Rant Wednesday! Networking |
- Rant Wednesday!
- DNSApe - Simple, fast network tools
- I wrote an Ansible lookup plugin to listify vlan and interface ranges
- Vulnerability in C-Data Technologies EPON CPE-WiFi devices firmware v2.0.4-x000
- What important linux commands do you find yourselves using regularly on the job
- Stupid question - creating a public interface on my core switch
- CCNA Certified, looking for good resources for next steps
- Best practices - site power down
- QoS testing
- More questions about 802.1x/RADIUS
- A major shift in a production network, what am I missing?
- Anybody using ML in network operations?
- VPN Monitoring CISCO ASA
- Win10 machine wont access a network device after rebooting computer. Running ipconfig /release -> /renew makes it work again...need help, please.
- Cisco 9300 Stacks and IP address
- Best Practices for Configuring Routes for a VPN Server with No Physical DMZ?
- QSFP+ 40GbE Switchport, QSFP28 Mellanox Card - Which DAC?
- SNMP reachability monitoring
- Looking for advice on adding headers
- H.323 vs. SIP calls?
- Canada (Montreal) source for patch cables, etc
- QoS with multiple static IPs
| Posted: 01 Jan 2019 04:04 PM PST It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| DNSApe - Simple, fast network tools Posted: 02 Jan 2019 09:52 AM PST DNSApe has been released, a free network tool for anyone that deals with websites on a daily basis. We provide the following tools at launch.
Future features include keyboard shortcuts, upload time calculator, subnet calculator, and other network-related tools. You can vote on features here. We also released a large update to our primary srvAudit application. If you have a need to track logins and command history for Linux servers, check it out! We're releasing this as open source under the MIT license here soon. We're looking for feedback and suggestions, and of course contributors are welcome! [link] [comments]  |
| I wrote an Ansible lookup plugin to listify vlan and interface ranges Posted: 02 Jan 2019 09:10 AM PST Strings like "101-120,201-220,1021-1040" and "Te3/1-4,Gi3/1-48" are used often in networking, and I thought a lookup plugin that parses these strings would be useful in networking playbooks. So I wrote csrange (for "comma separated ranges"), and it's on github. Usage, examples and legal/illegal syntax are documented in the repository. Feedback/comments solicited. EDIT: typo [link] [comments]  |
| Vulnerability in C-Data Technologies EPON CPE-WiFi devices firmware v2.0.4-x000 Posted: 02 Jan 2019 07:02 AM PST I recently signed up to receive emails from shadowserver regarding activity in my /19 and /20. Starting December 12, I started getting a lot of emails about IPs showing miria-like activity. After consolidating all of the reports and filtering for unique IPs I was able to take a closer look at the devices. I noticed that all of the affected IPs were using our AdNet (branded) CPE-WiFi EPON units, manufacturer is C-Data Technologies LTD. I ran nessus against the devices to see if there were any current vulnerabilities, and none were reported back. I took a closer look at the devices myself and noticed that the login cookie was not unique to the device/login. I was able to use Google Chrome developer console to send the following cookies on an un-logged in device:
I then refreshed the login page and I was greeted with the Admin UI of the device. I reached out to C-Data and AdNet but have yet to hear back from them since discovering the issue. I also requested a CVE for the issue, and it is currently reserved: CVE-2018-20512 I've never requested a CVE before, so not sure the process to move that out of "RESERVED". Any who, just wanted to pass this bug along to /r/networking My temp fix was just to ACL port 80 at our core going to the affected customers. [link] [comments]  |
| What important linux commands do you find yourselves using regularly on the job Posted: 02 Jan 2019 12:20 AM PST Sorry if I'm posting this in the wrong place. Just got a software engineering job that will be heavy in networking and was told to "Refresh linux commands (networking related such as ipaddress config, netstat, interface up/down/config)" Well, I've done little linux networking. Of course I've used ifconfig, and netstat, but I've never used interface up/down/config. Also, this sentence is super broad, and clearly infers that there are many more commands to "refresh" myself on. That being said, what commands do you guys deem as the most important on the job? Things like ifconfig, telnet, netstat are obviously important, but there must be more. Also, if you have a favorite resource for linux commands I'd love to see it! Thanks! [link] [comments]  |
| Stupid question - creating a public interface on my core switch Posted: 02 Jan 2019 01:36 PM PST I need to create a routing interface with a public IP for a backup ISP we have. My core switch is an HP5406zl running on newer firmware. This sounds horrific, but I'm asking in case my thinking is off. Should I create this routing interface on my core switch or should I get a small router to go between my core and this ISP? This will be passing traffic to a Cisco CUBE, so it won't really be doing any sort of traffic filtering. [link] [comments]  |
| CCNA Certified, looking for good resources for next steps Posted: 02 Jan 2019 01:19 PM PST Hello folks! I see an "educational" thread in the FAQ that hasn't been updated in 4 years. I've been CCNA certified for 2 years, worked in the industry for a total of 6 as a Network Engineer. I'm currently looking for a good resource to study CCNA Wireless and the CCNP exams. I've used the Cisco examination guides but they're far too "thick" and usually don't provide a good use-case scenario for most configurations and technologies they explain. The CCNA level SYBEX books have been a fairly good resource in that regard however they do not have a CCNA Wireless book. [link] [comments]  |
| Best practices - site power down Posted: 02 Jan 2019 02:03 AM PST Hello All, My Company is doing a site power down (my first) in the next couple of weeks. I have done some google searches for checklists and best practices for the networking side of things, Eg start from the outside and work inwards (firewall > router > switches > wifi) Does have one have any tips, things to look out for, checklists, websites (or threads) that I should read? Thanks in advance [link] [comments]  |
| Posted: 02 Jan 2019 07:33 AM PST I'm after a bit of help / advise, though I realise that QoS is one hell of a rabbit hole to fall down and I might be a bit out of my depth...! I'm testing the QoS values on a local switch are being trusted, so running a ping -v 184 from one PC to another. If I run wireshark from a desktop & look at the pings from that PC, I can see the dscp vlaue set to EF as I expected. However is I look at the pings from a different PC to mine with the same -v 184 value set I see a DSCP of CS, i.e. nothing set 0x00 The switch has mls qos turned on and all the ports on it are set to mls qost trust dscp. If I set an extended ping going with the ToS value set to 160 / 184 etc then I can see on the local desktop running wireshark that the DSCP vlaue is set correctly. I don't understand why the dscp value is being stripped out from the other desktop device though if the ports are set to trust dscp? I was hoping that once I confirmed it's working locally I can start sending the pings from further afield and test the end to end QoS connectivity of all our sites. [link] [comments]  |
| More questions about 802.1x/RADIUS Posted: 02 Jan 2019 01:35 PM PST I'm hoping to just get some clarification about how the authentication process works. The documentation I'm reading from Cisco (found here page 4) states that if the client is "802.1x capable" then it starts the 802.1x port-based authentication and if the client identity is valid then it assigns the port to a VLAN. I'm a little confused about what it means by "802.1x capable". In the event that the client has not been configured for 802.1x but is capable of sending 802.1x EAPOL messages does that it'll still go down the path of 802.1x authentication or will it instead go down the path of MAC based authentication? In my limited understanding, this means to me that if the client is capable of sending EAPOL messages but has not been configured to do so it still means it's "802.1x capable" and that the authentication process will not attempt to authenticate based on MAC address. In the end we're really trying to avoid having to fully implement 802.1x. In other words, we're not interested in setting up a Certificate Authority and implementing PEAP or EAP-TLS or even integrating with Active Directory. We'd like to simply define a pool of MAC addresses and corresponding VLAN numbers. When a machine gets plugged into the switch the port will be configured for the VLAN defined for the MAC address of the machine. If a machine gets plugged in that has a MAC address that is not found in the pool then the port goes into err-disable state. I've been trying to get this working in Microsoft Network Policy Server but it seems way overkill for what we're trying to achieve. Is this possible? [link] [comments]  |
| A major shift in a production network, what am I missing? Posted: 02 Jan 2019 03:57 PM PST I wrote a big a big story. Then I wrote an even longer TL;DR. You guys don't care. Here is an image of a Visio file. Thoughts? Assume physical redundancy has been factored in. I'm shifting a production network from a /16 with a Cisco 5512X doing all the heavy lifting to the outside and internal traffic. The physical part is done and planned for, I'm looking for general advice on what I might have missed or could improve on logically. This is a pretty small network, less than 500 users. However, for its size, I think there is a wide variety of needs. It's not a sales/marketing network with 90% of the users doing the same thing and R&D guys get to sit in a bubble. Maybe some VLANs are overkill. Some of the vendors are competitors, and I actually worry they'll try to steal information from each other. It's easier to trust them if I limit their scope. Plus I figure Wireshark will be easier to manage when I'm troubleshooting. Yes/No? Am I dumb? Also if the Visio File is dumb/bad, sorry it's my first time building a network map in Visio. I'm also pretty dyslexic and I didn't print this while proofreading so I am sorry about spelling/grammar in advance. I like to think I'm smart, so I don't really know what I'm asking for other than I think most of you are smarter than me. I don't want this network to fail or need another overhall in 3 years so please anything I might be missing. Obviously, a lot of information has been pared. If this is out of the scope of this sub (not enough detail w/e) I'm sorry. Happy New Year! [link] [comments]  |
| Anybody using ML in network operations? Posted: 02 Jan 2019 11:41 AM PST I keep reading more and more articles such as (https://www.networkworld.com/article/3320978/data-center/network-operations-a-new-role-for-ai-and-ml.html) about ML being used in network operations. I haven't actually found one that isn't fluff though. Does anyone have any specific use cases and how has it provided a benefit? [link] [comments]  |
| Posted: 02 Jan 2019 07:14 AM PST Hey guys I'm new to Cisco ASA and vpn Monitoring. Right now we have a simple Perl script scraping the ASA data on our vpn access. But I feel like I could get way more comprehensive data out of the ASA reporting features or free tools that are out there. Does the ASA provide features and reports such as login attempts , bandwidth used by users? Thank you [link] [comments]  |
| Posted: 02 Jan 2019 02:16 PM PST So, this may be slightly convoluted but, I will do my best to be as concise as possible. There's a Win10 machine that is connected to the company network which should be connected to a USRP device, also connected to the network but, that connection doesn't work after the computer has been restarted. The work around we've found is, that if we connect the device to the computer via a gigabit to USB 2.0 adapter and run ipconfig /release and then /renew, the device works. It gets weirder...If the USRP is then unplugged and connected to the network again, it works. But, If I restart the computer back to square 1 we go. It is definitely not a device issue as it has been running on other computers for over a year and has been retested on them with no such issues. I have tried resetting the network settings in Windows. We've scoured the AV logs to see if it is getting blocked, and nothing. Another weird artifact that may be a clue is, in the IPv4 settings in the network adapter for the computer, even though the settings are set to configure automatically, the default gateway still has an address in it. I've tried deleting it, and running netsh winsock reset catalog to no avail. Any ideas what is happening? Thanks for your time! [link] [comments]  |
| Cisco 9300 Stacks and IP address Posted: 02 Jan 2019 02:01 PM PST Good Afternoon, I have two stacks ( one with 7 switches and one with 3 ) port channeled together. I have vlans with IPs on the 1st stack, and switchport access setup to workstations on the 2nd stack working. I have a Loopback ip address on the 2nd stack and I'm trying to figure out how to route to it so it'll connect through the port channel on the 1st stack for ssh vlan management of the 2nd stack. But it says I have to assign a L3 address as a route destination. Thoughts ? [link] [comments]  |
| Best Practices for Configuring Routes for a VPN Server with No Physical DMZ? Posted: 02 Jan 2019 10:02 AM PST I work for a small company with no physical DMZ but we wanted to use a separate interface on our SonicWall connected directly to the VPN server as a sort of DMZ. Everything appeared to work fine after configuring the rules except the VM can't route any traffic internally because the default gateway is the DMZ interface and that VLAN can't route any traffic internally. To fix this I manually added a route for our internal IP range to go out the internally facing interface using Route ADD. My Manager said he doesn't want it done that way, but also didn't say how it should be done. I'm not a network admin, but my current understanding is that Windows only automatically adds routes for the networks that the NICs are on. So If I have 192.168.1.0, 192.168.2.0, 192.168.3.0, etc, networks internally, but my server has an externally facing default route as a DMZ, then it can't route to 192.168.2.0 or 192.168.3.0 without manually adding routes. If I ping 192.168.2.1 it will go out the DMZ interface unless I manually add a route. Is there some other way Windows is supposed to identify what your internal networks? Maybe from ADSS? Is using Route ADD bad practice? [link] [comments]  |
| QSFP+ 40GbE Switchport, QSFP28 Mellanox Card - Which DAC? Posted: 02 Jan 2019 01:11 PM PST I have a Cisco switch with surplus 40GbE ports (QSFP+). I am planning on getting Mellanox ConnectX-5 cards for some servers due to MLX ConnectX-3 cards going EOL for VMware. Is a QSFP+ 40GbE DAC supported between these devices? How about a QSFP28 DAC so we can future-proof the interconnect? I know that optics are generally backwards compatible (QSFP+ transceiver in QSFP28 port), but there isn't a lot of documentation on using copper. [link] [comments]  |
| Posted: 02 Jan 2019 05:22 AM PST Hello, i am setting up librenms. About 40 devices so far, Huawei/HPE mix. About half of them got big gaps in graphs - > librenms gives me snmp reading problem. When device is snmp down from librenms point of view, i can ping it on snmp port, but snmpwalk is not working (connection timeout). After few minutes, it works again. Is there some way/script how to check snmp reachibility? I dont want to read whole snmp information, just to check that it responds to snmpwalk. I would like to run this against all devices in my network from various places, so i have more info what is working, what not and troubleshoot it further. My google-fu fails me for this one, i dont want to setup another big tool for this, just some script/small tool where i could see statistics of reachability Thanks! [link] [comments]  |
| Looking for advice on adding headers Posted: 02 Jan 2019 11:54 AM PST Hi all, I find myself in a situation where I would like to add / remove a header for every packet that passes through me in a bridge mode. (much like a GRE tunnel with a sequence number). The thing is that my GRE header would need to be a multicast destination. So I know that I could write my packet socket code that would open a socket and process every packet coming in. I'm wondering though if I could it with more advanced sysadmin tools/utilities vs. coding? Could I make this work with standard iptables, mangling, gre tunneling, etc modules? I don't mind either approach really, just hoping I could get started on whichever path is the least cumbersome, if anyone has any thoughts having done something similar - would be most appreciated [link] [comments]  |
| Posted: 02 Jan 2019 10:22 AM PST Hi I'm an AV/Videoconference tech trying to get a deeper understanding of networking and how to manage backend stuff. I've been reading a lot about H.323 and SIP and am wondering why one would be preferable over the other. Our LifeSize systems allow you to make both types of calls (and ISDN) and we currently default to H.323. Can somebody simplify this in as lay terms as possible and help me understand the reasons one would be used over the other? Thanks! [link] [comments]  |
| Canada (Montreal) source for patch cables, etc Posted: 02 Jan 2019 09:50 AM PST Hi guys, I'm looking for a site or even a store (I'm in Montreal) in Canada that sells patch cables in whatever quantity you want, and other related networking accessory type items. Also, what is the standard price for these cables (length dependant obviously) that you guys normally pay? I've seen varying prices on a few sites... I saw primecables.ca, but they seem to stock a lot of slim only cables which seem to be quite expensive, and I really don't need slim ones. Also, for such short distances (say under 24"), does it really matter if we use Cat5e or Cat6? [link] [comments]  |
| Posted: 02 Jan 2019 09:09 AM PST Hello all, I have been working away at this off and on and am not getting anywhere fast. Overview: Then we introduced VoIP for external calls via flowroute. I assigned a third static IP for the PBX behind one of the sonicwalls. Then I found I needed to do some QoS work for the VoIP traffic. Since the comcast BWG does not expose QoS settings to me, I had to move all traffic through one of the sonicwalls and manage it there. I did that, and it works great. We now have all traffic coming to the BWG, then to one sonicwall (assigned 3 of the static IPs). From there, it is a 1-1 NAT to the other sonicwall (it has a ton of port forward rules that I didn't want to move to this main sonicwall). Then another 1-1 NAT for the PBX. Got this all done, and it works, but I don't like it. I am now having some issues with trying to get extensions outside the network to connect to the (asterisk based) PBX. My first intuition is that the NAT in the sonicwall is FUBAR'ing the SIP traffic. I also don't like the layout of the network. I have tried finding a way to transparently assign the PBX a static IP from Comcast, but would still like a firewall appliance in front of it for reasons of sleeping better at night. So I guess my question is this: Is there a way to transparently firewall 5 static IPs from comcast and still assign the public IP to an end device? Can this be done with a sonicwall (TZ 400)? If another box is required, what recommendations do you have? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment