Rant Wednesday! Networking |
- Rant Wednesday!
- Adding a switch brings network down for about 50 seconds.
- 1990s Public Library Network
- Best Practices for Management Ports?
- Cable packaging and how do we save the earth from single use plastic?
- Automation in the DC and Enterprise: What are examples of taking it beyond the basics?
- VRF for Testing Network?
- Solarwinds showing 141 million transmit discards on several ports
- Anyone automated Sonicwall firmware update?
- DNS64 and dual stack hosts interaction
- Config Replace Operation failed because of Rollback Patch is not Empty
- Cisco - Auto QOS causing drops
- ISP - reconfigure service as QinQ
- Wiring needed to setup a switch with multiple configured wireless VLANs
- Outside->In with commercial connections
- Best tools to perform mobile network testing
- Aruba 2930F vlan Issues
- Need help with dual wan router
- BGP Fast External Failover & BGP Timers
- WPA2-enterprise certificate settings / GPO configuration that will help filter out unwanted certs ?
- Question about Aruba Mobility Controller Clustering?
- What is this Juniper SYSLOG entry?
- Cisco ASA - from Standalone to HA
- Authentication on the network with FreeRADIUS and LDAP
| Posted: 23 Jul 2019 05:04 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Adding a switch brings network down for about 50 seconds. Posted: 24 Jul 2019 08:49 AM PDT I recently got put on a project, and I have been informed that whenever adding a switch to this somewhat large network (consisting of around 30 stratix switches) all network connectivity goes down for about 50 seconds. This obviously creates issues during production because some end devices need to be power cycled to be functional again after this. Thanks for any help! [link] [comments]  |
| Posted: 24 Jul 2019 04:41 PM PDT One of my co-workers was clearing up some old files and found this: how they connected the public libraries of central CA in 1990. For some context the hub with the F in the middle is Fresno. Our network now has 110 locations and covers a larger footprint. [link] [comments]  |
| Best Practices for Management Ports? Posted: 24 Jul 2019 06:54 AM PDT We're in the process of replacing our core switch stack with C9300's and this is my first time having switches with management ports. I'm wondering what best practices are for utilizing them. Is it best to use them as the sole interface for management, or only OoBM in the event of an outage, or something else entirely that I'm missing. Switch security has always been somewhat lax here, so I'm tightening that up as part of my refresh. All my new access switches have been setup with AAA authenticating against AD with local login on fail. I plan the same for the new core, but didn't know what was recommended when bringing a management port into play. Appreciate any insight. [link] [comments]  |
| Cable packaging and how do we save the earth from single use plastic? Posted: 23 Jul 2019 04:59 PM PDT Consultant here, I do a lot of network refresh projects so I'm involved in the plugging in of cables quite a bit. Every cable comes held down by a couple wire ties, in its own little plastic bag, and then ten of those are in bigger plastic bags. Sure maybe these bags have a little recycling symbol on them, but we all know that our municipalities are just shipping this shit to 3rd world countries for them to burn it or chop it into bits and feed it to the turtles. Whatever it takes to make us feel better about ourselves - yay we're recycling! So what options do we have to order network patch cables that aren't over packaged? Are any suppliers providing anything like this? Personally I think I'd be okay if my network cables we NOT hermetically sealed at the factory, it isn't like they're going to get cable-herpes just from touching another cable. [link] [comments]  |
| Automation in the DC and Enterprise: What are examples of taking it beyond the basics? Posted: 24 Jul 2019 03:32 PM PDT A few weeks ago there looked to be an uptick of posters sharing their new Ansible or Python scripts and it seemed pretty well-received, both in terms of results and in giving ways to improve what was posted. In my own experiments, I've used (mostly) Ansible to make a few nifty things (CDP mapper was most recent) and the repeatable tasks that come easily to automation. However, it's rare to see examples of stuff beyond the "basics." Granted, I'm not entirely sure what the beyond the basics would look like... But I am reminded of a post I had once seen about the stages of config generation-- starting at hand-jamming, going to a notepad, then excel, then macros, and then a python script before ultimately landing at a web page config generator. Is the graduation from basic automation to "advanced" automation similar? Should it eventually move to an Ansible-generated config to a web form that pushes a config using Ansible after hitting submit (basically, Tower/AWX)? Or is the growth going from Ansible (YAML/Jinja) -> Python -> XML -> NETCONF/RESTCONF -> API? Or is it all two sides of the same coin? I've tried to look for comparisons (at least regarding Ansible) on the systems side of things, but it just seems like the capabilities of Ansible in regards to systems automation outshines the uses for network automation-- not that I find it lacking. [link] [comments]  |
| Posted: 24 Jul 2019 02:48 PM PDT We have a Client requirement to regularly test our DR Process to confirm it works. This is part of SOC Type II. As such, the idea was floated to spin up another VLAN with the same IP space as the production VLAN, but in our DR site (I'll also mention that our production Server VLAN is stretched L2, but that's another story) and with a seperate VLAN tag. Essentially want to be able to spin up test environments of production systems easily in an isolated network so they can be tested and the results recorded. I don't think this is a great idea, just because it may cause confusion and having a second network with the same IP space is just a recipie for disaster in my view. They also want to be able to NAT this out to the Internet to get Windows update. We're a mix of Cisco/HPE. We have Cisco 4500X in our Production DC and HP 5500-HI in DR. All connected via a L2 Metro-E WAN. My thought is to setup a seperate VRF for this particular network so it's seperate from Prod. I know 4500X supports VRF lite and I'm pretty sure 5500-HI does as well. The only other piece I'm not sure about is how to deal with the NAT requirement. We have a Fortigate 92D in that site, but I'm not sure if it supports any kind of VRF or if maybe a seperate VDOM is the answer. Thoughts and suggestions welcome. [link] [comments]  |
| Solarwinds showing 141 million transmit discards on several ports Posted: 24 Jul 2019 12:50 PM PDT In NPM, under High Errors and Discards Today, I have a top ten list of end user PCs that are causing anywhere from 12 million to 141 million Transmit Discards since the log switched over at midnight. I can look at the switch interface and see the hourly Output Drops on it. What I am unable to determine is what problem this is indicating. Can anyone refer me to a Cisco white paper or a website that might help me understand this issue? Or is a whole lot of nothing and something that we don't need to worry about? (User pcs are connected to switch via a phone. on the top offender, I have replaced both cables at his desk and given his PC the once over to make sure something malicious is running.) [link] [comments]  |
| Anyone automated Sonicwall firmware update? Posted: 24 Jul 2019 09:40 AM PDT Anyone heard of a method or has successfully automated firmware updates on Sonicwalls? The only real method I'm finding is automating firmware upload via CLI, from this Sonicwall KB: https://www.sonicwall.com/support/knowledge-base/?sol_id=170503885362625 but this doesn't seem to be supported on my old TZ 215 I'm testing with (of course Sonicwall doesn't list any pre-reqs in the KB). I'm aware of Netmiko, have used it before to make mass changes to cisco devices, and am leaning towards trying to use it for this project, assuming most of the models I need to update support ftp firmware upload via CLI, which I just don't know since my TZ 215 apparently doesn't. Wondering if there's a better way though, for Sonicwalls specifically. [link] [comments]  |
| DNS64 and dual stack hosts interaction Posted: 24 Jul 2019 05:50 AM PDT Good morning all, I'm working on a plan for beginning to support IPv6 within our enterprise network. I know for sure that we will at some point have IPv6 only clients, and large base of IPv4 only servers / clients. So I will need to utilize translation for some flows, using DNS64 to point to a NAT64 router. My concern is preventing the dual stack clients from using the NAT64 router for unnecessary traffic. From what I have researched - for most operating systems if there is an IPv6 interface available, when attempting to resolve a hostname the client will send both a AAAA request and an A request. Depending on the application - it may use the fastest connection (RFC Happy eyes), but I'm more worried about our in house software that likely does not have that capability and will prefer the NAT64 prefixed IPv6 IP, forcing traffic to the NAT64 router. I am not the most well versed in DNS, but one potential option I have seen is to use "filter-aaaa-on-v4" which would filter AAAA resolution for IPv4 sourced requests - but at that point I am locking those dual stack hosts out of IPv6 entirely until they transition off of IPv4. What would be ideal I think is to prevent DNS64 from creating a synthesized NAT64 prefix AAAA record for DNS requests sourced from IPv4 transport, but not block valid AAAA records from being returned. I'm not sure if this possible or exactly how to do it - any assistance would be appreciated! Also if anyone has run into any gotchas with a mixed environment of IPv6 only / dual stack clients, this will be my first production environment running IPv6 so I am trying to figure out all the entanglements ahead of time - any tips would be appreciated. [link] [comments]  |
| Config Replace Operation failed because of Rollback Patch is not Empty Posted: 24 Jul 2019 02:59 PM PDT I've been trying to get config replace feature working on my nexus 9000 switch and am having no luck. It always fails out with " Operation failed because of Rollback Patch is not Empty " I have searched all over for more information on this rollback patch and how I can empty it, but no luck. I know write erase will remove checkpoints, but rollback patches are different from checkpoints. When running config replace, I see the switch creates a rollback patch, so I'm not sure how it can complain that it's not empty when it's creating one in the process. Is there something I'm missing to getting config replace working? [link] [comments]  |
| Cisco - Auto QOS causing drops Posted: 24 Jul 2019 02:52 PM PDT We received reports of audio issues on voip calls, checking the switch i saw loads of output drops on the uplink (cat9300). When i removed auto-qos trust dscp on this interface the quality degragation stopped. Checking policymap on the interface i could see drops, but nothing under a specific class, which is weird. All traffic is marked EF. Output is below. Is there anything else i should be checking? Is this a bug? total traffic was 10mbps on a 10gb link configured at 1gb
(total drops) 40005490
[link] [comments]  |
| ISP - reconfigure service as QinQ Posted: 24 Jul 2019 01:06 PM PDT Today we had a circuit brought into service, was meant to be qinq, outer/inner from our core and transparent at the B end. Of course, it's been handed over and does not accept anything our inner tags on the B end. How much of a task is it for them to change this misconfiguration? Weve done plenty of circuits like this in the past, but this is probably the first one with this tail provider for about a year [link] [comments]  |
| Wiring needed to setup a switch with multiple configured wireless VLANs Posted: 24 Jul 2019 09:43 AM PDT For my restaurant, I'm looking to have two configured VLANs, one for guest WiFi and one for the business network, POS, security cameras etc What is the best switch you guys can recommend for this and what wiring/cables what I need to complete the setup Thanks! [link] [comments]  |
| Outside->In with commercial connections Posted: 24 Jul 2019 08:15 AM PDT Hi All, Trying to understand how to set up a site that has redundant commercial connections, like a comcast router and a fios router in front of a cisco router. If we have services that rely on using a public IP to connect outside->in on a few specific ports from a few specific sources those sources would have to use a public ip from one of those two carriers. I don't think we have the ability here to advertise IP space to the carriers, so how can we make the site reachable when we fail from the IP of one provider to the IP of the other? Do we just give the provider both IPs? Is there a more elegant way to solve this? Some sort of VPN from the provider to a central point on the network? Any info on how that would be set up? How would we do this for multiple sites? Thanks [link] [comments]  |
| Best tools to perform mobile network testing Posted: 24 Jul 2019 02:14 AM PDT Hey, I'm planning on doing some in depth cellular network tests soon and I'm looking for the best tools to do so. I need to get some performance results across multiple mediums. I'm mainly going to be testing the new 5g network and I'm looking to see how in depth the performance testing I can do and what are the best networking tools/apps/software to do so. Any recommendations? Cheers [link] [comments]  |
| Posted: 24 Jul 2019 07:38 AM PDT Hi, I have a pretty simple problem... I did this dozens of times and it just worked but for now i fucked up somewhere and I really can't see the issue. So this is the config: Port 48 is tagged because all the vLANs come in from that port and get distributed further. I just wanted to test this part, so I untagged the vlan on interface 3, plugged my notebook in interface 3, set the ip address 192.168.13.10/24 with the gateway 254 and tried to ping the gateway... timeout. I really don't get what I did wrong, after almost 50h straight looking into Aruba and H3C interfaces, the cisco guy in me just gave up... -.- [link] [comments]  |
| Need help with dual wan router Posted: 24 Jul 2019 11:21 AM PDT Hi guys, I have 2 buildings. Building A uses Att internet, Building B uses Spectrum. These buildings are connected to each other by VPN. Is there any way that I can use Att internet backup for building B by using failover router? And also use Spectrum backup for building A. I want to install a dual wan router but both of these ISPs must be in the same building. How can I do? Thanks. [link] [comments]  |
| BGP Fast External Failover & BGP Timers Posted: 24 Jul 2019 03:23 AM PDT I'm currently planning on reconfiguring some eBGP sessions in our network from using loopbacks to being directly connected. One of the main drivers for this is to take advantage of 'BGP Fast External Failover' so that the BGP session will be terminated without waiting for the hold timer to expire. We currently have timers set to 30 keepalive and 90 hold time. This causes a blackhole during link failure until the hold time is reached and routes learned via another neighbor can be chosen as best path. Another bonus is that we get to remove OSPF from the neighboring routers which is currently used to advertise loopbacks. In a nutshell, I was wondering why the default for BGP timers is 60 180 anyway? 3 minutes seems a long time to wait in this day and age! [link] [comments]  |
| WPA2-enterprise certificate settings / GPO configuration that will help filter out unwanted certs ? Posted: 24 Jul 2019 02:51 AM PDT Hi Everyone, I have an annoyance issue with our WPA2-enterprise Wifi setup. we have configured it with User Certificate Authentication which checking that the user has a required PKI cert in order to authenticate. The issue is when an end-user has more than 1 enrolled certificate (iTunes, MS Access, Duplicates) - Windows will ask the end-user to choose between the enrolled certs for the authentication instead of taking the PKI one automatically. does anyone knows seen this before or knows how to approach it? [link] [comments]  |
| Question about Aruba Mobility Controller Clustering? Posted: 24 Jul 2019 02:04 AM PDT Hi, I am researching Aruba vMC 8.5 at the moment and I am getting a little confusion on how failover works. I was considering to run Active-Active and load balanced with roughly 22xAP-315 across the two of them using two VRRP instances. The part that is not really clear to me is do the mobility controllers cluster to share configurations and allow the MCs to know which one has which APs? Or are they stand-lone and you need to configure each one as independent devices? I guess the configuration state clustering can only be achieved by having a MC Masters but I thought this was more suited for multiple site deployments are we are currently a single site. Any insight or experiences would be high appreciated. Thank you. [link] [comments]  |
| What is this Juniper SYSLOG entry? Posted: 24 Jul 2019 02:03 AM PDT one of my juniper switches is throwing the below syslog messages: I have of course googled this, but have come up with nothing. Anyone able to advise? [link] [comments]  |
| Cisco ASA - from Standalone to HA Posted: 24 Jul 2019 01:29 AM PDT Does anyone know if adding an HA config to a standalone ASA cause any outage? Currently I have single 5545 and I want to add another to create an HA pair. I have all the config ready to go on both units to setup a pair and kick off the config replication, but I wonder if this will generate a new MAC address for the pair or will it use the hardware MAC from the Primary unit? [link] [comments]  |
| Authentication on the network with FreeRADIUS and LDAP Posted: 24 Jul 2019 01:28 AM PDT Hi everyone, So in my company we are trying to restrict the access to the network (Ethernet only) to only known computers. The configuration is pretty simple, n clients and 1 server which acts as a DHCP server and a LDAP server. My plan so far is to setup FreeRADIUS to act as a DHCP server and assign an IP to a newly connected device only if it has the appropriate certificate. What I'm wondering is, in the LDAP, should I put the certificate for each device, against which each device certificate will be compared. Or should I just publish the CA certificate, and then FreeRADIUS will check if the client certificate has been signed by the CA? Also, is there any particular configuration to do aside from configuring the connection between FreeRADIUS and LDAP and setting up the certificates? Thanks for your help. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment