How common are out of band management networks? Networking |
- How common are out of band management networks?
- Filtering individual ipv4 and ipv6 addresses on Internet border routers
- AnyConnect 4.6/7 upgrade question?
- Really bulk cable
- Massive config deployment
- Network layout help (switch redundancy)
- Question about MTU size and how packets are sent
- Cleaning your Optics ?
- What IP cameras & NVR do you use?
- Simple firewall request
- Suggestions on dealing with fragmentation over the WAN.
- Monitoring of unknown unicast traffic
- Juniper EX4600 - sFlow + MPLS labeled packets?
- Comparing "Voice VLAN" and "Trunk/Native VLAN" for connecting VOIP phones
- Network Bull
- config analizer
- How are Midwest DCs designed to withstand an arctic freeze?
- Replacing a PE/P MPLS Router
- Anybody here on the North side of Boston?
- Two separate standalone firewalls in two locations > DMZ?
- Anyone have a working OSPF alert in LibreNMS?
- Feeling dumb - DHCP with reservations on a Cisco 3850 switch
- LTE Backup Internet Solution for Small Business?
- Large user subnets for WLAN deployments? (Aruba)
| How common are out of band management networks? Posted: 01 Feb 2019 10:34 AM PST For those of you who have been in the industry for years, how often do you encounter out of band management networks? What kind of business (or what size of business) usually spends the money to invest in an out of band management network? I'm curious because I've been learning automation with Python/Netmiko, and I see it's often recommended to have an out of band management network. I'm pretty junior though, and haven't worked at a business that spent money on one. Do most businesses just opt for a management VLAN? [link] [comments]  | |||||||||||||||
| Filtering individual ipv4 and ipv6 addresses on Internet border routers Posted: 01 Feb 2019 06:12 AM PST Curious what the various policies are for folks when it comes to filtering individual ip addresses at the border rather than at the firewall? I oversee three AS's and control all the internet routing between them. For years we've avoided putting filters to block ip's that might be doing bad things. (spam, phishing etc) I feel our job is moving packets as efficiently and as fast as possible. Always felt the job for that type of security should be the firewall folks at each site. That being said- hardware is faster and better - the ability to script block lists is a lot easier and can be somewhat automated. (Although the thought of another group being allowed to upload lists freaks me out.. they mess up I'm the one getting yelled at.) Yep we could oversee it but we are a small team and time is better spent running the WAN not dealing with what we have always felt is a layer 7 issue. Maybe this isn't a layer 7 issue? Also- this is not DDOS related at all , we have stuff in place for that and is a different problem. This is more policy between LAN vs WAN. Thanks in advance! [link] [comments]  | |||||||||||||||
| AnyConnect 4.6/7 upgrade question? Posted: 01 Feb 2019 10:20 AM PST Currently using an older version of AnyConnect that doesn't have posture/umbrella or any of that other nonsense. Now that we need to move to the lastest version can someone tell me how to control what gets installed when the the client gets updated when connecting tot the VPN? I just want the VPN Client software and none of the other stuff but not clear on how to configure the ASA to just install that piece. [link] [comments]  | |||||||||||||||
| Posted: 01 Feb 2019 01:51 PM PST I have a project that will require 10's of thousands of feet of CAT6. I can't find a source selling anything larger than a 1000' box or spool. As much of this cable will terminate in a single location, I would think it way easier to have a large spool on a spool holder than to deal with multiple boxes and all of the waste because what's left in a box is 4' too short. Am I just looking in the wrong places? Do manufacturers just not make 2K', 5K' or 10K' spools?
Some clarification. The last project was wiring a new office facility, 3 cables to each drop. No single run was longer than 225' but there were enough drops that we used about 30 boxes of cable, all terminated on one end in a single location. I ended up with close to 1000' of cable across all of the leftover boxes but of course not a single piece is longer than ~50'. I envision a spool holder with 3 large spools in it that sits in a single location the whole job. The goals would be to reduce waste as well as speed up the process as you shouldn't have to stop and calculate the next run distance and see if you have enough cable to run it. [link] [comments]  | |||||||||||||||
| Posted: 01 Feb 2019 01:24 AM PST Hello r/networking! I am looking for suggestions as to what do you guys use for deploying the same config on 100s of devices I know there's a solution in scripting but i am looking for a software, convenient solution, does SecureCRT do it? I am also looking in ways to get the serial number of 100s of devices and output into csv or xlsx. If the solution is in some scripting can you give some pointers as to what language to look at? Thank you! [link] [comments]  | |||||||||||||||
| Network layout help (switch redundancy) Posted: 01 Feb 2019 08:27 AM PST Greetings, I am designing a network for my organization's new building and I am hoping to build in redundancy from the access switches to the core and firewall (see diagram). I'm struggling to understand the best way to create redundant "uplinks" to the core from the access switch stacks, without creating loops. Is LAG/LACP the best practice for this? The switches are mostly Aruba 2930F. Here's an example: the Floor 2 IDF has a stack of (3) 2930F switches. Two of those switches have an uplink back to the core switch stack (2x 2930F switches). If all switches are operational, would this create a loop? [link] [comments]  | |||||||||||||||
| Question about MTU size and how packets are sent Posted: 01 Feb 2019 11:16 AM PST Let's say I have 4 computers connected to the network, all sending and receiving sample amounts of data frequently, like in a game. Questions: 1) If I were to adjust the MTUs of these 4 computers to something like 320 + overhead (yes I know that's stupid small), would the router send those 4 x ~360 within a single 1500 MTU frame out to the internet? 2) If so, does it have any benefits with something like congestion? I know what the disadvantages are already. Reason: I figured out that a network issue is related to MTU size but then I had this thought. TL;DR If I have this right, a single Ethernet frame has a MTU 1500. I imagine it as a train with each frame being a railcar. Can I put 4 different products in one railcar if they all fit? [link] [comments]  | |||||||||||||||
| Posted: 01 Feb 2019 11:14 AM PST Gentlemen, I won't try to hide it. I'm spoiled by a business that lets me pay other people to solve many problems. I know a lot about how to build out a new environment (by paying someone to construct my vision). But I know a good bit less than I wish I knew about maintaining a fiber plant after it's implemented. Anyone who wants to step up and take their shot at me with a "You're that senior and you don't know how to ..." may feel free to do so. I'll stand tall and take it like a man. But let's move to the problem I need guidance with from the great reddit collective: We've been getting our asses kicked with dirty optical connections all of a sudden. We've been playing whack-a-mole with just replacing the transceivers (and RMAing the old ones) and replacing the fiber too if that doesn't do the trick. But there has to be a better way. Doesn't there? Should we be cleaning the LC connectors with something? Do you clean an SFP transceiver with compressed air or something? Are these steps worth the extra trial & error? Should we stick with the big hammer and just replace everything until the problem goes away? Please hit me with your best rookie GIF or Dunce_Cap.jpg if you choose to do so, but please provide a little wisdom along with your zinger, if you please. Thank you all in advance. -Nerd [link] [comments]  | |||||||||||||||
| What IP cameras & NVR do you use? Posted: 01 Feb 2019 05:45 AM PST Hello, It's finally Friday! I had a quick question regarding IP cameras and NVRs. I've been looking around Amazon and a few surveillance store sites and haven't been able to find a budget system (under $1000 for 32CH NVR & at least 10 cameras). Would anyone be able to share what setup/brand of cameras and NVR they use? I've looked into Blue Iris and would cost $65 for the full version which supports up to 64 cameras which seems like a good deal. Is this a one-time fee you pay? If anyone has used Blue Iris, does it usually work with most IP cameras? Most importantly, what brand of IP cameras do you think are the best? I've looked into HIKVision and some other cheap Chinese cameras. They all have their flaws. This will be setup for a medium size church. Room for expansion will be needed. Thank you. [link] [comments]  | |||||||||||||||
| Posted: 01 Feb 2019 09:16 AM PST I am often deployed to places with no internet. To get our team online, we use small Ku or Ka band satellite. I need a way to allow and block people from accessing the internet. Sometimes I need to allow everyone access but limit the type of traffic. For example, I need to block YouTube and other video streaming sites as sat time can be expensive. I love Ubiquit products, but I am not certain their gateway is really up to the task in terms of quickly and easily making changes to types of traffic. Any recommendations? Max users <100 and typical internet speeds <50Mbps so nothing powerful is needed. [link] [comments]  | |||||||||||||||
| Suggestions on dealing with fragmentation over the WAN. Posted: 01 Feb 2019 11:46 AM PST So I'm looking just for some more ideas to brainstorm with intermittent issues we have. I've got a bunch of sites coming back to our data center over IPSEC tunnels. Now due to some restrictions put on us and the ipsec devices we're using, it doesn't appear like we are able to get PMTUD working. Most sites have a firewall we control, where we've been setting the WAN interface MTU down, because in the past we've had some sites lose functionality. However, it was set a while ago by people who aren't here anymore, and i'm to determine better ways of doing things, as some sites have mtu set down to like 1100. Now I have the option of simply grabbing a packet capture for wireshark. That is a great tool, but if i'm being honest with my ability, it's not always very clear cut in my eyes. That may be mostly on myself. Do people on here have suggestions of maybe certain tools to give a try with or maybe even wireshark is the option and you have suggestions of a good way I can use it/filter it. [link] [comments]  | |||||||||||||||
| Monitoring of unknown unicast traffic Posted: 01 Feb 2019 01:26 AM PST Hello Team! I would like to monitor unknown unicast storms in my network. Do you know any good way for that? What is the best practice? Remark: some days ago my two Juniper QFX switches (MC-LAG peers) stopped synchronizing MAC tables via ICCP -> one of the boxes started forwarding normal unicast traffic as unknown unicast -> servers connected to this switch began suffering from unknown unicast flood +20kpps + 200mbps (right now I am still trying to define the root cause of the issue with JTAC) [link] [comments]  | |||||||||||||||
| Juniper EX4600 - sFlow + MPLS labeled packets? Posted: 01 Feb 2019 12:22 PM PST I'm trying to use sFlow on my EX4600 (with elastiflow) to collect some data on P <-> P links in my MPLS backbone. However, I am not able to get any sflow data for MPLS tagged traffic, I am only seeing flow samples for SNMP and management traffic. I am using MPLS and VRFs to transport Internet traffic across my backbone. Is this a limitation of sflow or possibly Elastiflow is getting confused by the labeled packets? [link] [comments]  | |||||||||||||||
| Comparing "Voice VLAN" and "Trunk/Native VLAN" for connecting VOIP phones Posted: 01 Feb 2019 05:24 AM PST Imagine this topology: And this configuration on the switch: There are two ways to have both the PC's traffic and the VOIP phone's traffic "arrive" on eth0/0 in distinct VLANs. 1. Use a Trunk port, 2. Use the Auxillary VLAN feature". Option 1: Option 2: The net effect of either of these is the same untagged traffic from the PC arrives and is accepted into VLAN 22 (the data VLAN), and tagged traffic from the VOIP phone arrives and is accepted into VLAN 33. My question: What are the benefits of using Option 1 or Option 2? What reasons exist that make either of these better than the other? [link] [comments]  | |||||||||||||||
| Posted: 01 Feb 2019 03:37 PM PST Fell upon this while doing research. Anyone has any insight on this training company in India? They offer personal trainer, 24/7 lab, and the trainer stick with you until you pass CCIE. Anyone ever heard of them? [link] [comments]  | |||||||||||||||
| Posted: 01 Feb 2019 10:57 AM PST Hi all. In programming world people use static code analizer for sorce code. This tools help find error, check standarts and so on. Is there a similar solution for the analysis of configuration files of network equipment? (Juniper, Cisco IOS, Huawei, Moxa) [link] [comments]  | |||||||||||||||
| How are Midwest DCs designed to withstand an arctic freeze? Posted: 01 Feb 2019 01:18 PM PST I'm looking at my Cisco switch specs and it says the min storage temperature is -4F, and operating temperature is 32F. So this got me wondering..... When DCs are built for year-round cooling, what happens when the outside gets into the -30F or -40F range? Is the same level of cooling still necessary, or do these DCs go through a different process to regulate temperature? Can DCs become 'too cold', to where heat needs to be considered? Thanks! [link] [comments]  | |||||||||||||||
| Posted: 01 Feb 2019 06:12 AM PST We've had one of our P/PE devices die last night and im looking for tips on how to swap it out with as least disruption as possible. The issue is that we take full routing table from our Tier1 provider and when we put a new device in, it blackholes traffic for about 30 minutes while routes are being imported from RIB to FIB. We also advertise our /21 and /22. This router has 1 internet uplink, 3 connections back to other PE's and P devices. I was thinking as follows:
Is there anything else ive missed out? or is there a better/less disruptive way to do it? [link] [comments]  | |||||||||||||||
| Anybody here on the North side of Boston? Posted: 01 Feb 2019 09:35 AM PST Getting together for beer with network friends in Bedford NH tonight, wonder if there's anybody here would like to join me. [link] [comments]  | |||||||||||||||
| Two separate standalone firewalls in two locations > DMZ? Posted: 31 Jan 2019 07:39 PM PST I have two firewalls (P.Alto) sitting in two different campuses within our infrastructure connected via fiber. They are not synced to each other, just plain standalone FW's. Setup for Redundancy n protection for our internal network. From the Firewall up to the ISP all devices have assigned public I.P's. The question is can I set up a separate DMZ on the other end FW1? everything is off FW2 DMZ interface >- servers, etc. if unreachable (site or FW) everything off that is blackholed. Oddly the DMZ interface on FW2 has a Public IP. Is it possible to create an additional DMZ in FW1 to put some services behind that? Even though on FW2 the DMZ interface has a public IP address? Should I assign the FW1 DMZ a private IP or will have to get a new set of routable public IPs from the ISP? issues? I'm no expert but if FW1 gets a DMZ, they will have to use a new set of routable IP's (NAT)? doubt that the DMZ can use the same subnet off of the IPs from FW2 DMZ Connected from top to bottom (ISP to Campus)
[link] [comments]  | |||||||||||||||
| Anyone have a working OSPF alert in LibreNMS? Posted: 01 Feb 2019 08:30 AM PST Hi, I have posted on the LibreNMS forums with no success. I need to enable OSPF alerting, but am lost on how to get it to behave in the manner in which I want. I have the following rule: This is fine for any neighbor that is not reaching full adjacency. But when a neighbor goes down, the entry is removed from the ospf_nbrs mysql table. This means that the alert does not trigger if a neighbor goes completely down. As a work around, I could create a rule that is based on OSPF neighbor count, but this is cumbersome and requires a rule written for a variety of different devices with varying neighbor count. Is there another table or setting in Libre that I can reference if a neighbor goes down? I am migrating from Solarwinds, and this is literally the last thing keeping me from turning off Solarwinds completely. Thanks in advance! [link] [comments]  | |||||||||||||||
| Feeling dumb - DHCP with reservations on a Cisco 3850 switch Posted: 01 Feb 2019 07:41 AM PST Long story short, I had to move several DHCP scopes from a Windows server onto my Cisco 3850 switch stack temporarily. Most of these are working fine. However I have a Management VLAN which only needs DHCP for our 3 AP's. When this scope lived on a Windows server, I just set up a network, excluded the entire range, and then added 3 reservations. Those reserved IP's were assigned to the AP's. No sweat. I'm trying to do similar on my switch with a scope built as follows: ! ip dhcp pool Management network 10.200.220.0 255.255.255.0 default-router 10.200.220.1 dns-server 192.168.1.20 domain-name domain.net address 10.200.220.11 hardware-address 01de.adde.adde.ad address 10.200.220.12 hardware-address 01be.efbe.efbe.ef address 10.200.220.13 hardware-address 01ba.beba.beba.be ! I tried the above both with and without putting the "01" before the MAC address. I don't really understand why it's there, but a web page I found online said to use it... and based on the command output below I decided to go with it. I also tried putting the line "reserved-only" in the scope above, the only difference is then it doesn't hand out any IP's at all. Goofyswitch#sh ip dhcp bind Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type State Interface 10.200.209.115 01ma.cadd.ress.01 Feb 01 2019 04:03 PM Automatic Active Vlan209 10.200.209.116 01ma.cadd.ress.02 Feb 01 2019 04:25 PM Automatic Active Vlan209 10.200.209.121 01ma.cadd.ress.03 Feb 01 2019 09:40 AM Automatic Active Vlan209 10.200.210.117 01ma.cadd.ress.04 Feb 01 2019 04:45 PM Automatic Active Vlan210 10.200.210.123 01ma.cadd.ress.05 Feb 01 2019 07:53 AM Automatic Active Vlan210 10.200.210.128 maca.ddre.ss06 Jan 31 2019 09:11 PM Automatic Active Vlan210 10.200.210.129 01ma.cadd.ress.07 Jan 31 2019 10:26 PM Automatic Active Vlan210 10.200.210.130 01ma.cadd.ress.08 Feb 01 2019 02:06 PM Automatic Active Vlan210 10.200.210.131 01ma.cadd.ress.09 Feb 01 2019 01:53 PM Automatic Active Vlan210 10.200.220.4 01be.efbe.efbe.ef Feb 01 2019 04:32 PM Automatic Active Vlan220 10.200.220.11 01de.adde.adde.ad Infinite Manual Selecting Unknown 10.200.220.12 01be.efbe.efbe.ef Infinite Manual Selecting Unknown 10.200.220.13 01ba.beba.beba.be Infinite Manual Selecting Unknown Goofyswitch# So with the reservations I have set up in the scope, why is the switch handing out 10.200.220.4 to my AP? I've only rebooted the one AP so far as a test. The MAC associated with 10.200.220.4 is identical to the MAC I'm trying to hand 10.200.220.12 to. On an unrelated note, what's with the 01's appearing before the MAC addresses and why doesn't that 10.200.210.128 system have a 01 in front of it? It's the only system which seems to be behaving that way I don't get it. [link] [comments]  | |||||||||||||||
| LTE Backup Internet Solution for Small Business? Posted: 01 Feb 2019 07:21 AM PST Anyone have any suggestions of a backup 4G LTE internet solution that offers a static IP and I could also just plug into the router that kicks in if the main internet is down? A small business I help with IT for recently had their internet down for 30 hrs, so they're in need of a backup. Currently they're just using a Netgear R8500 router, so it may not have the capabilities to automatically switch over to a backup connection if the main one drops, but the business owner would be fine with just manually turning on the LTE device and it just starts working. Any suggestions of devices? Anything I should look out for? Thanks [link] [comments]  | |||||||||||||||
| Large user subnets for WLAN deployments? (Aruba) Posted: 01 Feb 2019 07:13 AM PST Hey guys, I handle the wireless for a large institution and I am working on a migration plan for a move to Aruba 8 on our main campus. I support ~8-10k users on our main SSID per day. Our guest network services 2-3k per day. I have a controller in each of our two DCs connected via L2, clustered. Our core is L3 and the APs are tunneling L3 to the controllers. I am doing active AP load balancing as well as 50% client load balancing between the two controllers. I am still working on the design, but what I want to do is to be trunking the user VLANs to our active/active fortinet firewall setup and put the user gateways there. DHCP and DNS will be served from an external DHCP server not from the firewalls. I wanted to get some input from you guys on how you are handling your user subnets. How big of a subnet are you using? I am confident in Aruba's solution for converting broadcast to unicast and dropping multicast on the VAP, but I am concerned about flooding from the switches and ending up with a broadcast storm that takes down the network. Am I just asking for trouble by going with a /20 or larger? Perhaps even a /18? What are you guys doing? Happy read only Friday. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment