Moronic Monday! Networking |
- Moronic Monday!
- Top 3 reasons WatchGuard firewalls are the best firewalls
- What's your opinion on connecting to a private IP via VPN on a third-party network?
- RJ-45 Ends for Cat6 Direct Burial Cables (23AWG)
- IPS with encrypted traffic
- 1310nm vs 1550 nm
- How would you explain the meaning of an API to a network engineer?
- Targeting Cisco QoS over multiple remote links on AT&T Switched Ethernet Fiber
- GlobalProtect and other VPN clients. How to secure host devices by not allowing them to change routing info.
- 2960-x to 2960-s 1GB Fiber help.
- Can I force Windows to connect to a specific WAP?
- ARP question
- Cisco ASA 5500 LDAPS issue
- Watch guard April fools joke
- SDWAN and firewall positioning
- Advice on a Layer 1 switch
- Local printer in events industry
- Why might I get an 169.254.x.x address, but still get internet through that?
- Is there any way to automate IPplan?
- Switching the WAN connection from ISP
- Triangulating Wireless Access Points with Pings
- Is Nornir Idempotent
| Posted: 31 Mar 2019 06:04 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| Top 3 reasons WatchGuard firewalls are the best firewalls Posted: 01 Apr 2019 02:32 AM PDT
[link] [comments]  |
| What's your opinion on connecting to a private IP via VPN on a third-party network? Posted: 01 Apr 2019 04:21 PM PDT I've been asked to set up a site-to-site tunnel for this but I've generally regarded it as poor practice, and most third-parties I've dealt with won't allow it anyway. It would a public IP on my end and private on the other. I don't really want to do it but it's not my call. [link] [comments]  |
| RJ-45 Ends for Cat6 Direct Burial Cables (23AWG) Posted: 01 Apr 2019 04:19 PM PDT I've got a project that uses 23AWG solid/shielded CAT6 cabling. It's direct burial stuff, so the jacket is exceptionally thick as well. It seems that CAT5/6 RJ-45 plugs are designed for 24AWG--even ones that claim compatibility for 23AWG. Has anyone here had success finding plugs? If so, what brand/part works best? Did you need a special crimping tool for these plugs? Thanks in advance! [link] [comments]  |
| Posted: 01 Apr 2019 04:08 PM PDT How effected is IPS and anti-malware on a FW for SSL traffic with decryption on the FW not enabled? [link] [comments]  |
| Posted: 01 Apr 2019 06:44 AM PDT Im currently designing a dark fibre network, and am a bit confused. What difference does 1310nm make vs 1550nm Edit: it's a 25km link [link] [comments]  |
| How would you explain the meaning of an API to a network engineer? Posted: 01 Apr 2019 10:17 AM PDT Hi I am a developer and I have a friend who's a network engineer. Recently their company started using these new SD-WAN devices. As you all probably know, most of these devices expose RESTful web services. So the thing is that my friend's pretty old school and is struggling with understanding what an API is. I tried my best to explain it but it just wouldn't make any sense to him. You y'all know any way in which I can help him understand the concept better? I am not aware of what devices they use exactly. [link] [comments]  |
| Targeting Cisco QoS over multiple remote links on AT&T Switched Ethernet Fiber Posted: 01 Apr 2019 10:01 AM PDT I'm working on creating/cleaning QoS policies for voice at my place of work but have run into a question on how to best accomplish what I'm trying to do. First off, we have about a dozen remote locations that are all connected via AT&T utilizing their Switched Ethernet Fiber product (Layer 2 connectivity). AT&T has a Ciena at our HQ and all remote locations. Most remote locations are connected with a 50Mbit link, some of the smaller locations at 10Mbit. Our link at the HQ is a 500Mbit link. I'm modeling after Cisco's AutoQoS. Normally I'd leave in the AutoQoS entries which classifies voice and control correctly, and provides 33% and 5% bandwidth respectively. But since I'm sending data over one single higher-bandwidth link at the HQ, these default rules do not work as we never hit the 500Mbit bandwidth statement, so QoS never is triggered. However, we are saturating some of the remote 50Mbit links at times which has generated complaints of voice not working properly. I'm looking for a good way to set up QoS most effectively on the HQ router and though't I'd ask the hive mind. Right now my thought was to create 3 class maps per location that match-all on network ACLs and data class (voice, control, data) - following the Cisco AutoQoS. Then I'd have one big policy map that contains all 36 (12x3) classes with appropriate bandwidth statements. That won't work though as I mentioned earlier that we never hit the 500Mbit on the HQ router. How can I get the one AT&T facing interface on our HQ router to recognize that traffic heading to one subnet should be accounted for separately as a lower-bandwidth link? For example, if traffic heading to 192.168.78.0/24 has surpassed the 50Mbit, start policing or shaping. For good measure, here is a chunk of how I originally was thinking of setting things up: [link] [comments]  |
| Posted: 01 Apr 2019 12:59 PM PDT Hello all, I had an argument a couple of days ago whether its actually worth tunneling all internet traffic to the firewall vs split-tunneling. I always thought that the traditional approach would be best until I was told that this could be easily changed by adding a static route to the host device. So I have tested it. I have configured a PA device without split tunneling and verified that I get internet trhough the Palo Alto firewall. Then I put a static route on my end host bypassing the tunnel which worked! I was aware that sometime in the past this could not have been achieavable. What changed? Is there any vpn client that does not allow route manipulation? TLDR: By using GlobalProtect someone can bypass the firewall by adding static routes on their workstation. Can this be avoided? [link] [comments]  |
| 2960-x to 2960-s 1GB Fiber help. Posted: 01 Apr 2019 12:31 PM PDT We updated our auditorium and need a 24 port switch added. We have a extra 2960-s so that is what we are using. We ran fiber from the new auditorium back to another closet to link to a 2960-x. Since 2960-s is 1gb only we got two cisco GLC-LH-SM optics. We know the fiber works the company already tested the line they ran so it's not that. I plugged each optic in and connected the fiber and I cannot even get the links to activate. Obviously I shut/ no shut on both. Here is some configs. 2960-x interface GigabitEthernet2/0/49 description Uplink to CHS-AUD switchport mode trunk srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust dscp auto qos trust dscp 2960-s interface GigabitEthernet1/0/25 description Uplink to CHS-AUD switchport mode trunk srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust dscp auto qos trust dscp What could be stopping these links from even coming up? Am I missing something super obvious? They always say down/down but I type a Show Inventory and I can see both GBIC's so they are being recognized. Let me know if anyone needs more info. This seems like such a simple problem but it just won't connect. I have also tried multiple GBIC's. [link] [comments]  |
| Can I force Windows to connect to a specific WAP? Posted: 01 Apr 2019 12:21 PM PDT I'm troubleshooting an intermittent wireless connectivity issue and think the issue is that 1 of the 70 WAPs is (for whatever reason) unable to pass traffic on to the rest of the network. The issue only affects one area of the building. I'd like to test my theory by connecting to each of the WAPs in the area and send pings out to the default gateway, but I can't find a way to force windows to connect to a specific WAP. It just connects to the one with the strongest signal. I would just wait for the issue to happen again, but it happens so infrequently and unpredictably that it could be a while. Any suggestions? I should also mention that these are Aruba WAPs, there is no wireless controller, I don't have credentials for the WAPs, and I don't have a list of IPs assigned to the WAPs. I know I know, not my network, just happen to be the closest guy geographically to my former employer's newest client. [link] [comments]  |
| Posted: 01 Apr 2019 11:55 AM PDT Hi guys, today in my computer networking class, our professor asked the following question: A router is connected to 2 different switches, each of them managing different networks. If the router has two ARP modules, each of them with its own ARP table. Is it posible that the same MAC address appears in both tables? Somebody answered yes, but I didn't hear properly her argument and I couldn't ask after the class directly to the professor. The reason would be that both tables are independent for each network? Thanks is advance. [link] [comments]  |
| Posted: 01 Apr 2019 11:49 AM PDT I am new to Cisco, we used to have a Sonicwall. The problem is the anyconnect VPN, users cannot change their AD passwords through the VPN software. We have 50 plus users that never connect directly to the office and this is the only way for them to change their network passwords short of calling us to do so. Our old firewall did this, all you had to do was install the CA certificate from the AD server in the Firewall and enable TLS. I used to do all of the Firewall support, we now have outsourced the firewall support and they can't get this to work. They have the certificate installed on the ASA and have enabled use LDAP over SSL and it doesn't work. My AD server has this in the logs "The token supplied to the function is invalid ". To me that seems to mean the certificate is either not installed correctly or the Cisco is not using it. Any ideas on what we could be missing? My google searches have yielded no helpful results other than what we already have tried, and some others require a Cisco login with rights to access those articles. [link] [comments]  |
| Posted: 01 Apr 2019 10:56 AM PDT Do people really think poorly of watchguard? I don't know the most about firewalls and my company uses one. Edit: disclaimer I did not setup this network, I am a junior tech here. [link] [comments]  |
| SDWAN and firewall positioning Posted: 01 Apr 2019 10:35 AM PDT Hello, I read a silverpeak article whichs recommends to put the SDWAN device inbetween 2 virtual routers on a palo alto firewall essentially making the PAN device the externally facing device. Is there a reason I wouldn't just put the silverpeak on the edge? Is it not secure enough to be an edge device? [link] [comments]  |
| Posted: 01 Apr 2019 12:54 AM PDT Hello. We have a lab for the network equipment and we need an L1 switch to automate the L1 connectivity between the devices. I've started googling the products and realised there's lots of them. Can you guys give me an advice on what companies/models to look at and what features to compare? Also, what is the usual approximate price for that kind of equipment? Thanks! [link] [comments]  |
| Local printer in events industry Posted: 01 Apr 2019 09:13 AM PDT Hi everyone. I work in the event sector putting printers out for conferences among other things. I tend to put out a printer connected to a switch so that a few PCs in an area can print to it. However it's becoming more often that the PCs that they want to print to are on their own business VPN So plugging up it would go 1 - Cable from venue to unmanaged switch 2 - Cables from switch to PCs 3 - Cable from switch to Printer So when I set the printer to DHCP it gets the IP address from the venue (obviously). And obviously their PCs get a DHCP address from the venue But when they turn on their VPN and tunnel back to their offices, it doesn't talk to the local network any more. The obvious way around it (to me) is to everytime they want to print they have to disconnect from their VPN to print locally but that isn't very efficient. Is there a way to route the printer packets before it gets to the vpn, to go to the local network, rather than to the vpn? Thanks in advance! [link] [comments]  |
| Why might I get an 169.254.x.x address, but still get internet through that? Posted: 01 Apr 2019 10:28 AM PDT I was testing some ethernet jacks today to see if they could access the internet. I ended up with a few that gave me a 169.254.x.x address, but still provided internet. I didn't have internet access prior to plugging in so I'm sure it wasn't the wifi adapter and I kept checking through ipconfig, but it kept the same address. There were a few other jacks that gave the same IP and no internet access which is what I would expect. I'm also 99% sure these jacks are hooked up to a normal network switch. Maybe I have a misunderstanding about the usage of that address space? [link] [comments]  |
| Is there any way to automate IPplan? Posted: 01 Apr 2019 03:55 AM PDT So the place I work uses IPplan for IP address management. I was wondering if there are any APIs available to automate the process of reserving an IP address and so on. Sadly they don't use DHCP. Thanks guys! [link] [comments]  |
| Switching the WAN connection from ISP Posted: 31 Mar 2019 09:52 PM PDT So a parent company of a small shipping company wants to send us some black VPN box (ANIRA) and insists that it sits directly connected to the ISP and not behind the company Fortigate. They claim having sNAT both directions with a public IP is not good enough. In our country we have an ISP and an infrastructure provider. These are 2 separate entities. infrastructure provider supplies the hardware (Alcatel fiber/Ethernet switch of some sorts) and the fiber line (p2p) going to the ISP, which in turns provides the public addressing and a connection to the Internet. I talked to the ISP and they have no issue taking a /30 junk of an already routed range I have and letting me use that for this VPN device (network, endpoint, gateway, broadcast addresses). The infrastructure supplier is giving me a hard time though saying that they won't just make Ethernet port 2 switched with the port 1 (that porvides the connection to the ISP already) so far as saying we have to pay for another a dedicated connection to the ISP. TL;DR: can i a plunk a switch at the WAN connection (port 1 from the infrastructure's Alcatel switch) and talk to the ISP to do the routing/gateway configuration skipping the infrastructure provider's involvement all together? EDIT: the infrastructure provider approved it, so i guess no need for a switch... [link] [comments]  |
| Triangulating Wireless Access Points with Pings Posted: 31 Mar 2019 09:51 PM PDT Do you guys think it would be feasible to ping an access point while walking around in order to triangulate it's location? [link] [comments]  |
| Posted: 31 Mar 2019 09:44 PM PDT I want to create an automation script using Nornir to update the vlan configuration on device interfaces. I want to have a version controlled file with something like: int gig1/1:vlan10 int gig1/2:vlan10 Then when someone changes the file like to say int git1/2:vlan20 and successfully merges the file with a production branch of the file the config is implemented idempotently (So vlan1/1 is not affected even though its in the file that the script is being run against). Can nornir do this? Easily? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment