Best practices to bring down cable bundle & terminate for a 2/4 post rack? Networking |
- Best practices to bring down cable bundle & terminate for a 2/4 post rack?
- BGP on server loopbacks and micro-segmentation
- BGP GR timers with HA FortiGate pair
- Ways to charpen my networking skills
- Windows open source application for monitoring packet loss/downtime?
- Cisco monitor session
- Completely unable to figure this out
- SilverPeak SD-WAN Tunnels
- VLAN translation on originating switch?
- L2 or L3 switching for 300 device network
- DHCP relay agents: On a multiple switch environment that includes a core stack, do we need relays on each switch?
- Mac flapping with wireless clients
- VOIP not working after new Palo Alto firewall
- Possible deny all not setup properly and how to correct it
- isolate single vlan from other vlans and internet but allow only single server/domain controller access
- VeloCloud LED status
- Python script to find VLAN x and change to VLAN y
- Cisco 2960x QoS - queue threshold clarification
- Azure first impressions. Is AWS any better?
- Juniper JWeb (New UI) Security Policy
- site to site VPN with business partner best practice
- Financial Firm Network Setup
- Cabling QSFP to SFP options - Cisco Nexus
- My boss has been reading Gartner reports again...
- 2851 Routers, interfaces are UP/DOWN, using SFPs
| Best practices to bring down cable bundle & terminate for a 2/4 post rack? Posted: 23 Jul 2019 11:43 AM PDT Hello! We just finished running Cat6 throughout the building. Now we're stumped regarding what the best method is to bring the large cable bundle down from the drop ceiling into the patch panel. Here are a few methods we've seen before. In one example, the cables come in through a pre-cut EMT conduit strapped to the wall, onto a cable runway and then into a patch panel. In another, no EMT conduit is used and the tile was simply cut for the bundle. To cut to the point, should a cable runway be used? Should we just position the 2/4 post rack next to the wall so the cables just come down? Why should a EMT conduit be used for ceiling entry? Thank you. [link] [comments]  |
| BGP on server loopbacks and micro-segmentation Posted: 23 Jul 2019 08:51 AM PDT I'm playing around with an idea to build the DC network using BGP on servers and having the services listening only on loopback interfaces. Diagram: https://i.snag.gy/kYSTGa.jpg Has anyone built something similar? Wondering how to implement proper segmentation between the servers, if sort of maximum security is required. If I did the BGP peering between the FW and VM, all the traffic between the VMs would go through the firewall and I could implement rules. On the downside, all the traffic would go through the FW :) One option would be to create multiple VRFs, and have the servers that need to talk to each other in the same VRF. And do the BGP sessions between L3 switches and VMs, and L3 switches and FWs within that VRF. I'd allow traffic to exit the DC only using the loopback IPs to keep FW rules simpler to manage. Any thoughts? Thanks! [link] [comments]  |
| BGP GR timers with HA FortiGate pair Posted: 23 Jul 2019 11:31 AM PDT |
| Ways to charpen my networking skills Posted: 23 Jul 2019 08:58 AM PDT So I finished a 2-year course on Network administration and security (basically the 4 fundamental CCNA courses from CISCO: CCNA 1,2,3,4 and Security) but other than "packet tracer" I didn't have much practice and don't feel like am ready to actually assist in any networking tasks in an actual work environment. That's why I am currently looking for an internship, but would also want to know what can I do at home? any recommended courses or projects to start that would prepare me for an actual network technician job? [link] [comments]  |
| Windows open source application for monitoring packet loss/downtime? Posted: 22 Jul 2019 07:03 PM PDT Can you recommend an open source Windows application that can monitor packet loss and internet down time? Particularly if it can compile it into a report over a period of time. [link] [comments]  |
| Posted: 23 Jul 2019 02:45 PM PDT So i have some sip issues, im trying to sort out a wireshark capture which i havent done since wire shark was the new name on the block, anyway im convinced that my commands on my 2960 are not working Monitor session 1 source fast 0/1 both Monitor session 1 dest fast 0/2 I see no ip traffic to or from the ip on 0/1 i only ever see captures of my nic trying to do stuff, i have set the network card correctly but im stumped. Any guesses to whats wrong with my commands? [link] [comments]  |
| Completely unable to figure this out Posted: 23 Jul 2019 05:56 AM PDT Hi all I have come to this subreddit because I am at my wits end. I feel like everything I know is wrong all because of one little 8 person network. This is a new client of ours. The router is a Mikrotik hAP Lite (v6.45.1), primary WAN is fibre with a PPPoE dial-up. Router is DHCP & DNS server, 8.8.8.8 is set as the secondary DNS server by DHCP. Mikrotik has static DNS servers (8.8.8.8 & 1.1.1.1) and responds to remote queries. Wifi is provided by UBNT Unifi AP AC LR, the network cable goes from the injector into the Mikrotik (to rule out issues with the switch). AP is running the latest firmware, and is given a static IP. Clients get DHCP address, they can ping the router but cannot get out to the internet. If they are on cable they can. Previous WiFi setup used two TP-Link Extenders setup as APs and plugged into ethernet cable. Clients will stay connected for a few hours before they are unable to get DNS queries resolved. At first I thought it was the WiFi, so we installed the Unifi AP, then I thought it was the switch so we plugged in the AP into a port on the Mikrotik. Earlier today I was battling with a users laptop - disabled Windows firewall, and it started working again. 2 hours later... client phones and no one on the WiFi can get internet access. I even completely wiped and reconfigured the Mikrotik today thinking I didn't do something correctly. I honestly do not know what I have missed so I have come to this subreddit in the hopes that you might see something I don't. [link] [comments]  |
| Posted: 23 Jul 2019 07:08 AM PDT After about six months of meetings, decision matrices, PoCs, etc. we have narrowed down our SD-WAN choice to SilverPeak or VeloCloud. One factor that may make the final determination is how the tunnels are created (WANOP is considered a nice-to-have, but not a determining factor). For Velocloud, tunnels are dynamic and most of our sites would have an appliance that supports 25 or 50 tunnels. For SilverPeak, the tunnels are static, but most of their units support 2000 tunnels. We have caught wind of a potential concern with the SilverPeak tunnels in that, the more sites that are deployed, the longer the SilverPeak units take to build all the tunnels. My main question is - has anyone had any SilverPeak experience with 100+ sites? Do the turn-ups become unbearably long at any point (like, over 20 minutes)? Have any performance issues been encountered as more sites get added? Any limitations reached? [link] [comments]  |
| VLAN translation on originating switch? Posted: 23 Jul 2019 06:05 AM PDT Good morning all. Possible stupid question incoming, but I've never used VLAN translation (mapping) before. So I've got a Nexus switch, with devices in VLANs 10 and 78 connecting to an Arista (which I don't control or have access to), which connects to the internet. The link btwn the Arista and my Nexus only allows VLAN 78 across it. Can I translate VLANs on my end from 10 to 78 as it goes through my switch? Reading, it sounds like VLAN translation works on ingress at trunk ports, which leads me to think it wouldn't work if I set mapping on my Nexus trunk port? But maybe (hopefully) I'm reading incorrectly? [link] [comments]  |
| L2 or L3 switching for 300 device network Posted: 23 Jul 2019 03:52 AM PDT Should I bother with L3 switching if I only have 300 devices? 50 are statically assigned. My switches support it. This is a data only LAN. VOIP is on it's own set of switches. [link] [comments]  |
| Posted: 23 Jul 2019 10:58 AM PDT Right now the DHCP relay (ip address-helper) is enabled on the core stack and is correctly relaying DHCP information. However, we're now getting some issues with double IP address assignment after we updated one of our DHCP servers to Server 2019 (migration, not in place). The only place we've updated the DHCP relay is on the core stack (and router). We have a good 20+ switches in and around our physical environment that we have not touched since the upgrade. After we started seeing double ip address assignments, we took a look at some of the other switches. Some are 3750s others are SG300s. The SG300s have DHCP relay disabled, however, some have our DHCP server IP's added to the DHCP Server table and some do not. I guess my question is, if we changed the core stack's DHCP relay info, do we have to do it on every single switch in our environment or can we just disable this function and allow just the core stack to handle these requests? [link] [comments]  |
| Mac flapping with wireless clients Posted: 23 Jul 2019 07:50 AM PDT Hi All, I've noticed some logs on one of my switches related to mac flap notifications, this looks to be caused by wifi devices (we use sonicwall firewall and soincpoint AP's) roaming between AP's on different switches, causing the MAC to appear on different trunk ports at the core. Is there a known solution to this issue, or is it even a cause of concern? [link] [comments]  |
| VOIP not working after new Palo Alto firewall Posted: 23 Jul 2019 03:43 PM PDT Sys admin from small company that wears multiple hats. Upgraded from Cisco firewall to Palo Alto 220. No url filtering license. Phone system is Zultys server in cloud. After the upgrade everything is working but our VOIP. We have some Polycom desktop phones that point to a cloud, and a soft phone app on the desktop that points to the same cloud server. Nether the app or the phone can connect to the server. I can ping the cloud server and I can connect to it in a browser. When I look in the traffic logs on the Palo Alto and sort by the address of the cloud server it says Session End Reason "Tcp-rst-from-client" and "tcp-fin" for most of the entries. I opened the ports 5060, and 7100. I've spent several hours trouble shooting this and I'm not sure what to try next. Any recommendations would be greatly appreciated. Thanks [link] [comments]  |
| Possible deny all not setup properly and how to correct it Posted: 23 Jul 2019 02:59 PM PDT Disclaimer: Networking is one of my weaker areas. Plus the problem I'm presenting is one I inherited and want to learn how to fix it properly. So please go easy on me. So where I work now we have a few different VLANs of various security for different purposes. For the purposes of this post I'm going to compare two of them. So we have our main one that is used throughout the office where people can browse the web freely, our main infrastructure resides and it's pretty open. Another one is more locked down because of PII. From the main, which I'll call Office, there is almost no interaction to the locked down one. Exceptions being for things like RDP so users can remote into it to do work from within it and things like that. The locked down network can get out for a few things like AD but not a whole lot else. The ACLs for the locked down network end with a deny all rule. However the Office network does not. In our firewall there's a network object group that contains all of the different interfaces that are in the firewall. So it includes the office network, the locked down network and the others. For the ACLs associated with the Office network the second to last rule is a deny all for that network object rule. The last rule is basically an allow all. Now for the locked down network the second to last rule is also a deny all for the same network object group but it is succeeded by a deny all. When I asked why it was setup this way for the Office network I was told that the deny rule was to prevent Office from touching any of the locked down networks but the allow all rule was so that it could still get to the outside world. The locked down network has the deny rules so that it cannot talk to anything outside of it's VLAN and cannot talk to the outside world. In hindsight this is something I should have asked about much sooner but didn't for various reasons. The first was because the network was working so I didn't think to question it. The second was that his explanation made sense. I feel like a dunce now though. My question to the forum is what is a better way to handle this? I was reading articles that do mention to allow a VLAN to go out via port 80, 443, 22, etc. etc. Is it really that simple or am I missing something else? Thank you all in advance [link] [comments]  |
| Posted: 22 Jul 2019 10:55 PM PDT Here is the setup, cisco 3750 intervlan routing enable and functioning with 3 vlans and svi's. Everything can get to everything as of right now. vlan 10 - 10.0.10.1/24 - Managment/ servers (Domain controller lives here) vlan 20 - 10.0.20.1/24 - Opertaions pc's vlan 30 - 10.0.30.1/24 - R&D PC's I need to isolate vlan 30 from EVERYTHING (internet, vlan 10 and vlan 20 etc ) EXCEPT the domain controller 10.0.10.50 on vlan 10 so i can manage domain joined workstations on vlan 30. I've been reading that my options are actually very limited in this scenario if not impossible due to lack of reflexive acl capabilities on these siwtche and stateless acl rules that would allow me to permit traffic initiation on one side but then prevent the return. The other option i read about was introducing a router into the mix. I understand the need and use case scenarios for vlan segmentation but what am i missing here? How else is this being used in environments where departments are vlan'ed for security reasons (HR, FInance, sales users/pc's ) but still allow critical infrastructure servers/services (file shares, print servers, domain controllers, dns/dhcp etc.) to be accessible across all vlans? I feel like im missing a key piece to all this to make it click for me. [link] [comments]  |
| Posted: 23 Jul 2019 02:14 PM PDT Scoured the nets but can't find squat for this. Wanting to know what status is indicated by a solid blue Cloud LED on a Velocloud Edge 540. [link] [comments]  |
| Python script to find VLAN x and change to VLAN y Posted: 23 Jul 2019 02:05 PM PDT Hey everyone, Junior network Administrator here. In my company we're changing our voice VLAN and I'd really like to get this done with python. I understand using netmiko I can get onto the switch and change config and do "show.." commands but I'm stuck. What I'd like to do is -Connect to the device (I can do this part) -Run "show run int gi1/0/n" -If it has "switchport voice VLAN x" then change to "switchport voice VLAN y" Obviously if the running config has the "switchport voice..." present then that's going to be an access port and not a trunk so I wouldn't need to put anything explicit in the code to avoid the trunk ports. Than you in advance! [link] [comments]  |
| Cisco 2960x QoS - queue threshold clarification Posted: 23 Jul 2019 01:19 PM PDT |
| Azure first impressions. Is AWS any better? Posted: 23 Jul 2019 01:09 PM PDT First time working in a cloud environment. We're building an environment for a customer in Azure. So far we've run into a couple bugs that have us now at a standstill and the most recent one cost us several hours of troubleshooting today. Support so far has proven slow and unhelpful. I opened a case 5 days ago and a tier 1 tech took some screenshots then went Hoffa on me. I opened a new case for the same issue today since they became unresponsive. More time with a tier 1 tech and they say it's a bug and it has to go to the developers. No ETA on a fix. It seems that sometimes when you change/add/delete a resource it happens quickly and the next time it takes 10 minutes for the same task. Sometimes they fail, you do it again and it succeeds. Logging for all resources is searchable by KQL... something new to learn and have to build queries from scratch. Not to mention a firewall costs $900 per month and does extremely basic functionality and archaic mechanisms for sifting through logs. I.e. having to setup queries and parse raw data. I get the general feel that most of this has been rushed to market, hasn't been adequately tested and isn't properly supported. Maybe I'm just having an unusually poor experience. I'm curious to hear other thoughts and experiences. Has anyone found AWS to be a better solution? Is it the same issues but different platform/vendor? [link] [comments]  |
| Juniper JWeb (New UI) Security Policy Posted: 23 Jul 2019 12:52 PM PDT So I recently updated my Juniper SRX300 and I see the JWeb GUI doesnt show me the Security Policy page or I just cant see it in front of me. I remember it was in Configure > Security > Policy Elements > Security Policy but cant find it anymore as this new UI has changed things. Im on VER: JUNOS Software Release [15.1X49-D180.2] Thanks in advance! [link] [comments]  |
| site to site VPN with business partner best practice Posted: 23 Jul 2019 12:30 PM PDT I've read through several design guides, etc....but when it comes to best practice for design and security, does it matter if I terminate a VPN tunnel at the edge router vs the firewall...or vice versa? The outside interface of the firewall is truly where the LAN ends and I know the incoming traffic from the tunnel that is leaving the edge router inbound would be unencrypted, but since management and control of that public IP space between the firewall and edge router is on my network it seems like that wouldn't be a big deal? Here is a diagram to illustrate what I'm talking about...https://imgur.com/QQyY3Tl [link] [comments]  |
| Posted: 23 Jul 2019 08:11 AM PDT So I've been put in charge of setting up the network /IT systems in my new office. My company is a private financial firm that will need to deal with confidential client data. We have around 20 staff. Office Space ~1,800 square feet. Personal Background: Not primarily IT based, but have dealt with home networking and computer stuff in general. I've came up with a list of networking equipment that I think should be decent for my company, but before I painstakingly explain to my management why I recommend this setup, I thought I'd go through you guys before for some comments. My boss hasn't indicated to me what my budget is (definitely not unlimited), so I will need to convince him why I will need to use more expensive equipments if any. Setup as follows: ISP: 1000M UP/DOWN Router/Firewall: Fortinet 60E (with 360 /Enterprise subscription) - I considered going with a USG Pro 4 since my setup revolves around Ubiquiti (see below), but I've heard that the protection offered by the USG Pro 4 is not comprehensive as the Fortinet 60E. Switch: Ubiquiti UniFi US-48 Wireless AP: UniFi AP HD x 1 + PoE injector Management Interface: UniFi Cloud Key Gen2 Plus Surveillance Cameras: UniFi G3 Flex x 3 Network Storage Drive: Synology Diskstation DS218 (2 Bays) x 2 - Need two for seperate departments. Would appreicate any feedback! Sidenote: I've been put in touch with a couple of guys from Cisco. They've been recommneding their Cloud Security Bundle to me, which includes Umbrealla (DNS filtering), AMP for Endpoints (cloud-based SAAS endpoint security solution) & Email Security (since we are currently using Office 365 for emails). This offering sounds pretty comprehensive, but I have yet to hear back from them on their pricing (I've heard that its very expensive so not sure if my boss would be sold on that). Would love to hear some expereince from those who have use this solution before. [link] [comments]  |
| Cabling QSFP to SFP options - Cisco Nexus Posted: 23 Jul 2019 11:43 AM PDT We're connecting uplinks from a new pair of N9K-C93108TC-EX rack switches to our core, however the new switches only have QSPF ports for fiber and the core side has limited 10G ports and no spare 40G ports. What are our options for cabling? We have some qsfp-4SFP10G-cu3m breakout cables but it doesn't seem optimal to plug in the 40G side to the rack switch and only use one of the four 10G cables on the core side. Any suggestions on alternatives? Thanks AK [link] [comments]  |
| My boss has been reading Gartner reports again... Posted: 22 Jul 2019 09:21 PM PDT OK, what do I do? A Gartner report came out—one of the "Magic Quuadrant" thingies. And now my boss, the "Senior Director of Enterprise Infrastructure," is asking questions. My goal: keep doing what we're doing because it mostly works and I know how to fix it when it breaks (which is rare). [link] [comments]  |
| 2851 Routers, interfaces are UP/DOWN, using SFPs Posted: 23 Jul 2019 08:56 AM PDT Cisco 2851 I have line protocol down issue between 2851 routers.On interfaces **gigabitethernet-**0/2/0 (on both sides), the interfaces are UP/DOWN. The have SFPs on each interfaces. When I go to Router(config-if)# duplex is not an available command so I cannot configure the duplex on the interface. Only thing configured is are IPs on the interfaces. Advice? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment