OpenBGPD-portable 6.5p0 is released Networking |
- OpenBGPD-portable 6.5p0 is released
- EtherChannel - VLAN Mask is Different? Explanation?
- Fortinet SD-WAN (?)
- Question about BGP prefix
- What do you guys use to automate the initial configuration for F5s?
- EVE-NG (Community Edition) w/ Large Number of Interfaces? (eve-ng or vmware issue?)
- What's my issue? SonicWALL dropping VPN traffic - failed spoof check
- Syslog best practices/best program
- What's a good router that supports VLANs?
- Configuring Aruba 3810 Ethernet port for AT&T 250 Mb circuit
- Need help with a device not working on switch
- Help with setting up VLANs (SonicWALL, Netgear, and Meraki)
- Issue with Network Discovery on small classroom lab.
- Problem switching from MPLS to SDWAN
- How should you read computer networking: a top down approach?
- Dev Team wants testing sites
- Fiber Distribution cable om3?
- Ericsson Redback Switches TACACS Configuration
- (Cisco Nexus) Showing routes not installed by OSPF
- Layer-3 Network Design with Nexus's and Catalysts 2960's?
- Beginner Learning Networking
- Cisco WLAN controller -- created new SSID, not showing up as an available network?
- Designing my first (tiny) MDF. I don't even know what I don't know. What are the best practices, or common mistakes to avoid?
- Questions on what switch equipment to deploy
| OpenBGPD-portable 6.5p0 is released Posted: 30 Apr 2019 05:39 AM PDT We have released OpenBGPD 6.5p0, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon. OpenBGPD is a free, functional, and secure implementation of the Border Gateway Protocol (BGP-4). It is a fairly complete BGP implementation and praised for ease of use, as well as its reliability. This is the first release of OpenBGPD-portable in quite some time. Since the last portable release a significant amount of features and performance improvements have been added, if you haven't used openbgpd-portable in a while, you'll be positively amazed what has changed! Caveats: there currently there is no support to update FIB / kernel routing tables in the portable version of OpenBGPD. This means OpenBGPD-portable is suitable for IXP route servers, route collectors and route reflectors but not (yet) for use as a traditional router. Some OpenBSD specific features have been turned off as well. OpenBGPD-portable is known to compile and run on FreeBSD 12.x, and the Linux distributions Debian 9, and Ubuntu 14.04. It is our hope that packagers take interest and help adapt OpenBGPD-portable to more distributions. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible. Downloads are available at: https://ftp.openbsd.org/pub/OpenBSD/OpenBGPD/ [link] [comments]  |
| EtherChannel - VLAN Mask is Different? Explanation? Posted: 30 Apr 2019 11:56 AM PDT Hi, So far i get this prompt " %EC-5-CANNOT_BUNDLE2: Fa0/4 is not compatible with Po1 and will be suspended (vlan mask is different)" I am unsure what this means, all vlans are the same but unsure how to allow specific vlans on a Port Channel, any explanation for this? [link] [comments]  |
| Posted: 30 Apr 2019 03:05 PM PDT Curious if anyone has used Fortinet SD-WAN for large branch offices? (Or at all) Just had a conversation with them, and they claim that their new 6.2 software release now offers the "full" SD-WAN feature set, including packet duplication and other pieces that were missing in previous implementations. Looks interesting, especially with their "F" generation ASICs also coming out next month in a new set of appliances... [link] [comments]  |
| Posted: 30 Apr 2019 02:19 PM PDT I am looking up an AS and when I click prefixes it lists 3 subnets as Announced Prefixes. In this case, there are 3 /24s. The Description does NOT match the company name that I looked up. Does this mean that this company (that the AS is assigned to) doesn't actually own those IPs but is instead leasing them? To compare, when I look up a google AS, the Description shows Google's name. Why is that? [link] [comments]  |
| What do you guys use to automate the initial configuration for F5s? Posted: 30 Apr 2019 05:02 AM PDT Hi guys I am looking for suggestions for ZTP for initial provisioning for F5s . More specifically I am interested in automating the F5-Big IP VE for lab or prod purposes, just the initial configuration (that would be scripts to change the password, license registration and then basic IP configuration) [link] [comments]  |
| EVE-NG (Community Edition) w/ Large Number of Interfaces? (eve-ng or vmware issue?) Posted: 30 Apr 2019 03:27 PM PDT I'm working on a setup with the eve-ng community edition, where I have 24 nodes, but I have approximately 110 Interfaces (43 point-to-point links between nodes, 12 links from nodes to a network shared to the outside) in the topology. Upon starting up the nodes, I'm unable to reach the console of my nodes, and on the eve-ng host in the vmware-vmsvc.log I'm seeing a bunch of messages: [May 01 01:25:01.012] [ message] [vmsvc] GuestInfoAddNicEntry: NIC limit (64) reached, skipping overflow. [May 01 01:25:01.012] [ message] [vmsvc] GuestInfoAddNicEntry: NIC limit (64) reached, skipping overflow. [May 01 01:25:01.012] [ message] [vmsvc] GuestInfoAddNicEntry: NIC limit (64) reached, skipping overflow. [May 01 01:25:01.012] [ message] [vmsvc] GuestInfoAddNicEntry: NIC limit (64) reached, skipping overflow. [May 01 01:25:01.012] [ message] [vmsvc] GuestInfoAddNicEntry: NIC limit (64) reached, skipping overflow. [May 01 01:25:01.012] [ message] [vmsvc] GuestInfoAddNicEntry: NIC limit (64) reached, skipping overflow. [May 01 01:25:01.013] [ message] [vmsvc] GuestInfoAddNicEntry: NIC limit (64) reached, skipping overflow. I understand that the Community Edition has a support maximum of 63 nodes, so I'm not hitting that. But am I hitting some other limit, or a limit on the number of interfaces based on the fact that I'm running this on vmware? Note, only 12 of the interfaces go to a network that is extended to the vmware host (eth2), the rest are point-to-point links connecting nodes. Any thoughts/advice is much appreciated. Thank you [link] [comments]  |
| What's my issue? SonicWALL dropping VPN traffic - failed spoof check Posted: 30 Apr 2019 03:27 PM PDT What's my issue? We have a hosted application from a vendor. They insist on shipping a Cisco ASA to establish a VPN tunnel back to their datacenter instead of bringing up the tunnel on customer equipment. I have a pair of SonicWALLs in active/passive HA - so I already had the ISP's handoff coming into my switch to break it out into 2 handoffs (one for each SonicWALL). I added another switchport to the ISP VLAN to create a third handoff for the ASA. The SonicWALL +HA and ASA each are assigned an IP from the block issued by the ISP/ Print jobs sent from the hosting company's print servers are not going through to a couple of printers on my 192.168.1.0/24 subnet - the SonicWALL (default gateway for the subnet) is dropping the packets with drop code 499 (IP Spoof check failed recorded in module network). I'm having trouble determining where the problem lies. There are several other printers on the same subnet that work fine. Maybe this diagram will help? https://imgur.com/a/fEyBKxF [link] [comments]  |
| Syslog best practices/best program Posted: 30 Apr 2019 11:29 AM PDT I plan on cross posting this to sysadmin, but I know the networking sub is also a good place to ask, as well. I'm reading that having multiple syslog servers is a good idea, for redundancy, which makes sense. I'm not sure if I can get approval for two syslog servers, but it is worth a shot. There are also free alternatives, as well, for example, librenms. Can I log into a device, for example, a switch, and provide a FQDN instead of an IP address? That way if the syslog ip has to be changed or a new syslog server is needed, a DNS entry can point the devices to the new server? I have tested with an HP switch and this one only accepts IPs and won't take a hostname/FQDN. I read that pointing all devices to a syslog server and then configuring that syslog server to send the logs to other servers is also a good idea, but you still have a single syslog server from a single point of failure perspective. With our syslog server being a virtual machine, I don't think only having one is a problem, meaning, it is better than a physical server having an issue. Being that it is virtual, we have failover options (migrate to different physical host) and we have another office where the server could live as a replica as another backup/recovery method. I was not given a budget, but that doesn't mean the funds are unlimited, it basically means, show us a few solutions and we will pick one that we like best for X reasons. I'd be curious to see what you all recommend. I've seen threads started asking for opinions and many times, in the threads I've read, there is a clear winner. Right now, I'm going to take a look at
Edit- The environment consists of many brands: Dell switches, hp switches, cisco switches, sonicwalls, Dell SAN, Dell servers, IBM servers. Edit- Adding Kiwi Syslog Server (paid) to the list. [link] [comments]  |
| What's a good router that supports VLANs? Posted: 30 Apr 2019 03:02 PM PDT This is for a school project. I have to find equipment for a mock network. The wireless access point I was going with is TRENDnet 300Mbps Wireless N Access Point and for switches, I was going with NETGEAR 48-port Gigabit Smart Managed Plus Switch (GS750E). I was looking for one with a firewall so I don't have to buy additional protection. [link] [comments]  |
| Configuring Aruba 3810 Ethernet port for AT&T 250 Mb circuit Posted: 29 Apr 2019 09:08 PM PDT As the title suggests, I have an Aruba 3810 that I am trying to use an Ethernet port (all the ports are Gig ports) to bring in a 250 Mbps AT&T Switched Ethernet circuit. The port is auto negotiating to 1000/full, and I have rate limiting set to 250 Mbps. Every time I run an IPerf against it, I only get between 65-80 Mbps. I am also getting a small amount of tx drops on the port. HP/Aruba say everything is configured correctly, and AT&T says their throughput testing is showing upwards of 220 Mbps to their device. Can anyone think of anything I can be missing or I should check to figure this out? I am pretty much at a loss. Something tells me I'm missing a small configuration on my upstream port to AT&T, but I can't hammer it down. Any help would be greatly appreciated. [link] [comments]  |
| Need help with a device not working on switch Posted: 30 Apr 2019 02:32 PM PDT So we have a device that is connected to our switch. However, we cannot even ping the device on our switch and we cannot see the mac address of the device. If we plug the device into a different switch that is not on our network, it works fine. We know the port is good on our switch because when we plug any other device into that port, it works just fine. We have tried using different cables, different ports, and made sure there were no firewalls blocking it and that there are no config issues. We have tried restarting the device. We have even tried a completely different switch on our network, same issue. So it seems like there is something about our network that is causing the device to not even talk to any of our switches. Can't ping, or pull a mac address. What could it be? The device is a PW-6000 Pro Watch Panel. Switch is a Cisco 6509 [link] [comments]  |
| Help with setting up VLANs (SonicWALL, Netgear, and Meraki) Posted: 30 Apr 2019 02:23 PM PDT Hopefully this qualifies to be posted here ... It's some enterprise equipment and some not ... and I'm about 99% sure it wouldn't be understood well at all in the home networking subreddit .... I did cross post it to /r/homelab as well. More or less approaching this as an educational piece to learn a little more than what I know already. With that said, I am ashamed to admit that I am beyond confused when it comes to VLANs... They definitely didn't go over that too deeply at all when I was in school (that, and it was years and years ago). Anyways, here's what I am hoping to be able to accomplish, and hoping you can help me out. Equipment
Current Configuration
GoalI would like to be able to connect my Netgear ProSAFE Switch to the network jack in the Office in Port 1. From there, I would like to connect the Linksys Router to Port 2. I would like to have Port 3-7 available for other X0 connections (or, if I figure out this entire VLAN thing, maybe make another VLAN for something else down the road with these ports, since the Linksys has 8 ports on it as well). I would like to connect the Meraki to Port 8. I would like to be able to have my Linksys EA9500 (in bridge mode) pull an IP address from the X0 interface, to be handing out IP addresses from the X0 DHCP server. I would like to be able to have my Meraki pull an IP address from the X0:V2 DHCP server, and not have any way to communicate / discover anything happening on X0. VLAN / Netgear Confusion!I am not sure where to proceed from here. There are a number of options on the Netgear:
I feel as if every combination of things I have chosen results in something not working correctly (mostly not getting an IP address from X0:V2, but other times just losing connectivity all together and having to do a factory reset) ... Help? /throws_hands_up_in_the_air_in_frustration The other question would be -- can I not put the Linksys into bridge mode and use it's VLAN capabilities instead somehow... but be able to still ping / communicate with devices on both the SonicWALL's wireless / wired connections, and the wireless/wired connections on the Linksys (which, in my head, is essentially double NATing which is a disaster of it's own) [link] [comments]  |
| Issue with Network Discovery on small classroom lab. Posted: 30 Apr 2019 10:29 AM PDT For context, I'm a high schooler in a Networking class who's been assigned 'administrator' for the year. Normally we have an old server that's been running for years and the admin basically just has to make the new users for the class, but this year my teacher decided to set up a new server and that I had to do it (for context there's only around 8 users). We're also just a LAN and not connected to the Internet. That's all well and good, it's a good learning experience for me and I get to set up a server. Though in hindsight I should've opted for Windows Server 2016, naive admin me wanted to get 2019 instead. So I get it all setup, throw on a DNS, DHCP, and file server on it. I make a domain, connect everyone to it, all successful. I set up a shared drive which as of right now is working perfectly, everyone can access it and has it mapped. The DHCP server is assigning IP's currently and everything seems fine. But there's a small issue with my network discovery. This is kind of a mouthful so bare with me. All users in the class are added onto the server, naturally, to preface this. So one of my classmates network discovery is working perfectly, he can see everyone else on the domain and the server, and I believe one other persons is as well. My (client) computer and 2 others have an issue where they can only see MY computer name (and I can only see my computer name as well). I thought this was quite bizarre as two of them can't see anything but my computer, not even themselves. Furthermore, the server can see itself and MY computer (client) as well. Which again is weird because the server can't see the client who's discovery is actually working. Everyone seems able to ping each other and the server both by IP and by name. Some things I've done to try to get things working:
From the research I've done, it seems to be a DNS issue on the server itself, but I have no clue where to look or what would fix the issue. Any help is thoroughly appreciated :) TLDR; Network discovery works on one PC and not on others, think it's a DNS issue with the server but don't know how to fix after researching it. [link] [comments]  |
| Problem switching from MPLS to SDWAN Posted: 30 Apr 2019 11:43 AM PDT My company is trying to switch over from our MPLS (Windstream) to an SDWAN (VeloCloud). We have twenty locations, one of them being a datacenter that houses our servers. Each of our sites has access to the other sites through the MPLS routing. Each of our sites have multiple /24 networks. 10.10.1.0/24 10.10.2.0/24 10.10.3.0/24 etc. DHCP is being provided for these sites by the Windstream boxes. (sometimes multiple WS boxes competing with competing DHCP servers with different networks) We have static IP devices on various networks at different locations. All of our switches throughout the company are in layer 2 mode. There are no VLANs. Many of our older Switches don't have VLANs functions. Our domain controllers, DNS, and email server, shared folders, are at the datacenter. We've been working with an outside vendor to configure the SDWAN They are telling us that they cant do multiple networks on a single interface with these SDWAN (VeloCloud - Edge 510) boxes. They are saying that the only way to do this would be to create VLANs. But that's not really possible without replacing a lot of hardware Is there another way that this can be done? maybe configuring one switch to put between the SDWAN box and the rest of each locations network to passthrough VLANs somehow from these other layer 2 mode switches at each site? Or is replacing most of our switches and configuring VLANs our only option? [link] [comments]  |
| How should you read computer networking: a top down approach? Posted: 30 Apr 2019 10:58 AM PDT I was just wondering if I should read it page to page in detail. Basically I don't need details. I just want to understand networking as a part of cs. I am not interested in networking as a career. I have already read first three chapters of this book and I was thinking that it was going into too much detail. Is there a better way? or a better book for my purpose? [link] [comments]  |
| Posted: 30 Apr 2019 06:31 AM PDT Hey all, I have a kind of operational type question for you related to DNS. Let me know what you think is the best option and why: Scenario: Dev team wants to resolve test-www.secondsite.com to an internal IP for testing purposes. Option#1: Put the internal IP address of the server on the external DNS zone, (don't like having internal IPs on an external zone, but it would work) Option#2: Setup a reverse proxy on the external zone and send the test users through the firewall (don't like having the test sites available to the outside world and a lot of setup work) Option#3: Use an internal zone we have already setup to test sites for other zones we don't want to make internal zones for (test-secondsite-www.mainsite.com pointing to the internal server of www.secondsite.com's test server. Will have to add bindings to the IIS server to accept this new header) Option#4: Create an internal zone for the secondsite. I really dislike this option, because it has to be constantly managed and any record changes on external would have to be replicated internally. [link] [comments]  |
| Posted: 30 Apr 2019 10:03 AM PDT At a location where they have one central server room and one closet with some switch's. The closet is connected to the server room via a fiber distribution cable. I noticed the connection they have from closet switch to server room switch was only at 1G. I wanted to do a 10g connection since I have the modules on hand and the switch is capable of it however I cant tell if the distribution cable can support om3. It is just a black cable with no writing on it from what i can tell. I can assume its multimode but dont know ifs its just om2 or om3. Is there a way to tell besides the color coding? The closet is within the 300m range for om3 Edit: Just so everyone knows ive never had to deal with distribution cables only patch for fiber so im not super familiar. I thought it was determined by the color of the cable jacket. [link] [comments]  |
| Ericsson Redback Switches TACACS Configuration Posted: 30 Apr 2019 08:03 AM PDT Does anyone have any experience configuring AAA on Ericsson Redback switches? I'm able to create and Read / Write accounts on my Aruba ClearPass Tacacs+ server but can't seem to get Read Only accounts working with them. Doesn't look like command authorization works either...anyone got any documentation for this or know why it might not be working? [link] [comments]  |
| (Cisco Nexus) Showing routes not installed by OSPF Posted: 30 Apr 2019 07:46 AM PDT I remember a while back using a command to show routes advertised by an OSPF process. I'm particularly looking to see all routes shown whether or not they're installed in the routing table due to a route-map. [link] [comments]  |
| Layer-3 Network Design with Nexus's and Catalysts 2960's? Posted: 30 Apr 2019 06:53 AM PDT Morning, All - Currently working on a Cisco project to provide full redundancy for a network, and trying to determine the best design. Hoping to lean on the great knowledge pool here :) This is the basic link topology for the section of the network in question. The Nexus 9200's at the top serve as the current network core, and the Catalysts are the access switches. We are adding the Nexus 9300 at the bottom as a secondary network core, physically redundant from the 9200's at the top. This 9300 also connects to our Colocation DR site with warm standby servers. My question is a basic one - what is the best way to prevent network loops? All access VLANs must be available on all switches in this topology, so no selective trunking. Obviously I could just leave everything in L2, and let spanning-tree block ports, but we all know that's a far from perfect solution, and we'd like to avoid the convergence time and potential hiccups that come from relying on STP. This is where things get tricky - the 2960's have very limited L3 capabilities. They do not support dynamic routing, but do support up to 16 static routes. With that said, what do you guys think the best way to tackle this would be? Thanks in advance! [link] [comments]  |
| Posted: 30 Apr 2019 10:14 AM PDT Hello, if this is supposed to be posted in /homenetworking, apologies and I will make sure to delete this post. My background: I graduated with a mechanical engineering degree, but did my best to take programming courses in java, python, and C. In my C course, the focus was learning the intricacies of pointers, memory management, however towards the end we dabbled in networking (TCP/IP, sockets ) and that's where I lost 'it'. So I am trying to learn it again, personal enrichment, not job related. I have been reading "Computer Networking A top down approach" by James and Keith Ross. I am currently in the second chapter discussing Socket Programming, we have a UDPClient and UDPServer python files that will construct a client-server application. At the end of the discussion we are told to run both programs in two separate hosts. I currently have only one laptop, a dell xps 9560, would it be possible to complete this task if I run two VMs, each one running Ubuntu, using VMWare Workstation (NOT the Pro version). One Ubuntu VM will run UDPClient while the other VM will run UDPServer? I have a suspicion this will not work since both VMs are running on the same laptop. Any alternatives or suggestions? [link] [comments]  |
| Cisco WLAN controller -- created new SSID, not showing up as an available network? Posted: 30 Apr 2019 05:30 AM PDT Hi everyone, I posted something similar yesterday concerning a new NPS server I am building out to replace are old one and with that a new SSID to replace the old ones. My question is now that I have the new SSID built out in our WLAN controller, which is basically an exact copy of the current SSID we are using, it is not showing up as an available network on devices? It is enabled, not hidden. I added a new RADIUS Authentication Server in the WLAN controller which is the IP of the new NPS server. The RADIUS clients have been added to the new NPS server (which are the two WLAN controllers). Basically the same setup that we have for the current SSID. Not really sure what I am missing here? The only thing I have NOT done yet is set up a GPO that I see is on the old domain we have for our current NPS/SSID which is: User Config Public Key Policies/Certificate Services Client - Auto-Enrollment Settings Automatic certificate management Enabled Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked Update and manage certificates that use certificate templates from Active Directory Enabled Display user notifications for expiring certificates in user and computer MY store Disabled Again, not sure if this is needed, but I would think the new SSID should show up regardless of what the NPS server settings are and the GPO, but could totally be wrong! Also, I'm sure this doesnt matter since our current NPS server doesnt do this, but we dont add our APs as RADIUS clients, only the WLCs. Thanks everyone! [link] [comments]  |
| Posted: 29 Apr 2019 03:53 PM PDT My company is building a new branch office that will have 30-50 users over ~5,000 sq/ft of office space and 20,000 sq/ft of machine shop/warehouse. The building is small enough that it should all be serviceable from a single MDF without needing overly long cable runs. So far the contractor has assigned a 10'x11' room as the "IT Room", and I've requested 25,000 BTU of cooling and 2x 30a 120v circuits. But now I'm getting to the point where I'm trying to understand how I want the patch panels placed, and where I want the rack to be, and I realize how lost I am with the "Layer-1" aspect. The current ICP design has ~320 ethernet drops that I'll need patch panel space for, and 8 fiber pairs. I'll be connecting to 3x C9300 switches, and there will be a pair of DL360 servers and a couple of PA-3220 firewalls. Plus UPSs. Where do you even begin with the physical layout for these kind of things? Right now I'm thinking of having a single 2-post rack for the patch panels and switches, and then a 4-post rack everything else. But like . . . yeah aside from that I don't know how it should be laid out or where. Those of you who've done this before, what do you wish you'd done differently on your first time? What would you recommend I consider or read to prepare for babby's first greenfield deployment? [link] [comments]  |
| Questions on what switch equipment to deploy Posted: 29 Apr 2019 05:55 PM PDT Hi guys, Been working with the enterprise level of switches from both cisco and HP many times but I am tasked to update the corporate network (multi site multi region) to match security standards and manageability and is therefor considering the possibility to use a central management platform to deploy and manage the infrastructure. My questions is what system would you guys reccomend, I am personally standing between a couple of vendors, Meraki, Ubiquity, Aruba, or Fortinet. What are your experience with these if you have used any of them? Iknow that many of them have a large licensing base compared to others and the price point is pretty different. But what I am asking about is performance, usability, stability and security. Edit: Support is a crucial part to. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment