Cisco Security Advisory: Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability Networking |
- Cisco Security Advisory: Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
- What do the various cabling jacket colours mean to your organization?
- How does your org maintain the local user db on routers/switches when using RADIUS for auth?
- Hard of Hearing Network Engineers
- Vendor gifts - what is the best vendor gift/swag you have ever received?
- Is there a single thread limit on 40Gbps networking?
- Does NAT need to be cleared when shutting down a neighbour for ISP failover?
- HFC vs. FTTH
- SFP+ is Only fiber?
- DHCP Static Connection Question
- Question with Cisco Prime
- What are your thoughts on SRC MAC learning from protocol packets?
- New job - need some advice
- Rancid bombs out logging into a Cisco router with a # in the hostname - any ideas how to force it to ignore that?
- Any other protocols in your network apart from ARP/DHCP that use Bcast MAC?
- iPhone WiFi Radio Switching Off Issue
- Fortinet firewalls - quick question
- Quick question about Zabbix Proxy
- Issue finding Ethernet ports
- Search for Network Management Tool
- Role Based Use VPN - Existence/Options/Considerations
- replacing a master switch in a stack
- Can anyone identify this cable?
- IPV6_ND-6-DUPLICATE_INFO for switches' own SVIs in the same VLAN
| Posted: 29 Aug 2019 10:32 AM PDT |
| What do the various cabling jacket colours mean to your organization? Posted: 29 Aug 2019 11:05 AM PDT |
| How does your org maintain the local user db on routers/switches when using RADIUS for auth? Posted: 29 Aug 2019 08:37 AM PDT I'm a network analyst at a small-ish telco co-op. We've recently grown to the point that we're looking at using RADIUS for authentication management. RADIUS itself is easy enough to implement - we already use it for wireless authentication in the office, but a question my manager and I were pondering is maintaining the local database. Obviously everyone will no longer have a local login - that would defeat the point of RADIUS. It seems like there should probably be one local account, but then who knows it? Should the network analysts/engineers know it in case there's an emergency and the RADIUS server can't be contacted? Should it be restricted to the managers on the network team? Just interested in hearing what other orgs have done. [link] [comments]  |
| Hard of Hearing Network Engineers Posted: 29 Aug 2019 03:15 AM PDT Hi Guys, Thanks for the great sub TLDR; I am a hard of hearing network engineer, trying to look for jobs that don't require meetings and speaking with others over the phone. Any suggestions? So I believe I am doing good in my SP company as an associate engineer. But one thing bothering me is meetings especially when people are joining remotely via speakers that make the sound quality worse. To an extent that I could not decipher anything even after multiple repetitions. I feel like I am cheating my employer although I can call after the meetings and get things straight. But I am looking for something more isolated. I wear hearing aids that cost two times my salary. Although they helped me with one to one conversations and local meeting. Still having problem with remote meetings and phone calls. Although my current job is more toward network project managements but I am more into operation technical jobs. I have 2 year experience and that is why I am aiming toward starting my technical careers at jobs that requires strong configurational skills and less human interaction skills Any idea or technical fields like this? [link] [comments]  |
| Vendor gifts - what is the best vendor gift/swag you have ever received? Posted: 29 Aug 2019 07:48 AM PDT |
| Is there a single thread limit on 40Gbps networking? Posted: 29 Aug 2019 05:10 AM PDT Hi there, I just wanne quickly pick your brain guys. I recently started doing some 40Gbps testing with some HP QSFP+ 544 (based on the ConnectX3 chip from Mellanox). Is there a reason or limitation on a single TCP thread or am I doing something wrong (maybe some optimitation missing), since I can not get more than 20-22Gbps on a single iperf2 tcp thread. I am able to achive 39.8 Gbps on 4 threads. But on a single thread it maxes out at 20-22Gbps. I saw that (https://community.mellanox.com/servlet/rtaImage?eid=ka21T000000k9yq&feoid=00N5000000AYucA&refid=0EM1T000000uNJf) on the Mellanox site, which seams that Mellanox itself says something about 25Gbps per second in a single thread Thanks for your advice guys Regards Yves [link] [comments]  |
| Does NAT need to be cleared when shutting down a neighbour for ISP failover? Posted: 29 Aug 2019 07:35 AM PDT Hello, I have an ASR-1001x that does NAT, routing and firewall, we have 2 ISPs, one is much slower for backup only. Our ISPs will not give BFD however due to our remote location in Atlantic Canada, outages are 999 times out of 1000 upstream and the neighbour is never actually shutdown. There is only a few km of fiber between us and both ISPs, I don't think they have ever had a shutdown before. Under normal circumstances, the backup ISP has a much lower local-preference and is path prepended, traffic flows through the primary as you'd expect. I have an SLA for 5 echos that will shutdown the primary, alter the routemaps to ones that favour the backup ISP, then restart the neighbor. When the SLA comes back up (long delay) it only installs the original routemaps and lets BGP timers take care of that. However, when there is an outage, it isn't always as quick or smooth as I'd like, and it often feels like it just the BGP timers causing the switch. I'm wondering if it could have something to do with NAT, that the translations would need to be cleared. the ip-sla: and for the NAT: some static routes: So do you think clearing the NAT would be helpful? Typically a user is using our web based tool (hosted in Google Cloud), and when there's an outage it just times out, they'll have to wait a minute or do a hard refresh or even close all browser windows and open the address again. [link] [comments]  |
| Posted: 29 Aug 2019 08:01 AM PDT Hello - I'm trying to figure out whether there are significant operating expenses associated with HFC networks that are either insignificant or non-existent in FTTH networks. One major cable company, Altice, is overbuilding its own HFC network with FTTH. They expect to be break even on the overbuild within three years due to the significant cost saves. I'm wondering if this could be the early mark of a new trend. For those familiar with networks - what are the significant cost inputs between the two networks? After the install process is a fiber network cheaper to operate? And if so what are the key line items? Second, what to people think about the possibility of reaching "DOCSIS Escape Velocity," whereby general data consumption growth, powered by forces like Neilsen's Law, increases at a rate that DOCSIS innovations simply cannot keep pace with. In this instance, FTTH is a clear cut winner (forget about fixed 5G the sake of the discussion) and legacy HFC networks begin to look more like the Copper networks of the past when cable became the clear cut winner with differentiated technology. [link] [comments]  |
| Posted: 29 Aug 2019 04:23 PM PDT A few days back I was talking to a network engineer and he asked for a L3 Switch with all ports being SFP+ and 10 units gbic together, he wanted to borrow for a few days. I replied asking if if he wanted fiber or copper he said again SFP+, after I insisted he told me he wanted all in fiber. In my head SFP+ is the type of medium that supports 10 gigabit and can be fiber or copper. Am I wrong? [link] [comments]  |
| DHCP Static Connection Question Posted: 29 Aug 2019 03:49 PM PDT Hello guys, I want to ask you guys about setting a static IP for a NAS device. I've read that getting a static IP cost you more money but I've seen people saying that you can have a static IP and not pay for it using the DHCP connection settings in your router client and just setting a static one for your config. I'm not enjoying the fact that my NAS changes it's IP ever few days or so. I also don't want to play extra just for a static IP. Would that DHCP method work while not costing any money? I would appreciate any help guys! Thank You! [link] [comments]  |
| Posted: 29 Aug 2019 11:51 AM PDT Is it possible to create a site map with wired devices? Going through and all I can really see if the option for the wireless devices for the site maps. I have all my devices coming up in Network Topology, just trying to see if there is a way I can organize them by floor and what room they are located. [link] [comments]  |
| What are your thoughts on SRC MAC learning from protocol packets? Posted: 29 Aug 2019 03:23 PM PDT I know its implementation dependent and different devices behave in different ways, but would you guys prefers SRC MAC to be learned from protocol packets being received such as CDP, LLDP, OSPF, ARP etc. especially in case of SVI attached to a BD and the packet is meant for CPU of the device? [link] [comments]  |
| Posted: 29 Aug 2019 02:45 PM PDT I'm from Australia and i've been working as a network engineer/architect for over 10 years. I love the technology and learning but recently have become a bit jaded about the actual work - vast majority is same old routing/switching, firewalls rules, changes, updating diagrams. The interesting stuff like new designs, automation, new toys etc are only 20% of the work. I have moved around a bit as well so not just at one place. However the money here is relatively good, i could easily make $220k AUD/year. Anyways recently i got hit up and got an offer for a PreSales role focusing on network and network security. I've been told the role is still technical but obviously i have to do solution proposals, client meetings etc. Its also only pays $200k OTE(180k base, 20k commission) which is less than what im currently on although once the sales goe over quota then earnings could be higher. I won't be as down in the weeds in this role but will get exposure to more products, will need to meet with clients and network more. The role will be very busy but they are flexible, i can work from home or office or go visit clients. The current role is 9-5 and pretty easy with the occasional after hours/weekend change. Where i currently work is just a large enterprise where im just a face but my colleagues are awesome. The new place is a small company started by an ex engineer which is growing massively and has some really good operators. Would be good to hear from anyone that made the jump from delivery/project design and engineering to presales, what was your experience? Also be interested to hear from others , what would you do in my shoes? I'm still 50/50. [link] [comments]  |
| Posted: 29 Aug 2019 10:45 AM PDT Trying to script gathering some config info from a few hundred cisco IOS routers where they have used "#" in the hostname, and that seems to break Rancid's clogin tool. Any ideas? [link] [comments]  |
| Any other protocols in your network apart from ARP/DHCP that use Bcast MAC? Posted: 29 Aug 2019 02:12 PM PDT FF:FF:FF:FF:FF:FF, have you seen any other case apart from ARP/DHCP that uses this MAC? Whether with or without IP payload. [link] [comments]  |
| iPhone WiFi Radio Switching Off Issue Posted: 29 Aug 2019 01:50 PM PDT Hi, I have recently deployed Meraki APs (MR33 + MR74) and have setup Guest SSID. On this Guest SSID I have implemented a third party captive portal solution with which we can allow access to the network when the user authenticates using their facebook/instagram account or SMSs. Now I am receiving complaints from iPhone users that after about 5-10 minutes their devices get disconnected from the Guest SSID. Upon investigation I found that iPhones switch off their WiFi radio, as the signal indicator disappears if the phone is kept idle. When the users pick up their phones, it detects use and the WiFi switches back on and the signal strength indicator starts appearing again on the phone. Upon raising it with the captive portal vendor, I got the response that the iPhones are designed to disconnect from open WiFi after a while and so there is nothing that we can do from our side to fix this issue. I want to know have you guys also observed this issue with iPhones? The problem is during this time when the WiFi radio is switched off by the iPhone if someone sends WhatsApp or any other message to these users, they don't get delivered to them until they pick their phone up which is when the phone detects usage and connects back to WiFi. Is this a known behavior? My vendor says it is a known behavior and there is nothing we can do about it? [link] [comments]  |
| Fortinet firewalls - quick question Posted: 29 Aug 2019 07:20 AM PDT if I understand it right there's the firewall appliance , then there is FortiCare (which is support basically) and FortiGuard (which are paid addons like IPS, IDS, antimalware...) is the standalone appliance such as 60E with only FortiCare for updates capable of everything such as site to site IPSec VPNs? basic ACLs, port forwarding etc.. I get that buying a next-gen firewall without next-gen addons is kinda pointless, but my current ASAs are very very old, without support so I mainly want a new appliance that isn't ancient and basic firmware/OS support for now. If budget allows I'll gladly add UTM/UTP services on top later. [link] [comments]  |
| Quick question about Zabbix Proxy Posted: 29 Aug 2019 12:42 PM PDT I'm not sure if it's okay to post this here but since it is network related.... I've started a new job recently and they use Zabbix for monitoring (which I've never used). I'm trying to add some devices with a proxy that was configured before me. The status page for the proxy shows it's up and communicating. The proxy is in passive mode. The issue is the status of the switch I'm monitoring is just greyed out. If I go to configuration > hosts the switch shows:
The issue is all of those are grey even though I'm using SNMP. I can do an SNMP walk form the proxy server to the switch and it works fine. I also can switch over to monitoring directly from the Zabbix server and it works fine and the SNMP label turns green. I have waited over an hour since this is how often it's configured to do config checks. I don't see any errors in the logs related to this on the proxy. Where else can I look? Thanks for any help you can give! [link] [comments]  |
| Posted: 29 Aug 2019 11:51 AM PDT Often I run projects taking over companies IT, one of the things I hate with slightly larger companies is trying to work out where Ethernet ports go to, if they have labelled it nicely it's no hassle but sometimes I find myself looking for where one cable goes and without ripping down walls there is no easy solution. I've used a network probe for years and helps quickly looking for the right port in a comms cab but can you by extremely sensitive ones were I can change the sensitivity level and I can follow a cable even behind a wall or is there another way to do this? Thanks a lot guys [link] [comments]  |
| Search for Network Management Tool Posted: 29 Aug 2019 04:06 AM PDT Hi, For our little company we are searching for a network management tool which we can use to manage our switches, manage our IP's (like IPAM), make a topology of our network + something like racktables. At this moment were using all different kind of applications but we want this to be one application. Maybe there's someone on this subreddit who know's a application like this. [link] [comments]  |
| Role Based Use VPN - Existence/Options/Considerations Posted: 29 Aug 2019 09:57 AM PDT I tried searching so please forgive me if this has been covered in past posts. We are looking at a User VPN solution that support multiple use cases (Corporate Devices, Vendors, BYOD), each with different access and slightly different authentication mechanisms. We currently have FortiGate firewalls which may be able to do this, but have not had any luck working with our vendor to configure support more than one use case at a time. In my head, the best case would be leverage Clearpass to perform the authentication and assign the connection a role or VLAN. Using user/device certificates, AD credentials, MFA or a combination for authentication. The VPN local VPN endpoint would then connect the user to the assigned VLAN, role or firewall zone . The VPN device could be the firewall, an appliance or a virtual server. Controlling the authentication in Clearpass would simplify network authentication to one system making our life easier. We already have similar authentication mechanisms and roles for the wired/wireless networks so it would not be that much different. We are an Aruba/HPE shop, but run IAPs so there are no Aruba controllers (other than the Instant). So my questions are:
[link] [comments]  |
| replacing a master switch in a stack Posted: 29 Aug 2019 09:38 AM PDT Our master switch failed and needs to be replaced. When I am ready to put the replacement in would it be best to join it as a lower priority member first and let it get the config from the current master (switch 2)? I just want to make sure that if I join it as master it wont overwrite the config on the rest of the stack. I am using Cisco WS-C3750E-48PD-SF [link] [comments]  |
| Can anyone identify this cable? Posted: 28 Aug 2019 11:25 PM PDT Hello, Apologies if this does not fit the purpose of the subreddit, but I could not think of a better place to ask. I found a few of these in one of our very/overdue-to-be-tidied comms cabs, installed before my time. As far as I can tell they're Cat.6 T568/B, but why do they have a different pair on 'display' either end? The pic is of one cable. Help sate my curiosity! [link] [comments]  |
| IPV6_ND-6-DUPLICATE_INFO for switches' own SVIs in the same VLAN Posted: 29 Aug 2019 02:01 AM PDT I'm getting strange log warnings on most of my Catalysts, both C3650 (16.3.6), C2960S (15.0.2) and one C4500-sup7l (03.06.08). vl50 is the Management-Interface. The log entries show up exactly 5 minutes apart. Its almost as if the switches are detecting their own ND This is a ipv6 interface of a SVI: i tried to SPAN on various points in the network but couldnt find anything weird. Am i hitting some sort of bug and can discriminate that log entry? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment