Blogpost Friday! Networking |
- Blogpost Friday!
- This took me WAY too long to figure out. Sometimes the patch cable *isn't* the problem...
- Serial ports on managed network switch important?
- Network/Cable testing
- 3650 trunk port err-disabled after upgrade to 16.3.8
- Anyone else using 4-byte ASN numbers for internal BGP peering
- MC-LAG and revert time out issue with Ciena<->Cisco configuration
- Spanning Tree vs EtherChannel
- Troubleshooting IPv6 Loss on return for LAN-side
- Stupid question i know.
- Took a tour of a large SCADA room at a client’s office, and was shunned for calling it a NOC.
- Best way to test network speed for project
- PBR ECMP using Recursive Next Hop on Catalyst 3650
- Reasons for why channel 14 of the 2.4Ghz band is not approved by the FCC for use
- Cox Business DNS - conflicting issue/server info received
- Question for the big brained hive mind. How to find the MAC address of the passive member of an active/passive teamed NIC.
- PC can access reach server but Android tablet can not?
- What could cause a DNS to resolve to 127.8.0.x?
- Cabling New Network with 280 odd devices ( need help/advise how to make it easy with opensource or any other tool)
- Tools?
- Fortigate log; action=timeout?
- New Router/Modem Recommendations
- CWNP - WiFi Trek Conference
- MX80 queuing license
- Learn to cable from scratch
| Posted: 01 Aug 2019 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| This took me WAY too long to figure out. Sometimes the patch cable *isn't* the problem... Posted: 02 Aug 2019 12:08 AM PDT Just finished wiring up a new wall drop and did a routine TDR test on the switch to confirm everything was good. TDR showed an open on pair D right on the switch rack (https://imgur.com/qEWhabN). Looked at the patch cable, one of the brown wires looked a bit marginal so I re-terminated the cable. Still no go. I spent a while looking around the rack jiggling things, inspected the punch-down connection on the patch panel, and everything looked good but the link kept failing. Then I had the bright idea to look at the switch port... https://imgur.com/4ImqSac. Welp. On the plus side, this is going to a lab bench that had lots of very expensive 10/100 gear on it so I can just mark the wall drop "100M only" and not have it be too much of a problem. Still annoying though. [link] [comments]  |
| Serial ports on managed network switch important? Posted: 02 Aug 2019 11:28 AM PDT Little new to networking and looking to get a switch. Found one at a decent price but serial seitches are not functional. How important are they? ADD: I was thinking I could configure SoE?- [link] [comments]  |
| Posted: 02 Aug 2019 09:03 AM PDT Hi, I've been asked to look at an issue whereby users in a certain area of the office are experiencing frequent issues with their computers for a long time and we have a feeling it might be to do with network performance. We recently had cable testers come in and they reported that everything is ok as far as they can see. Is there software I can run to do such a test to see how it performs over time. Maybe there is only EM interference at a certain time of day? What is odd is that we have other users who are plugged into the same switch but a different area of the floor who don't have issues which is why I thought it might be a localised cable issue. I've been using simple "net statistics" commands which aren't showing much so far but is there something which is more detailed. Thanks, [link] [comments]  |
| 3650 trunk port err-disabled after upgrade to 16.3.8 Posted: 02 Aug 2019 11:36 AM PDT After upgrading a standalone Catalyst 3650-48PD-E IP Base switch that has a single fiber cable trunk connected to the main 3650 access switch stack for its path outbound to the Internet, we had the switchport for the trunk go err-disabled on the standalone switch after it came up from the reboot after the upgrade process. We upgraded from 3.6.6E to 16.3.8. I had performed the same upgrade without issues on other offices that are configured in this way. We don't prune vlans on this trunk, pvst is running on both, BPDUguard is not on this port, and both switches have the same vlan configuration and are running VTP. I didn't see a message about the port being err-disabled in the syslog, just a message about it being blocked by spanning tree and some link flaps. I looked it up, and the STP syslog message below suggests native vlan was set to different vlans on either side of the trunk, but both switches don't specify a native vlan so it should default to vlan 1, and currently both are trunking native vlan 1. I was able to recover from this problem by doing a shut / no shut on the impacted interface gi1/1/1, and we didn't get spanning tree messages after that, the port came up without issue. I'd like to better understand what happened so I can control for it when I upgrade other offices with similar setups. Does it look like the err-disable status is from link flap, and is the STP syslog message unrelated to the err-disable status? STP should only block, not errdisable, as there is not BPDUguard on this port. Errdisable flap-value for link flap is the default of 5 flaps in 10 seconds, but we saw 3 flaps in 10 seconds. Would errdisable recovery cause link-flap help in this case? Is this a known bug? Syslog from the standalone switch after rebooting from the upgrade below. This shows what happened before the port went errdisabled, but there wasn't an entry in syslog for the port going errdisabled. [link] [comments]  |
| Anyone else using 4-byte ASN numbers for internal BGP peering Posted: 02 Aug 2019 03:11 PM PDT Hi All Just wanted to get some feedback on the use of 4-byte ASN numbering for BGP peering. Are there any gotchas with using this? I've read that if a device is unable to process the 4-byte ASN there is a placeholder ASN of 23456 defined. Anything else I need to be aware of in terms of configuration? [link] [comments]  |
| MC-LAG and revert time out issue with Ciena<->Cisco configuration Posted: 02 Aug 2019 04:30 AM PDT I am currently configuring MC-LAG between two Ciena 3916 and one Cisco 3560CX. On top of that, I have BGP configured on an SVI that is added as a trunk on the Po interface in the Cisco router. Ciena (Main) 3916_CE01 Port 1---> Cisco 3560_CPE Gi0/2 Ciena (Bak) 3916_CE02 Port 1---> Cisco 3560_CPE Gi0/4 Everything seems to work fine including the switch over from main->backup when simulating power failure on the main CE and/or uplink fibre break. The only issue I have (and quite game-breaking) is when the main CE01 revert timer (default 5mins) finishes and takes over from the backup CE02 I can see my SVI going down, which then brings BGP down and I get a 40-45 secs outage. The reason why the SVI goes down is that the interface that was UP/UP and working fine at the time of the revert (Gi0/4), goes down BEFORE the main interface goes up (Gi0/2) for 1ms or less. I have tried this with multiple OS and different Cisco boxes - I wanted some feedback regarding if this is the intended behavior on MC-LAG/LACP or if the issue is more Layer 8, before going back to Ciena and asking them why their CE drops the up/up interface before bringing up the backup one. [link] [comments]  |
| Posted: 02 Aug 2019 02:28 PM PDT Why would you want to use spanning tree instead of etherchannel? Im studying etherchannel right now for my ccna, and to me, it seems that etherchannel is better to use. Can someone with some knowledge on this chime in? Thanks in advance. EDIT: This is the scenario Im referring to. [link] [comments]  |
| Troubleshooting IPv6 Loss on return for LAN-side Posted: 02 Aug 2019 02:27 PM PDT So I have been trying to figure out my IPv6 deployment for a bit, and settled on IPv6 route over v4 in my MP-BGP deployment. I have the neighbor relationships working, I can route in/out, and have a /44 routed to a vlan and using link-local as the gateway on the VLAN. Basically: I've taken a /60 and applied it to my router. The WAN side works no problem, can route in and out all day long. However the LAN side I've assigned a /64 toward, I can see packets leaving my network, hit a remote server, but on the way back they get stopped somewhere and never reach even the WAN interface. I've been testing this with a VPS from Vultr and seeing the echo request, see the echo response, but the WAN of my router never sees the return. Is it due to my route to link-local that could cause an issue on the return and not the out? Any ideas/tips/tricks? [link] [comments]  |
| Posted: 02 Aug 2019 02:17 PM PDT I put in 20 keystones into a building wiring them with type A configuration, obviously it supposed to be type B (which i didnt remember at the time), but at this point the jobs too far along, for my patch panel, if i use type A on that will it still work or is it pointless and ill have to switch back? [link] [comments]  |
| Took a tour of a large SCADA room at a client’s office, and was shunned for calling it a NOC. Posted: 01 Aug 2019 05:32 PM PDT I took a tour of a large SCADA center which aggregates, monitors, and controls equipment and sensors over a national network of remote equipment. Am I wrong that a SCADA is just a subset/type of NOC? They looked at me like I had three heads. ...Whoops? [link] [comments]  |
| Best way to test network speed for project Posted: 02 Aug 2019 12:24 PM PDT Hi, I am currently doing my senior project for my university and I've seem to hit a snag when it comes to testing my network speed and communication using my raspberry pi 3+ as a DNS/DHCP server. I planning on doing multiple tests such as ping and speakeasy.net (for network upload and download speeds). Would anyone out there recommend a better tool? Please and thank you. [link] [comments]  |
| PBR ECMP using Recursive Next Hop on Catalyst 3650 Posted: 02 Aug 2019 12:13 PM PDT Hi, I was trying to do PBR ECMP on Cat3650 using recursive next hop and running into issues that the RouteMap has unsupported options. Software Version was 3.7.5E. I created a small topology of 2 L3 Ports (20.1.1.1/30 20.1.1.5/30) having one L3 next hop (20.1.1.2, 20.1.1.6) each on them (directly connected). I created a recursive next hop 30.1.1.1 which is reachable via 20.1.1.2 and 20.1.1.6 (equal cost). The route-map has set ip next hop recursive as 30.1.1.1 and I expect traffic to be load balanced between the 2 next hops. This is the switch:- Switch Ports Model SW Version SW Image Mode ------ ----- ----- ---------- ---------- ---- * 1 28 WS-C3650-24PD 03.07.05E cat3k_caa-universalk9 INSTALL This is the syslog seen :- *Aug 2 05:58:16.207: %PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map pbrmap2 has unsupported options for Policy-Based Routing. It has been removed from interface, if applied. Here is the output from switch: cisco1#sh route-map pbrmap2 route-map pbrmap2, permit, sequence 10 Match clauses: ip address (access-lists): pbr1 Set clauses: ip next-hop recursive 30.1.1.1 Nexthop tracking current: 30.1.1.1 30.1.1.1, fib_nh:3CD08684,oce:38175DF4,status:1 Policy routing matches: 0 packets, 0 bytes cisco1#sh ip route 30.1.1.1 255.255.255.255 Routing entry for 30.1.1.1/32 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 20.1.1.6 Route metric is 0, traffic share count is 1 Route metric is 0, traffic share count is 1 cisco1# cisco1#sh run cisco1#sh running-config in cisco1#sh running-config interface vl cisco1#sh running-config interface vlan 10 Building configuration... Current configuration : 60 bytes ! interface Vlan10 ip address 10.10.1.1 255.255.255.0 end cisco1#sh logging *Aug 2 17:11:20.433: PBR Nexthop Callback invoked: 3A5FA628, (30.1.1.1) tableid 0, status: 2,type: SET NEXTHOP RECURSIVE *Aug 2 17:11:20.433: map: pbrmap2, sequence: 10 PBR Control Plane Notification: 30.1.1.1 PBR_CP_SET_NEXTHOP_RECURSIVE *Aug 2 17:11:20.433: PBR CP Notification sent: Type:SET NEXTHOP RECURSIVE, 30.1.1.1SW_OBJ_TYPE: 1D, SW_HANDLE: 3D2D41B0 *Aug 2 17:11:26.899: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/10, changed state to up *Aug 2 17:11:27.897: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to up *Aug 2 17:11:27.902: PBR Nexthop Callback invoked: 3A5FA628, (30.1.1.1) tableid 0, status: 2,type: SET NEXTHOP RECURSIVE *Aug 2 17:11:27.902: map: pbrmap2, sequence: 10 PBR Control Plane Notification: 30.1.1.1 PBR_CP_SET_NEXTHOP_RECURSIVE *Aug 2 17:11:27.903: PBR CP Notification sent: Type:SET NEXTHOP RECURSIVE, 30.1.1.1SW_OBJ_TYPE: 15, SW_HANDLE: 38175DF4 *Aug 2 17:14:17.542: %PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map pbrmap2 has unsupported options for Policy-Based Routing. It has been removed from interface, if applied. My question is whether its not supported by this platform or in this software release in this platform. Or am I doing fundamentally something wrong here :slightly_smiling_face:. Any pointers will help. [link] [comments]  |
| Reasons for why channel 14 of the 2.4Ghz band is not approved by the FCC for use Posted: 02 Aug 2019 12:11 PM PDT Thread title, is it because channel 14 starts at the end of channel 11? I believe I read that this band is allowed to be used in places like Japan. I'm just wondering if there's a reasoning why it isn't allowed in the US. This is purely a question for my own sanity. [link] [comments]  |
| Cox Business DNS - conflicting issue/server info received Posted: 02 Aug 2019 07:56 AM PDT Hi all, For one of our clients with an East Coast office near Boston, MA, I'm receiving conflicting info on which DNS servers granted by their ISP to use with the LAN. Their Cox cable modem receives the following 3 DNS servers via DHCP from Cox upon boot: 68.105.28.11 68.105.29.11 68.105.28.12 Calling their support support and using the Cox business support site note to use the following DNS servers: 68.105.28.16 68.105.29.16 https://www.cox.com/business/support/domain-name-services-mail-exchange-hosting-and-dns-server-information.html Performing a traceroute shows 5 hops from their modem to all IP's, with similar response times on each hop through to the final destination IP: traceroute to 68.105.28.11 (68.105.28.11), 64 hops max, 72 byte packets 1 192.168.0.1 (192.168.0.1) 1.376 ms 0.982 ms 0.922 ms 2 10.1.216.1 (10.1.216.1) 7.675 ms 7.791 ms 7.631 ms 3 100.120.244.72 (100.120.244.72) 9.566 ms 8.348 ms 10.322 ms 4 100.120.244.54 (100.120.244.54) 11.626 ms 14.604 ms 24.376 ms 5 cdns1.cox.net (68.105.28.11) 9.997 ms 8.628 ms 9.455 ms traceroute to 68.105.29.11 (68.105.29.11), 64 hops max, 72 byte packets 1 192.168.0.1 (192.168.0.1) 2.290 ms 0.925 ms 0.960 ms 2 10.1.216.1 (10.1.216.1) 7.071 ms 7.057 ms 7.726 ms 3 100.120.244.72 (100.120.244.72) 9.186 ms 8.754 ms 9.394 ms 4 100.120.244.54 (100.120.244.54) 8.157 ms 8.271 ms 7.615 ms 5 cdns6.cox.net (68.105.29.11) 8.550 ms 8.155 ms 9.322 ms traceroute to 68.105.28.12 (68.105.28.12), 64 hops max, 72 byte packets 1 192.168.0.1 (192.168.0.1) 2.276 ms 0.966 ms 0.928 ms 2 10.1.216.1 (10.1.216.1) 7.548 ms 17.955 ms 7.928 ms 3 100.120.244.72 (100.120.244.72) 9.668 ms 10.047 ms 8.575 ms 4 100.120.244.54 (100.120.244.54) 8.645 ms 8.465 ms 8.713 ms 5 cdns2.cox.net (68.105.28.12) 8.235 ms 8.738 ms 7.190 ms traceroute to 68.105.28.16 (68.105.28.16), 64 hops max, 72 byte packets 1 192.168.0.1 (192.168.0.1) 2.993 ms 0.948 ms 1.636 ms 2 10.1.216.1 (10.1.216.1) 8.869 ms 12.140 ms 8.877 ms 3 100.120.244.72 (100.120.244.72) 8.243 ms 11.333 ms 8.133 ms 4 100.120.244.54 (100.120.244.54) 7.721 ms 8.360 ms 9.066 ms 5 68.105.28.16 (68.105.28.16) 9.121 ms 9.061 ms 7.796 ms traceroute to 68.105.29.16 (68.105.29.16), 64 hops max, 72 byte packets 1 192.168.0.1 (192.168.0.1) 2.270 ms 0.968 ms 1.072 ms 2 10.1.216.1 (10.1.216.1) 35.242 ms 8.462 ms 7.867 ms 3 100.120.244.72 (100.120.244.72) 9.031 ms 7.414 ms 9.172 ms 4 100.120.244.54 (100.120.244.54) 8.185 ms 7.169 ms 8.253 ms 5 68.105.29.16 (68.105.29.16) 8.437 ms 10.793 ms 19.922 ms Can anyone here with hopefully similar Cox service advise what DNS servers should be used here? As I find it odd that the modem receives different DNS servers than those recommended by Cox support & the Cox support page I posted above. Thanks all. [link] [comments]  |
| Posted: 02 Aug 2019 09:15 AM PDT We are in the process of a data center migration to application-centric ACI. We currently have all layer three in the DC routing via ACI network-centric mode with most devices traversing L2Out for their respective VLANs. Right now we just have a couple of 10Gb connections between ACI and our old core, so our current step is to directly connect the ToR switches to ACI leaf switches. The documentation has not been kept up to date (as per the usual, I find), so I've written a series of scripts to identify what device is on every legacy port in the DC. It grabs the MAC address table from each ToR switch, then does a lookup against a list of MAC's provided by our sysadmins, failing that search it grabs the endpoints table from ACI and looks up the IP, then does a reverse DNS lookup to determine server/device name, failing that, it looks in the old core's ARP table. Once it has that info it dumps it into an Excel spreadsheet to assist with planning the move (it also grabs port config and a few other things, mainly because more data is better). The problem that I'm running into is servers that have teamed NICs in active/passive mode. The passive NICs don't talk much, so the entries age out of the cam tables, which means I can't find them. Which leads to my question. Does anyone know how to make these passive NICs talk (without disconnecting the active) so that I can find them? The servers are mostly HP of all ages and lineages. With a few Dells thrown in for good measure. Does anyone know of an HP tool that would do that, or any other tool for that matter? Pretty sure that I'm pissing in the wind and we'll just have to do it that hard way, but it's worth a shot asking the big dawgs out there in Reddit land. [link] [comments]  |
| PC can access reach server but Android tablet can not? Posted: 02 Aug 2019 07:59 AM PDT I have a guest WiFi setup and when connected Android tablets can not reach the server but PC's can. Tablets can't even ping the server. Does Android handle something differently? Any Android tools I could use to diagnose the issue further? [link] [comments]  |
| What could cause a DNS to resolve to 127.8.0.x? Posted: 02 Aug 2019 12:37 AM PDT I have a problem i can't work out. Client is using fortinet client and fortigate firewalls for VPN services. I can't go into specifics of config, but here's the problem i'm seeing. Basically, a user connects to teh VPN with an ip range of say, 192.168.154.x, the DNS they're given (is routable) to 192.168.0.20. Now, DNS works fine, internet connectivity works fine, everything is going great, until about 15 minutes in, outlook and skype stop working until the VPN tunnel is torn down and restarted. BUT, while the tunnel is still up, a traceroute and nslookup to outlook.office365.com swaps from it's expected CNAME IP address to 127.8.0.77 or 127.8.0.127. What could potentially be the cause of this? I swear it's something the remote DNS is doing but the client claims the DNS is ok. I have a head scratcher here i can't get passed. I had originally thought maybe the DNS server was also hosting some tunneling service or was doing some weird o365/azure express route tunnelling (you know, loopback on different port for some outbound service handling) but the client says they're not doing any of that, any anything on their network that's not in the VPN tunnel sees the true o365 DNS, so it kinda rules out something funky in the client's group policies. Only VPN users are affected, but the VPN uses the same path as the unaffected corporate fixed traffic, hence why i tend to dismiss the VPN itself as the issue. [link] [comments]  |
| Posted: 02 Aug 2019 04:08 AM PDT Hi All, This is Jess, hope you all are doing good. I am not sure if this is the right place to ask a question or should I ask it in a different forum. Our company has planned to set up 10 new offices and each office is going to deploy about 28 devices in spine and leaf topology. My dilemma is how can I easily create a spreadsheet to send it to the cabling guys to patch the cables. Each office will have 4 core switches, 8 aggregation switches and 16 access layer switches. I would like to make a spreadsheet where I can say as an example: Core SW 1 port 1-3 goes to AGG SW 1 port 1-3 Core SW 1 port 3-6 goes to AGG SW 2 port 1-3 Like this, it would keep going down and once completed I would have to do the same from AGG SW to Access layer SW. Is there a way I can predefine in excel what the connection I would like to have and the rest it will populate on its own. Is there any tool or spreadsheet that is available that could help me to get this to cabling team to patch the devices to the appropriate ports? X Jess [link] [comments]  |
| Posted: 01 Aug 2019 08:24 PM PDT Any tools that are must to have? I've got a good toner, punch down, crimp tool, lineman's scissors and jacket cutter. Looking at something Netscout Linksprinter to troubleshoot cable and PoE issues. Is something else recommended? [link] [comments]  |
| Fortigate log; action=timeout? Posted: 01 Aug 2019 08:06 PM PDT Is it possible to identify whether the response was missing from the source or destination, apart from capturing the traffic at the client or server? This happens randomly, and I'm having a hard time telling who is not responding that causes the session to be timed out. [link] [comments]  |
| New Router/Modem Recommendations Posted: 02 Aug 2019 01:43 AM PDT So at my workplace currently we have a really old Cisco 800 Series router and we are looking to get a new one. However we have been given a budget of only £200 and the new one needs to support: - VDSL - IPsec VPN - Gigabit Connection Any suggestions if possible at all with that budget [link] [comments]  |
| Posted: 01 Aug 2019 04:17 PM PDT I was looking for a wireless focused conference and I ran into this https://trek2019.com/ . Has anyone attended this conference before? Was it a worth while experience? [link] [comments]  |
| Posted: 01 Aug 2019 09:15 PM PDT Hi Team Quick question for someone who has access to an MX80/MX104. I want to confirm if the S-MX80-Q per vlan queuing license on an MX80 is enforced? We've been offered a few of these boxes for a small POP deployment and they're not worth using if we have to purchase licensing for them. Cheers! [link] [comments]  |
| Posted: 01 Aug 2019 09:14 PM PDT I want to learn how to cable a network. I might be going into a job (Learning everything on the job, but want to learn some things prior to so I don't look like a muppet. I'm talking about taking switches, and computers, and learning the intricacies of connecting them together from scratch. Is there any place you guys would recommend to learn this stuff? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment