Rant Wednesday! Networking |
- Rant Wednesday!
- Routers in real environments versus Cisco studies
- Cisco NX-OS Cheat Sheet
- Free Network Audit Tools Recommendations
- Quick question about network automation
- [Question] C9500 connecting to C9300 via a QSFP adapter
- Question about mDNS on WLC
- Best practices connecting cloud application to local server
- Micro-ISP - Setting up multiple external IPs
- WPA-3 uses the dragonfly(SAE) handshake, can anyone explain how this works in very novice terms?
- Network closet upgrade
- Running an ESXi Server in the cloud for LABs?
- IOS-XE 16.9+ Mandatory Smart Licensing - SLR - Specific License Reservation
- Cisco UCM question- some phones not able to use DTMF on certain numbers.
- RSPAN Issue
- Network with no DHCP - Adding Router to Lan for Wifi
- Having trouble with Windows and 802.1x
- Is this attitude from mgmt pervasive in IT?
- Super high ping every 58th ping?
- VPN migration from Policy to route-based
- Adding and Configuring Dynamips Supported Cisco Images to EVE-NG
- 1GIG DIA business circuit installed today - only 1strand fiber
- MPLS networking
- I/O error when loading new IOS file
- Switch / NIC compatibility
| Posted: 30 Apr 2019 05:04 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Routers in real environments versus Cisco studies Posted: 01 May 2019 07:43 AM PDT Hey /r/networking, So I have a question I've been pondering, hoping that you guys with a lot more experience than me can provide some insight. When we study CCNA and CCNP, we learn about topologies and networks with lots of routers in them. We setup routing protocols (OSPF, EIGRP, etc) between them all and learn how to get routes where they need to go. Then thinking about actual enterprise or even small business networks, are there really that many routers involved? Does one physical location really have more than a couple of routers all meshed and running routing protocols between them? I'm sure you're likely to have layer 3 switches for things like inter-VLAN routing and whatnot with the campus network design you get taught about, but do the topologies we see in labs and studies really look the same in the real world? Are the sheer number of routers we see in these examples supposed to represent sites which are physically located apart from each other? In other words, running routing protocols over some kind of WAN or private leased connection across multiple sites? Here's an example picture to demonstrate what I mean http://www.firewall.cx/images/stories/ospf-operation-basic-advanced-concepts-ospf-areas-roles-theory-overview1.png Is this supposed to represent one location? I can't think of why you would need so many routers (and thus so many subnets) in the one place. I'm sure I'm missing something. Or is this just used for the sake of examples - to teach how these protocols work in a configuration that probably won't be replicated in the real world? [link] [comments]  |
| Posted: 01 May 2019 01:40 PM PDT Soon after I started my first Cisco Nexus 7000 project, I created the cheat sheet in the link below. When you download this sheet you are also helping me with my AWS infrastructure study. This is a PDF and may download in the background. Thanks. https://s3.amazonaws.com/oct1307-shared-tech/NX-OS+Command+Cheat+Sheet.pdf [link] [comments]  |
| Free Network Audit Tools Recommendations Posted: 01 May 2019 07:17 AM PDT Looking to do a one time network audit on small businesses every time we on board a new client for IT Support, we want to find out the number of devices they have on the network and hostnames of them. Ive been very vague as unsure exactly what we want at this stage but apart from them 2 things, I am more looking for recommendations on what free network audit tools can people recommend? I mean one thing Im thinking about is in terms of security to check for any basic flaws, not a full on Penetration test just some basic 1 click test that can be run to say this port shouldn't be open or why is this device broadcasting this. To add I know about nmap and researching into how I can use it better [link] [comments]  |
| Quick question about network automation Posted: 01 May 2019 11:44 AM PDT What's the normal step by step for deploying a lot of new switches all at once? Do you console into each one by one and assign them an IP with a username and password to SSH? And if so, why don't you just manually copy and paste the config while you're there? That part of automation always confuses me. Any one have experience with mass deploying switches? [link] [comments]  |
| [Question] C9500 connecting to C9300 via a QSFP adapter Posted: 01 May 2019 02:44 PM PDT Due to an order misstep, I needed to find a way to get a C9500-12Q-A to talk to a C9300-24P-E switch. The remedy that we came up with was to use a CVR-QSFP-SFP-10G QSFP adapter in order to have the 40G c9500 talk to the 1G c9300. At first the c9500 would not register the adapter but after upgrading to the 16.9.2 OS it shows connected and has lights. The issue is that on the other side, the c9300 is showing not connected and does not see itself attached to any device. Right now it is on 16.9.2, is there a specific code that I should try on the c9300? The module sheet shows that the adapter can have a GLC-SX-MMD inserted into it but what good is that if the 1G switch on the other side doesn't register it? [link] [comments]  |
| Posted: 01 May 2019 01:00 PM PDT Hey all, So I was going through the wireless design videos and it talked about mDNS snooping. We have this enabled on our WLANs, but my question is this: why do I see a metric ton of mDNS packets when doing a wireshark when it seems like mDNS snooping is supposed to work as a unicast of sorts? I do not see all of this traffic when I go wired. Thoughts? [link] [comments]  |
| Best practices connecting cloud application to local server Posted: 01 May 2019 02:03 PM PDT Have an issue. I have a cloud application that needs to connect to a SQL Server instance that sits behind a firewall. For the application to properly get connection to multiple SQL Server instances a hole needs to be created in the firewall. Everytime a hole is created there is a public IP address used. We currently have listeners for other applications that sit behind the firewall but the third party application we want to integrate does not have anything native to serve the purpose we need. Any ideas? [link] [comments]  |
| Micro-ISP - Setting up multiple external IPs Posted: 01 May 2019 02:00 PM PDT Hey guys - first time running into this, which I'm sure is a breeze for a lot of you out there but I'm stuck and it's either the gear I have doesn't cut it or my know-how doesn't cut it. Doing a strip-mall type of project for someone.. they are including internet service into their tenant leases for the spaces. The owner will occupy one of these spaces (it's a new construction) and wants me to be able to run everyone through the same internet connection/account. My first thought was to just VLAN the heck out of it but realized that may not cut it if tenants have different firewall rules and other things going on.. just doesn't seem as secure segmenting completely separate companies through a switch. My second thought, after getting on the phone with the owner's ISP and realizing he has 10 external static IP addresses, was to create a micro-ISP type of setup: Receive the ISP connection through the ISP's gateway router in the rack. Run this into the owner's own version of a gateway router. Assign each port on that router with a specific external IP (e.g., eth1 gets .50, eth2 gets .51, and so on). Current gear the client was/is using is Cisco RV325. Do you think this is sufficient? If not, what kind of router do I need to have to make this idea happen? Thoughts.... thanks so much. [link] [comments]  |
| WPA-3 uses the dragonfly(SAE) handshake, can anyone explain how this works in very novice terms? Posted: 01 May 2019 12:15 PM PDT |
| Posted: 30 Apr 2019 06:07 PM PDT https://www.youtube.com/watch?v=RiDilURqXJ0 Interesting style, gaps between racks increased to 10 inches, side by side patch panel to switch layout, 1u wire management between switches and patch panels, 5 ft patch cables, labels on patch panel and labels on the switch side of patch cable. Connect cables from bottom to top then add labels to the wire from top to bottom. Oh and leave a 1u space under the switch to account to the 2u patch panels. [link] [comments]  |
| Running an ESXi Server in the cloud for LABs? Posted: 01 May 2019 10:10 AM PDT Hello Team, I want to run labs with tech like F5 BigIP, Palo Alto firewalls, Proxies, etc. And to test scenarios I would need to host backend applications like an exchange server, IIS servers, etc. Is it possible to run this stuff in the cloud at an affordable price? AWS seems expensive for this I am thinking some other services like Rackspace which allow you just use a server at a fixed monthly price. Anyone tried this yet?? [link] [comments]  |
| IOS-XE 16.9+ Mandatory Smart Licensing - SLR - Specific License Reservation Posted: 01 May 2019 08:34 AM PDT |
| Cisco UCM question- some phones not able to use DTMF on certain numbers. Posted: 01 May 2019 07:12 AM PDT CUCM version 11.5.1.12900-21 Cisco phones in question are all 8811 or 7841. My background is R&S, so this is all new to me. The issue is basically this: on a set of phones, all in the same CSS, users can call 1-800 numbers and use the touch tone options with no problem. However, when they call in-state numbers with touch tone options (local government numbers, for example), that function doesn't work at all. I can recreate the problem by adding one of the user's extensions to my phone at the central office. My extension works fine, theirs doesn't. We've got seven or eight offices here. The issue is only happening at one. As far as I can tell by comparing "fully functional" phones to the ones experiencing the issue is that the only difference is the CSS. But that doesn't really make sense to me, since the CSS is just a grouping of partitions, which are just DNs. It seems like more of a routing issue, but all CSSs appear to be configured the same for call routing, as far as I can tell in CUCM anyway. I know there's a Collaboration sub but it's not very active. Any ideas as to where to go from here? [link] [comments]  |
| Posted: 01 May 2019 05:55 AM PDT We utilize NTOP to measure our WAN flows, which is presently done via a span from our WAN interface sent to another that our NTOP server listens on. Long story short, we wanted to move NTOP into a VM cluster (it is presently on a standalone host) which would require us to span the monitor traffic to a VLAN rather than a specific physical interface and configure NTOP to listen on that VLAN. I accomplished this by creating a VLAN for the purpose of receiving the traffic and configured an RSPAN with a destination of that new VLAN on the switch. All seemed well as it was working great, until I realized that the switch was sending all mirrored traffic down every trunk port - not just the trunk that the NTOP server was listening on. I confirmed that we have the correct VTP configuration (core switch is the "server" with all subsequent switches as client and all are in the same VTP domain with VTP pruning enabled), so there should be no other clients needing that VLAN traffic. Am I misunderstanding what VTP pruning should be doing in this instance? [link] [comments]  |
| Network with no DHCP - Adding Router to Lan for Wifi Posted: 01 May 2019 02:55 PM PDT
I got a TPLINK router and connected the WAN port to a switch in the desired location. I gave the WAN port a static IP that that was unused in the same range as the other devices on that subnet. Filled in DNS etc. Since I'm simply using it for wireless I have no devices connected to the routers LAN ports, and I setup the wifi with DHCP using the standard range 192.168.0.X Later in the day we had an issue with out Sonicwall VPN, where NetExtender users couldn't connect. Remote Access Error then later it simply said "Address Range Exhausted. But the VPN's address range is 192.168.200.X. Maybe i'm going about this wrong but wondered if anyone had any advice. [link] [comments]  |
| Having trouble with Windows and 802.1x Posted: 01 May 2019 08:43 AM PDT Hi everyone, not sure if this is the right place to post this, but I've made a search for similar questions on this sub and seen a couple similar ones asked in the past, so hopefully this fits in the scope of this sub. So I've been trying to implement Wifi using certificates at work. Current setup: I've set up a SubCA with certificate templates to be autoenrolled from for both Users and Computers (this works, and I get certificates in both the User/Personal store and Local Computer/Personal store). I've set up NPS on one of the DC with the required policies. I've configured a GPO that configures the wifi profile on the test workstation (Windows 10 Pro 1809). In summary, this is the current setup:
What currently works:
What this tells me is that both ways of authentication are correctly set up (correct me if I'm wrong in assuming so). The goal: Have the PC boot up, connect to the Wifi using the Computer certificate to apply GPOs and be able to query AD for user logon. Upon user logon, re-authenticate using the User certificate. The problem: If I set the authentication mode to "User or Computer authentication", I cannot connect using the Computer Certificate at the logon screen and get an error message that reads "Can't connect because you need a certificate to sign in. Contact your IT support person.". If I then logon using (cached) user credentials, it will allow me to connect using the User certificate as expected. Looking at the logs in Event Viewer (WLAN-AutoConfig), I can see the reason why it fails, but cannot understand why it fails:"EAP Root cause String: Network authentication failed\nThe user certificate required for the network can't be found on this computer.". I have also tried looking at the NPS logs to see if any more details could be obtained, but there is not a single entry in the log files when these failed attempts occur. Because of this, I tend to believe the connection attempt does not even get to the NPS server before failing (which would make sense if it can't even locate the certificate to start the connection request). Seeing as how I can successfully connect to the wifi network using my Computer certificate if I set the authentication mode to "Computer Authentication" instead of "User or Computer Authentication", why would it not find the required certificate? I feel as if it's trying to fetch a User Certificate even if there are no logged users. Is this possible? What would be difference between the single "User Authentication" and "Computer Authentication" modes as opposed to using "User or Computer Authentication" that could make it behave this way? Any help would be greatly appreciated! Edit #1: formatting [link] [comments]  |
| Is this attitude from mgmt pervasive in IT? Posted: 30 Apr 2019 06:16 PM PDT A friend sent me a picture of an email he received from management at a former place of work and it made me glad I don't work there anymore. Here it is. I get that if the company needs you at an inconvenient time it will be nice if you can help, but the expectation that you'll do it w/o guaranteed comp time commensurate with the amount of off-shift time worked is pretty shitty, as is the lack of gratitude conveyed just because they're paying you a competitive wage. Have any of you had to deal with this and stood up for yourselves, or just left ASAP? Edit: This company is supposed to be staffed 24/7 by people working first, second, and third shifts with overlap to hand off unresolved incidents. What ended up happening is that the CEO didn't approve new hires to fill vacancies. This left the company short staffed and some accounts with no one on shift for two shifts a week, even though the clients paid for coverage they weren't getting. The competent employees got the short end of the stick because management was getting ready for an IPO. [link] [comments]  |
| Super high ping every 58th ping? Posted: 01 May 2019 12:04 PM PDT Recently upgraded our network switches from a stack of Dell PowerConnect 6248P switches to a stack of Dell N3128PX-ON switches. We now have 1 printer (Lanier LD 130C) that every 58th ping goes from <1ms ping to > 2200ms or the request times out. It only does this though on the 58th ping and it is repeatable when the printer is in energy saver mode. This one device is the only one that I have found so far that has weird ping issues. Printer support company came out and replaced the network controller and no dice. From a network switch standpoint what would be a good way to check that my switch isn't the cause? Port config is as follows: [link] [comments]  |
| VPN migration from Policy to route-based Posted: 01 May 2019 08:17 AM PDT I have a mess of policy-based VPN's that i want to convert to route-based and rationalise. A couple of questions, once i have done config for route-based, will the policy-based vpn drop? or will it have no effect until i start routing via the tunnel? [link] [comments]  |
| Adding and Configuring Dynamips Supported Cisco Images to EVE-NG Posted: 01 May 2019 10:51 AM PDT |
| 1GIG DIA business circuit installed today - only 1strand fiber Posted: 01 May 2019 12:35 AM PDT I don't know much about fiber, so can someone help me understand this. ISP technician finished the install today and said we only needed 1 strand fiber (of the two, he only plugged one in).. So one is left dangling. /so I now assume 1 strand is handling both RX and TX. My order was for 1gig DIA, with a ethernet handoff. All my tests direct to the ethernet handoff are only maxing out at 400mbit up and down. I called him back and he brought his meter and he certified it at 1gig. I never had an installation with only 1 single strand of fiber. Am I at any disadvantage and should I have them come back to fix this? I'm still not able to get anything about 400mbit, direct wired to the ethernet handoff. [link] [comments]  |
| Posted: 01 May 2019 01:35 PM PDT What is term of propogate qos in router configuration? when we are configure this things on interface? Example : interface loopback1 Ip addrees 192.168.xx.xx Propogate qos from ---------+++++++ [link] [comments]  |
| I/O error when loading new IOS file Posted: 01 May 2019 06:23 AM PDT Hello, I am trying to update my Catalyst 2960XR to a new firmware image. Im using Apache Tomcat as a webserver to host the bin file. (This is being done for testing purposes and cant be worked around) The switch can see the file but when i try to load it, i get an I/O error. Anyone have any advice on a solution? Thanks! [link] [comments]  |
| Posted: 01 May 2019 05:40 AM PDT Hi all, hoping this is an easy question for somebody to answer. Seems straight forward to me but with compatibility with some products was just hoping for some reassurance! I am looking to purchase 2x Dell S4148F-ON switches. These come with 4x10/25/40/50/100GbE ports. I also want to buy a Mellanox Connectx-5 NIC (MCX556A-ECAT) These NICs say they work in both Infiniband or ethernet. Would the MCX556A running in ethernet mode be compatible with the 100Gb ports in the dell switch? Thanks in advance for any help! [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment