because when I reboot the board2 then board1 comes online and board2 stays with RUN/ALM blinking led in red. Seems like they are working separately and cannot get synchronized. When one board reboots, the other loads up and becomes active, but the recently rebooted board just hangs in the middle of the loading process. I've connected two console cables, one to each board, and I can see that the board with the red light just stops at the same point every time. The active board on OLT has an alarm which says:
Here is the console output from both boards: The board with RUN/ALM red light always stops after
After this line it should start loading config, but it does not until the active board goes for reboot! I've tried to do a factory reset on both boards with: But it did not work out. Both boards have a default configuration now, but keep doing the same thing again and again. Looks like the boards can't sync the configuration between them. Or both want to become Active and only one loads up. I tried to google about this situation, but i did not find a single word about it. Seems like some unique situation. Did anyone have similar problems with Huawei OLT? [link] [comments]  |
| Cloud cert / reading for Network Engineers Posted: 29 Nov 2018 08:15 AM PST Hey all - As a network engineer I'm looking to learn how networking works in AWS / Azure / GPC. What is the best way to learn this? Any certs? Looking at things like routing between VPC / VDC, how network functions are deployed / managed, Express Routes, etc. I'd probably want to get some idea of the solutions as a whole as well. [link] [comments]  |
| Newbie question about iSCSI MPIO with mixed 1Gb and 10Gb Posted: 29 Nov 2018 01:35 PM PST Sorry, if this is the wrong sub for this. I am thinking of whether this is possible. One iSCSi target with 4 x 1Gb NICs MPIO aware. One iSCSI initiator with a 10 Gb NIC. Connected through 10 Gb switch (one 10Gb connection to host with 10Gb able NIC, and 4 x 1 Gb connections to switch from iSCSi target with only 1Gb NICs) Setting up host with 10Gb NIC with all paths to all IPs of the MPIO 1Gb target on vSphere (4 links). Will this give me ~4 Gbit iSCSI transfers to the target? Sorry if this is a dumb question... [link] [comments]  |
| Posted: 28 Nov 2018 08:21 PM PST One of our providers recommends shaping outbound traffic over their link. They don't really explain why they recommend this, so I assume it's to smooth out traffic peaks, to lower the number of packet drops. I'm wondering, how many of you actually do this? Do you see any real benefit from doing it (or not doing it)? [link] [comments]  |
| Cisco Firepower IPS - Dynamic Rule state Posted: 29 Nov 2018 11:47 AM PST been reading about the default pattern of a certain ips rule, when an ip on the internet performs this type of attack the ips detects and drops and generates event. but they try like 4 times to 4 dfferent hosted devices in 2 mins, i want to drop and generate after 1st attempt in under 60 seconds but also block for 24hours necause if not then they can just keep trying and trying, if im reading and watching videos correctly its definitely do-able to modify this ips rule...anyone use this feature to automatically block for a certain time? [link] [comments]  |
| MXtoolbox blacklist check down for anyone else? Posted: 29 Nov 2018 09:53 AM PST |
| First Jr Network/Cloud Engineer job Posted: 28 Nov 2018 05:33 PM PST Cross-posted to r/ccna First, I want to say thank you to everyone on this sub for the motivation. Seeing everyone getting CCNA certified pushed me to learn as much as I could. I'm not CCNA certified yet but will be soon. Second, I failed the "technical" part of the interview when they asked me to configure a basic network with OSPF, EIGRP, BGP, VPN Tunnels, and everything else that we are required to know; however, I did demonstrate that I could follow direction and that I had the willingness to learn and not give up when things got hard. Some background on my experience: Start by pulling cable and building out physical network infrastructure, moved to a management position doing this but was not satisfied at this level. Took a pay cut to go and learn more of the "general" IT stuff as in System Administrative work. After a few months of dealing with customers that self-determined the universe revolved around them, I knew it was time to pursue my passion; Networking. Took a few classes from the local college and got CCENT certified along with some other networking related certs. The company did mention that the CCENT wasn't anything great but it did show I was determined. Hope this gives you guys/gals some motivation to get up and do it. If a person starting from working construction/pulling cable can move to a networking position, so can you. Feel free to ask questions If you have any! [link] [comments]  |
| Posted: 29 Nov 2018 08:45 AM PST Does anyone know of a cheap switch with only 2 ethernet ports + the network connect port? Essentially it will be for connecting two devices to a network that will generally be installed next to a single wall port. Thanks [link] [comments]  |
| Connecting 4 physically separate networks via Fiber backbone Posted: 29 Nov 2018 08:37 AM PST Connecting 4 buildings, all of which have 4 physically separate copper networks in them. Is there a media converter that can take those 4 RJ-45s on one end, connect via a single fiber cable, and give all 4 networks at the other end? I've always done copper backbones, but would like to run a single cable if possible in this case. [link] [comments]  |
| Lab Networking setup has connectivity issues I have not run across before. Any help is appreciated! Posted: 29 Nov 2018 08:25 AM PST So, I was asked to install a simple lab setup for my company, on an isolated ISP connection, for an experiment. We had to mimic a client's setup, so my choice of hardware was forced (and overkill for the job). Let me go over the topology and the problem. The Topology Switch - Cisco SGE2000P 24-Port Gigabit Switch. One port going to my ISP connection (just a wall jack on the lab end), one port going to the WLC, One Port to the Laptop I'm using to configure everything WLC - Cisco 3504 Wireless Controller. Running everything through the Untagged Management VLAN (I know, not ideal, but this is just a lab setup). Port 1 to the Switch. Port 3 (PoE) connected to a Direct AP. WLC is also running the DHCP server, all addresses on the 192.168.1.X network. AP - Cisco Aironet 1652-E Outdoor Access Point (god knows why we are using this). Has a static IP on the management subnet outside of the DHCP range. Wireless Clients (only about 20 max will be connected). All are obtaining IP's and DNS servers through DHCP without issue. DNS Server - Using Google's for testing (8.8.8.8) The Problem So, after many struggles (most surprisingly resolved when I disabled and then reenabled the license), I was able to get the AP to join. My SSID for my WLAN is broadcasting fine, Wireless clients can join and pull IPs, and Broadcast forwarding is enabled on the WLC. However, Wireless clients are only able to load certain sites, intermittently. For example, one client was able to load Yahoo, but not BBC. 10 minutes later, it's the opposite. At first I thought it was wireless interference from other AP's, but that seems not to be the case, and when the sites fail to load, it looks like DNS failure (502 Bad Gateway). This is frustrating as it happens without warning, then goes away just as quickly. I have tried using alternate DNS servers (tried Open DNS, Google's Backups, etc...), but it has not resolved the issue. Using an internal DNS server is not really an option. Does anyone have any ideas what may be causing this behavior? [link] [comments]  |
| Posted: 29 Nov 2018 08:02 AM PST I see there are a multitude of options for IPAMs out there. I have a specific use case that I'm having some trouble finding a solution. Maybe you all can give me a head start rather than downloading and trying out a bunch? I have over 70 sites that are small SMB Networks. Most subnets are /24s with a small handful of /22s. In these networks I have standardized DHCP Ranges and Static Ranges. The DHCP ranges are for your standard laptops, PCs, Phones. If the device requires and Static Address, the PC technicians in that area know to just use the Static Ranges. To know if the IP is free, they just ping out and see if it is free. This worked out well for a while but as we had large growth the past few years, we're seeing conflicts in the Static Ranges and sometimes the static ranges are getting full and we're not realizing it. Here are some features I am looking for: - We put all the subnets in and it pings out to just see if the address is taken currently and shows last seen. Not sure if something like this exists. I tried out Netbox for a bit but I realized it's all manual input. I'm not really wanting to completely rely on the manual entry. [link] [comments]  |
| Tomato router: multiple static IP devices w/ same IP address on the same router? Posted: 29 Nov 2018 07:37 AM PST Diagram to explain my question: https://i.postimg.cc/GmTPXgSS/network-question-static-ports.jpg I'm doing development on some embedded devices that are connected via ethernet. They all have the same static IP address (192.168.7.250). They also all run a DHCP server. I have a router with a WAN port connected to corporate network (DHCP client). The router has four LAN ports, one of which I want to act as a DHCP server for a desktop network switch to service my laptop and other devices that need to ask for local IP addresses. I'd like to utilize the other three LAN ports so I can connect up to three of these embedded devices that I'm working on. Since the embedded devices are configured for static IP address (and also have their own DHCP server!), how do I segregate the physical ports 1, 2 and 3 from each other, as well as from my laptop so that the laptop on port 0 is using the router's DHCP server and not any of the ones on 1, 2 and 3? Additionally, how do I assign IP addresses to ports 1, 2, and 3 such that I can still ssh into each of the embedded devices individually from my laptop? I think I need each of the ports 1, 2, and 3 to be separate virtual LAN. But I'm not sure how I would be able to access these VLAN. I'm using a router with Tomato firmware. Here's what one of the configuration pages look like: https://i.postimg.cc/SxtSxDSq/network-multiple-statics.jpg [link] [comments]  |
| Cisco Networking - AP - WLC - VLANs Posted: 28 Nov 2018 11:40 PM PST Hello, I'm not really at home with Cisco, but do have advance network knowledge, so better to ask someone who knows not to make a mess :) My current setup: PoE switch - WS-C2960X-24PS-L I did some adjustments in my network infrastructure and my last step is this wifi. When I connect Cisco AP to switch, I want him to take address and be in VLAN 17 Mikrotik is in between. sfp1(trunk) - Is going to main router where the DHCP-s are for all three VLANS What would be best scenario for me? Currenly Business network is working flawless, no problems, all devices are taking addresses through trunk port from main router. Thanks [link] [comments]  |
| Connecting datacenters between US West Coast and India - Need advice Posted: 28 Nov 2018 05:16 PM PST Can some experts here chip in with some expert guidance, please? I am trying to sign up with a Colo provider in West Coast (Am inclined to HE Fremont, or Switch Tahoe Reno) to run an OpenStack private cloud. We have an offshore delivery center in Chennai, India, where we intend to set up another OpenStack instance. These two Openstack instances will be connected to each other for redundancy / disaster recovery. Questions for which I would like guidance: [link] [comments]  |
| Is there -any- logical reason for my ancestor to have done this? Posted: 28 Nov 2018 08:13 PM PST I've inherited a network that reminds me of those pictures of the webs of spiders who were on various drugs. sh config returns the following gibberish: ip route 0.0.0.0 0.0.0.0 10.0.0.1 Followed by 11 lines of ip routes that send 11 different 10.x.x.x subnets to 10.0.0.1, except for the 10th one which replaces 10.0.0.1 with FastEthernet0/0 Am I completely missing something here or was somebody a little less than rational when he programmed this thing? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment