Blogpost Friday! Networking |
- Blogpost Friday!
- (Fluff post) Stranger Things is hosting an Alternate Reality Game (ARG) for its third season, and it's featuring an active SSH server.
- Technical Interview at Cisco - Part 2
- All clients not receiving DHCP offers during PXE boot, but have no issues when booting into windows.
- Help with dmz fail over
- Looking for advice on how or whether to use LAGs between non-stacked pairs of Dell/F10 switches
- Port Security; Before of After Parameters?
- To leave current position or stay
- OSPF on a single subnet versus dedicated links
- Entering Cisco SNMPv3 passwords in digest form
- key data points during a ddos attack
- Telllabs 532L 0/1 Admin Complex / DUMP ALL Question
- FortiSwitch 448D vs Juniper EX2300
- Juniper unable to commit due to "https Missing mandatory statement: local-cert..."
- Unidirectional & Bi-directional Traffic Difference
| Posted: 04 Jul 2019 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| Posted: 05 Jul 2019 08:04 AM PDT ARG wikipedia page for those who don't know what that is.
I thought this was a very cool move by Netflix/whoever is doing this. Get yourself to your nearest terminal and type:
I had problems with Mobaxterm (ssh_dispatch_run_fatal) but I think it's something to do with the colors, or what they've done with the terminal itself? For those who want it, there's a lot more context at the ST3 ARG discord. [link] [comments]  |
| Technical Interview at Cisco - Part 2 Posted: 05 Jul 2019 02:55 PM PDT This is an update that started with this post. I had the technical interview today. It was only 10 questions and it was text based. The person giving the interview just shared her screen and had the test in word format on the screen. Most of the questions were multiple choice with a few "order" questions. It covered mostly MPLS stuff (which I've never used in production, only read about it so I was very worried). They also had some OSPF and IGMP questions. They were mostly port/protocol questions and route preference questions. Anyway, like I said I haven't used MPLS before so I didn't answer those questions with much confidence. I honestly figured I failed when I ended the session. A few minutes later I got an email saying I passed! So now they are sending my resume to the hiring manager for the next step. I also found out (it was on the paper) that this is for HTTS at Cisco. I understand this is for high profile clients etc but can someone give me more details about the department/team etc? Is it still part of TAC or something else? [link] [comments]  |
| All clients not receiving DHCP offers during PXE boot, but have no issues when booting into windows. Posted: 05 Jul 2019 11:44 AM PDT First off sorry in advanced for asking yet another WDS question on this thread. But this situation has been plaguing me for months. I need advice. My environment was recently refreshed with L3 Juniper devices, from Cisco. Since the refresh our deployment services have not worked. Clients are no longer receiving IPs from DHCP. Current config:
What I've done to troubleshoot:
I'm running out of ideas and my sanity. I can definitely narrow it down to an issue with the Network. Consulted with the new vendor but we have yet to find a solution. My latest theory is that the ports are authenticating quick enough to ISE and the PXE client times out. Has any one encounter these symptoms? Have you found a solution? [link] [comments]  |
| Posted: 05 Jul 2019 05:11 AM PDT All, Please let me apologise if this is a wrong place for this post - this is my first post on reddit (and I'm under pressure to fix this problem). I have got a problem with our dmz fail over set up. From the diagram you can see that we are using 2 x fortigate units (500d), 2 x dmz unmanaged switches, 4 esx hosts. each fortigate is plugged into one dmz switch, and from the switch the connection goes to the esx host either adapter 1 or 2 (it depends on which fortigate) The HA mode on the firewall is set to active - active (i don't know why - i'm trying to fix this mess). on esx hosts (vmware) the dmz 'standard switch' fail over order is set to active - standby, however when i check the otions from the 'virtual switch' menu, the fail over order is set to active - active. Problem: When firewall 2 is master, dmz is online. When we failover onto firewall 1 (so fg1 is a master now), dmz is offline. The network icon on the dmz server goes red - network not available. BUT when I unplug the dmz cable (which goes from dmz1 switch to firewall 1) from dmz1 switch and plug it into dmz2 switch, the dmz server goes back online. Which to me means that the network adapter 1 on the esx host didn't know that i have failed over the firewall onto firewall 1 so the network adapter 1 is still on standby. I know its confusing but i've tried to explain it as best as i can. Thank you for any help. Tom [link] [comments]  |
| Looking for advice on how or whether to use LAGs between non-stacked pairs of Dell/F10 switches Posted: 05 Jul 2019 01:44 PM PDT See diagram here: [Imgur](https://i.imgur.com/mDbpyoc.jpg) I'm designing and building out a new data center using a pair of Dell S6010s for the core (all 40GE) and Dell S4048s for top-of-rack (40GE uplinks, 10GE downlinks), and have decided to not use stacking for any pairs of switches, due to the instability and possible outages that would occur with switch member reboots and upgrades. My goal is to have a L2 network with no single points of failure, but still present aggregated links of some sort to the downstream servers. As you can see in the image linked above, we're using a spine-leaf topology, with the core switches and top-of-rack switch pairs linked together with a high speed interconnect between them (RSTP enabled, with one core switch configured to be the preferred root bridge), and leaving each pair as independent, non-stacked switches. This way, each switch retains its control plane and can survive its peer switch dying or being rebooted. The downstream servers are going to be a mix of Windows 2012R2, Ubuntu Linux 18LTS, and ESXi 6.5+. These systems need to run LACP or similar protocol with the ToR switches that can ensure quick link failover in case one of the ToR switches stop forwarding. I can't wait for the usual spanning tree reconvergence time, as we have a strict 3-second outage limit for our application. I'm also afraid standard "active/standby failover" bonding at the OS level wouldn't account for a situation where a ToR switch "locks up" and stops passing L2 traffic but still presents L1 link to the downstream server. Ideally, I need to ensure the systems can detect when the upstream switch on its respective link has stopped passing traffic or stopped sending BPDUs and mark that link as offline/failed within 1-2 seconds. I can't do LACP between the Top-of-rack switch pairs and the downstream servers, because LACP would require the ports upstream from each server all be in one control plane (like a stacked pair), and I can't do VLT (virtual link trunking) between the core switches and ToR switches because VLT requires one end of the trunk to have a single control plane. I could do VLT if either the core or the ToR switch pair were in a stack, but they're not and will never be. Am I stuck with just trusting RSTP for path resiliency, and just giving up on link aggregation? What are my options, for switch-pair to switch-pair aggregation and switch-pair to server aggregation, using the standard protocols that Dell/F10 switches offer? [link] [comments]  |
| Port Security; Before of After Parameters? Posted: 05 Jul 2019 11:06 AM PDT Not sure where I read this but I will paraphrase: "If the 'switchport port-security' command is issued prior to port-security parameters, the interface will only acknowledge the default parameters from the port-security command." In other words, the interface will not see the parameters (e.g. ...maximum 3) and only run with the default parameters. Is this incorrect? [link] [comments]  |
| To leave current position or stay Posted: 05 Jul 2019 10:12 AM PDT Hi all I am in a bit of a dillema and would like to see how other people in the networking world think about tackle these things. I have been a network analyst at a global firm now for 3 years and a senior within the team for almost a year. Prior to starting here I worked at a couple of ISP NOCs for less than a year doing 1st line (foot in the door type roles). In my current position our team is responsible for all network infra within the estate and it's a mix of support and projects. I have learned a ton here about how enterprises operate and learned things outside of networking that have definitely enhanced my skillset. Since I have been here I have identified and resolved a bunch of issues and delivered some significant projects hence the senior promotion. The thing is, I am not really liking where I am now and don't see where the future progression is. We have an architect in another country who is quite frankly not very good and I feel like my network skills are going to atrophy in the long term if I stay. Most of my work now is admin related and project management, and people generally don't seem to really care about making things great. I have been presented with an opportunity to work for a global MSP where the office is located 5 minutes from my house. The pay is 5k less than what I am on and the role is advertised as 1st/2nd line but I feel it could open up more opportunities in the mid to long term with progression to different teams etc. Has anyone made a similar jump in the past and if so was it the right move? My main motivation is to have more fulfilment which includes spending more time with my family. EDIT I should note that my long term plan is to become a consultant but the short term is to spend more time with my young kids while having some interesting work to do. [link] [comments]  |
| OSPF on a single subnet versus dedicated links Posted: 04 Jul 2019 06:18 PM PDT At the moment, I have a handful of devices, each have an IP in a /24 subnet. This /24 subnet is like a WAN subnet. They have static routes to route traffic between them. We're starting to add more devices, get active/standby devices going, etc. This doesn't fair well with static routes (doing fail over between them is manual or IP SLA and is messy). I'm wanting to enable OSPF between these devices. Any reason why I couldn't just enable OSPF on these interfaces and call it a day? (Removing the static routes afterwards) Would I need to instead, remove the /24, designate one or two devices as "cores" and then create /30 links between each devices and the cores? [link] [comments]  |
| Entering Cisco SNMPv3 passwords in digest form Posted: 05 Jul 2019 12:55 PM PDT Has anyone successfully been able to enter your SNMPv3 passwords in digest form? My SNMPv3 works when passwords are entered in clear text, but when entered in SHA digest form, SNMPv3 tests fail. Cisco says this can be done (scroll down a little to "Working with Passwords and Digests") The format I'm entering is as follows: SNMP-Server user testuser SNMPv3Group v3 auth SHA db:fa:10:bc:69:69:59:6d:3d:d4:71:9d:5f:65:fd:c2 priv AES 256 30:a4:c7:c7:df:a2:28:88:7d:a0:13:ce:73:9c:1d:0a access 30 I'm creating the SHA1-96 digests by discarding the last 4 octets of SHA1 digests. [link] [comments]  |
| key data points during a ddos attack Posted: 05 Jul 2019 12:33 PM PDT Hey folks, I've been thinking about what makes a good DDoS defense tool and I wanted to try and poll this group of experts to see if anyone could contribute thoughts here. My questions revolve around the following: When your company is under a DDoS attack, what features and/or data do you need in front of you in order to understand the nature of the incoming attacks? What features or data do you need in front of you in order to mitigate the attack? And what features or data to you need in front of you in order to communicate details about the attack to customers or to internal colleagues? How do you describe the attack to others? Any pointers to products that do this well or poorly would be awesome as well. [link] [comments]  |
| Telllabs 532L 0/1 Admin Complex / DUMP ALL Question Posted: 04 Jul 2019 05:50 PM PDT Hello Everyone, I work at an ISP and have been put in a position where I get to monitor/troubleshoot all of the transport equipment on our network. Currently on one of the 532L DAC's there is was an ADMIN COMPLEX alarm active on the equipment but I had a tech clean/reseat the Data Storage module which cleared it. Now however when I query the system for alarms and the storage on the DACs it throws the following errors. I looked up the alarms in the user manual and am advised to do the following steps. Does anyone here have any experience with this? Or can point me in the right direction. The DACs has been like this for the past few days and I am very afraid that this might be a bigger issue. I know for a fact that DUMP ALL could potentially break the DACS so I do not want to force that... It also doesn't help that my company does not have a support contract for this. Thank you in advance guys. [link] [comments]  |
| FortiSwitch 448D vs Juniper EX2300 Posted: 05 Jul 2019 09:26 AM PDT Our company is looking to upgrade our current switches and have come down to these two. We are a small business with under 150 users and just looking for feedback on either. We also have a Fortigate 100E currently in our setup. We know the FortiSwitch would integrate easily but having all the same product is one of our concerns. Fortinet is new is the switch game so just looking for first hand experience. Thanks [link] [comments]  |
| Juniper unable to commit due to "https Missing mandatory statement: local-cert..." Posted: 04 Jul 2019 05:34 PM PDT Hi, I need to delete this command on Juniper device but I'm having this error message when saving. - Command to delete #del system services web-management https local-certificate cert.x when I issue commit check , I'm having the below error message, anyone has ever encountered this? [edit system services web-management] 'https' Missing mandatory statement: 'local-certificate' or 'pki-local-certificate' or 'system-generated-certificate' error: configuration check-out failed: (missing statements) Thanks [link] [comments]  |
| Unidirectional & Bi-directional Traffic Difference Posted: 04 Jul 2019 08:19 PM PDT Hi Guy, I'm trying to know about the difference of unidirectional & bi-directional traffic. Any reference document or link? The convergence time of unidirectional & bi-directional traffic is different in my same network environment. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment