Is my new career becoming obsolete? Networking |
- Is my new career becoming obsolete?
- Cisco 3750G Stack with slowness issues in 1 switch
- GNI Planner FTTx
- Nexus logs
- IDS python callback
- Best study material for CAP (ISC²) exam
- Local Network, Users work off VPN < Printer
- Is this type of routing possible?
- Linux OSPF daemon for anycast advertising
- Cisco ISE - replacing Portal certificate
- Upgrade HPE 5130
- 802.1X MAC auth : Dell N2048 switch reject EAP Accept
- Major Internet speed degregation over wavelength circuit.
- 2 Locations, VPN Connecting them, 2 Different IP ranges, trying to figure out how to RDP between. Help?
- DHCP through MPLS problem and solution
- Translating HP Private-VLANing to Cisco Nexus
- HP 1910-8G DHCP: Am I missing something or will this switch not work as a DHCP server?
- Management port / IP on a Cisco switch stack?
- Open Server Root Servers, OpenNIC and ICANN
- Storing/sharing admin password(s) best practices
- Forcing Cisco Switches to use 3rd Party SFPs
- Reset router. Default Gateway changed. Now entire office having connection issues. How do I change it back?
- ACI without hypervisor integration
- Layer 1 Head Scratcher
Is my new career becoming obsolete? Posted: 06 Aug 2019 06:04 AM PDT 27/M - I started off as a network engineer for a service provider in the UK after graduating Uni (usual Cisco/juniper/mpls/bgp relating projects) before being offered a new role which came with a very good pay rise. Still within a service provider, I'm currently a tech lead overseeing changes on a transmission level. So now I'm basically specialising on a L1/L2 level, things like metro Ethernet/DWDM/fibre etc... however I've come to learn that my company may be shifting away from this in favour of Juniper/MPLS entirely. Did I make a mistake shifting to this new role? Or are these transmission skills still sought after anywhere? [link] [comments] |
Cisco 3750G Stack with slowness issues in 1 switch Posted: 06 Aug 2019 02:34 PM PDT Any thoughts on what else I should look at? I have a stack of 9x 3750G switches and recently several endpoints are having connectivity issues. Issues include broken voice on the phone which uses voice vlan, and delays for IP connectivity on the PC ports. I have found the affected devices connected to interface gig3/0/13-gig3/0/16. All switches in the stack are running c3750-ipbasek9-mz.150-1.SE2.bin Before moving devices to another switch (where there are no issues after move), I tried rebooting the phones and running 'shut/no shut' on the port. When the phones booted, they did not receive the vlan assignment from CDP. Strange. I am not too familiar with MLS QOS and looking for some guidance. Here is our port config, and the MLS QOS settings. Last is CEF info. I am not familiar with what these results should look like. In this case, the stack has been up for 10 weeks, and just a few ports on 1 switch are impacted. mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos srr-queue input bandwidth 90 10 mls qos srr-queue input threshold 1 8 16 mls qos srr-queue input threshold 2 34 66 mls qos srr-queue input buffers 67 33 mls qos srr-queue input cos-map queue 1 threshold 2 1 mls qos srr-queue input cos-map queue 1 threshold 3 0 mls qos srr-queue input cos-map queue 2 threshold 1 2 mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7 mls qos srr-queue input cos-map queue 2 threshold 3 3 5 mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15 mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue input dscp-map queue 1 threshold 3 32 mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23 mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48 mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56 mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63 mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47 mls qos srr-queue output cos-map queue 1 threshold 3 5 mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 2 4 mls qos srr-queue output cos-map queue 4 threshold 2 1 mls qos srr-queue output cos-map queue 4 threshold 3 0 mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47 mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23 mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39 mls qos srr-queue output dscp-map queue 4 threshold 1 8 mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15 mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7 mls qos queue-set output 1 threshold 1 138 138 92 138 mls qos queue-set output 1 threshold 2 138 138 92 400 mls qos queue-set output 1 threshold 3 36 77 100 318 mls qos queue-set output 1 threshold 4 20 50 67 400 mls qos queue-set output 2 threshold 1 149 149 100 149 mls qos queue-set output 2 threshold 2 118 118 100 235 mls qos queue-set output 2 threshold 3 41 68 100 272 mls qos queue-set output 2 threshold 4 42 72 100 242 mls qos queue-set output 1 buffers 10 10 26 54 mls qos queue-set output 2 buffers 16 6 17 61 mls qos interface GigabitEthernet3/0/15 switchport access vlan 30 switchport mode access switchport voice vlan 50 srr-queue bandwidth share 10 10 60 20 queue-set 2 priority-queue out mls qos trust dscp auto qos voip trust spanning-tree portfast ! #show cef not-cef-switched % Command accepted but obsolete, see 'show (ip|ipv6) cef switching statistics [feature]' IPv4 CEF Packets passed on to next switching layer Slot No_adj No_encap Unsupp'ted Redirect Receive Options Access Frag RP 0 0 644 523 0 35 0 0 2 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 #show ip cef switching statistics Reason Drop Punt Punt2Host RP LES No route 3 0 1 RP LES No adjacency 18653013 0 0 RP LES Incomplete adjacency 269131 0 0 RP LES TTL expired 0 0 3 RP LES IP options set 0 0 35 RP LES Features 0 0 18 RP LES IP redirects 0 0 523 RP LES Neighbor resolution req 15797655 65 0 RP LES Total 34719802 65 580 All Total 34719802 65 580 # [link] [comments] |
Posted: 06 Aug 2019 12:02 PM PDT I have a post on their website but I figured I might ask here also. We are testing the GNI planner for a FTTH deployment but on step 1 we receive the error Error executing algorithm Refactor fields Evaluation error in expression ""full_id"": Column 'full_id' not found . Has anyone else hit this error and might know how to fix it? [link] [comments] |
Posted: 06 Aug 2019 09:08 AM PDT Trying to find a way to limit the number of logs we keep on our Nexus devices and I can not find it. When I do show logging i get about two years worth of logs. If I remember on the Catalyst you could set a limit for logs but Nexus I am not having the same luck. Anyone have commands that are good outside of self truncating the logs when viewing? [link] [comments] |
Posted: 06 Aug 2019 02:56 AM PDT Do you know any IDS (open source) that supports python code execution as callback to some rules? I want parse the packets myself and return some value to the IDS that will indicate what to do with this packet. [link] [comments] |
Best study material for CAP (ISC²) exam Posted: 06 Aug 2019 01:04 PM PDT |
Local Network, Users work off VPN < Printer Posted: 06 Aug 2019 03:34 PM PDT I have some users who work through a VPN in our office. these are terminals, basic dell. issue is, they cant access the printer on our network due to them being on the VPN if they need to pring they have to disconnect. and reconnecting takes a bit. im about to set up a print station - before i go that route any suggestions? [link] [comments] |
Is this type of routing possible? Posted: 06 Aug 2019 11:09 AM PDT Is it possible to have a setup which basically simulates multiple WANS? The final setup would have 7 devices with all of the same IP addresses and each will have its own gateway with different WANs. For a testing example, I would like to set up a router that would redirect: 192.168.1.50 to 192.168.2.2 on Ethernet port 1. 192.168.1.51 to 192.168.2.2 on Ethernet port 2 192.168.1.52 to 192.168.2.2 on Ethernet port 3 and so on. Can this be done with 1 router? [link] [comments] |
Linux OSPF daemon for anycast advertising Posted: 06 Aug 2019 10:58 AM PDT I have two private IP addresses that I want to set up anycasting for internally. The idea is to have a VM with the anycasted IP addresses assigned to a loopback interface and then have the VM advertise a route to that IP directly so that I can just shut down one of the VMs and it'll just start using the other route to another VM advertising that IP. At this point I just need to set up an OSPF daemon on each VM to advertise it and it'll work, but I don't have too much experience working with OSPF running on a Linux VM. I don't actually need anything other than just advertising that one /32 route, so do I have any lightweight options or am I going to have to set up e.g. Quagga and have it calculating routes and running full OSPF? I'd prefer if there was a way to have the VMs not maintaining a link state database at all as they won't ever need to update any routes, just send out the occasional link status update. [link] [comments] |
Cisco ISE - replacing Portal certificate Posted: 06 Aug 2019 03:02 AM PDT We have a two node ISE deployment running 2.2. I've looked at the Cisco documentation for replacing certificates, and it leaves a lot to be desired. We currently use a internal certificate and this means our guest portal doesn't work properly because clients without our internal root certificate cannot trust it, so need to use a publicly signed certificate. Has anyone done this before, and if so what SANs did you use, and what was the process for replacing the certificates on the ISE nodes? [link] [comments] |
Posted: 06 Aug 2019 02:57 AM PDT Hi all, I inherited a stack of 4 HP 5130 which are running quite old software. I downloaded the latest software CMW710-R3506 and saved the config. Is it safe to upgrade the software using the web dashboard or do I need to install intermediate updates because the running software is almost four years old? Anything else I shoud consider? Thanks! [link] [comments] |
802.1X MAC auth : Dell N2048 switch reject EAP Accept Posted: 06 Aug 2019 06:38 AM PDT Hello everyone, I'm trying to set up MAC authorization (yes I know it's not ideal but it's a test) with 802.1X using FreeRADIUS, a Dell N2048 (DN OS6.3.3.9) switch as the authenticator and a Ubuntu machine as the supplicant. I've followed this guide for configuring FreeRADIUS : https://wiki.freeradius.org/guide/Mac-Auth#plain-mac-auth My FreeRADIUS config files looks like this (MAC addresses have been replaced) : The wpa_supplicant.conf on the Ubuntu client : The switch dot1x config : With this configuration everything is processed correctly, since the freeradius -X command is displaying that an Access-Accept message has been sent. The RADIUS server is authorizing the supplicant based on its MAC address. However, the switch refuse the EAP Access-Accept from the server. And I'm lost here. The only clue the switch gives me is that the EAP packet cannot be transmitted : On the supplicant (Ubuntu machine), Wireshark is showing a "Request, Notification[Malformed Packet]" where the correct "Reply-Message" attribute is present. So I deducted it's actually the EAP Access-Accpet sent by the RADIUS server. I've tried using the supplicant MAC address as username and password, and making it a Framed-User but it doesn't change anything. I've added the MAC address as a Cleartext-Password into the EAP response message (Cleartext-Password := &Calling-Station-ID) in case this would be accepted but it doesn't change anything either. Enabling MAB doesn't seem to do anything, even by tweaking the dot1x timeouts. Am I missing something in the config ? What could make the EAP response being rejected by the switch ? Thanks Note : This is a repost of my topic at NetworkEngineering Stack Exchange. [link] [comments] |
Major Internet speed degregation over wavelength circuit. Posted: 05 Aug 2019 04:22 PM PDT Hello all, First time posting on this sub-reddit (actually, posting on reddit at all). I've been banging my head on a bandwidth issue that we've been experiencing over a wavelength circuit here in the Seattle region. We're going on about 1.5 months of troubleshooting at this point (with our provider involved heavily and they're starting to get stumped). Here's our situation and a brief overview: we have rack-space at a colocation provider in the Lynnwood area (location A). At this rack, we are delivered a 1Gb/s symmetrical IP Transit circuit over 1310nm fiber going into our Juniper EX3400-48T with a fiber store optic (coded for Juniper). Local speedtests from this point, plugged into an RJ-45 port on the Juniper, to various servers show 750-940Mb/s down and almost always 940Mb/s-1000Mb/s up (on-net with ISP and off-net with other servers / providers peered with ISP). Seattle server latency is around 1-2ms. Also plugged into the Juniper's SPF+ slots is a 1310nm 10Gb optic (also fiber store, coded for Juniper) which is one end of our 10Gb wavelength circuit. This wavelength circuit is basically dormant at this point and is dedicated to the IP Transit, so theoretically, we have 9Gb/s of available headroom. This 1310nm fiber heads to the Westin in Seattle (Location B - approx. 17 miles South of location A) where it goes into the ISP DWDM equipment. From there, their DWDM bundle comes back up (~45 miles) to their other DWDM equipment which is about 13 miles from our HQ (Location C). This last leg of the wavelength circuit to our HQ is fed over 1550nm to another Juniper EX3400-48T. Plugging into that Juniper EX3400-48T at the HQ yields speedtests of approximately 200-400Mb/s down but occasionally, depending on server, reaching the max 940Mb/s of the IP Transit feed. Typical latency here is 4-5ms to Seattle servers. However, this gig speed is uncommon at HQ. Known facts and diagram for visual interpretation is below. I've looked up the bandwidth-delay product but I'm hesitant if that's what is playing a role in this situation since we are seeing conflicting results (some speeds are accurate at both locations despite latency). The ISP has been VERY helpful in helping us troubleshoot this but they're getting to their last straw of ideas. Any ideas or helpful points are GREATLY appreciated.
Diagram: EDIT: Below are iPerf tests done between colo server (10.131.7.69) and PC running at HQ (10.131.7.66). Tests are also done in reverse. These tests are going to max at a gig since the computers involved only have 1Gb/s NICs. Edit 2: Optical power levels, as requested by a few of you. ISP and I have looked into this but here are the results, maybe someone may catch something we missed. Colo switch is the first code block. Interface ge-0/2/3 is the ISP Internet uplink (1310nm). Interface xe-0/2/0 is the wavelength circuit. Here's the HQ switch with xe-0/2/0 as the wavelength uplink: [link] [comments] |
Posted: 06 Aug 2019 02:35 PM PDT So my company picked up a new account a couple months ago, and the client's setup was very antiquated. They got hit by Ransomware about a month or so ago right after we picked up the account. We have been able to get them cleared of it, purchased all new machines, servers, etc. The old IT company left the client 0 notes to anything on their entire infrastructure leaving me flying in the dark most of the time. We replaced their old Cisco routers which were acting as a VPN tunnel for a location that has 3 workstations and 2 avaya phones. We installed Fortinet routers at both locations and have a VPN connection established. Location 1: Main Store has an IP range of 192.168.0.X Location 2: Warehouse has an IP range of 192.168.10.X I need to have location 2 RDP to location 1, however because of the IP range difference this will not work. My boss mentioned something about something may be able to be done with the subnets but he wasn't too sure. Personally I would of put both locations on the same IP range since the routers are acting as a VPN and are talking to each other, but the boss didn't want that and I understand. So is there a way to get location 2 to RDP to location 1 with a different IP range? TL;DR: 2 Locations, 2 different IP ranges, need location 2 with an IP of 192.168.10.X to talk to location 1 with an IP of 192.168.0.X for RDP connections. I'm sorry if I missed any crucial information. Any help is appreciated, if any additional information is needed I will try my best to answer. [link] [comments] |
DHCP through MPLS problem and solution Posted: 06 Aug 2019 06:44 AM PDT Greetings, There is MPLS provided by our ISP. We only manage and service CPE routers on endpoints. There are cable and NDSL connections and certain NDSL connection end points have problem with getting DHCP packets. We confirmed DHCP packets entering and leaving CPE router at HQ, where the DHCP server is located, from/to that certain endpoint. We communicated this with the ISP and they told us it's their problem but won't do anything because it is some kind of new technology and they can't solve it.
Do you guys have different ideas or solutions? [link] [comments] |
Translating HP Private-VLANing to Cisco Nexus Posted: 06 Aug 2019 01:46 AM PDT |
HP 1910-8G DHCP: Am I missing something or will this switch not work as a DHCP server? Posted: 06 Aug 2019 09:04 AM PDT We've been banging our heads. It looks like the only DHCP options are DHCP relay or DHCP Snooping. Does this mean that I can not set this up with different VLANs and have the VLANs provide a DHCP IPs? [link] [comments] |
Management port / IP on a Cisco switch stack? Posted: 06 Aug 2019 01:17 AM PDT How does the management port and management IP work on a stack of switches? This is the first time I've deployed a stack with the opportunity to use the management ports, usually we have a management vlan / svi. In a stack of 3 switches, would each switch share the IP? Or is it a Mgmt IP per switch? [link] [comments] |
Open Server Root Servers, OpenNIC and ICANN Posted: 06 Aug 2019 08:08 AM PDT Please someone should further explain the working of Open Source Root Servers like OpenNIC, and how it's different from ICANN Root. What are the benefits and disadvantages of using Open Source Root Servers eg OpenNIC over ICANN? Why don't they stand the test of time? I also noticed you need to use different DNS from ICANN DNS to access domain names of OpenNIC eg: .oz, .neo, .o etc. [link] [comments] |
Storing/sharing admin password(s) best practices Posted: 06 Aug 2019 07:44 AM PDT I'm working at a small (ish) start up that is completely greenfield and hoping to start out on the right foot with some early decisions. Most of our infrastructure is in place / configured and working but set to scale out over the next 6 years. There's 2 admins on my team (including me) with a chance to hire 1-2 more eventually. We're working on configuring AAA for admin access where applicable. I'm curious what other folks are doing for storing/sharing local admin accounts for things like, vmware admin, local admin for routers/switches/shelves when AAA is not accessible or applicable. Currently we have about 12-13 different "boxes" that we're just verbally keeping up with these items but I could see this getting out of hand quickly. Are encrypted password managers safe? I've been in spots where there was one admin password for all systems and changing it/ managing it was a nightmare. Thanks! [link] [comments] |
Forcing Cisco Switches to use 3rd Party SFPs Posted: 06 Aug 2019 06:36 AM PDT We have an older Dell Powerconnect on its last leg so I wanted to swap in a spare Cisco 2960S and in preparation to do that I realize that Cisco does not like 3rd party SFP's (Dell in this case). We are going to order a few cisco SFP's today but it'll be a few days before they come in so I wanted to have the 2960S ready and working if the Powerconnect dies. I found a few commands to stop the errdisable but they don't seem to be taking, it accepts the command but still downs the port with errdisable. I did 'end' and 'write' after the command but no dice. The other end of this is a Cisco 3570, there is an uplink/SFP setup already that is live to the powerconnect but in the mindset of testing before I swapped the switch I used an free SFP port on the 3750 and popped another Dell SFP in so that I can test the switch before swapping it and ran into the same issue with 2960 and the Dell SFP (errdisable even with the commands run). *SW1(config)#*service unsupported-transceiver Warning: When Cisco determines that a fault or defect can be traced to the use of third-party transceivers installed by a customer or reseller, then, at Cisco's discretion, Cisco may withhold support under warranty or a Cisco support program. In the course of providing support for a Cisco networking product Cisco may require that the end user install Cisco transceivers if Cisco determines that removing third-party parts will assist Cisco in diagnosing the cause of a support issue. *SW1(config)#*no errdisable detect cause gbic-invalid SW1(config)# *******Yes I know this is not an ideal situation and one that I'd rather not implement but if it's either an unsupported configuration or downtime for a handful of uses I'll take the unsupported config (temporarily, until the new SFPs arrive). Ultimately I will swap in the Cisco SFPs in a downtime window once they arrive, but need a way to keep my users online. ***SOLVED! Thanks to u/Syde80 ! Had to reset the errdisabled state on the switches, once done I am able to get a connection (no more downed SFP interfaces) [link] [comments] |
Posted: 06 Aug 2019 09:59 AM PDT Hi all, Our office is having connection issues with Slack. Our internet provider is Virgin (UK) and the router is the Hitron CGNV4, and Virgin suggested that a reset using the button on the back of the router might help to resolve the issue. After pressing reset, the internet dropped out for about 5 minutes and then came back only sporadically. Everyone was having connection issues, staying connected with for a few minutes and then having to reconnect or not being able to connect entirely. What I think is causing the issue The Default Gateway since the reset has changed from 192.168.1.1 to 192.168.0.1. We have Ubiqiti UAP XG access points around the office to extend the signal from the router. If these are still configured to 192.168.1.1 are they now not able to connect? How can I change the router IP back to 192.168.1.1 Apologies if this is a simple issue. I am new to this and worried that this is a bit out of my depth. Virgin have also reported outages in the area, so I also don't know if the issue might be to do with that. But the issues started occurring as soon as I reset the router. If this isn't the correct place to post this, I'd appreciate it if someone could point me to a more appropriate location. [link] [comments] |
ACI without hypervisor integration Posted: 05 Aug 2019 05:34 PM PDT Been given a project for which the design has already been done and hardware purchased. We've committed to Cisco ACI and a virtualisation platform that is not VMware, Hyper-V, Red Hat KVM or any of the other supported ones. I'm having a little bit of difficulty comprehending the documentation, at least on my first read through and am wondering what's lost without a supported hypervisor. [link] [comments] |
Posted: 06 Aug 2019 08:12 AM PDT I've got a bit of a head scratcher on my hands. We have a portable equipment rack with a few network devices in it. Each device connects directly to a corresponding device, which are each located in other racks, so there's 6 racks about 100 feet apart and about a dozen device-to-device "crossover" connections between devices in different racks. There is no connectivity within the racks between devices. The only network connections are the device-to-device connections running between racks. We've never had any issues with this setup until yesterday, when not a single network connection would come up. No link lights, nothing. A dozen simultaneous failures, with no single point of failure. They aren't running the same OS, so we can rule out driver issues. I'm having trouble coming up with an explanation for how this could have happened. The only theory I have is that it could be power-related, maybe a ground loop? We set it up again today and it's all working again. [link] [comments] |
You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment