Yet another backdoor in Cisco gear - what vendor to trust? Networking |
- Yet another backdoor in Cisco gear - what vendor to trust?
- How difficult is it to learn python for network automation?
- IS-IS scale
- Opinions on HPE Aruba 2930F Series
- What’s the proper method to mount network racks to a commercial steel stud wall?
- Best Network Tester Under $1k
- VPN tunnel keeps going down. I'm at a loss.
- What to do with a Disconnected ONT on a FTTH network?
- Locked out of routers?
- Equinix pricing guide?
- CCNP Security Stupid Questions
- What’s your SOP, when installing MPO/MTP trunks (like 24fiber MPO) do you test the trunk fiber? Or do you wait until it’s connected through the cassettes and then test?
- DCNM for Managing NX-OS VXLAN Deployment
- BGP routes on Cisco 3750G-12S
- ASA - Palo VPN keeps dropping after 8 hours
- Anyone working with Huawei VRP gear? output screen width help needed
- link aggregation between HP switches?
- IP Whitelisting using dynamic DNS records
- Which usb flash drive do you use?
- ISP Quote
- ACL killing DHCP
- Seattle Low Voltage Contractor
- Any Netgear experts in here?
- VM VPN private from host
| Yet another backdoor in Cisco gear - what vendor to trust? Posted: 02 May 2019 09:46 AM PDT https://www.theregister.co.uk/2019/05/02/cisco_vulnerabilities/ I think there's like 20 cases where Cisco has had hard coded password or some other vulnerabilities within a year. Juniper had some too and no one trusts Huawei even though they haven't had backdoors but they're Chinese. We're doing a network upgrade, so is Nokia the only vendor you can trust security-wise? [link] [comments]  |
| How difficult is it to learn python for network automation? Posted: 02 May 2019 11:55 AM PDT Just curious how fast others have picked it up? I have absolutely no experience with any kind of programming language, nor do I have any real desire to have any. But network automation always seems pretty interesting to me. Is is possible to learn the basics of network automation in like a week or 2 or is python a little more complex than that? [link] [comments]  |
| Posted: 02 May 2019 04:28 AM PDT I've inherited a network for a large enterprise. The company has roughly 50 sites and that could grow to ~200 within a few years. They are small sites with just a few network devices in each location. For WAN connectivity they have a layer2 service from two telcos. Basically a VPLS style setup where we use a VLAN on our external port and we get connectivity into all other sites. ISIS is used as the IGP. Right now we enable ISIS on the multiaccess provider interface so everything on that VLAN forms adjacencies with everything else. Right now that means about 50 devices are all in the same VLAN all running ISIS in a single level 2 area. There is also some point to point wavelengths between the bigger sites that also do ISIS in the same area. BGP is used as well, we peer with loopbacks at each site, and have route reflectors doing the bulk of the work. ISIS is used only for advertising the loopbacks of each device So my question is, how many devices do you think can exist in the multiaccess network before ISIS starts to have issues? All the devices that participate in ISIS are modern, QFK10K, QFK5K, NCS5500.. [link] [comments]  |
| Opinions on HPE Aruba 2930F Series Posted: 02 May 2019 02:11 PM PDT I'm trying to build a "pro-consumer" network for the home office. I'm collecting people's experiences and knowledge with regard to the subject switches. From this thread, the reviews seem to be mixed, albeit the thread was from a couple of years ago. I'm in the market for switches that have 16 or 24 ports, POE+ (for cameras), at least SPF and SPF+ (price dependent), and (crossing fingers) a centralized management system. Are these just rebrands of old, almost EOL hardware? Are they still being deployed in the infrastructures? Are there continuous software/firmware updates? Other comparable switches I should consider? [link] [comments]  |
| What’s the proper method to mount network racks to a commercial steel stud wall? Posted: 02 May 2019 09:01 AM PDT I've been getting mixed answers, some say to use snap toggles into the studs and others say sheet metal screws will work just fine. We will be mounting two 10U hinged IDF racks with plywood backing (fire-rated). What method has worked well for you? I'd appreciate any feedback/suggestions. Here's an example of a hinged 12U IDF mounted to a wall with plywood backing. Can anyone tell what the installer did here? Ideally, I'd like the two racks to hold a UPS, switch, and a patch panel. Thank you. [link] [comments]  |
| Posted: 02 May 2019 12:24 PM PDT What's everyone's opinion on the best network cable (RJ45/Cat6) tester/tracer for under $1k. I'm a one-man shop and I'm getting ready to terminate about 300 cables in our new facility. Need something to test the cables and help trace them all out. [link] [comments]  |
| VPN tunnel keeps going down. I'm at a loss. Posted: 02 May 2019 10:59 AM PDT tldr; My site-to-site goes down periodically. If I manually reset it, it lasts 7.5 hours. If it eventually resets itself, the time it lasts varies. Hi everyone. I have a problem with my site to site tunnel and I can't figure it out. I have my main network and I have a satellite office. On my main side, I am using a Palo Alto (PA-3050 x2 (HA)) managed by Panorama. [Palto Alto] <> [tunnel] <> [Juniper] I've tried the following: I'm sure there's more that I'm forgetting. The only thing that seemed to make a difference was the last one. Changing the lifetime actually did make a difference. Also, I notice the tunnel takes around 10 minutes to start passing traffic once the firewalls show that its up. It seems like the tunnel is dying before its 8 hour lifetime and then if it re-establishes itself eventually, the two sides get out of sync or something sooner or later. Or who knows? Maybe the time has nothing to do with it. So here are some logs and configurations. I replaced the real IPs with fake ones for this post. Palo Alto config: https://imgur.com/a/awPM9Ut Breakdown of pings: 04/27 23:34:30 Up 7 hours, 26 minutes and 1 second 04/28 07:10:27 Up 7 hours, 26 minutes and 29 seconds 04/28 22:23:21 Up 7 hours, 26 minutes and 20 seconds 04/29 8:08:26 Up 7 hours, 28 minutes and 26 seconds 04/29 16:15:53 Up 7 hours, 27 minutes and 26 seconds 04/29 23:53:19 Up 7 hours, 26 minutes and 22 seconds 04/30 8:09:42 Up 7 hours, 34 minutes and 3 seconds [link] [comments]  |
| What to do with a Disconnected ONT on a FTTH network? Posted: 02 May 2019 07:22 AM PDT Looking for advice on how others handle disconnected services in a FTTH market? Currently the ISP I work at leave the ONTs on premise and connected when a customer cancels their services. As a result our NOCC will receive occasional bogus alarms for the ONT when power outages occur or other events. The NOCC is asking for the ONT to be removed from the premise so that it can not alarm, but the install group like having them left in place to provide rapid reconnect. There has been discussion about suppressing alarms from the ONTs, but that leaves us with no visibility to a $100 piece of essentially remote equipment. [link] [comments]  |
| Posted: 02 May 2019 11:05 AM PDT We were trying to set up SSH access for our routers and after inputting these commands in the config terminal: ip domain-name x crypto key generate rsa 1024 line vty 0 4 transport input ssh login local password x exit line console 0 logging synchronous login local we got locked out of the router and cannot get back in with the username and password we set. We tried using local, HQ-Router and admin for the username and none worked with our password to log back in. Can anyone give insight on what would the right combination to get back in? Thank you! [link] [comments]  |
| Posted: 02 May 2019 11:43 AM PDT Hey guys, I was wondering if anyone knows or if there's an Equinix pricing guide for their colocations services - specifically in London (LD1-LD10) for 1/2 a cabinet. Thanks! Edit: looks like I'll have to contact their sales, thanks for the responses! [link] [comments]  |
| CCNP Security Stupid Questions Posted: 02 May 2019 05:31 AM PDT - One of the questions in the exam: Which two web browsers are supported for ISE GUI? options:
(Many more like this, e.g. where to click on ASDM). Can anyone explain to me how knowing these makes you a better engineer? :( [link] [comments]  |
| Posted: 02 May 2019 05:04 AM PDT Generally when using a MPO trunk it is connected to cassettes (with LC or MPO outputs). What I'm trying to get at is do you (they) test the trunk before it is connected to the cassettes and then test again through the cassettes? Or is it all tested once after connecting to cassettes? [link] [comments]  |
| DCNM for Managing NX-OS VXLAN Deployment Posted: 02 May 2019 02:00 PM PDT All, I am curious if anyone is using DCNM to manage a full blown VXLAN MPBGP EVPN solution? I am in the process of a data center re-design and a few of the requirements that I have are :
That being said I have drank the ACI Kool-aid and know that Cisco says that it can borderline cure cancer, but I have not yet found anyone that is using DCNM to manage a VXLAN. Any thoughts? Opinions? War stories on DCNM? Thanks! [link] [comments]  |
| Posted: 02 May 2019 04:05 PM PDT Hello all. Long time lurker here. Just have a quick question for those familiar with these switches. I run 2x Cisco 3750G-12S switches in a DC. I run iBGP between the two switches and have route-reflector clients downstream of them. Upstream I have connectivity from each switch to two transit providers and an intermediary with LINX. My question is this. I accept a bunch of routes over the 'intermediary' peer in order to steer as much traffic towards LINX as possible. These switches only handle around 8K IPv4 and 8K IPv6 prefixes (if I remember correctly!) Currently, I'm taking in just short of 2K IPv4 prefixes on each switch and these are then being exchanged over iBGP as well thereby forming multiple paths to these destinations. Does this in effect use 4K out of the 8K prefix capability or does it only count as 2K prefixes but use slightly extra ram to store the additional paths? I apologise in advance if this seems like a silly question but I can't seem to get a clear answer on Google. Thanks for reading. [link] [comments]  |
| ASA - Palo VPN keeps dropping after 8 hours Posted: 02 May 2019 12:03 PM PDT New S2S routebased vpn between ASA and Palo Alto FW keeps dropping after 8 hours. Clearing ipsec peer on ASA does no good, i have to disable the ike gateway on the Palo to get things working again. ASA debug shows this:
Palo debug shows the below:
Obviously something not, but im not sure where to start! Anyone able to advise? this is the first routebased vpn off this poarticular ASA, but the same vpn config on another ASA to my Palo Alto has been stable for days EDIT: Full Cisco config i applied is below
[link] [comments]  |
| Anyone working with Huawei VRP gear? output screen width help needed Posted: 02 May 2019 03:19 PM PDT Hello redditors, I've got some Huawei S5700 around that are used for a smallish project, these use VRP as its NetOS (not CloudEngine). I have a problem with the following command: It returns cropped data, for instance: The whole name of the device is ar-dc01-asw05.netinfr.mycompany.com so it should return something like: Anyone know if there's a way to fix this? I've tried "screen width" command to no avail, the reason I need it full is because I'm building a micro app that queries this data and then parses it, so I need the full name and the other command I have vailable: Produces a wall of text... per interface with a neighbor, which I am having a hard time parsing. Any ideas? Thank you in advance. [link] [comments]  |
| link aggregation between HP switches? Posted: 02 May 2019 02:16 PM PDT is link aggregation between hp switches possible? not between server and switch, but between 2 switches? they are in racks more than 3 meters apart. so the stacking cable is too short. [link] [comments]  |
| IP Whitelisting using dynamic DNS records Posted: 02 May 2019 09:39 AM PDT I have been tasked to setup the following 1 - Setup and maintain a dynamic list of IP addresses, using results performed using a trusted DNS resolver 2 - Also maintain a static whitelist (for business apps that require so) 3 - blackhole traffic for all IP address that do not match the whitelist. Essentially, IP traffic for which a corresponding successful DNS request, and reply, does not exist is denied. There is a lot of details (aging, intercepting and redirecting DNS requests sent elsewhere, etc) but disregarding them all together at this point in time by questions are: A - Is it possible? B - Is there a tool that exists that does that? C - Is managing some static whitelist for legit traffic going to be a nightmare? D - more importantly, is it a good idea to start with? Is there any real security benefit / gain in doing this? PS I looked wide and far here, on different subs and also Google but all I could find was around the concept of using predefined FQDN in some way (different ways). This is not what I am after; any FQDN is Ok (some other system may blacklist domains, but this is another topic). PPS Obviously, the trusted DNS resolver MUST be really good and trustful, but this is also for another topic. [link] [comments]  |
| Which usb flash drive do you use? Posted: 02 May 2019 12:53 PM PDT Hi guys, I recently purchased Samsung 3.1 USB flash drive so I can download some Cisco IOS images and plug it into the switch/router to upgrade the code. Well, I just tested it out today but none of them is reading this USB and I am considering to return this and find another USB. Do you have any recommendations? Thanks! [link] [comments]  |
| Posted: 02 May 2019 12:16 PM PDT Currently in college to get my bachelor's in IT, and one of the classes assigned a project to design/install a network for a theoretical hospital company, with 5 hospitals, 11 clinics, and a research facility(RF). All of this would be east coast USA, primarily VA/MD/DC. My group and I are thinking 10Gb fiber lines connected to each hospital as well as the RF, but I can't find quotes for 10Gb anywhere. Does anyone have an idea of potential costs per site? Or if 10gb is overkill, quotes for 1Gb would be greatly appreciated. Even just direction would help, as several ISPs have all declined to give me a quote, instead directing me to deadends. Each of the 5 hospitals would average 2k users. Any and all help would be appreciated, thank you. [link] [comments]  |
| Posted: 02 May 2019 05:13 AM PDT I am trying to enable a template ACL we have been using across our access switches on a new model of switch and it seems to be producing some strange results. The syntax is the same as the old switches yet adding the same commands seems to kill DHCP even though our ACL explicitly includes the IP address of our DHCP servers. Our two rules are: Without the deny enabled I plug in a test PC to VLAN 1050 and get an IP address as expected. Once I enable the deny rule and release and renew my address the PC fails to get an IP. If I set the IP statically on the PC I get connectivity as expected and can access only the address range specified in our ACL including our DHCP and DNS server. Wireshark packet capture shows only the DHCP requests going out and no other traffic. Our DHCP server is on another layer 3 and we are using IP helper to forward the request. The exact same config works fine on the older model of switch. Any ideas? Cheers [link] [comments]  |
| Seattle Low Voltage Contractor Posted: 02 May 2019 10:58 AM PDT Hope this is not out of line here, but I wasn't quite sure where else to post this (Didn't quite seem to fit in r/cableporn ....). I'm pretty familiar with the players in my existing markets, but my company is opening a new office in Seattle. I've never worked in the market, and none of my contacts have anyone they'd suggest up there either. Anyone here have a contractor you use and like who does low voltage (Cat 6, fiber...) in Seattle proper? Two or three options would be great. The building ownership has provided me with one company, "Diamond Communications" - but I'm hesitant to just pick the first vendor and run. I like to have a few options and bid stuff out. I turned to trusty Google, but I always love the opinions of other network engineers. Thanks for the help! [link] [comments]  |
| Posted: 02 May 2019 02:26 PM PDT I'm sort of confused as how to do some basic Qos, vlan tagging and making a LAG with the web gui. What's the difference between a PVLAN ID and a membership? This is oddly confusing, I wonder if the CLI would make more sense. [link] [comments]  |
| Posted: 02 May 2019 10:22 AM PDT If I setup a virtual machine to use NAT networking (instead of shared/bridged) and I also use a VPN (ie- expressVPN) can the host OS view the network traffic going out my home network? I want to be sure not even the DNS lookups are visible to the host. Basically, I'm installing a VM on my work laptop and I want to make sure nothing I visit using a browser or torrenting is visible to the Host OS. In particular I want to be sure the anti-virus Sophos can't log my network activity in the VM. Thanks in advance! [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment