Good project management software to use for Network Engineering? Networking |
- Good project management software to use for Network Engineering?
- Best Python script you've implemented
- What are you guys doing for segmentation?
- Looking for advice on transition from operations to project work
- Cisco ASA | Access-List Logging | Does it punt to the CPU?
- Mpls P/PE alternatives to juniper mx5/80?
- NPS server for Radius with WLC
- PXE booting from a different network. Option issues, I think.
- Looking to upgrade switches, looking for opinions
- Huawei' SEP : how to disassemble a ring to/or reconfigure it ?
- Complete fail proof rCisco C1117 router
- Aruba tunneled node worth the extra cost compared to 9200L?
- Proxy ARP on Catalyst Switches
- F5 APM and RSA Authentification Server for SMS OTP
- Riverbed asymmetric routes detected
- Virtualizing an Entire Enterprise Network
- Terminal Screen Color Change on Reboot via Console
- Second level domain forwarding with a FortiGate 60D
- DNS functionality clarification!
- What is the use of having a VM firewall in the cloud?
- Buying a Chassis switch vs a Stacking vs MLAG
- Cisco WLC; Can connect to Guest network but no internet
- Is anyone using Sophos XG?
- Setting up new office with Cisco wireless using flexconnect
| Good project management software to use for Network Engineering? Posted: 08 Aug 2019 11:55 AM PDT Looking for a software that can track projects for each engineer on our team. Etc: what one person is working on, see if he completed and how long it took and etc. [link] [comments]  |
| Best Python script you've implemented Posted: 08 Aug 2019 06:44 AM PDT All, I'm trying to do more with less. I've got a backlog of work that keeps growing by the day, so it's time to automate as much as I can! I've been using David Bombal's courses (LinkedIn Learning, INE, Udemy) to get some practical stuff under my belt without being too bogged down in terminology just yet. I've also tried Learn Python the Hard Way (lost interest so fast). I need to see tangible results, I'm drowning at work and I need to see something come to fruition that I can set up and not have to tweak constantly. Some of my day to day are adding IP's into Palo address groups, building F5 configs (VS, pools, iRules, etc) and moving switchports to different VLAN's (Cat 4507RE, a few other XE devices). All this to ask, what's been your best script you've implemented that's saved you the most time? What were some of the resources you used to get the scripts perfected? Are there any Python networking related groups that have supported you? Has it opened any doors for you career wise? I know it's going to be worth it, I suppose this is just a reaffirming post for myself and others. [link] [comments]  |
| What are you guys doing for segmentation? Posted: 08 Aug 2019 10:14 AM PDT Hey guys, What are you guys doing for segmentation? VRF-lite seem to be the "easy" way to do it, but doesn't scale well. MPLS (in the enterprise) seems to fix the scalability issues of just doing VRF-lite on its own...but raises the question of how to handle remote sites since they are sitting behind shiny new SD-WAN appliances and I think running MPLS-over-GRE would either limit their visibility and kill a bunch of features we've grown to love (like FEC and WANop), or put me back in the scalability hell of having to build a separate transit network for each L3VPN to go through the appliance. Plus the hit to MTU I'd be seeing...1500 to the internet, minus the overlay tunnels, minus GRE, minus labels. Yikes. And this seems to be the same type of issue I'd run into with any sort of overlay or labeling system, which it seems like any black-box solution would run anyway. Vendor proprietary means more vendor lock-in, which isn't a huge deal...switching refresh isn't totally out of the question, but most of our gear is still good, if only licensed for basic L3 features now. I'm really trying to get away from being locked in to one vendor, but sometimes that's unavoidable and/or the benefit is worth it (see: SD-WAN) Being a (mostly) Cisco shop (at least for L2/L3) means SD-Access is an option, but everything I see about it is saying it's immature and overpriced. Yet I can't seem to find any comparable alternatives to it. What's out there? [link] [comments]  |
| Looking for advice on transition from operations to project work Posted: 08 Aug 2019 04:10 PM PDT Hi /r/networking, I hope this doesn't violate the rules re career advice, as I consider this a close-to-senior-level (more intermediate) career question. I have been in networking for about 4 years now, IT in general for about 6 years, working for an MSP in an exclusively operations-focused role. I've been lucky to get some great experience and mentoring in my time at my current company, but for many reasons I think it's time for a change. I am being offered a job at a much smaller (think more than 10x smaller), more focused (no VAR, slowly building managed services practice, lots of project/design/implementation work) consulting company. They are offering an appropriate pay bump that reflects the increase in the complexity of the day-to-day work. Most people on their team of network consultants have much more experience (closer to 20 years just in networking), but they are all friendly and approachable people and from visiting with them it is clear they have a good culture going. I guess my question is; at what point did you make the jump from operational 'keep the lights on' work to a design/implementation-centric role? What was the transition like? I see no opportunities to sharpen my skills in design and implementation in my current role, so I figure the best way to enter the next chapter of my career is to make the leap with this new company. Any and all advice is appreciated. [link] [comments]  |
| Cisco ASA | Access-List Logging | Does it punt to the CPU? Posted: 08 Aug 2019 02:55 AM PDT Hi, I am aware on a Cisco router if you use the keyword "log" at the end of an access list, any traffic passing through that access list is punted up to the CPU for processing which understandably can cause throughput issues if you're pushing enough traffic. Is this the case with Cisco ASA's too? I want to log my access list hits and export them to a syslog server, but I am also conscious if this behaves the same way as a Cisco router would this could be an issue. Thank You [link] [comments]  |
| Mpls P/PE alternatives to juniper mx5/80? Posted: 08 Aug 2019 10:53 AM PDT Our current mpls/wan network is pure juniper mx80's. Last year we bought a bunch of mx5's, applied an upgrade to mx80 license to one of them and put it into production. We are expanding our network and wanted to upgrade 2 spare mx5's we had to mx80's and deploy them, but it seems the price of the upgrade license has rocketed. The quote I received today was £32k for two upgrade licenses. We paid around £5k for an upgrade license last year.. I'm looking for alternatives to paying this upgrade license. The Mx range is appealing due to the number of 1g ports once fully populated, and the 4x10g ports. Any recommendations for a product which will come in at less than £16k each (£32k for two)? Ideally we would keep juniper throughout, but I don't think that's going to happen unless we bite the bullet and pay. Anyone bought "used" but with reseller warranty/support? [link] [comments]  |
| NPS server for Radius with WLC Posted: 08 Aug 2019 07:20 AM PDT I'm in the process of setting up an NPS to do authentication for wireless, if we already have a CA on the network does the NPS server also need to be a CA? [link] [comments]  |
| PXE booting from a different network. Option issues, I think. Posted: 08 Aug 2019 04:29 PM PDT Picture this. WDS Server = Windows, VM, 192.168.1.32 255.255.248.0 DHCP Server 1 = Windows, VM, 192.168.1.15 255.255.248.0, pool for the 192.168.0.0 network only DHCP Server 2 = Cisco 4510, dhcp pool for a second network: 192.168.16.0 255.255.252.0 PXE booting on the 192.168.0.0 network is fine. But if I try it on the 192.168.16.0 network, its a no go. DHCP server 2 config (I'm running off memory here as I am at home now) No go. PC PXE boots, gets a dhcp address in the 16 network, and then says TFTP..... I've tried changinging option 66 to ascii with the fqdm. Quotes, no quotes. Still nothing. Before I get wireshark on this, is there something I am missing here? [link] [comments]  |
| Looking to upgrade switches, looking for opinions Posted: 08 Aug 2019 02:54 PM PDT We currently have ~8 mb internet through a microwave type connection (don't quote me on the technology they are using) and we are upgrading to 100 mb symmetrical fiber. Looking at the infrastructure they are using all un-managed Netgear (dumb) switches. We are in need of more ports everywhere and I was thinking about upgrading to Ubiquiti edge switches because then you gain some features of a managed switch but I was wondering if there is anything else in that price range I should be looking at? Would like to be able to get some monitoring out of the switches as we add more devices but the budget is really only about as big enough to buy Ubiquiti gear. I know you get some features going with Ubiquiti but not nearly as nice as say an Aruba switch. Any thoughts? Thanks. [link] [comments]  |
| Huawei' SEP : how to disassemble a ring to/or reconfigure it ? Posted: 08 Aug 2019 01:27 PM PDT Hi fellow netoworkers ! I'm working on a large industrial campus LAN these days, where we have too much switches in a L2 ring (like 35+ devices per ring) to use standard (read STP derivatives)protocols. So we tried Huawei's SEP, on both AR550 and S5720EI (some 12k too, but they behave like the 5720). Now we're becoming more fluent with that thing and proceeded to micro-segment the L2 with numerous VLANs, but the initial SEP instances were configured with "protected instance 0-4094" all the way. We need to change the ranges, but each switch says it cannot change its instance parameter while a port is attached to the SEP segment. So I've opened the rings, and tried to de-configure SEP one switch after another, but not only does it takes a while, it also creates outages because I have to switch ring's upstreams to disable SEP on the east port, then the west port, and so on switch after switch. Is there an alternative way to fully de-configure a SEP ring altogether and rebuild it, as to minimize downtime and/or sync reloads of alternate configurations pre-generated and loaded on each devices ? Thanks ! [link] [comments]  |
| Complete fail proof rCisco C1117 router Posted: 08 Aug 2019 01:02 PM PDT Just been playing with a new Cisco C1117 router with 4G for failover. I've configured the failover fine and can add a secondary sim card for a third option and have multiple tunnel routes available so this thing is pretty much fail proof for a remote site apart from if the config got accidentally erased. Is there anyway of mitigating this unlikely but does happen risk? Was thinking as it's 4G it could still be contactable remotely however the config stores the connection profiles so it would still be dead in the water without the config. Was also thinking about having a backup config stored but does that even work the way I'd want? config1 fails so upon router reboot it would load config2 which would be exact copy or have enough config to be able to SSH in on? [link] [comments]  |
| Aruba tunneled node worth the extra cost compared to 9200L? Posted: 08 Aug 2019 12:54 PM PDT We have new building coming up where we have everything from PCs to HVAC to surveillance cameras to even fridges, info-tv systems, scientific equipment etc connected to network managed by us. We have the traditional option to go with Cisco 9200L switches with 802.1X, RADIUS (Clearpass) sending dynamic VLAN assignments and then mapping VLANs to VRFs which we carry in our core to the DC firewalls where we allow traffic between different VRFs. Or we could spend some more money to get Aruba 2930F switches with tunneled node capabilities. I like the idea of having fully L3 network, no need for stacking, same policies for LAN and WLAN and we could also do microsegmentation for the IoT stuff. We have equipment where we don't manage them or the updates (seems no one does) but they still need access to the network. However 2930F switches are +60-70% compared to 9200L (or 2530) so I'm wondering are we going to get something for the extra money? In this case it would mean for 5 years that we could either hire a new guy or get 2930F switches. So, how do you feel about the tunneled node and for those who have implemented it, was it worth it? How did you save time/money/something by using it? Thanks for any ideas! [link] [comments]  |
| Proxy ARP on Catalyst Switches Posted: 08 Aug 2019 12:45 PM PDT Is it possible to make Proxy-ARP on Switches respond to ARPs even within its subnet ? [link] [comments]  |
| F5 APM and RSA Authentification Server for SMS OTP Posted: 08 Aug 2019 06:16 AM PDT Hello, We are using a cluster of F5 BIG-IP version 13.1.1.4 with LTM + APM enabled as a SAML IdP role. We have also installed a cluster of RSA Authentication Manager 8.4 (On premise) along with a cluster of SMS Eagle gateways. Is it possible to do an APM policy that allows the user to request a SMS password and then log into the requested resource ? It looks like you can do it with the RSA Auth available as SaaS but not with the OnPrem version Any thoughts ? Thanks. [link] [comments]  |
| Riverbed asymmetric routes detected Posted: 08 Aug 2019 07:12 AM PDT I have a riverbed question regarding asymmetric routes. First off, I do have a support contract with riverbed, but I'd like to talk this out, first, before calling them. This is probably a good learning opportunity. For starters, this site connects to the internet through at&t enterprise fiber. We lease IP addresses from at&t, our electrical hand-off plugs directly into our firewall. We use sonicwalls (High Availability, please don't turn this into a sonicwall sucks discussion, for us it does what we need it to do). Since there are two sonicwalls (HA) our hand-off from at&t plugs into an L2 'WAN Switch' (yes, single point of failure) and each sonicwall plugs into the WAN switch, respectively. Here is where riverbed comes into the picture. X0 on our sonicwalls are LAN. Before the LAN connection hits the network switch, it plugs into the riverbed appliance. The riverbed appliance has 4 ports, WAN 0, WAN 1 and LAN 0, LAN 1. STP is enabled on the switch (this environment has a single switch) and shuts down port 1 or port 2, depending on which sonicwall is active. At this point, everything works fine. The riverbed is passing the traffic and optimizing traffic based on rule that were set. My question.... When the 'primary' sonicwall is running, it seems that every day I'll see several 'Asymmetric Routes Detected' immediately followed with a 'Asymmetric Routes Cleared'. I can manually change the sonicwall to operate from primary to secondary or if something causes the primary unit to go off-line the secondary will immediately take over. About 6 months ago there was a power outage and the UPS that was connected to the primary sonicwall didn't have as much battery as the UPS that the secondary sonicwall was connected to, which means the primary sonicwall shut off and the secondary took over. When power was restored (shorltly after it went out) the secondary unit continued to function as the 'main' unit. When the secondary unit is running as primary I notice that I never (haven't yet) see the 'Asymmetric Routes Detected' immediately followed with a 'Asymmetric Routes Cleared' alerts. I realize that the details of the alert email may be critical to help with my question, but before I get that much in depth, I'd like to see if others who use riverbed may be able to give some feedback based on what I've typed, above. From an infrastructure/connectivity perspective, I'm not sure why running on the primary sonicwall causes these alerts and when running on the secondary sonicwall I don't see these same alerts (at least, not yet). I will say this, the WAN IP that was in this last routing alert received was '35.193.89.47' which appears to be Google Cloud. Thanks. [link] [comments]  |
| Virtualizing an Entire Enterprise Network Posted: 08 Aug 2019 10:36 AM PDT Was recommended I post here from r/virtualization I'm a recently hired network technician at a university that has 8 different campuses across the state and I belong to a team of two: myself and my boss, the school network engineer. I'm pretty new to the field, so most of my tasks have involved troubleshooting/setting up IP phones and occasionally helping to troubleshoot a network issue. I plan to take my CCNA exam in the next couple of weeks and once I pass, I want to buckle down and become much more familiar with the entire network that we manage. I'm starting to already by drawing it up in Visio with the limited access I have, but I thought a really interesting project would be to virtualize/emulate the entire network in GNS3. This would allow me to not only learn a lot more about our network, but the end product could potentially be used as a test environment for any future changes we make in the future once up and running. I also plan to learn SDN with Python in this environment. What hardware would be best for a project like this? Would I need something like a server with a hypervisor to run 8 different instances of GNS3, one for each campus? Or would I be a be better off clustering 8 Raspberry Pi's with one instance of GNS3 each? We have around 180 total switches we manage and the most one campus has is 51 devices. If I'm posting this in the wrong subreddit, please let me know and I'll ask my question elsewhere. Thanks! [link] [comments]  |
| Terminal Screen Color Change on Reboot via Console Posted: 08 Aug 2019 10:36 AM PDT This might be a easy question to answer, but was basic google did not yield an answer but Why does my screen color change in SecureCrt / Opengear when I reboot Cisco boxes via Console? Please share :-) [link] [comments]  |
| Second level domain forwarding with a FortiGate 60D Posted: 08 Aug 2019 10:17 AM PDT First of all I have no idea what I'm doing. I want to forward every connection received at [link] [comments]  |
| DNS functionality clarification! Posted: 08 Aug 2019 10:11 AM PDT Hello there boys! Just a quick clarification regarding the name resolution process. It hit me today at work and I had never thought about it since I mostly work on infrastructure deployments, consequently not having much to do with web server configs. I fully comprehend how the DNS world functions, but is it true that besides adding an "A" record for a website in a DNS server, you also have to configure the respective FQDN in the web server? I mean the communication is successful just with the name resolution process thanks to the DNS server (hostname to ip translation) or am I wrong? How does the web server configuration play part in this? Thanks! [link] [comments]  |
| What is the use of having a VM firewall in the cloud? Posted: 08 Aug 2019 09:53 AM PDT Just kind of curious as how a Palo Alto VM setup in AWS cloud for example works and how it's setup in a modern business infrastructure and why not use built in services like ACL/SG/WAF that AWS offers? Is it because Palo Alto and other vendors offers more granular control of the traffic flowing between your VPC/internet ? Stateful vs Stateless? Audit/ Compliance? Extra security? [link] [comments]  |
| Buying a Chassis switch vs a Stacking vs MLAG Posted: 08 Aug 2019 08:32 AM PDT We have an relatively fixed budget and need ~24x SFP+ ports The two tech's I work with only know HPE Procurve/Aruba when it comes to switching so there would have to be a great reason to not use it. The minimums are:
My main concern is whether to get:
My gut feeling is going with Option C followed by A with B just being a bad idea. Coworker 1 wants A. Coworker 2 wants B. I am wanting C but am having a bad time articulating why. Longer term we would be relegating the hardware to either just LAN or just SAN and buying another solution for whats left. Anyone have some input on leaning one way or the other? Thanks edit: formatting [link] [comments]  |
| Cisco WLC; Can connect to Guest network but no internet Posted: 08 Aug 2019 08:22 AM PDT Hi everyone, Forgive the ignorance here, super new to networking, but I have been getting reports from users that our guest network is able to connect but with no internet. I logged into the web portal and the only thing I can see that looks weird is that no APs are listed... There was maintenance done a couple of weeks back and it appeared as though some machines got flipped to a different VLAN, but I would think that within the last couple of weeks, someone would have complained that the guest network was down, so I'm not sure that's the issue. Thanks everyone! [link] [comments]  |
| Posted: 08 Aug 2019 08:07 AM PDT I am looking for a simple to use but effective and powerful firewall. How is Sophos XG? We need to monitor usage and dummy-proof our network so users don't even see the phishing or virus emails. Or for that do we need sophos email protection as well? [link] [comments]  |
| Setting up new office with Cisco wireless using flexconnect Posted: 08 Aug 2019 05:26 AM PDT I've done this kind of Deployment a few times now, and I am never sure that I'm doing it the right way. I tend to copy the setup of an existing office and amend interfaces/wlans/flexconnect groups etc in the wlc to make it work. Then you have the whole thing of having to set a native vlan on the trunk in the office etc. What I've been searching for using my google-fu is an idiot's guide on doing this from scratch, but I came up short. Has anyone got a link to some guides or tutorials on how this SHOULD be done? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment