Moronic Monday! Networking |
- Moronic Monday!
- Windstream files for chapter 11 bankruptcy
- To stack or not to stack
- DNS Flagday, anyone see true fallout being still not being in compliance?
- Open Source Content/DNS/Security Filtering products
- Do y'all stay up to date with local technology businesses? And if so, how?
- Setting up multiple VLANs on Watchguard M300 and HPE 1920-48G.
- Office 365 / webex issues China
- What kind of RJ45 Jack is this? Never seen one in my life.
- European RIPE ASN/IP Allocation Lead Times?
- Cisco 5508-x - Upgrade to Firepower services or wait to upgrade?
- Is there supposed to be a progress bar when uploading IOS via xmodem/console cable?
- Is it possible to reconfigure the APIPA default subnet?
- Planning for remote hardware replacement with Smart Hands - help me think this through!
- Dell S5048f-on configuration
- How would you use a tuition waiver?
- Wireless Access Point with multiple guest SSIDs
- Interface IP routing tracking vs SLA tracking
- Seeking Advice
- Ping public IP address
- LibreNMS/Oxidized - public key ssh auth config [X-Post from r/LibreNMS]
- Secondary Route
- Remotely access switches behind an ASA5525X
- Problems replacing ASA 5506
- Applying heavy load to internal network?
| Posted: 24 Feb 2019 05:04 PM PST It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| Windstream files for chapter 11 bankruptcy Posted: 25 Feb 2019 11:51 AM PST |
| Posted: 25 Feb 2019 07:57 AM PST So I am working with a network that I have inherited it consists of all HP switches, 2 core switches along with about 8 access switches most plunged into the core but a few are chained together. it seems someone went the route of setting stacking for the access switches so my accounting and sales switches are part of a stacked group. personally I don't think I would have done it that way but it is. now the core switches are their own stack and that I understand but I feel like typically you would not have a stack setup for all of your access switches, now I am going to do one or the other option A: Blow up the stack or option B: join all access switches to the stack. Does one make more sense over the other? [link] [comments]  |
| DNS Flagday, anyone see true fallout being still not being in compliance? Posted: 25 Feb 2019 06:11 AM PST for those that didnt comply on Feb 1st that were not compliant, have you noticed fallout? we host public dns for dmz services and so far have not seen any fallout, and were not in compliance before or after feb 1st, the fix was to allow udp and tcp for 53 if im not mistakened. [link] [comments]  |
| Open Source Content/DNS/Security Filtering products Posted: 25 Feb 2019 02:57 AM PST I'm doing some work for an NGO/NPO that has about 25 desktops and host everything in-house. After some discussion they want to look at "upgrading" their IT capabilities and systems to support a safer working environment for their people and the people under their care. As such I've been looking for any projects that may help given the situation; All-in-wonder solutions - Untangled is the current option we are looking at as it caters to most of what we are needing (content filtering, AV, IDS/IPS, remote access, pretty UI that their staff can manage), given they are moving to Office 365 for NPO's, I'm looking at how they can integrate with this, but this is a minor concern for right now as we can just assign static IP's if needs be to devices. - OpnSense, pfSemse and Smoothwall are others I'm taking a look at. Content Filtering - Squid + Squidguard and DansGuarian used to be my go to, but unsure they are still up to the task (the add ons, not the base product) DNS Based Filtering - nxfilter and pihole are of interest, looking around for others but I'm struggling to find anything else that is full featured. IPS and IDS - harder topic, I have been keeping an eye on SweetSecurity for a Pi based solution as an option, I'd be keen to see other projects similar to this if anyone knows of any? SSL VPN - OpenVPN-AS is the goto, haven't really found many others Appreciate if anyone has other projects they know of or have used in these types of scenarios? Cheers [link] [comments]  |
| Do y'all stay up to date with local technology businesses? And if so, how? Posted: 25 Feb 2019 10:54 AM PST I want to keep my ears open to the local technology scene but I'm not quite sure how to go about doing that. I want to know who is hiring, and for what positions. Which companies are moving to the cloud. Who is opening offices in the area? Things like that. So far I've joined mailing lists for local tech associations (comptia, etc) and I've got staffing/contracting company connections that I keep up with, but thats about it. What do y'all do? Are there any tips for how to "tune in" to the scene better? [link] [comments]  |
| Setting up multiple VLANs on Watchguard M300 and HPE 1920-48G. Posted: 25 Feb 2019 02:46 PM PST Have a client site with a Watchguard M300 and HPE 1920-48G. We're a small shop and mostly service small business so we don't do VLANing enough for me to be as efficient as I could be with this stuff. Anyway, this particular client site has multiple departments that are slowly being migrated to be behind the Watchguard instead of their own ISPs/ISP hardware, and we've reached a point where departments outnumber available interfaces on the M300 so they're finally letting us get VLANs deployed.
These are the VLANs I've created on the Watchguard;
All 8 VLANs are tagged on the last physical interface of the Watchguard, which I've set to type VLAN.
On the core switch I have the following configuration; RJ45 ports;
SFP ports;
VLAN interfaces;
The goal here is that all traffic from behind the switch should be tagged as one of eight VLANs based on what port the traffic comes in on, then the traffic goes back out through the trunk port 48 to the Watchguard, and the watchguard/switch should be accessible/managed at their 192.168.3.x addresses from any of the switch ports untagged for VLAN3(1-12). Neither device needs to be managed from any other network/VLAN.
Why did port 48 of the switch(VLAN trunk) automatically untag VLAN1/set PVID 1 when I tried to tag all VLANs/not untag any VLANs, and won't this cause the traffic being tagged by port 20 to not go out over port 48 to the Watchguard because it's not set as tagged for that port, or am I misunderstanding how this works? Should I adjust my configuration somewhere or...? [link] [comments]  |
| Office 365 / webex issues China Posted: 25 Feb 2019 04:07 AM PST We started seeing issues connecting to Office365/Webex from China. Anyone else that is impacted by this? Thanks! [link] [comments]  |
| What kind of RJ45 Jack is this? Never seen one in my life. Posted: 25 Feb 2019 04:16 PM PST I am an old timer. I worked with Token Ring and Thinnet. But I have never seen below RJ45 Jack. I work at a Hospital and I replaced one thinking it is a damaged jack. I now realize it is a particular jack. Anyone know what type of jack this is? I would guess it has something to do with power delivery but the installation was prior to PoE. Notice how 1-2, 4-5, 7-8 pins are bonded together. [link] [comments]  |
| European RIPE ASN/IP Allocation Lead Times? Posted: 25 Feb 2019 03:56 PM PST Hey all, starting to build a presence in Europe! Once registered, does anyone have experience requesting a new ASN / IP Allocation and know how long this process typically takes? It's our first time dealing with RIPE and just trying to book flights / determine deadlines for the least possible lag time. Any information is greatly appreciated! Cheers! [link] [comments]  |
| Cisco 5508-x - Upgrade to Firepower services or wait to upgrade? Posted: 25 Feb 2019 03:55 PM PST Hello Everyone, We have a Cisco 5508-X that was purchased in 2016. We were looking to improve our firewall / security for our network and got a quote for around 4k for 3 years of firepower AMP and IPS services with the VMware FMC, Anyconnect licenses (we are currently using the 5508 for VPN, but with the old free Shrewsoft VPN client), and configuration. Basically, looking for feedback on if it is worth it to do this now and keep the 5508 around, or better to plan for something new and improved, as well as if the Firepower services / Anyconnect licenses are worth the money. VPN currently does get finicky at times, so at least improving that would be nice. Thoughts? [link] [comments]  |
| Is there supposed to be a progress bar when uploading IOS via xmodem/console cable? Posted: 25 Feb 2019 03:52 PM PST I'm dicking around with a switch and trying to learn whatever I can. I'm currently using secureCRT to upload a new ios via a console cable using "copy xmodem: flash:". it current says "Transferring [file/location/name.bin]... I know it will take a while, but I'm curious if it's actually working? Is there supposed to be a progress bar or something that shows it's not just frozen? It's a Cisco Catalyst 3560, if that matters. [link] [comments]  |
| Is it possible to reconfigure the APIPA default subnet? Posted: 25 Feb 2019 03:12 PM PST For example, instead of APIPA reassigning the PC into something on the 169.254.1.0 /20 subnet, could we assign the PC into something on a 10.101.x.x subnet? In case this is a dumb question, maybe someone else has another idea for a solution? I have a Windows PC that will be straddling two different networks. When operations personnel use it on power systems devices, I need the laptop to be on a 10. Subnet. When theyre done using it, it needs to be returned to the IT network to receive regular Windows updates and security patches on a DHCP network. I can't implement DHCP on the operations network because of how communication is configured between the various relays, transformer monitors, breaker monitors, etc... I'm trying to make this as simple for operations people as possible. Training them to reconfigure their Network adapter back and forth everytime can result in too much human error. [link] [comments]  |
| Planning for remote hardware replacement with Smart Hands - help me think this through! Posted: 25 Feb 2019 03:02 PM PST I'm going to be leading a project to replace switches and routers in multiple different remote locations for the company I work for (about 10 remote offices in total). I will work with remote Smart Hands to complete the swaps. Ahead of any on-site work and Smart Hands showing up, I want to put together a check-list of basic things to think through and document. For example:
Folks who have managed this type of process before - have you ever put together a standard template of things to gather and think through ahead of starting the work? Please share your expertise! [link] [comments]  |
| Posted: 25 Feb 2019 02:06 PM PST The server folks turned up at my desk today with a bunch of dell s5048f-on switches they had ordered to go into the new server/storage cluster and asked me if I could configure them ready for deployment next week, but I'm struggling to get any commands accepted! Upon boot I get a # prompt, but the usual 'configure', 'enable', 'show' commands do nothing. I've read the starter guide provided by dell and it states I should he greeted with a named prompt. An I missing something stupid, like with juniper whereby you have to type 'cli' upon a cold boot? [link] [comments]  |
| How would you use a tuition waiver? Posted: 25 Feb 2019 11:23 AM PST Network engineers, if your employer offered you a tuition waiver with pretty loose reigns on what classes you can take, how would you use it? Or if you have this option, how have you used it? The areas I've come up with are: programming/scripting (preferably in python), databases, data management/analysis, and business. Basically - get into automation and learn how to be more valuable to the higher-ups. What would you do? [link] [comments]  |
| Wireless Access Point with multiple guest SSIDs Posted: 25 Feb 2019 11:19 AM PST I can't find one that works for me, does one even exist? My main requirement is that it be able to support multiple SSIDs that do not allow connected devices to see each other. One of those would be open, the other with a password. It is not possible with the current Ubiquiti UniFi devices. Other that this, I'd need the controller software to be subscription-free, installable on my hardware, and possible to run locally self-hosted without an internet connection. Thanks! [link] [comments]  |
| Interface IP routing tracking vs SLA tracking Posted: 25 Feb 2019 11:03 AM PST I recently got a new job as a Network Engineer (not very experienced) and everything's going will, studying the routers config and noticed they have EEM setup to reboot cellular modules when "track 1 cellular0/1/0 ip routing" is down, in previous experiences I've always used similar EEM config but on tracking an SLA (set to ping other end of the tunnel) is there a clear advantage to one or the other? from what I've read ip routing will work well but I feel setting up a "track list boolean or" and having the multiple hub sla's (we're using DMVPN) as objects to be a better solution, opinions? [link] [comments]  |
| Posted: 25 Feb 2019 08:39 AM PST My goal is to allow any host to SSH into a server behind a NAT. My server is in a AWS VPC. A Juniper vSRX is serving as the gateway. The vSRX has a management, public, and private interface. The management and public interfaces have public IP addresses. The management interface is in the global routing instance. The public and private interfaces are in a separate routing instance. What's the easiest way to allow any host on the Internet to SSH into the server? This is a sandbox environment, not connected to any corporate networks. I tried port forwarding an arbitrary port on the public IP of the public interface to port 22 on the private IP of the server. That didn't work either because I messed up somewhere or it is not possible. I think my AWS security groups permit this, my Juniper security zones allow any traffic to and from untrust and trust zones. My other, less important question is can Juniper vSRX create a dynamic VPN (any host, any IP) with a StrongSwan IPSec client? Juniper's website only mentions support for two commercial IPSec clients for dynamic VPN. A VPN would be nice, but the users of this system do not own the commercial IPSec clients mentioned in the documentation. [link] [comments]  |
| Posted: 25 Feb 2019 07:35 AM PST This morning we had to install a Cisco router behind our firewall to setup a site to site vpn to another location. We noticed that probably 1 out of every 20 pings to the external public address was dropped. I'm being told that this might not be stable enough for a site to site vpn to work very well. I tried pinging a few other web servers we host and its the same thing it might go 50 pings without a drop or it might go 20 without a drop. The internal IP address pings look good and pinging out to other sites like google.com look good. We don't have very great internet speed 50Mbps. I'm not really sure what else to look at. We've never had problems accessing any of the websites we host even with the occasional dropped ping. Any ideas or things I should check? [link] [comments]  |
| LibreNMS/Oxidized - public key ssh auth config [X-Post from r/LibreNMS] Posted: 25 Feb 2019 07:28 AM PST I'm trying to get more information on configuring public key ssh authentication for device groups in oxidized. I've looked at the oxidized documentation as well as a few forum posts I've found semi-related to this topic, but I've not found anything that provides the correct syntax so far. Here is a portion of my oxidized config showing what I currently have for public key ssh authentication:
And here is the output of one of the debug logs for a switch using public key authentication: 2019-02-22 21:29:18 UTC Inappropriate ioctl for device [Errno::ENOTTY] /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/prompt.rb:44:in 'noecho' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/prompt.rb:44:in 'ask' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/key_factory.rb:66:in 'rescue in load_data_private_key' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/key_factory.rb:59:in 'load_data_private_key' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/key_factory.rb:43:in 'load_private_key' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/key_manager.rb:142:in 'sign' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/methods/publickey.rb:62:in 'authenticate_with' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/methods/publickey.rb:20:in 'block in authenticate' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/key_manager.rb:122:in 'block in each_identity' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/key_manager.rb:119:in 'each' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/key_manager.rb:119:in 'each_identity' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/methods/publickey.rb:19:in 'authenticate' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/session.rb:80:in 'block in authenticate' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/session.rb:66:in 'each' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh/authentication/session.rb:66:in 'authenticate' /var/lib/gems/2.3.0/gems/net-ssh-4.1.0/lib/net/ssh.rb:237:in 'start' /var/lib/gems/2.3.0/gems/oxidized-0.21.0/lib/oxidized/input/ssh.rb:49:in 'connect' /var/lib/gems/2.3.0/gems/oxidized-0.21.0/lib/oxidized/node.rb:65:in 'run_input' /var/lib/gems/2.3.0/gems/oxidized-0.21.0/lib/oxidized/node.rb:42:in 'block in run' /var/lib/gems/2.3.0/gems/oxidized-0.21.0/lib/oxidized/node.rb:37:in 'each' /var/lib/gems/2.3.0/gems/oxidized-0.21.0/lib/oxidized/node.rb:37:in 'run' /var/lib/gems/2.3.0/gems/oxidized-0.21.0/lib/oxidized/job.rb:9:in 'block in initialize' I've asked this in the Oxidized forums and their gitter channel, but I haven't received any responses. I appreciate any assistance! Thanks. EDIT: Oxidized is working again on my HP/Aruba devices using ssh key authentication. Here is what changed - I removed the [link] [comments]  |
| Posted: 25 Feb 2019 07:17 AM PST Hello, Looking to get some assistance with the best way to route traffic at one of our remote offices. We currently have Comcast Business Class internet for all general internet traffic. We also have Comcast ENS (Basically MPLS) for internal traffic. On our Layer 3 Router, I have configured our internal networks to hop over the ENS interface. All other traffic (0.0.0.0/0) is set to go over the Comcast Business connect and is the gateway of last resort. Ultimately, I'd like to have all traffic route over ENS if the business class connection goes down. What is the most efficient way to make this happen? Right now, presumably, I'd have to connect to the Layer 3 switch and change the 0.0.0.0/0 route. Thank you! [link] [comments]  |
| Remotely access switches behind an ASA5525X Posted: 25 Feb 2019 07:16 AM PST I am upgrading a new remote office using an ASA5525X as our gateway with (3) 2960Xs behind that for the LAN-call it Site A With the understanding that I cannot SSH to the ASA then SSH from the ASA to the switches underneath I am working on trying to find a way to be able to access these switches remotely. We currently have an IPSEC VPN Tunnel to this office that allows Site A's internal subnet (192.168.5.0/24) to talk to the HQ subnet of 192.168.10.0/24. I have the switches setup 192.168.5.5 - 192.168.5.6 - 192.168.5.7 with the default gateway to ASA as 192.168.5.1. ----- I have been doing some digging and seen something in regards to NATing these internal switches IPs OUT to a specific port and using the external IP of the ASA with that port to access them. Below is a config I am implementing on the ASA. Has anyone used this method or believe it will work? object network SW1 host 192.168.5.5 object network SW2 host 192.168.5.6 object network SW3 host 192.168.5.7 ! object-group network SSH_Switches network-object object SW1 network-object object SW2 network-object object SW3 ! object network SW1 nat (inside,outside) static interface service tcp ssh 22111 (Not the ports I am using just an example) ! object network SW2 nat (inside,outside) static interface service tcp ssh 22112 (Not the ports I am using just an example) ! object network SW3 nat (inside,outside) static interface service tcp ssh 22113 (Not the ports I am using just an example) ! access-list Outside extended permit tcp 192.168.10.0 255.255.255.0 (HQ Office subnet) object-group SSH_Switches eq 22 ! Any help/confirmation much apprecaited. [link] [comments]  |
| Posted: 25 Feb 2019 07:15 AM PST I previously posted a thread with some questions regarding replacing a ASA 5506 due to the hardware issue with these devices. The new device was shipped with ASA 9.8(2) and ASDM 7.5, so completely incompatible. I ended up copying the 9.6(1) ASA and 7.6 ASDM from the old device. I've tried both restoring the device from ASDM, as well as copying the startup-config file to the device using TFTP. The problem I'm facing is everything(internet access, VPN, etc) works perfectly for 1-2 minutes upon booting the new ASA. Then, suddenly nothing on the network is able to reach anything outside. This is the case for each time I reboot the ASA. The ASDM packet tracer results in (nat-xlate-failed) NAT Failed even though none of the individual steps fail, but why would it work for a small period of time if it's NAT related? I'm unable to lab at home as the replacement wasn't shipped with a new power supply, and I cant keep the network down for hours on site... [link] [comments]  |
| Applying heavy load to internal network? Posted: 25 Feb 2019 06:43 AM PST Hi, so I need to test the load balancing of my works network and looking for the best way to send loads of traffic through the network to try and oversaturate it to test out the system. What are come if the best free utilities to do this? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment